54466c4e8d27a02ce26747a00183de828a5b865bef088fe02f605b2452ec13bc

Analysis

max time kernel
1775s
max time network
1780s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
03-12-2024 03:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PXryvebE.html
Size

19KB
MD5

a00182b1cc78390f825a556bebd0d750
SHA1

e4b937754a0d4f71c1718d6e49db02cd06eb7a11
SHA256

54466c4e8d27a02ce26747a00183de828a5b865bef088fe02f605b2452ec13bc
SHA512

d1f5c5ae0c97497e64b66c965efc7d755943abc2b45e05889707714dc042237faa5696ac245578a2d422a8a0b974abc30c93d2878587adc57001192a9068ea20
SSDEEP

384:+FVFR+6NK+7kbBkug9Ia/RNyzsg2RrgoAOnC0JqsTSpF6:43RzNT7kbBO9tssTSpF6

Score

8^/10

steam discovery phishing

Malware Config

Signatures

Downloads MZ/PE file
Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 432413.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4344	msedge.exe
4344	msedge.exe
248	msedge.exe
248	msedge.exe
724	identity_helper.exe
724	identity_helper.exe
4560	msedge.exe
4560	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1756	firefox.exe
Token: SeDebugPrivilege	1756	firefox.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1756	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5056 wrote to memory of 1756	5056	firefox.exe	77
PID 5056 wrote to memory of 1756	5056	firefox.exe	77
PID 5056 wrote to memory of 1756	5056	firefox.exe	77
PID 5056 wrote to memory of 1756	5056	firefox.exe	77
PID 5056 wrote to memory of 1756	5056	firefox.exe	77
PID 5056 wrote to memory of 1756	5056	firefox.exe	77
PID 5056 wrote to memory of 1756	5056	firefox.exe	77
PID 5056 wrote to memory of 1756	5056	firefox.exe	77
PID 5056 wrote to memory of 1756	5056	firefox.exe	77
PID 5056 wrote to memory of 1756	5056	firefox.exe	77
PID 5056 wrote to memory of 1756	5056	firefox.exe	77
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 5036	1756	firefox.exe	78
PID 1756 wrote to memory of 432	1756	firefox.exe	79
PID 1756 wrote to memory of 432	1756	firefox.exe	79
PID 1756 wrote to memory of 432	1756	firefox.exe	79
PID 1756 wrote to memory of 432	1756	firefox.exe	79
PID 1756 wrote to memory of 432	1756	firefox.exe	79
PID 1756 wrote to memory of 432	1756	firefox.exe	79
PID 1756 wrote to memory of 432	1756	firefox.exe	79
PID 1756 wrote to memory of 432	1756	firefox.exe	79

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\PXryvebE.html"
1⤵
- Suspicious use of WriteProcessMemory
PID:5056
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\PXryvebE.html
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1964 -parentBuildID 20240401114208 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a202481-3828-4960-87cb-add54be20f68} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" gpu
    3⤵
    PID:5036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2392 -parentBuildID 20240401114208 -prefsHandle 2384 -prefMapHandle 2380 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e73ff009-ec88-454a-bdd2-525b1635919c} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" socket
    3⤵
    - Checks processor information in registry
    PID:432
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3372 -childID 1 -isForBrowser -prefsHandle 3384 -prefMapHandle 3160 -prefsLen 24739 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b728f7dc-3762-4964-9e44-d37065e10df2} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" tab
    3⤵
    PID:828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3708 -childID 2 -isForBrowser -prefsHandle 3712 -prefMapHandle 3208 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {861fe538-49ef-4b91-9d91-0abb139cf70c} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" tab
    3⤵
    PID:4064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4644 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4640 -prefMapHandle 4636 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49a1ebfd-d881-43d5-8587-2069f9d4db42} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" utility
    3⤵
    - Checks processor information in registry
    PID:496
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5580 -childID 3 -isForBrowser -prefsHandle 5568 -prefMapHandle 5584 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {db776585-9b38-4e6e-8664-23a89664e14a} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" tab
    3⤵
    PID:724
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5656 -childID 4 -isForBrowser -prefsHandle 5732 -prefMapHandle 5728 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44a9ac2f-13d6-4146-a4ec-1a4655199071} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" tab
    3⤵
    PID:1456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5872 -childID 5 -isForBrowser -prefsHandle 5636 -prefMapHandle 5640 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1d69ea5-c848-424b-8073-7c8b807eb168} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" tab
    3⤵
    PID:1592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5912 -childID 6 -isForBrowser -prefsHandle 5688 -prefMapHandle 5692 -prefsLen 33171 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b62487c-42a8-40dd-8c36-c9911ef895c2} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" tab
    3⤵
    PID:4888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6396 -childID 7 -isForBrowser -prefsHandle 3784 -prefMapHandle 3788 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {84d9d5a4-cc49-48c1-af8b-143e3abc037e} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" tab
    3⤵
    PID:4508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5420 -childID 8 -isForBrowser -prefsHandle 6020 -prefMapHandle 6028 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1f1e964-c1b2-4261-a867-4c2ef8818036} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" tab
    3⤵
    PID:2552
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6372 -childID 9 -isForBrowser -prefsHandle 2688 -prefMapHandle 2836 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c62e070-7823-4afd-b729-769001f44c86} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" tab
    3⤵
    PID:2488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6636 -parentBuildID 20240401114208 -prefsHandle 6560 -prefMapHandle 6628 -prefsLen 34425 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7eaeb3c0-1ceb-40bf-851a-a07eacb3e7ae} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" rdd
    3⤵
    PID:2292
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6644 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6548 -prefMapHandle 6552 -prefsLen 34425 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f3ceb06-f790-4c07-b738-92ea16b2e5d7} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" utility
    3⤵
    - Checks processor information in registry
    PID:2812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7004 -childID 10 -isForBrowser -prefsHandle 7008 -prefMapHandle 6996 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4eb08086-6db7-4c7a-a350-1b479854f0d0} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" tab
    3⤵
    PID:1916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5620 -childID 11 -isForBrowser -prefsHandle 5992 -prefMapHandle 5996 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {876fd53b-7d71-4f52-9b31-84dad13e2867} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" tab
    3⤵
    PID:3860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffa4123cb8,0x7fffa4123cc8,0x7fffa4123cd8
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,3020100409396869303,2122637829451300495,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,3020100409396869303,2122637829451300495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,3020100409396869303,2122637829451300495,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2492 /prefetch:8
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,3020100409396869303,2122637829451300495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,3020100409396869303,2122637829451300495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,3020100409396869303,2122637829451300495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,3020100409396869303,2122637829451300495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,3020100409396869303,2122637829451300495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,3020100409396869303,2122637829451300495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,3020100409396869303,2122637829451300495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,3020100409396869303,2122637829451300495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,3020100409396869303,2122637829451300495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,3020100409396869303,2122637829451300495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,3020100409396869303,2122637829451300495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,3020100409396869303,2122637829451300495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,3020100409396869303,2122637829451300495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,3020100409396869303,2122637829451300495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,3020100409396869303,2122637829451300495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,3020100409396869303,2122637829451300495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,3020100409396869303,2122637829451300495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,3020100409396869303,2122637829451300495,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6272 /prefetch:8
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,3020100409396869303,2122637829451300495,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5996 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f1d2c7fd2ca29bb77a5da2d1847fbb92

SHA1
840de2cf36c22ba10ac96f90890b6a12a56526c6

SHA256
58d0f80310f4a84f687c5ce0adaa982eb42fe4480510399fa2ae975d40bb8bc5

SHA512
ede1fafea2404f16948fe0b5ea5161ccee3ee6e40c55ff98c337eac981a6776b9c73dc030a5c59e4347aec91259f497539206e71949c33adcecbf2c846709e14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c1a24fa898d2a98b540b20272c8e47b

SHA1
3218bff9ce95b52842fa1b8bd00be073177141ef

SHA256
bbcc378fcbf64580e7a48b4e7ca9be57fa0a1f2e747f488325685bdb18d73a95

SHA512
e61f196e7f1c9a5fe249abe9b11eea770fb2f4babc61f60b12c71f43e6fe9354cf14869daf46abc2c2655bce180252acd43c10562a2dcd31fa7d90d33253820e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a8ee2694ecab8597d4d5a0aec271abcd

SHA1
38c1fd14e66baf46ff3de61bb28e6acdafe77561

SHA256
4a9edf1da04e206bdcc919104e2fa23a12082c9027b85248393e12e4737e05d9

SHA512
591a9b36ed8b47e1a44080e1b54095ecf2eeaae08934d5340eae4b13a9674e578e4f111a190a5d115155371d661d7254c9206997e53794151f4b13ea071fd730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
52008e7bf5be7e50ce957ab733d4e816

SHA1
f98cb1ebb8892b7dfb72f2546dcf21e1c673c7b4

SHA256
9684bdaa05d69234bc664c7135e7ebec4a81e9eae479aea26935fc3ec0e22a3d

SHA512
c97ee3ee00187483a02becf298630632e4bdb0ad38759db0e5df0b31b5cd0774c1b5e84a6b4faa24de011e672c4ddc21850b7dbd410aff6315c85494c4016f4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7b13b7e61ab73551476ce6226d56d6dc

SHA1
b2553ac04ac42a256a33c57aadc8cd3f405cf1f6

SHA256
0a1d2ff7ea7f2b5da042709c43f0fa15465800d2aa65b1d5d5fa83c52b8af58c

SHA512
43b14770d52b7c3fd23fb0eaa247bd246d3fef7c86f9745d4119835b34e711a8b26c768bc7654c7e03b25e58a586bd0cc1a2be44ee669957d3b6dd96dcc487fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c86a29521c58c5990fc36d6554562f33

SHA1
b3b836d400f397f34bc24befe27f84f0c07c83ed

SHA256
3c7ec8c5466098c07e28f2413aef0a5e1087d195a208850adaef1380e82b9285

SHA512
55b07c554db2c1e474903491790a382e81610ff4407ed1d3d128d9534a2f4a5e04d2f2f28bd035cdee86656e5fdaf708fb7fb1c7c3c3759bfd0feb6e889bcf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4d15df075aba5d2a4a8b71074c5974a0

SHA1
b3ae15eb4f5b9aebb76f783057ed376a24239268

SHA256
86603df28c9fe7b363ec7ee908f0f148235a1933cf0a6f938f3cd6c5ca383d55

SHA512
fc624e5e5495161a9e2280fe1c7075b4f5e6e76db23768f5edd630fd90fbf8478ec5c1e86a821e59cad2df32e5f45597a008d1de1996e2ab32769d183e2466be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
192fb8d1904a61838fabc7f8908e4b12

SHA1
1b8de2971299538c9d622989be85557d06b3060c

SHA256
f383943eedc766727d4d8cd6b014639a25c13eab657e0e472b5b7e2d9ce31b21

SHA512
c4ec512fea18642364de61dfa3cecfe23e8441c7217d97bc37a77eae64421dcf6a9caf9ba02bb2b3929f4c010dd5ed7ceacfe64a5fd6393d1176e38af439bdd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d278ad371363271958acd8d48c06c47d

SHA1
e4464f93a331de17809da1bc16e5fd35b93b2647

SHA256
c18c258b596eb5a16e6a08354e820fd6c61450199608d29ab40f2813e21a247e

SHA512
c3ac21a97f90a02caa11d4069c345bfb64aa80299dc24868c85c58f88673dfa20cc8915410d3ff3c817c2b56b9118c09966c569643d3ae0ca63f1a95e1870c40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ad6a7d82adcdc4bc417219df34acd638

SHA1
8a9319784db795e2b03a07e41867b638ac81ccb8

SHA256
1206e648e7c4903d86b7ae12b317d7374588ff57c25c44d4b991616feff45b60

SHA512
323393d658d50646f7dc9944d414d7a3c5d46777f2c45ba8de99b535915855da42981bdbd936bd1a6f16cfee67ab0456f5f9a3b28801c669cfb7fa2ca34a0c3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe599fe0.TMP

Filesize
1KB

MD5
f82d6ac09d480e59f57f061844f0149d

SHA1
66cbf98ec17c3d11266fa161c428374842a9ce5c

SHA256
3e472cca549b429709327575e481068daf73d014a3277d97cfb434ebfd8271c3

SHA512
43f90b30394f3c039261b29f78ec5bb052d97278c984ce49a3f7b554eea4f0ef6711a90e4215fe3711e14d3cefec232764ae3acd787db7c60074a59e648dbf8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
94ea528709ea49a1e8d5953d050f40dd

SHA1
5337d0bda324dd254876be80163ae47d7ca3f9da

SHA256
5004bb3b93e016362a59fbb9d265d930358962924de52dd7a3c274a4b21ab55c

SHA512
252dbb35092a69216e10fed958e4a44b3c0ce5d9ce26372307c7b99337f6b87b3a4993e6085c6169538399d4b2cd7abc31deb1945f352da5bee8f6be88cb9c14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bde68a29fa3eaf01ea5655c78d2d0832

SHA1
9a188ef74822a7ed96f45007aca0a5c33193c313

SHA256
c6e28b7b1e8ab1fd14aced5be9825bfa105b3196d7d76e396592ca5c4303774d

SHA512
6b6a9dade1ee2630dbf3be78150ec3af76857c96ab2d390dcceaed9b877e70b10f5c71b2667517c7cda497e7dc88cf16cc1a2a86f533b32bd33dddc821cc0c03

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\activity-stream.discovery_stream.json

Filesize
28KB

MD5
6bc6e77b792c7f23b172a79001761a2a

SHA1
76d95e24d57afd9e3800e92ac006a51d8aaf1903

SHA256
97415dfe65517eb689b7db376426e832c61c6ab0fb695ae86124054477f71a0a

SHA512
c669b39c92e16b588c090a1a34f459e71efdc90b72e35555c609d39447d5551c8eb755f993a5916ed3253cbb6c869a6f2ce60424f365e5ca7d4c7b9ab916ccdc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\CE657C0FBE4D63BE45BB366353D75ADF9A52FF96

Filesize
61KB

MD5
4f8b4d2e3f58704ae09688ee0518be6b

SHA1
b31946199b06d446412df808125bffdcf0bbff78

SHA256
2cb73449a42a84230747918874f0eb09f026ea8dfccb5994470f3578d468ea20

SHA512
aadf6c2ff4e6461be0f036f3cc50391d2ea079d9f503014641fb595fcef313bc210ea6bd0b2e009c1291fb22b2d2eeed3132c4c90c8ebb81ed319648f7cd10be

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\DC904F6FE13AF2FDD1A89E5DC2045B0E5EE12A27

Filesize
224KB

MD5
3c262805dece7b6a61c2edf548a2f632

SHA1
419c378d6615c1b10364af7e57e8404bcfda4a12

SHA256
714e002418da198f1067b637c3cbd66b8cdb42d89e048aff797bce8100b805b4

SHA512
e69b5c3a13f3fc85242b38a919aec05313a2e2b01d7fb1b6d3b79d84b479e6d81dbe2b48b27f28a93b7d3b72a49e2b97dc27f9781392e21ecfa256ffd7dddd98

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\AlternateServices.bin

Filesize
7KB

MD5
cd2004afe4aa2ff6fd3d8d44ce054daf

SHA1
f1143af43159c3a1858808f4b43856a0608cfcd2

SHA256
2ae48e9cb728ce50a5dd56cd70152b5ecdf1eb0e5ee6ec66f02c12420d7f3588

SHA512
a5e6a4f16659d8ef0cd110b023d7bacdf4b51deeb7c00b436eb991f5bc967e61fba2d8be1327b2ea884e5359153ac93d69b8d6b32131594dc2a504866312a197

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\AlternateServices.bin

Filesize
10KB

MD5
448c5a7fe0288f35982df1b3e4b90db5

SHA1
275bd7aea17c64e747e9a7d687017bd7e502247f

SHA256
fa380fc9d6b4f6e49333b9c5213a9900f384c7f5b4001ff4ddea5178c95b74c2

SHA512
065613abd8a9e8d3e91d0eedb849a4d3e8e310e06218badef2b23f056017c9d791af9cb76376054a5e95a00c57b43e555d44560e1df768387c2ed0eb78a19e4f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\AlternateServices.bin

Filesize
13KB

MD5
cd1d9d15a4a3ba0efbb6f0736c7c73ce

SHA1
80ba58e2eee41a0e72938645cdf386ec7244c07d

SHA256
3ac17431f90ff60307784511690664a36dd24b9846d1a47c3e0e7537186e6c37

SHA512
a7426ba2cf82d32c5079f8f28eb1a7227906935ed2d5e4b570f6d06bc25f388e9b4b514c62e5050ae3cd3f4ea48ec5c0d772ed797c8c754cbc2029487110bf8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
21KB

MD5
cd95b45723024f26882ab7bc0f0ecbb0

SHA1
f6ae3d3a4700554295d99d27469ee1dec3189f36

SHA256
23bb0ae9d59988b02f97e61e9111875f62dfd6e80b0ad70653724c7e7c6de62a

SHA512
d359b48c1528919450ec07c86f8847d7b494d2d97150cec84f17a5c4c04671ad2fd360a01f4e41d48f3ef7b19f9e1310df617f50fb123dff360b0ee2774ded13

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
21KB

MD5
879165271b347b7690ce0d15ed811dd7

SHA1
258d3b111294a631a5cddb5eded04145afd606dc

SHA256
9614943e1c4815c8f1c6fb2520c390883256e548c279b3c7287c72b79c377482

SHA512
d43a0862e87a0df91929a0b988a8a8cb43df8f85583abe5c016e26086ea526731b8f427a95ac67587d5e7115d68913fdd0e003aa137f9196aba3a26911dac42f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
26KB

MD5
7c96b78b8480b074400ef91f72302244

SHA1
debcbe7faecd2a92e5af40dc20db4d1cded2415b

SHA256
6502b7aabaa0042aa0105b233da0f354fb18830a9a90b3ca032b3cfca1ad2641

SHA512
3311fd39641025f901f4a0027f44f49476fb48bef7f6c2a15f50912e521d40ca2f4f1ea3700509fcc7686b6db8efc85a095ebfedd56194266f99b054a564a4e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\pending_pings\4c643c91-b693-4993-8574-2d3309966c05

Filesize
659B

MD5
c64fa2b53575fd386913a75e540a6a96

SHA1
5683ef19819e217b492eb016e22d37bd5060b48f

SHA256
044e138fc04aec2436f1dfa3708727ebca2d9b16e1753648f19d648ae3db60eb

SHA512
ae1180bed68d5442cf8ba118a9efa3495757ebe54e43c9e8a10b2f78f6199bc2ccd2edf6d6e565639520f1476f517749bf6f12f575cdeca1fab79cc7276412ae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\pending_pings\fa78d091-561c-48d7-8c00-cb8edd4f4a5e

Filesize
982B

MD5
e2c483da8ea8da2870c54b3eedb25486

SHA1
5d88b0105c4e7a5fbea5ab221bc2fd8eee5f7f50

SHA256
eeb56dbb717672725c28cf780a91a7e303c9f79dc1d0d3002de92686fec54a99

SHA512
7fb41f8b78b5d002f6f7b27480f9e01d5dff7d8d3ded0fd8e8cbb1e2fa8cf195dc9e4e3d14c281a4b0328a0ba64e7cbfbcdefd93df8fac2ac0d81c8a96ac3c8c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\prefs-1.js

Filesize
10KB

MD5
36d6e16dbbfbf0cf91f0404848b87a15

SHA1
a10ac0696bac1b274ea2897bb6b1336dc760345d

SHA256
bfb1e53f4669c8c1a26c0b09651277f6e4c9799a9a4c40a5de19040829a8062d

SHA512
72f1cba53a4558891686cc873f8b28a91f29b0f1dafed525f72e4ca4d35c7c5d37001d3db9899d13c5291e37840e6e474a61032ce196588ce8427443cfe7b253

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\prefs-1.js

Filesize
10KB

MD5
a9f472af1f45dcfb3d1cdd8dfd07a0e2

SHA1
43d52932a9202bf9d64220ce3a6fbe1299d544d6

SHA256
a4442f6c8eeb671d604b94b2f7af7592db63109e747f1f22ca2f7c54de4b7b8b

SHA512
1151a4b5d196bfc9a1c0d81d7142870d3da5cb2a7bc87557d465d82803e0688cf9631bed13378050b23e3c786e81083446f2d755d7e9359b5a372fdffc1045bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\prefs.js

Filesize
10KB

MD5
443786299fcd0f1cab497fddb221146a

SHA1
ecced397edebd25ad094d93396d272caeb85b57c

SHA256
f0b80fd949ec38f8450353e24c453a0a6db6ceb58f3e108db59a3dbabc24006d

SHA512
f129d48cd71854202366404b813531db028327c7bfd8a288f36459ce78c83629a7e67a03dcade50eb3085e958979ebc985a9cddaf01c605d595393f825cb82f5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
d24bb767513e1f065f03e457f21331c0

SHA1
ccbb6100d31b5798fcecec1c5ebe6ec6d76f4be2

SHA256
fe7d37fe6ee86a39ccd9dcb8a73bcd34b905bcdfc81557cea8183f94a0de28f6

SHA512
f010fce327d2e99458141c15d9db26b28582e87232965bb8eaa2b45bd0c81aad09bd952cc07d1e7df418a44b6fbbd75def969691c6ee3d58dc7ab49c74c8370b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
ecf487e71cca11fa7d060f81c5406bbf

SHA1
0adfa2bc7ee66eb11eaf7f01094c304d7161bd0f

SHA256
7fb13ea7fca394f837656e9566c211cae9829f367b6cd16f08b1dd20049ff9c3

SHA512
6879077dde685b7130ddc6ce655e110791033022cbe3d2eb2e02973b9342ffed8727774ead51aaaaa2ad618f35ff1584fd6a2f396dccad89ae83e66c51921662

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
a24c764746380c5b6618f46a0e357437

SHA1
854a22fcd245e7327d9924bdf7c91f021ea8d96a

SHA256
cc416910aab156ebe08cdaf7493eb0ccf2338ce3c9ea379d6ecd3bedcf60da33

SHA512
ac07a6ec51463b3e576c30925753e7d7f0af6935808b6db25f27b44719e9a6c260dfbbcc917823889bc7562c38f9c7213888f1797ce53240dd4a4e3326ac3bdf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\storage\default\https+++www.youtube.com\cache\morgue\199\{7b2367b4-a981-4b7e-8e27-9639c4049ac7}.final

Filesize
192B

MD5
2a252393b98be6348c4ba18003cc3471

SHA1
40f75302fcbe4a8ac2e33a8d9daf801abc2a9598

SHA256
04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee

SHA512
07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\storage\default\https+++www.youtube.com\idb\767625156yCt7-%iCt7-%rbecs8p0o.sqlite

Filesize
48KB

MD5
f552aaf7dd58debba9fa3a64e4fceb3c

SHA1
bee6136b5a2b6c6a74031fc8188f1762ca3f5484

SHA256
2426b6ef331a848234527a787dd92722344af03c56d39cd3c01340fc91ec494f

SHA512
3c8b81b1e35fa7b1c0e1ae62c8c1eec49fdcc83d14962f4b7879cbf5b2462e1e8df7fcfc8815ce35f59c980409deabc522ce24ee8a0a0db7c58afdb454e71d45

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 432413.crdownload

Filesize
2.3MB

MD5
1b54b70beef8eb240db31718e8f7eb5d

SHA1
da5995070737ec655824c92622333c489eb6bce4

SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

Download Submit