hxxps://drive[.]google[.]com/file/d/1bm_xINYdJPQ4S50tSPOVYfJr4nt766nk/view

Analysis

max time kernel
748s
max time network
725s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2024 12:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1bm_xINYdJPQ4S50tSPOVYfJr4nt766nk/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	drive.google.com
9	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 26 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4560	msedge.exe
4560	msedge.exe
3392	msedge.exe
3392	msedge.exe
1496	identity_helper.exe
1496	identity_helper.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
3896	msedge.exe
3896	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4964	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	2640	firefox.exe
Token: SeDebugPrivilege	2640	firefox.exe
Token: SeDebugPrivilege	2640	firefox.exe
Token: SeDebugPrivilege	2640	firefox.exe
Token: SeDebugPrivilege	2640	firefox.exe
Token: SeDebugPrivilege	2640	firefox.exe
Token: SeDebugPrivilege	2640	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe

Suspicious use of SendNotifyMessage 44 IoCs

pid	Process
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
2640	firefox.exe
2640	firefox.exe
2640	firefox.exe
2640	firefox.exe
2640	firefox.exe
2640	firefox.exe
2640	firefox.exe
2640	firefox.exe
2640	firefox.exe
2640	firefox.exe
2640	firefox.exe
2640	firefox.exe
2640	firefox.exe
2640	firefox.exe
2640	firefox.exe
2640	firefox.exe
2640	firefox.exe
2640	firefox.exe
2640	firefox.exe
2640	firefox.exe

Suspicious use of SetWindowsHookEx 20 IoCs

pid	Process
4964	OpenWith.exe
4964	OpenWith.exe
4964	OpenWith.exe
4964	OpenWith.exe
4964	OpenWith.exe
4964	OpenWith.exe
4964	OpenWith.exe
4964	OpenWith.exe
4964	OpenWith.exe
4964	OpenWith.exe
4964	OpenWith.exe
4964	OpenWith.exe
4964	OpenWith.exe
2640	firefox.exe
2640	firefox.exe
2640	firefox.exe
2640	firefox.exe
2640	firefox.exe
2640	firefox.exe
2640	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3392 wrote to memory of 3640	3392	msedge.exe	83
PID 3392 wrote to memory of 3640	3392	msedge.exe	83
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4772	3392	msedge.exe	84
PID 3392 wrote to memory of 4560	3392	msedge.exe	85
PID 3392 wrote to memory of 4560	3392	msedge.exe	85
PID 3392 wrote to memory of 1384	3392	msedge.exe	86
PID 3392 wrote to memory of 1384	3392	msedge.exe	86
PID 3392 wrote to memory of 1384	3392	msedge.exe	86
PID 3392 wrote to memory of 1384	3392	msedge.exe	86
PID 3392 wrote to memory of 1384	3392	msedge.exe	86
PID 3392 wrote to memory of 1384	3392	msedge.exe	86
PID 3392 wrote to memory of 1384	3392	msedge.exe	86
PID 3392 wrote to memory of 1384	3392	msedge.exe	86
PID 3392 wrote to memory of 1384	3392	msedge.exe	86
PID 3392 wrote to memory of 1384	3392	msedge.exe	86
PID 3392 wrote to memory of 1384	3392	msedge.exe	86
PID 3392 wrote to memory of 1384	3392	msedge.exe	86
PID 3392 wrote to memory of 1384	3392	msedge.exe	86
PID 3392 wrote to memory of 1384	3392	msedge.exe	86
PID 3392 wrote to memory of 1384	3392	msedge.exe	86
PID 3392 wrote to memory of 1384	3392	msedge.exe	86
PID 3392 wrote to memory of 1384	3392	msedge.exe	86
PID 3392 wrote to memory of 1384	3392	msedge.exe	86
PID 3392 wrote to memory of 1384	3392	msedge.exe	86
PID 3392 wrote to memory of 1384	3392	msedge.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1bm_xINYdJPQ4S50tSPOVYfJr4nt766nk/view
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffedb0146f8,0x7ffedb014708,0x7ffedb014718
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17967836123486981745,18018264839411873161,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,17967836123486981745,18018264839411873161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,17967836123486981745,18018264839411873161,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17967836123486981745,18018264839411873161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17967836123486981745,18018264839411873161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17967836123486981745,18018264839411873161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17967836123486981745,18018264839411873161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,17967836123486981745,18018264839411873161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,17967836123486981745,18018264839411873161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,17967836123486981745,18018264839411873161,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5932 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17967836123486981745,18018264839411873161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17967836123486981745,18018264839411873161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17967836123486981745,18018264839411873161,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17967836123486981745,18018264839411873161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:5416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17967836123486981745,18018264839411873161,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17967836123486981745,18018264839411873161,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6824 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,17967836123486981745,18018264839411873161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4592

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4964
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Adobe Premiere Pro 2024 (v24.5.0.057).rar"
  2⤵
  PID:3892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Adobe Premiere Pro 2024 (v24.5.0.057).rar"
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:2640
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a43fd6d5-6c3c-483b-9bdb-ebd9353bfcbb} 2640 "\\.\pipe\gecko-crash-server-pipe.2640" gpu
      4⤵
      PID:1936
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2440 -prefMapHandle 2436 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a9547f0-3c32-4703-945a-ed3dcff7925e} 2640 "\\.\pipe\gecko-crash-server-pipe.2640" socket
      4⤵
      PID:4432
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3216 -childID 1 -isForBrowser -prefsHandle 3224 -prefMapHandle 3304 -prefsLen 24741 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e417dd2e-f38a-4eae-8a43-5383b27cf2ff} 2640 "\\.\pipe\gecko-crash-server-pipe.2640" tab
      4⤵
      PID:1636
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3848 -childID 2 -isForBrowser -prefsHandle 2904 -prefMapHandle 3048 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c11041fb-8050-40c4-9165-f5c6fd89fb6b} 2640 "\\.\pipe\gecko-crash-server-pipe.2640" tab
      4⤵
      PID:5768
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4680 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4672 -prefMapHandle 4668 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e621d56-7ce8-43ef-9c5b-0418d97a62d8} 2640 "\\.\pipe\gecko-crash-server-pipe.2640" utility
      4⤵
      Checks processor information in registry
      PID:5224
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5476 -childID 3 -isForBrowser -prefsHandle 5488 -prefMapHandle 5484 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae631d17-dee2-40bb-9ebd-c08c5c9e34cf} 2640 "\\.\pipe\gecko-crash-server-pipe.2640" tab
      4⤵
      PID:5760
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5620 -childID 4 -isForBrowser -prefsHandle 5628 -prefMapHandle 5632 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37684db6-04a4-46e1-89f8-3414b6eb8b89} 2640 "\\.\pipe\gecko-crash-server-pipe.2640" tab
      4⤵
      PID:5792
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5812 -childID 5 -isForBrowser -prefsHandle 5820 -prefMapHandle 5824 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5cc4fd7e-3809-4a90-b562-e485351c4702} 2640 "\\.\pipe\gecko-crash-server-pipe.2640" tab
      4⤵
      PID:5880
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6632 -childID 6 -isForBrowser -prefsHandle 6504 -prefMapHandle 6520 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b81bcdb-0242-4a01-8f66-8a5c0dff94b7} 2640 "\\.\pipe\gecko-crash-server-pipe.2640" tab
      4⤵
      PID:5216

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5272

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Adobe Premiere Pro 2024 (v24.5.0.057)(1).rar"
1⤵
PID:6056
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Adobe Premiere Pro 2024 (v24.5.0.057)(1).rar"
  2⤵
  - Checks processor information in registry
  PID:1888

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Adobe Premiere Pro 2024 (v24.5.0.057)(1).rar"
1⤵
PID:848
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Adobe Premiere Pro 2024 (v24.5.0.057)(1).rar"
  2⤵
  - Checks processor information in registry
  PID:2064

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Adobe Premiere Pro 2024 (v24.5.0.057)(1).rar"
1⤵
PID:4352
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Adobe Premiere Pro 2024 (v24.5.0.057)(1).rar"
  2⤵
  - Checks processor information in registry
  PID:5708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
bc24a4d2aef29a1b344110e8d802019d

SHA1
f2a8d3d42c1011e0918a66c10ca00635184fdb85

SHA256
df5baa71312b40137d09394900a3db6c6e8f3ebd054d569405c6368a60697370

SHA512
a76f7bf79b1bfb467432dc5d6a799f088b81912e7a7117994e6118cdf7069737266b6432eda97fd1d8dce6180f7ed9bac4c0e5237125fdad53b06f66834666ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d9b169946418eb5f949df743acdc5cc6

SHA1
dd91188e717a5869ac96757c7f5404bbc14fd081

SHA256
a6706c0bab9ba489a93115d78de11f7572807f02fae79948ca2248547717cdcc

SHA512
dec069e4e2bbfb601f37d2fc8d24708871112f3f13194b461246e4d6ce17a8992458724d79f420a5b20609d39a9a43325f47d8f053d8b4d75190eec4d088795c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8782c5e954f3978643df975aeac7d05a

SHA1
84bd28941d6b624cbee2c78b40bf7313647ca825

SHA256
00523ba61eec5366fc4cfc8de62ff32fbbf690e0578115e5c16b98157406791a

SHA512
d2a24063e6304538980800c0cb22eb6b1940ab2a790181ca1a4b065bd492349ea02f4eb5eb8612dd4227596d3b0d2c2f073e7f2f6e1ea39c2bd78dd8f1356d24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1cfdfda0d3c6d288e5593a7b84d68e38

SHA1
dd353391aca6b9b71df8c5b0f0c928b34d7849af

SHA256
85b456e66f7e48912ea33c0543a59f8662305f341309a7e21e916b740d1ae7fc

SHA512
8c50e7b813438cf94a8fa45b3bbf81929e5217a32f85a175aaf7079d4924926960d1dce643cf3e483992218bdf3d91ea7888eb3c2d6f8b5b3aca29670b3e2108

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f71a677572132a29c4e222f2f572cbe0

SHA1
469b64d375f12674795012aefa00170099acdd25

SHA256
7f62a63eb431d2438d98841278e225a5ab9fffea122854f614f4dafb25371d16

SHA512
8b3c1302e4ea744cd11fe90c92cddf0da13e29c482f00f8a667daaf1307e21a246923b2d7eb8fd10896b372e9f522a0d2875390d5ddd6d3ea0b7dc2066774f07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
41971eb7b453bb254340dc9cf7c750b9

SHA1
3d920422e134587ad323e9bff022d9705c785a56

SHA256
9fd627c382bfbd042908a3ff53fc8ef304578cd6e2e23776e8a9c3d36868daf8

SHA512
11461e7914a92897e08c7b2cad25eb78a2ccd83ab245bf6e0598a418687e37060ed96e58eb1d3f3e886fbf906d1c7d801abc0970aa9e22383de301a49ab90b20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c68af3823981e43aea294573f2b2d552

SHA1
21d4f1814e9e29754b14dbabcd052ca82eb31c25

SHA256
94df3651dd0d72d4dab8990b26bbfd0ef759be161582b98217d7c9be817fb756

SHA512
03042d0ec9153b7dfb753e47fc23fcca501c8e80891c39d35045ae29dcd2a9cf01fcc509a7936809ba589a639af10fb2b14a08ea0409166688a02fe8bbe28a6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8f46983491025c1a0ce19a8280a58129

SHA1
e6922a05937b7cd8ea488cdede6d7e81a7abce70

SHA256
6edabefdfd84f0263f2c66758c32191cd1b02f9c6f56eac820d2fff0c20edd6f

SHA512
f2fcb3e791184ae0e42f63924e3ceec75c9b4231a0473d3ddf344822726e967234a493e798e0ab369a0cdb0680371754766caf173e84e623b67d032ed0392158

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a2080415b2edb424d5949ba925d82e6a

SHA1
d758722f1ec752f774d718c14eae819c61bbe8e0

SHA256
c0d5c334e131b817f35237b7fcf7fd212f6053442d4aa8dc92ac005002f9eb08

SHA512
89dc9f9fcdc2fc20fac051fe4f6334e772f760c198de8c2e81177c0245695ee842e732faa85d99c9a4e3d8fda0ff04cf7857759e81bbe3abd3d4d801c405b8f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ab1dfa14f25467348b63169c346b6141

SHA1
7016c6a702cc625ade4ec8cef2da4b28c3270b84

SHA256
dd7ab3634490a9af2db0f3cc5a862b8bc8bfd2ff49b64e250eb2e7232eb42f8b

SHA512
3289d168573a5f2564021a29415581351db9d46f2db5abf89b0e80b7126d01dc82cff42cc794e2e7b765c9a874b6b7f370bd8c7d0d709944f09239e328b9b0cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
12a4790d9635519b0756425865072b0a

SHA1
fa9d0f36afc03947b52e4665f2644f6e35723e8b

SHA256
06d8153505865189bfa3d1cb1fb66d2667532f57f5f7bc39f0d8318dd1f31982

SHA512
a0119d056e49b948e2a8e51298cf90bae55c9378d3d299bce88404952b1a9aba106c5c04b48984c8887c31a85403339d7e0bbbb95d1ca5345ae499af11b4274e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
af0dc60aeb3e77777ec44e91c21b7503

SHA1
2543ed75ca2a8866748677c755783c1943093b85

SHA256
f78860c31d2274b310c5d3f0ea2fbb27dba640cf1aeb56302e5bf637efe59d11

SHA512
f2d71496cb207a13981b6cdd3619b601cae86a1b75d44e09f122ee02af6b27f516bc233ea37049e50ceced209dbcac6f32c0aa85155ba54ecb42fb889eba0485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c0f53216d0877c9445d6e1f3b9908dde

SHA1
4d821b4dc952853ece9513cb78c0a6501a91f808

SHA256
33d5ad3113b4b4f915054605f94d6ef889cc8114fab33b868ec46393900218cc

SHA512
5184cc8108e6d4b02e7ed234ea88f75e778c7892cc901e121bf985d6867d82c5250d28dd181321c313359deb68a2b45a1910b40f0f463ebed9b912eea8a7fcb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
20d310ef8ff3c1f7626fec1a9412223a

SHA1
8b8c485fed2d838c791cfce69f66b4b2b77820e1

SHA256
69d0cb35dd49bc454c81042c1dd6f3c36f3d6341879ae996ede2d6fad41d22e3

SHA512
b39fe57849ad0f1c8f46d1b85f07586b6bd198110ebc1995ba2f9ef4f997fc25f4d7aa07e3ee6eab85b8351efa7446f05a2b88885400263199d3141c5a4f2b7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
48c7c377c221367517fd1c4957406238

SHA1
37018de9b440b08feb9e5403d8065b6c6c29143d

SHA256
b2edc8fa038d8cbd7d03d6e1f206c533b8588c09c8c08067dc78a13b6a2dccee

SHA512
365cdca6a8ff1c83b90763fc5b75e35b115f7b86ba6a974a1750af232f2d3b7fdaf304a8005d7ad8c0a6dbd263a8769f995d3cb7a5f34178f74e4a12e415902e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
661428dc519b45b7234c9fd9359faa48

SHA1
6d3c11f711770bec5947a23cd2870643879743fa

SHA256
6c8c8edd89760f033b1493683e322a94512857c8a8542830a79624ea1e4d43e7

SHA512
26f87b975f7a2d24532d7fc0c1afd939122f7a9e473e6796da0dba0c6fc125a53a05c813206318bf4e7ffd3cb18ec96f2142f6ab92ccdda18dd9dc759ec44dd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\AlternateServices.bin

Filesize
6KB

MD5
1e3a59995df07d46775cd2c1da4e1d63

SHA1
5d1c5c5e258bf16b5c42cb6e841a4828a7af490b

SHA256
4918f50f624e6ca9c4724d989a4459f5e499a35782b3a958e53d23fe07f90af3

SHA512
5e2aa65bc356678b0e3e22a60f4d6800c534f2fec98d6a8169c776b86db11d532096bbe7077b66271a012ba651d4fea8a0785d936ed935f137811ff4a3500141

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\AlternateServices.bin

Filesize
8KB

MD5
cfefb10e6c26681a54a674c1afdc1135

SHA1
e16b180f2d8c45b36a82714885b27d80c605a7ef

SHA256
cc8d84560b1671f75da302e344082df9adf3cfbe85de6e00eaba15090a32fbbc

SHA512
5a431e2891f85153186bd90e1c47b11195587bcbba5a4a5dd0035ca255d01b02335651c6e2556b108b5fed7a74f71e4e8fddb54340d7b4ba19c530c17d1a0b98

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
3cee15c1c804e078f901aa4885d3b5f3

SHA1
ff7f9f76804cba41b41f2a3007b0ace4c243c6e0

SHA256
f857be563ae1b296b1ac340f2beab097bc246c57e091dc4f3ef5ec3818b3e755

SHA512
856dde86baca23124f2fa1ca3db694fccf81b73bd6c2bdf7282dc2a073636e74822aeaa9a2cdb54c866c1b5f674a724f74fc06d0c0517f22e226d729196e5e7d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
36a928e286d9647980b0410bc2ab8d5e

SHA1
ce43d69d7d652699d977b1cff12715d2606853e7

SHA256
de8eb693a6c1a38e45d56a150a31ed3436d2d5e7c220d34b1e84b20401841468

SHA512
b0a807d9cf2e24390341932bbce21d6b3ea580f53474f5e8861a94799a98f07b9d53dc4a702f54222198a631c53ef30f47a0c3b5786061c0cdaadc22576a4c24

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
71716b4ceb2f20c3908de542283781e2

SHA1
8abefe4f85dcb4236f00adffe773b56007753dd9

SHA256
bb7bdc5cf4a127a9c8e9885ffc018f977347e896ba586d4bca37094725a2673a

SHA512
1d873cb16e42ae3767f1835b7c69273a544d90c20d5e2456c416929f4ebb55f4b3ddef2b6e69dded43cd6d9f9049a37880c1a5196e92f8a545c8cc7a4504c3e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\pending_pings\23aa25d4-16d3-432b-892a-d05ae4e910ed

Filesize
982B

MD5
2b21988e5658db7d24baa5a47bbeb865

SHA1
93a684a849fb5805b982c80dee1a62931c5711f3

SHA256
ef980b0ee34c33dfd4598c0f2ffb0f61528e623eda313536f19f28cd0cca8bda

SHA512
e15352c0a1da459a1dbe99db9c8cf2139218eaf6588ca9a38d07469a45ff5617506844632c887749dc5413d1107ac5dbbcd975b2fbd7593f5edbb94da76da1b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\pending_pings\a8c40667-7767-4ff1-9623-73ff3f66d33f

Filesize
671B

MD5
50833c12b69b008f43ecc72e64f07036

SHA1
d44f6c2af0a5b63d998121d8964b61690d61f3b2

SHA256
ae4c4e472171700e0278fbce6aedba261434a8d9051faac1f691c71bf1df888f

SHA512
351a3ac52198a0ec71f069345948bd99a658dc96a17f3464f30c5dcbea83faad14e0bc8aaba774708eac30b6161e7203860e1e8978197d86fdf7d26ac0f31b89

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\pending_pings\e6805b54-c27d-41fc-8fa9-303d136037d4

Filesize
27KB

MD5
e586859345f91e41521d83712de32c2b

SHA1
e25af4ccdebbff8c54937c57962051cecad2f6ea

SHA256
a9bd64650545394818f89d5025b766d34d2bd497ae5430eacab62929b4ca0095

SHA512
3925131035a8409638c32204f7fd7aecf4801d1001b1d4dd82501a18631fe984a976d81f86d467aa64bc906098d7980b9d6f40a662fbb29097c44f2eee377228

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\prefs-1.js

Filesize
11KB

MD5
6323f6ea8246e4d129d129da6579f094

SHA1
4b9df17fa5e59264ea858c2ee65350ded91ade92

SHA256
0fb577bf12230423176e82466d79142a5dbd9950795962377231d42d7ef88a94

SHA512
862576937a7e0b3ef7c11ecae87a8330ff67983e4e5f916a59f0e52270a0c6d773041e7b17faaa95e8763f247f3641e0236f34962f9ce71232b155350e1c52d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\prefs.js

Filesize
10KB

MD5
e695c7e8575019902cc73aa936228010

SHA1
3668b70b4523a89d5d722d16a7f8820c88ad06f0

SHA256
91a1b5e2f5a5cceae9c52c6907486d253ad4bd500b684f92bf7bac9a69ced63c

SHA512
48a0d87f97cff0d0ab21f20cddd5a5dd1d8ae63fa7a0f8cb25ad3e932200118ebda816c1b1c403d1606997e0dae6bd62d188e363d8fd976e93eb864a052d27d8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\prefs.js

Filesize
11KB

MD5
7df5121a8eb3d96a9b7f9c6b11e00e75

SHA1
9b1a354276c3f0d9ba97b752f94725eedab4464d

SHA256
2e26a75e7d18b4d48c428801b25045178cdbeb2e3b358c5ee8a29d946ce6d4b7

SHA512
410700ea3bfa83b202e9e611976c06acde1db31d0449803e9622d63edf5250b4550e01c9ba9ec4a380cfc12b0cb4e432560b6235c2bc1c8474bf55bba28da2ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
9fe82e63d2f54d667e2db257110e057a

SHA1
8a7c83e5c236db79f274ced308b788350f3abe8e

SHA256
c163ff9e2987afef2de536c2785b86e97033519489e00309860b538e81cedf96

SHA512
57620b98108c663b72639cb4a85e6ab25fdaea106fc894f770c8bf97ccd089654b83d7b9859a7bed0e22563765524159f2a76e17709b77db2a03b723a45bbe59

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
51a8c99c1ca56e97c0171a957a319fdd

SHA1
4fe05b9112935cba9b7d5768b400bc736ed06105

SHA256
eef70b221e265ac698396f16b23de679d5bd7cbf3283d88a5c61e4f6aad04807

SHA512
16a27e4cd161f97d669515c9e0608e2bcca742531011bf95fa71cab8ae457aec0901c827dbd4747396e81d3980a9ade95129829f578bb4726319067873e64b48

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
fe3cbc564288d414977e1314a3a2e8b6

SHA1
0e0758421b808c4cfd8956076fce2f8f880f1a79

SHA256
19c349905a296dbe56f11497a8ca98becb32fd0b572d999508fbee91af435129

SHA512
c7b5ac5bc1a4c07ffbb9215745e3e91c612340b5b38ce8300a90dd15f10fdb00600b09fba55db26d928a824bf341940f8766f92291b927a1e35e5cdd7f3d645f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
384KB

MD5
520d981c039299f26918cd4d594314ab

SHA1
1386ae14958f86e08f6ecfd7fa9f4a10640bd417

SHA256
2515bfad6505837fe122ebc7558aa96f97f43c8d84cfb250b2ae6e1a1eb97c16

SHA512
7c08555b893a76d68aef9be3fab52833c0641509ff60b2d13b96125a0a68869f862f85b3309b19eca89271f94d5aab465e70b7f3e7545403d17f8e3f33499765

Download Submit