hxxps://github[.]com/Da2dalus/The-MALWARE-Repo

Analysis

max time kernel
461s
max time network
442s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 09:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo

Score

8^/10

discovery evasion

Malware Config

Signatures

Disables Task Manager via registry modification
evasion
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

Hydra.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Hydra.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Hydra.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Kills process with taskkill 2 IoCs
evasion

Processes:

taskkill.exetaskkill.exe

pid process

5776 taskkill.exe
5784 taskkill.exe

pid	process
5776	taskkill.exe
5784	taskkill.exe

Modifies registry class 3 IoCs

Processes:

msedge.exeOpenWith.exefirefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exe

pid	process
4816	msedge.exe
4816	msedge.exe
4984	msedge.exe
4984	msedge.exe
1364	identity_helper.exe
1364	identity_helper.exe
4024	msedge.exe
4024	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2148	msedge.exe
2148	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

Processes:

msedge.exe

pid	process
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

firefox.exetaskkill.exetaskkill.exeAUDIODG.EXE

description	pid	process
Token: SeDebugPrivilege	5108	firefox.exe
Token: SeDebugPrivilege	5108	firefox.exe
Token: SeDebugPrivilege	5784	taskkill.exe
Token: SeDebugPrivilege	5776	taskkill.exe
Token: 33	6020	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	6020	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe

pid	process
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe

Suspicious use of SendNotifyMessage 44 IoCs

Processes:

msedge.exefirefox.exe

pid	process
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

OpenWith.exefirefox.exe

pid process

4784 OpenWith.exe
4784 OpenWith.exe
4784 OpenWith.exe
4784 OpenWith.exe
4784 OpenWith.exe
5108 firefox.exe

pid	process
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
5108	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4984 wrote to memory of 2116	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2116	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 2328	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 4816	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 4816	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 4852	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 4852	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 4852	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 4852	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 4852	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 4852	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 4852	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 4852	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 4852	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 4852	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 4852	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 4852	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 4852	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 4852	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 4852	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 4852	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 4852	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 4852	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 4852	4984	msedge.exe	msedge.exe
PID 4984 wrote to memory of 4852	4984	msedge.exe	msedge.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff877f846f8,0x7ff877f84708,0x7ff877f84718
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,11647466165787213529,16855740612939536123,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,11647466165787213529,16855740612939536123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,11647466165787213529,16855740612939536123,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11647466165787213529,16855740612939536123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11647466165787213529,16855740612939536123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,11647466165787213529,16855740612939536123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,11647466165787213529,16855740612939536123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2224,11647466165787213529,16855740612939536123,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11647466165787213529,16855740612939536123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11647466165787213529,16855740612939536123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11647466165787213529,16855740612939536123,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11647466165787213529,16855740612939536123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11647466165787213529,16855740612939536123,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2224,11647466165787213529,16855740612939536123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6100 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11647466165787213529,16855740612939536123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11647466165787213529,16855740612939536123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11647466165787213529,16855740612939536123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11647466165787213529,16855740612939536123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11647466165787213529,16855740612939536123,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11647466165787213529,16855740612939536123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11647466165787213529,16855740612939536123,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,11647466165787213529,16855740612939536123,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6548 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11647466165787213529,16855740612939536123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11647466165787213529,16855740612939536123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3012 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11647466165787213529,16855740612939536123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11647466165787213529,16855740612939536123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11647466165787213529,16855740612939536123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2792 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11647466165787213529,16855740612939536123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2224,11647466165787213529,16855740612939536123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3412 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1776

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1532

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Spyware\The Worst Of All!!!!!!\BonziBUDDY!!!!!!.txt
1⤵
PID:5024

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4784
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\cda93fb1-495b-4972-a96c-ff7c2337f7d3.tmp"
  2⤵
  PID:2368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\cda93fb1-495b-4972-a96c-ff7c2337f7d3.tmp
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:5108
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1988 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1920 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {09a76f46-3fac-4a0d-b698-5c7b16c21a09} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" gpu
      4⤵
      PID:3940
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2436 -parentBuildID 20240401114208 -prefsHandle 2420 -prefMapHandle 2416 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc79709f-9335-464a-bed3-5906175f2f43} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" socket
      4⤵
      Checks processor information in registry
      PID:1336
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3076 -childID 1 -isForBrowser -prefsHandle 2964 -prefMapHandle 3124 -prefsLen 24741 -prefMapSize 244658 -jsInitHandle 1168 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad4a4c71-883c-4fa7-b0ce-0f254016df13} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
      4⤵
      PID:2276
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3812 -childID 2 -isForBrowser -prefsHandle 3852 -prefMapHandle 3848 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1168 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d76bc01f-2b9d-42ab-a177-1c09a9059d52} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
      4⤵
      PID:3464
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4660 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4636 -prefMapHandle 4612 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {34288d94-4dff-4096-87ea-eb6ddc0b5d3d} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" utility
      4⤵
      Checks processor information in registry
      PID:5532
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5084 -childID 3 -isForBrowser -prefsHandle 5076 -prefMapHandle 2740 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1168 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a83c8aeb-64e0-40a8-9ea4-4d85f7fcc484} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
      4⤵
      PID:5960
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5376 -childID 4 -isForBrowser -prefsHandle 5368 -prefMapHandle 5212 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1168 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b08ce61-cc81-4c4f-960f-1bdbdefce2bc} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
      4⤵
      PID:5996
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5188 -childID 5 -isForBrowser -prefsHandle 5500 -prefMapHandle 5504 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1168 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03e74edc-eeeb-4541-9235-06681d48acd9} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
      4⤵
      PID:6060

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Hydra.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Hydra.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:5500

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Trololo.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Trololo.exe"
1⤵
PID:5596
- C:\Windows\SYSTEM32\taskkill.exe
  taskkill.exe /f /im explorer.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:5776
- C:\Windows\SYSTEM32\taskkill.exe
  taskkill.exe /f /im taskmgr.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:5784

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x450 0x308
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
5d928e629335c1307408ec518fe46382

SHA1
c7c469fd97b640422beb2eb1f6caf57a9d0d16db

SHA256
153e690b750cdec532cc964b337508198a8f353ac5da6e2c0fe03b641625e3f1

SHA512
430be7a5150881a41c6014a2572d624ce9ed2c46467436a8cd6cc3241246224870929d2985ea7bdbc31a6a325c4dfa3ef6790b8e4e6a7d7a8329dcb1ed4116f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c12e640816137d5fa9be46b74b3e2018

SHA1
dee93fd3301ef935f398d5ef90140c7f131326da

SHA256
f50655226ae43f867967d56f7dd55b5040a4d7596522a8140508d149c7cc48bf

SHA512
fe4eed05ee7493bf079e3086895b4c7d691cc318d0039ff1825c075797eaee63ef764e342182fbe7950b15ba5744b323a23ecd3f95c4a69c71fd5536dc35a82d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
573B

MD5
a6d346f58cbec0a6e4015327b25f1537

SHA1
750056e65a8b1c20b1a6051f5adcdf35821a6ac1

SHA256
1a715b1b5b62ef83ca8c62a18eddb3b5b6b738be2c654ab7a38cf22fdc8bea56

SHA512
74e563217a28cd6427739731f51ba2e35ee060c8ae6959d458d06a0416e17ffc6a49f8d0bbcb8d17cef144a45c36eb9f3b92305389ab0cfc5043f530d9f28d89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
491af3c6922674d67563d58376f578f2

SHA1
91be511ecf59cda1966d2aa8567d73064b5b9a27

SHA256
83d9c6de6144ade272a0b197a163d9693717f2065af78e96e40000d159c40c2a

SHA512
6d19de422ef32016436c3a479ebf8eb8031abb632c7f378a02387f7fe6ebc38cb6fd40442076f7aca119d9d5ac4106ef8309b94b743fa68adb35a12ca2a46ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
74b14f905790a69d68b2dccadc61cbdf

SHA1
aa69ef70d64300c131367ef4c14a55007bda61d6

SHA256
2737018f029246ddcf6a92fc853e0eac14a7484ad403e29603b11cdc608616a9

SHA512
3d84d12529b672af059f874cf5e05aad5a5f5e2071b50fca9335255a474ab815d51807e131460d43138ac03c84aecdf374bfc6fc28571a42c1321d5bb45bde40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e6b52f6c778e28157c2533cc7fc8085d

SHA1
c7b47eee24238a9290bf82202bdf7502401b7a00

SHA256
9880a878ba20808bdcb28ba8fc59530e74c0c2eaf6136e470e970b95f374b68f

SHA512
24a0e8f0d90bba07548ee5919df8d2d60c06c405dc91adbda37eaf40c9facaa9283054428cffa7d525cdb4ecfce0ad3afc2ce5c96f0dd4aa766ec00738c20bce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9f90b4f0dddfe118e11c0ffcd4e30b24

SHA1
372bd1b1dd65642dfe7bd2f96341edb76307a4bd

SHA256
9c4defd13a30b08bdf070aa9297eb6d694f06e987aeb349d452db330a795fd8b

SHA512
4f3d9ebcbee4fad6c4e6fd7fd17ab1ebb60a519007010820762a692799d44e84957cd4b4958e1295246a5fd96bf12f969e099d5d5459417c43fd25ff527f85dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8da4dfa7a7820effb6fad633f167aaaa

SHA1
d56d0d81b7e4c6638da04d47a3d1c94deeb86b8c

SHA256
d8f25ad6db78bde4fc74f1b86bae242aef256c2f69d2a33060bf9e8e019ed89b

SHA512
cd4e8eb6abbe1828a4de32af4b1025bf0c02ea4839acb445118db2fd9f598aed8668fa5ab1911000853c556ab9e14f0ec28faf6e77272bc66bc9eb2ffa313382

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a103f614b3957cb1a6fc87d1b11386e6

SHA1
a4af0c88d5075d62dbfd0f9ce55db85a2b33a402

SHA256
43aa8cf890720cf4e74afd6bc8fb59b8249507e909c21916da72dcb463905db5

SHA512
f2c7ac0345a281a91d8a0b55280cc11b3b9f4d29c11825f4e1017e59aa2c8c99f1ebc2e119c73ba0942b4ab1c4a80f2f3c38d5f504199125df34f6cfd9413f88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b36b59baf7f8c1a7e311327b3daa7ef9

SHA1
74362ef9c9119a231899615c5487682ca966d55d

SHA256
ae58540eb7e45d339b1eccac5e94d630ac909a937b9cba556692b84b428fde11

SHA512
f044faca29117a23d610835409eadf42805181dfeaaf8126df1ce120eb42ccf7992e4e8fd7eb28f724cf3c8b3deb0893526169d0b2ac0142e0d9bbe4486c6fc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
81284b17e694307093441c29a93b4e4d

SHA1
62ed74e38ab7ef8ec09d78ccd87a8cd9b3625760

SHA256
6c6227d1d4c136a6384fb88322be49a406447757e8a6d1dc105e4823e5c2943b

SHA512
f4768fc0adc8433da1c7fd6b2bd0492afd54f8233fd6be47b6eb9ccb7b22afd7e7cb864bacf12b5126028a76fa5c7350c046f957c9983bf0abb728e1995ec006

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a0751676e494b16657fc2536a23874a3

SHA1
9adb7f85454621991a9931f2a5c9fe3a1de640bb

SHA256
2e55190c8da52be7e38b391707058a53574bedd292e15e636fbcae17a9f17830

SHA512
31da5da1c7db2b72d000cf46636c0a4baeda178a6658dc2e2a782c1c59f37182cc8966208e4c34b11f93d54cad6c02bac50fb82a990277978ff0381abcd79b7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b3d4d6d9d13ce99ebe37fb0b79f02869

SHA1
a065439e9996f5c8b5efc94c76e2757d5b829b2c

SHA256
7df23e14f75bcc7a6473a89f80372b0ef2c7405422793b61a05e9bc7ec3ac548

SHA512
3cc772de90068c737d8ff51c65ce1aafa256289131eb8c9c3464fd76dca89f495baf6771cc70ef6eafbca45ac9752b2c0bad78d9af25a42322f6e672c88fc536

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59300f.TMP

Filesize
1KB

MD5
0e6974d68677b7df83255f4c746516a8

SHA1
30c108beacb1e134d45464af9b728d0039e4b6bf

SHA256
d65abfc976fdff4515b7ec6e3c71152a1bb94a326f45bc05f354ed56399b47f9

SHA512
8995169050fa6809d6f8c5ec549fbb3b7e0e0bb75097ef85e556937dc775ec4f31b67cef905c19251c961cefb33313cb17d6a57ed1a4b1953e6c34c30a05086b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4272808ec71d25858878bcf66eb09f4d

SHA1
aa825f656b078a663b6ea93693d6245c4b846a01

SHA256
2573d5295754cceee0c574a36b50e9c7c38268d69d3fc21109a302366829cfac

SHA512
f3a11eca7de76ea25789670a08583e6ec3f33dc52e1743dd434ffdc96a9a8fca7f4825fc28d437f4b7e50510ebdd20cef8bc7ae161cfae61291ab79d29915aca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
906bb3837a2294c76242e69251e2535a

SHA1
e951e786c86cd9a3f4b89d2bf0dbe99febc7314a

SHA256
2fa8c25ace8210d64a70866f4b5ff41b9617bef6895c613baca818ef8219ecd7

SHA512
8f69fab7b1e515850c603f363dd843bf57324a03bb22dde3c13ef7711e6293520d98d120a0b093c5b74366150df22450e8d72989ee4365f6524a02bb05c524d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e9cb8cce3d055bf52230de23d0396e74

SHA1
40ec80391adac68071ecef611b376a2cce78516a

SHA256
44968c421bcdfaf765b597d648ea25c2fadf9881edcafb92cce9ef4acbd26f5c

SHA512
219096476bbca3a08311cdcc678ac65baa8795731380416d799562a627caf2e308e9ba6d0e39828f2adc7d4b083e0ec4ff86cce20847b63d4838e4dae133eff0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bbced4dc4b9fc12036c5a008def8cb05

SHA1
1f384d37e38b986d3bc7e08a10f0675f93530978

SHA256
50ac463303e3ca98de0e44247a6f35831ec1f69f6d0481b42c4659043e1479b2

SHA512
1c9c2e9468c17602b9346cb7ae1d9a5414c0aae555873128a5f21bf1ccab7682e91ab13b28b78c0bff0781adda75527c0b86c54aa2b775607310f8ff63781ba3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\activity-stream.discovery_stream.json

Filesize
21KB

MD5
84e76355caad2763ac3c2da29aa67034

SHA1
52c8db02c6b70e5c90863515fde86d3b51213a03

SHA256
2be9edd41fbe7f4bf581b2d031597832c4e4264970a0d3da2f16cdb22fb43ebb

SHA512
c023821a5069615379b32ee60f308d2e76ec677803d3f85b195b07044f419d87a6bdddcda3926f7d5c0a6755b7c081de22f8be1927b05c8f4b337ebfaab4d752

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\AlternateServices.bin

Filesize
6KB

MD5
6c6a62a7c35bf46c4b1afca73289fd5f

SHA1
bad1f4887e5fc7b8f16ce14c739b73e1af1aefa2

SHA256
3f6b8872bd683d7bb89f2ee23dd333f152f92a2c322e15a9fd14793f269804bc

SHA512
d1818438db08de0c5dac70ed8096b32709abfa196af6494ea27f776728fb565f6d79f39a36933c116732690a91e707233255492fca8fb69ae73ca0d897a324e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
047cd20bbae60a18595cef09667c9242

SHA1
39c35c90f45ebc36a75c0f75836b596f3f706368

SHA256
1973f6b5391c40bfc10f882d48a96e28b6f99370341a45349f92d146fd05f678

SHA512
50377e146d16ad3f4efdcbf938bac1560546bc6e58a703c1758f1f194394ddcceccc437b1e7b0a94bd94fc3905c117c9b1fa094ca173b351cda5c8c34b9158a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
c811fa51c4d24bf04757a62dee27c5fb

SHA1
b895a8acd70b38e4644405bab054d5dc4ba5e400

SHA256
80f72cdf1057f58b7a2e26b06cafc503ef70b8040f8aeb8f417e6b320635d5e6

SHA512
c0c2142b5efd95d98d0f71cd4e7988605a994a1f8204c84d8226ed83e53cec3747d5d435b59ded5d216b7419087a42dd31cddbb5912b08592d95f55f925d9c90

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\bdadffac-a5ed-417d-ab94-e9988c876f4e

Filesize
982B

MD5
f881469f3cab85fdfa02aab2df89c803

SHA1
c55eed94517395619f926bcdf5460d0c04a71274

SHA256
16a8de77f9e4a6c4213da863021d27a440314d70e7d5f9f93f80dbdf7a3b7eae

SHA512
eec85d3d75dea2a8905a69c43c60601df1498ee548ec3a357b29355c14ebf7537f4ed57d3def3a3adf54e56ee0b5ce8df14a83f2abc459c1264d0e5e31e5a810

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\cd6bf241-341c-4172-a3c3-04d25e9bbfbc

Filesize
27KB

MD5
bcf931eb9990ca3ffeec53af7797622d

SHA1
89186dd174ec9496e02d7d1c4377cc4cfee09c2d

SHA256
607de5285e5e82c134d63073a594efad779e4ba440e9278ef27baa1621937b9d

SHA512
4776d854b6d9cea5e49728787fdec6c346c5f69e211ac3848879e92b4256cbc224357627493af21a79145994836cee82e7c8573de0631a38d20453195439f2a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\d3dd82ba-eaeb-4bc5-a428-aa806f80ca5d

Filesize
671B

MD5
2871defe51230bc1645051c6a83bee20

SHA1
ca354fa404f86026c14ccd691ae8a11f27cd2cf2

SHA256
578634256166f3a2b350b38205a6d6b11806482263c4448cabeda4dbbea5d203

SHA512
2243ce7122cd8e11ea6ff596a350d65326697fd800006fecfbd024c2f4299e1da67632b88ae2783d56609aea48be1f80712e6e648219dfe34b1dfda519742e41

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\prefs-1.js

Filesize
10KB

MD5
b482afb1c718a707d7d37df2c51cc6a9

SHA1
15eddd8808a2400f6087e1ab7614c28cbe654ea1

SHA256
fd24567f1cc884b778ddacb0f5d281e297b2ce1e63381d7e10779ccf651d9cad

SHA512
8b94164737210197410ffddc458bc5754971e01257199c5d98da47416a52ad3f6912a6481617424947feb7e0ffdccced3fd40f146f86404c668c99290bcb556b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\prefs.js

Filesize
10KB

MD5
b70d01c4b7b4b64b26f15687492a5bf0

SHA1
b74f010d0e02d5b0ea15542a750a7d80f9e9b007

SHA256
b7805dd4b26b5f5c79871218a302bc231ca2f45ee402f7447e0aa57e3d4318c4

SHA512
db9aab016cc0f3ce0a09ed0360d7b2cff29a0982f1afad241cdace2c842b4b205ee36654c8c226e0e7ad9ef4bda178ecebfcaab16fc31f25513f18d19589bd12

Download Submit
\??\pipe\LOCAL\crashpad_4984_RDAXVQNFFPXCMXTD

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/5500-973-0x0000000005050000-0x00000000055F4000-memory.dmp

Filesize
5.6MB

Download
memory/5500-974-0x0000000004B80000-0x0000000004C12000-memory.dmp

Filesize
584KB

Download
memory/5500-975-0x0000000004C40000-0x0000000004C4A000-memory.dmp

Filesize
40KB

Download
memory/5500-972-0x00000000002A0000-0x00000000002B0000-memory.dmp

Filesize
64KB

Download
memory/5596-976-0x000000001C040000-0x000000001C0E6000-memory.dmp

Filesize
664KB

Download
memory/5596-977-0x000000001C5C0000-0x000000001CA8E000-memory.dmp

Filesize
4.8MB

Download
memory/5596-978-0x000000001CB40000-0x000000001CBDC000-memory.dmp

Filesize
624KB

Download
memory/5596-979-0x00000000018E0000-0x00000000018E8000-memory.dmp

Filesize
32KB

Download
memory/5596-980-0x000000001CDA0000-0x000000001CDEC000-memory.dmp

Filesize
304KB

Download