hxxps://steamunlocked[.]net/

Resubmissions

23-10-2024 22:53

241023-2tykrstbnc 3

20-10-2024 16:34

20-10-2024 00:10

20-10-2024 00:07

20-10-2024 00:05

20-10-2024 00:00

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-10-2024 00:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamunlocked.net/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 30 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

Processes:

OpenWith.exefirefox.exemsedge.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exe

pid	Process
4760	msedge.exe
4760	msedge.exe
3680	msedge.exe
3680	msedge.exe
2080	identity_helper.exe
2080	identity_helper.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
6224	msedge.exe
6224	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

OpenWith.exe

pid	Process
4580	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

Processes:

msedge.exe

pid	Process
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

firefox.exe

description	pid	Process
Token: SeDebugPrivilege	5872	firefox.exe
Token: SeDebugPrivilege	5872	firefox.exe
Token: SeDebugPrivilege	5872	firefox.exe
Token: SeDebugPrivilege	5872	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exefirefox.exe

pid	Process
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
3680	msedge.exe
3680	msedge.exe

Suspicious use of SendNotifyMessage 44 IoCs

Processes:

msedge.exefirefox.exe

pid	Process
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe

Suspicious use of SetWindowsHookEx 52 IoCs

Processes:

OpenWith.exefirefox.exe

pid	Process
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
4580	OpenWith.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe
5872	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	Process	procid_target
PID 3680 wrote to memory of 4976	3680	msedge.exe	84
PID 3680 wrote to memory of 4976	3680	msedge.exe	84
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 3324	3680	msedge.exe	85
PID 3680 wrote to memory of 4760	3680	msedge.exe	86
PID 3680 wrote to memory of 4760	3680	msedge.exe	86
PID 3680 wrote to memory of 4204	3680	msedge.exe	87
PID 3680 wrote to memory of 4204	3680	msedge.exe	87
PID 3680 wrote to memory of 4204	3680	msedge.exe	87
PID 3680 wrote to memory of 4204	3680	msedge.exe	87
PID 3680 wrote to memory of 4204	3680	msedge.exe	87
PID 3680 wrote to memory of 4204	3680	msedge.exe	87
PID 3680 wrote to memory of 4204	3680	msedge.exe	87
PID 3680 wrote to memory of 4204	3680	msedge.exe	87
PID 3680 wrote to memory of 4204	3680	msedge.exe	87
PID 3680 wrote to memory of 4204	3680	msedge.exe	87
PID 3680 wrote to memory of 4204	3680	msedge.exe	87
PID 3680 wrote to memory of 4204	3680	msedge.exe	87
PID 3680 wrote to memory of 4204	3680	msedge.exe	87
PID 3680 wrote to memory of 4204	3680	msedge.exe	87
PID 3680 wrote to memory of 4204	3680	msedge.exe	87
PID 3680 wrote to memory of 4204	3680	msedge.exe	87
PID 3680 wrote to memory of 4204	3680	msedge.exe	87
PID 3680 wrote to memory of 4204	3680	msedge.exe	87
PID 3680 wrote to memory of 4204	3680	msedge.exe	87
PID 3680 wrote to memory of 4204	3680	msedge.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamunlocked.net/
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff0e946f8,0x7ffff0e94708,0x7ffff0e94718
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,17934047655145886349,14481565682395067953,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,17934047655145886349,14481565682395067953,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,17934047655145886349,14481565682395067953,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17934047655145886349,14481565682395067953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17934047655145886349,14481565682395067953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17934047655145886349,14481565682395067953,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17934047655145886349,14481565682395067953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17934047655145886349,14481565682395067953,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,17934047655145886349,14481565682395067953,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3396 /prefetch:8
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,17934047655145886349,14481565682395067953,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3396 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17934047655145886349,14481565682395067953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17934047655145886349,14481565682395067953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17934047655145886349,14481565682395067953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17934047655145886349,14481565682395067953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17934047655145886349,14481565682395067953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1920,17934047655145886349,14481565682395067953,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17934047655145886349,14481565682395067953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,17934047655145886349,14481565682395067953,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6284 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17934047655145886349,14481565682395067953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17934047655145886349,14481565682395067953,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17934047655145886349,14481565682395067953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17934047655145886349,14481565682395067953,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17934047655145886349,14481565682395067953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,17934047655145886349,14481565682395067953,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17934047655145886349,14481565682395067953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,17934047655145886349,14481565682395067953,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,17934047655145886349,14481565682395067953,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6744 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17934047655145886349,14481565682395067953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:6788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17934047655145886349,14481565682395067953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2108 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,17934047655145886349,14481565682395067953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1
  2⤵
  PID:7100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4856

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5432

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4580
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar"
  2⤵
  PID:5968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:5872
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1988 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d493938-d872-452e-95e5-42e458e7322c} 5872 "\\.\pipe\gecko-crash-server-pipe.5872" gpu
      4⤵
      PID:2152
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2440 -prefMapHandle 2436 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c7a11c5-79b6-4fc5-9fec-5e94d4789ec1} 5872 "\\.\pipe\gecko-crash-server-pipe.5872" socket
      4⤵
      Checks processor information in registry
      PID:5264
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3056 -childID 1 -isForBrowser -prefsHandle 3296 -prefMapHandle 2936 -prefsLen 24741 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd41173a-f423-4787-92ef-b024fd7960e9} 5872 "\\.\pipe\gecko-crash-server-pipe.5872" tab
      4⤵
      PID:1288
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3604 -childID 2 -isForBrowser -prefsHandle 3628 -prefMapHandle 3624 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d03fbd20-9c5b-488c-b140-256aaf224e2f} 5872 "\\.\pipe\gecko-crash-server-pipe.5872" tab
      4⤵
      PID:2880
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5108 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5016 -prefMapHandle 5112 -prefsLen 29144 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3c60fb9-83fa-4e29-a1de-ae5d4b7efe34} 5872 "\\.\pipe\gecko-crash-server-pipe.5872" utility
      4⤵
      Checks processor information in registry
      PID:4980
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5332 -childID 3 -isForBrowser -prefsHandle 5324 -prefMapHandle 5320 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc43863a-217c-49e3-823b-6b4101c34506} 5872 "\\.\pipe\gecko-crash-server-pipe.5872" tab
      4⤵
      PID:6472
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5572 -childID 4 -isForBrowser -prefsHandle 5560 -prefMapHandle 5564 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61b4b68f-10af-42e7-aab5-5cd5891bf497} 5872 "\\.\pipe\gecko-crash-server-pipe.5872" tab
      4⤵
      PID:6492
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5772 -childID 5 -isForBrowser -prefsHandle 5692 -prefMapHandle 5700 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5924b9f0-1a8f-4bc0-823e-6cf3f4bc4745} 5872 "\\.\pipe\gecko-crash-server-pipe.5872" tab
      4⤵
      PID:6504

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\memz.by.iTzDrK_(1).rar"
1⤵
PID:7060
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\memz.by.iTzDrK_(1).rar
  2⤵
  - Checks processor information in registry
  PID:7076

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\memz.by.iTzDrK_(1).rar"
1⤵
PID:6072
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\memz.by.iTzDrK_(1).rar
  2⤵
  - Checks processor information in registry
  PID:5588

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\memz.by.iTzDrK_(1)(1).rar"
1⤵
PID:5168
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\memz.by.iTzDrK_(1)(1).rar
  2⤵
  - Checks processor information in registry
  PID:4492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
67KB

MD5
929b1f88aa0b766609e4ca5b9770dc24

SHA1
c1f16f77e4f4aecc80dadd25ea15ed10936cc901

SHA256
965eaf004d31e79f7849b404d0b8827323f9fe75b05fe73b1226ccc4deea4074

SHA512
fe8d6b94d537ee9cae30de946886bf7893d3755c37dd1662baf1f61e04f47fa66e070210c990c4a956bde70380b7ce11c05ad39f9cbd3ea55b129bb1f573fa07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
094d4279b6c7cd8f6f3e7ee759590f4f

SHA1
f8d884b7572fd70b094fefd5adff060887715784

SHA256
9cffb5b588cbd1f3d56bc9c7a21a922fd5c01857d1b9bef7aed82e958843eace

SHA512
a9b1edf0e4fd8c83c1236e789d17ec545dcc6d1fc204445fe033c4f9de1735d5fd5233ab6972935a344be4e52a42cbee079deeef2390b2eb357aa2df47b82c32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
beb595ff8e4a5668bc152be48d9c873a

SHA1
0fa86c12dd59e574167c36791d84f6d8b3ec89fb

SHA256
4f87b7bc75b43340e952783b8a97dcf0951ebff6f49748c44799e4fc77767a64

SHA512
46b1dd9516529ca03c0ff5a674eb968169b5a996ecbbbbfd9a0bb725adb588f95e2b2700c3b87d969c1bf7a9f3b1a9f7e1a003765898a464032b81dec4543cb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9562096c397c4e1ee101f864fe9ea5b6

SHA1
964994ed0da4d2eccbaa9c74e1fc5d8c12e643b9

SHA256
49f16cce456d3ac85cb40ff4db598d0fb0370720a52a6fbfdfc6c1fa4c6144b6

SHA512
a633951dc1dd30612ebb2437ba8ce479fa267678c2c91af383c21876a27cc58587dcd0c8e3f03f134f56e99bab7a94e9938cb6356a0bc4fc076524fed805705e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1ae97a7de043512523b21284173e73e3

SHA1
afefc52cb5be348b0187666e5b0cb0567978e797

SHA256
4a7c4bfb9946c5ef6096a878ba61101ec4bd61925b202cc8164e1955492d60e3

SHA512
af64937c6ce80088a75291514b88696b681fec249ac4f5d5c397d83c70d810c348b6eab09fbb282469ae3184ca1c93027922bda51a9eeba594842864d62f9399

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0bfd35fac6594684699c80fdb5f45464

SHA1
e735c3dd7168ea2971cfc0ad2a8104cd8aa9aefb

SHA256
ef536f9ac976f9195b3aa2112e12987981922923dc60667c5dc222b212942aa7

SHA512
d88d115c33172bcab779cb011c0860aa8255dea37dd372ee4cfc2683ebeae5fedb872e509f9d59b4d1906d8a7febc77c717ab6a4fb66a2673bb7dbe083fc5384

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5c3ea81ca01ce8556f997a2032fd7183

SHA1
6300fbe93a2e93549bf14b2583ffe62f8854a470

SHA256
96bdd4cc294322a7a088868f01e15096ce47e06a2a4bc3172f728c1538358858

SHA512
99628479821751693a498aa0d1cf645267a3a1d6ac4231f3cc419ed288b351c2cfff0b9ecfdba1a3bed4e4ead3b5c48cf9b7b32713c2fc239da432c3697d319a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2c4e7e479171022c8c1b985ca97df3d3

SHA1
0dab82639bba6d27982b4b257d3415d488221438

SHA256
a74d561fb8d09d9ee4510fba3ac9cb0364c4b26cb97c9f8f5d8f2a5e7b4866cc

SHA512
92f1c0063987bd605d1a4ece0e49eab1c8b5c40bea817efc2672c4460d35c1c4848dd1d91c71f78b86b7f2e1c76934352ff45fa46508e3b179120b746d8f53f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7e11678df7ad7cebfcaf29434a5c3fc3

SHA1
9c9bc406888fd871c26042ed39a6424659f6cdf6

SHA256
ffb9fbb3e452c832ff9c701afc4eb35e3969ba777365d33d61579831282b8e32

SHA512
7cdf4a7221517a2e8823d4d93eb1c813bd2f36a061f2a3dce137e3ea8b003824d1349dc7a6403da5c64f0cc7b5a49ac61773147e72ac61544371cff0e265235d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
03f25d0ac384a87081bfdbf533fc55ba

SHA1
33a79d233b52802a4fafeb5698483d3e3fd91a30

SHA256
dfb9f43a5d16817e42cb2360261bc88503f77817dd90d8ebbe803e239626386e

SHA512
2420d0994bb7a8e30a9465c1879221f4a59fd3496291c368bba9841174ba8a20aa2f2defaf092bdfde682d8e4c40854c82f14a74360aa4c532e7b89d29973327

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
290696166eece48b7e1c090df52bc9b2

SHA1
1821cb4a4169a1d1bb4ae92cee0f9d3b6b856d06

SHA256
c1ed81bb1575077df5b8ad0a388240b63ca1d1c55886ed8f997032e62f72abc7

SHA512
cee5bcd70a3a69e986f7687485bc7463efbef24effeb279b265ed4733dcbe0a9436b7b59673e7f1574e38034edf4ac3cdb03bc07128e63a0ee2374fb96c16075

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
101215e43c788cef8acd6ce566ff483c

SHA1
dc29ce35430d9d423dfb79e670e4f3555177a260

SHA256
10eec8c0fc23934df0966ef6c8138e8f723ce0904092fc2e2a61254fd0797708

SHA512
9bb2302dd0ac45cfdc19918467a6fa9992be79e0879a555b253bd7e26f2cfebafc6fb142f5fe864a2f3cd02e1a146f691a36ad6e97d47478835027398c74a1c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581edd.TMP

Filesize
371B

MD5
75396fd19c713c5df36a3127f3192f6e

SHA1
58921bfc1d2c79d7e814e0cea01b1aab789afdc5

SHA256
a5ce8d640f5f6d014d918c97c8e8f19d11b3b7011d0514c49c1319d50403e371

SHA512
a927296f009de52afead91d1d534089f5def4b12b5ab0746345db308a4b0ce5eafc14a7bb22d3d138081a4a3ec6e8860e9864e901adc65a86127fb38254f4b0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bc73df59-9b7b-4756-918c-368771369cff.tmp

Filesize
1KB

MD5
e83ae7d9914120daf0450f7582a1ef48

SHA1
a07abe9a20970008cd37a2dd3f4a20d8f0d2452c

SHA256
3b1e766e7d835d9fec202c6c76ddb7d8eb53ecfbdfd2b8f22429d8c9c029d968

SHA512
0aac55a0729d737b14b3cd219ba27266977146dac21395d7116c9ea49abae53ea76c2b7c3c0c334fafc2290b36014b1831c18f0ecbbf12aa706551c1127a82e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2ab7ed874d1431ae5d9f4d5d946f097b

SHA1
a7c3211f2ef16bf9ab5725bedc456d19a316feb8

SHA256
aea05a128170e973fa5921b026c9878ac1128d351af8c91c21e06099bb7ce0f5

SHA512
98f4763d3b69b3c476218959d9cc991a539d5db7ca64017b33bdf648f19225edafbd2283b97419b43b40ba70f235adc0fa78d5a07d54c2f43dadbab477935673

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a7fff9db57d86734199ab7dfb251fb33

SHA1
b2674a3bc2c9214174ed656ac52ef40fd8f350d2

SHA256
54d9e65ea0a385c6f86012ade9919128317910546e06562f34e4fd1e19107c58

SHA512
7476ad5c7d9e16fec461e024ae445b6066b456b59a94ea266f77650bf05d729d9693de1c6e56fe4fe45fc7c306eaca651945263e3a7d837db84e9c7410320555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
acc11ed66c6b7ddf151006a4b1e047be

SHA1
e982f2a6e689c77b214be1a0bdb6890b7a0fe720

SHA256
d054fcb3ad0730fa9da90d895673f58bbb5efadc1772dd3557dc3e146f3eea3f

SHA512
2ec190fe3255e855c82deb11d57f969bd7785859369c1d3da4e87cafd0173f77deac5eb309d9f46f652fa3b01d9b8214effd9bee9520a5d5da82a3b7a3563042

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b34da3b225fbe810777c550e8db00701

SHA1
75702f4543da4129215cb08348cf6195fd26e1f7

SHA256
e58bbdc762553336f0aea8b92dda1fe8585c127d9ab2dec6fb51f4bc44ecc5d0

SHA512
62d7adc547c07026978220d31c896f4b65f8f0f363487ebb534aea0826cd9dd923d1b7503c973c870f85748fbca2191d189a278e4f14ba18e6705734552a15d3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85mw8mk9.default-release\activity-stream.discovery_stream.json

Filesize
27KB

MD5
25f5b9f8bf0083afafb61f2770d7f360

SHA1
cb581d90f7be6b3bc3ae7ea12b29854f0e731219

SHA256
da5334ecd6f012e64df050281b722e33ff76f151b446473178b45615d6b00c69

SHA512
057ce04f0825f97d95034b3c2dec71e27df82ede062391e5288f53bbfcc13450b79b812a6b7ef4d3bf678af1c2f271ca0e08a9fae9aba798f9e5f529ab750f9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\AlternateServices.bin

Filesize
8KB

MD5
ecf0a2b9c82f01c546d967a4932d2639

SHA1
d004ab172c4cfda66a321964132462939ada6463

SHA256
2a63bf9a590bf7b98b96181238c0d1655c919fc70d21ef1395bbbb7786e67861

SHA512
6c247d3924ce76b5f0dce9610bd118599634790229c8701e7a34c8f1b27b72f6cdb4c33a3c7c89904a710e467ff938c692f1dc25125d329df48309e0a2ba7ab7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
18c8193a377cc4eccc5e8e5058758703

SHA1
597d52f19195efc36266e586fbdbbdeb3f24062f

SHA256
b8b704de2106ce970ce144a7fa487c0c1b3d8047437d87216b616cf8c8405335

SHA512
6af16967b00dfe64e26da6b753b4a558140d6b915c0add83dc3424ea7d45e779210dbd99f2d8926ab9789b103e716f0650c91193bab43a7c52c53764d687c556

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
57bfc222b5a83d2af80ff0b3747b1ad3

SHA1
85774da8bacc5ad26c9479ee6cf335503f47d9ea

SHA256
2f368f783ac7b17fca761cd7039d202a253f7abb1d1f6326aeec331aa0c5f46e

SHA512
20a23e7e91979c153fa68323f7176ae2884159cf957f961144418d38a22d25aab60d8812348c34f0eb6d47ac690c560ab3982d3dfaad362beed0798e0b75c7a2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
5e2b0ec9b323a7930fa9f0228269a55e

SHA1
86a2265e67048ca01ae373f75b9aa88e7a4c1e42

SHA256
e0d2d8816ecbb21f2c08c337dd1e2c8c3b5937ecb5ccc1bc476954728ea0f449

SHA512
7008f5147c4482199cf137fd418778bf021c52efa94f9681cd639cace97455ea68350084236eb407a6e9b13e0af263885ef7dfc991803a4958062a4cb41db602

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\pending_pings\1b22dce9-6b3c-4acc-83c8-44c25128a7c4

Filesize
659B

MD5
90314203bcca6eb8fe24e2f8d54aa50d

SHA1
cb5ea7bcd00d73a9198ab6de16dc43b42f73360f

SHA256
32c0373394de7b8551a1304fb081d8ff3b79982f7c324575b4856522ce47c937

SHA512
a8bcff994e93b212384e2d55c37a9e6c75fdc46dc2068aeb98c05cc64b75649862ff38d9947be776502f71ed28d5122656c26ba89bf644c2a8e6a86cf900093f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\pending_pings\51488f5a-3579-433a-af86-d7c84be2b05b

Filesize
982B

MD5
79e26ce87828734c37ccc74ae7ea2c13

SHA1
bc375feedcd692675b8269ae31d5cb9baf2ccc24

SHA256
aa9503f341ad1161846ae40fcd45cb0534b74eb4771c9cd556026f6063a1cd78

SHA512
e13799f65002f482095acb29651df8ed8f734456baf7daae2e907229df6995578ba91688f36b28f840d30e36b2e96989a4ec41dc25c24f4e34db204d69dfedbc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\prefs-1.js

Filesize
11KB

MD5
7067e9d618a6caeefba955216f98f473

SHA1
f59c997aa49c3afda9577bebb938e2cb3234b628

SHA256
77c5dcc60cb8bf46abd63617b2246a2155f90166a6541ca76b2963a913a6d81a

SHA512
00a03c19f26ad7b50fe71a5931f21f4429a9166f297139bf0d4cb088d0463dbbe27576821e3a2e1718e1ad50e5ed9517418e755a91191b54f6c1effb157033c1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\prefs.js

Filesize
11KB

MD5
64aa5690dbcf8ad2947e6e38693b25ee

SHA1
606992d499cd5d1508f3cada9c6240fb11af06c9

SHA256
f21728e7f5e1ebd3398b8321a50fd6e5e85a824c9ee31a14e373e4a1a27c4412

SHA512
a5846bc529677df452f1de6bc3e0bda7fe00df765a5d7f34e870ee41412cd5aab210dba1ead2e52e0fe558dbc12839c92a1ca7cba98126e887f8c57f630cf25e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
ae337466f2101c04234b53cdf356d7b7

SHA1
7b9b9374dffd84785d31942dd62c195e2dd36655

SHA256
5720ca29c784cdd10883dac023a0676f97895446c53d681840fb7d5e9e4fa05c

SHA512
fb7972eef5a72054c77047be45107f367be2fbc92fca1c693881ee8d2d9a3a7a981835c97f40b4ace784a57a636880af17f01e6a70ef88bec98017b982bd73cc

Download Submit
C:\Users\Admin\Downloads\MEMZ.4.0.Clean.zip

Filesize
12KB

MD5
8ce8fc61248ec439225bdd3a71ad4be9

SHA1
881d4c3f400b74fdde172df440a2eddb22eb90f6

SHA256
15ef265d305f4a1eac11fc0e65515b94b115cf6cbb498597125fa3a8a1af44f5

SHA512
fe66db34bde67304091281872510354c8381f2d1cf053b91dcd2ff16839e6e58969b2c4cb8f70544f5ddef2e7898af18aaaacb074fb2d51883687034ec18cdd9

Download Submit
C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar

Filesize
17KB

MD5
352c9d71fa5ab9e8771ce9e1937d88e9

SHA1
7ef6ee09896dd5867cff056c58b889bb33706913

SHA256
3d5d9bc94be3d1b7566a652155b0b37006583868311f20ef00283c30314b5c61

SHA512
6c133aa0c0834bf3dbb3a4fb7ff163e3b17ae2500782d6bba72812b4e703fb3a4f939a799eeb17436ea24f225386479d3aa3b81fdf35975c4f104914f895ff23

Download Submit
\??\pipe\LOCAL\crashpad_3680_NWGXJHYSVEQFGRBI

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit