hxxps://anonfiles[.]com/83K7d0c1zc/LagTweak_rar

Resubmissions

05/03/2023, 03:52

230305-ee6w9sff38 1

05/03/2023, 03:47

230305-ecbcksfa7s 1

05/03/2023, 03:41

230305-d8tclafa6x 1

Analysis

max time kernel
65s
max time network
280s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
05/03/2023, 03:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://anonfiles.com/83K7d0c1zc/LagTweak_rar

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 42 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\LinksExplorer\Width = "290"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 606c22a61d4fd901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dbb59ddc676e394a83d3f942d26f43ca00000000020000000000106600000001000020000000b1bfc43e20b1a488e58e8548e1976fcd2802f27da84a7550ce5ef293151f9b8a000000000e80000000020000200000004cbe5bcd504812f219b48b16ed7b80b7465a76d19ae14d0b3c5e54996af91b7b9000000014edf8b034c419b75fa0c14471f114e3c29abd39698a17c680dc67ad54edf708717f4b990736bb87c942965c68efedb705601ddc1d976265bec6f1caa6bb4eca24d5ea955c1f080e68a3b3cd404e35f6f1f0722567cb61e49998b1ce90c20d72f7fcae47b0ba6ed29cf326bbd2b616d74068838b218f4040d3181122d19656842e63fc43e2930181c806a1dcfe1b64b3400000001dac1a99c218791c2e4b355cc488f0b742eb5e977d1cd440617adfa046ea1c028cf373514fc3a14c59d0eba46f04be24f508df80df7e7b6202bfe72f0661074c	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\LinksExplorer\LinksType = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D4CFEA61-BB10-11ED-AC43-E6255E64A624} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\DOMStorage\anonfiles.com	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dbb59ddc676e394a83d3f942d26f43ca0000000002000000000010660000000100002000000058264d5f9966b4d99174c9202258632a579efc1bab68f0e771190ac0539f0217000000000e8000000002000020000000c21ceb17bd5617f90b0f94671e5fff677bdf356ad5c7017aa5d181058a7560ac2000000014f01d85429889f8eda2211a1745a3aa8c0d1354c22f61748ce2e95aeabe1b5e4000000079872950b59beb3380d16568be24d7f32b45081ce6f7668faf2d316bfb59f2d1fee3d2247cf25cccef4cc3cafbd9dd50f4fbba2b470c5921c263c9bacb8bccb0	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\DOMStorage\anonfiles.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\LinksExplorer	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1980	chrome.exe
1980	chrome.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
1432	iexplore.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1432	iexplore.exe
1432	iexplore.exe
1520	IEXPLORE.EXE
1520	IEXPLORE.EXE
1520	IEXPLORE.EXE
1520	IEXPLORE.EXE
1432	iexplore.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1432 wrote to memory of 1520	1432	iexplore.exe	29
PID 1432 wrote to memory of 1520	1432	iexplore.exe	29
PID 1432 wrote to memory of 1520	1432	iexplore.exe	29
PID 1432 wrote to memory of 1520	1432	iexplore.exe	29
PID 1980 wrote to memory of 268	1980	chrome.exe	32
PID 1980 wrote to memory of 268	1980	chrome.exe	32
PID 1980 wrote to memory of 268	1980	chrome.exe	32
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1532	1980	chrome.exe	34
PID 1980 wrote to memory of 1152	1980	chrome.exe	36
PID 1980 wrote to memory of 1152	1980	chrome.exe	36
PID 1980 wrote to memory of 1152	1980	chrome.exe	36
PID 1980 wrote to memory of 872	1980	chrome.exe	35
PID 1980 wrote to memory of 872	1980	chrome.exe	35
PID 1980 wrote to memory of 872	1980	chrome.exe	35
PID 1980 wrote to memory of 872	1980	chrome.exe	35
PID 1980 wrote to memory of 872	1980	chrome.exe	35
PID 1980 wrote to memory of 872	1980	chrome.exe	35
PID 1980 wrote to memory of 872	1980	chrome.exe	35
PID 1980 wrote to memory of 872	1980	chrome.exe	35
PID 1980 wrote to memory of 872	1980	chrome.exe	35
PID 1980 wrote to memory of 872	1980	chrome.exe	35
PID 1980 wrote to memory of 872	1980	chrome.exe	35
PID 1980 wrote to memory of 872	1980	chrome.exe	35
PID 1980 wrote to memory of 872	1980	chrome.exe	35
PID 1980 wrote to memory of 872	1980	chrome.exe	35
PID 1980 wrote to memory of 872	1980	chrome.exe	35

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://anonfiles.com/83K7d0c1zc/LagTweak_rar
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1432
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1432 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7229758,0x7fef7229768,0x7fef7229778
  2⤵
  PID:268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1188 --field-trial-handle=1336,i,15829213021307267928,9657070104283523358,131072 /prefetch:2
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1476 --field-trial-handle=1336,i,15829213021307267928,9657070104283523358,131072 /prefetch:8
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1436 --field-trial-handle=1336,i,15829213021307267928,9657070104283523358,131072 /prefetch:8
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2192 --field-trial-handle=1336,i,15829213021307267928,9657070104283523358,131072 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2212 --field-trial-handle=1336,i,15829213021307267928,9657070104283523358,131072 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1344 --field-trial-handle=1336,i,15829213021307267928,9657070104283523358,131072 /prefetch:2
  2⤵
  PID:1612

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1632

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1824
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:1440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1440.0.721834584\1006455361" -parentBuildID 20221007134813 -prefsHandle 1176 -prefMapHandle 1156 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5dcd891-6c9e-4849-b430-5bbc1604c5b3} 1440 "\\.\pipe\gecko-crash-server-pipe.1440" 1264 1a61e158 gpu
    3⤵
    PID:624
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1440.1.1857921823\637431514" -parentBuildID 20221007134813 -prefsHandle 1448 -prefMapHandle 1444 -prefsLen 20971 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {73e577b6-d03a-4a9b-96d1-c23f2b9ed8f8} 1440 "\\.\pipe\gecko-crash-server-pipe.1440" 1460 e71958 socket
    3⤵
    PID:520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1440.2.1986560247\1655279937" -childID 1 -isForBrowser -prefsHandle 1920 -prefMapHandle 1072 -prefsLen 21119 -prefMapSize 232675 -jsInitHandle 648 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9f28674-71e0-47f5-939f-ee5cd8a709bb} 1440 "\\.\pipe\gecko-crash-server-pipe.1440" 1980 212d9c58 tab
    3⤵
    PID:2276
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1440.3.1437926098\1875399985" -childID 2 -isForBrowser -prefsHandle 660 -prefMapHandle 1608 -prefsLen 26564 -prefMapSize 232675 -jsInitHandle 648 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3880378e-2750-43c0-948c-55d794f56005} 1440 "\\.\pipe\gecko-crash-server-pipe.1440" 640 e6f858 tab
    3⤵
    PID:3004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1440.4.245600046\1195581638" -childID 3 -isForBrowser -prefsHandle 2940 -prefMapHandle 2936 -prefsLen 26564 -prefMapSize 232675 -jsInitHandle 648 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e39a61e-2072-4016-b299-dda0a5545e1b} 1440 "\\.\pipe\gecko-crash-server-pipe.1440" 2952 2346f958 tab
    3⤵
    PID:2392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1440.5.1830621721\957706594" -childID 4 -isForBrowser -prefsHandle 1816 -prefMapHandle 2292 -prefsLen 26704 -prefMapSize 232675 -jsInitHandle 648 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c368a8fe-bfc4-4438-af2a-2b51e19b0940} 1440 "\\.\pipe\gecko-crash-server-pipe.1440" 1824 1fb8d158 tab
    3⤵
    PID:1556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1440.6.1479189680\1949977033" -childID 5 -isForBrowser -prefsHandle 3876 -prefMapHandle 3852 -prefsLen 26744 -prefMapSize 232675 -jsInitHandle 648 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5095a41f-611b-4529-8ade-4c31e0173186} 1440 "\\.\pipe\gecko-crash-server-pipe.1440" 3888 25f09c58 tab
    3⤵
    PID:3016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1440.7.481674412\121916966" -childID 6 -isForBrowser -prefsHandle 3904 -prefMapHandle 3900 -prefsLen 26744 -prefMapSize 232675 -jsInitHandle 648 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0b43d99-42bc-4bf1-8e31-281c5d1b14f8} 1440 "\\.\pipe\gecko-crash-server-pipe.1440" 3920 26122258 tab
    3⤵
    PID:2660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1440.8.1335062663\2142605149" -childID 7 -isForBrowser -prefsHandle 1876 -prefMapHandle 1872 -prefsLen 27393 -prefMapSize 232675 -jsInitHandle 648 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {111e111d-7920-447c-bdd6-54ebb069e18b} 1440 "\\.\pipe\gecko-crash-server-pipe.1440" 2968 281f8a58 tab
    3⤵
    PID:2504

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe0d1085144e1edb483243dd51708ed1

SHA1
4be91be01b23a0452852ac14753e607b45b72fd1

SHA256
c28e0b11d0b01ca1a61c38ab2901750513a42b88f6c1dc43bc33f9553b2ccb6f

SHA512
7e0e2c045d056f8236860e59f56ea8042326feeeb2e7417935f4a79a81b02f4fb5622dfb554e4fa2548bd429218f65f539185fd16a183963ce7b0161802956c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a2aebc0c450ce9afbd17235f44f7e021

SHA1
bbc81a982ce5864597ffe75af4b39e69b7df22f8

SHA256
e40ed0cd73a021bcc621e3ef5d293f77a55ff4ee605d6e99941bb1b70d69974a

SHA512
b64e6295440fd58e2c8c9042bf586918774e1bd9925f6595e237d57ac76871556f4c456a926e555598c775850dfd5f9fff5e6cafccb40edc9a045b47fd2f7e21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6f8e8afd73f291342ea813e85160f867

SHA1
5ff11a76853dec38a80db7e814a7f28643d60697

SHA256
e04ee2e85a2ebfaeddc606484d4f599f92a22a4e7723cb53e6cde1c94784ecb2

SHA512
4fda31091c33503700ba2e0006ea1b511f4cb78a046b2d87f27a553e06fc5ce2490bafd316453f6b7b1c1851141988d27e58cb8fea1fb881f2b14126ea71313c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2cb0d57a0068f4f10cc14bea4ec9f747

SHA1
ec4021275d22a195b57a06b1a50e60293b91f64c

SHA256
19be702791a8cba24aeb968c8803a3e7f2ba57131d610ff738f8858f99896fb8

SHA512
9155c0d57f3ff00e695baec12c5417cf2e8b4803ae63b28b999a7048f3e34197d26cd9e8fe0eeb44505b032e37c6d2f3211792b7429b9417ef6bc2be1f7e5b85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed1ddb9abddce7cd6225648e63ac3d0a

SHA1
18b340cb41f9f0ecbbff9b2475b9d37aafbef203

SHA256
37387e6f806cc0362c276654d1be3438f30312dd3fb2c1ea8c830e9f48fb3e0a

SHA512
d0fd6f71233c38501791748463d95389552e8362305d1b767a1501bd280bfa491fa739dde1fe21652f56df857410d9c749d6114415789775ebe383065d99101b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3789e6539454d567c3f232cd830d91ce

SHA1
5b9bcaf23c50f31dccbe33e287e4009ec7e0a2b1

SHA256
9146ec260abc08f0d75226e4ee1d363ba1e64dd134baf1c17b9b9172ff1eb6eb

SHA512
28c4182d88a926ea7086179bed4a98ca54d1460356c9510118464b3bc425b5b40a42faaf09a0f7d284529134fa9eaff0cfe7931d416449e2482dd2d653882929

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
927283f63db52bff991ea94919eca3ab

SHA1
d5833754e967e4f41df5244642536b9914f52656

SHA256
2040719b72a679a9ca5b65911c27d26b68c206bc9f30a5951bcca2222ea3c580

SHA512
56c8ffd86583eb7794425200a1559342ecc87cac6939086238705e0bea192333b6393ccd489b22d7f51e59ece87c6561083c22e9fe435b257ac1f7817b3c9777

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc8aa6ce189c64d299902e1720375afb

SHA1
cadc1ff23e601ec3590b65dad2dea691cd9018e7

SHA256
7d5978e250155692b57411a88463125a34726931a804eecdcccdf2593059e1dd

SHA512
af9871b4fdbf9a8a27eff5483e2c739ad232a3df6f9816b59b969d327eecfe3d7af6e09b82330ea246d3baf11a093c4542f4d8ffc99db4003b1622e9b9513530

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d60c2af20bfecfdd2e9d0bd28fcd2d93

SHA1
e73e66ea45e557787cb88497da3c7b9018c5f98e

SHA256
a40ad265d1df6fd04ff557319384ebac11bb973ee37086677d729d9924413b73

SHA512
3bee301e82e9c890199baa87ffba9ae35a8cd90cf3d271479d3ec0083c1cd9e2890332f26502933991506b758d55b97a72dfb8dbb957365753a1ad2923ef4a9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bf9e5738a42e0a651cad63807ffb9072

SHA1
a8d4cb239ba937215a27f4a19a153c417a5966a6

SHA256
b83c7de9160cdff5a937379b8f6aeeff68f85f68525d42cb9c87e3fab8970012

SHA512
ae08de321031e1c838d479f52bd9aede60f178ab5a171643bd81f7724f7241c0e15006fc32c64575417531bfce603c7a13d0d8a65469b8a9bac451f454e03b76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c9fd8b345d408a2e4afae0fb0fe29ae

SHA1
ffc8fdeba0f3ec09091d0556be73c73b67428df5

SHA256
85d1774496504950b6348994a682fb8c09407c455876cf2c59ccb92b6c9feda4

SHA512
26fc3a5da33f2574bcc57afededfe33535d61c6f50801528abd93425176ef8f8084ac7316191b3811fb2b3349b954b3ef08130733eda509faffebf4150e00c04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
79f8c6e5966b1bdeb93d4d89c602f287

SHA1
fa0c1c9dba0fa5fe67b67360827482f81d228c3a

SHA256
a80cdba22b405a359459184ad51f8f3674f8f6f02fce2f1648daa5db674778c7

SHA512
e243ad6dbf7cd7f3e86e77ac957d6bec43dfa12e0b270b93aa9dcd34bd6f66c48b9a746eafc990c774be1282754c75dca7419f70643d3a86766b4e8d8b57762c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba2c27cf76d626f6d39c37fc5d2325b8

SHA1
a495db8ebd7e389ce02495d0a08b22e962322d09

SHA256
cf791436a2c061f378dbf88b245d9257b002df1a572c4eead16e5b02e06ce748

SHA512
66451f972058bca8c19d49aa8cf4c40419dcac41af4e40c590d9844c82b4184c0197e976a8414f8f554f57964057f9e6ef95d1e593e83f92ddcf4cdfe08e048b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
81b7ab0bc3a53e6bb0da76331fa6c638

SHA1
1f67fa4a147aca111db9f6aacc4550e6cf446607

SHA256
3432ce84f591382d8a825e71823a6808db3fdab7bbcd3052c15a8ac4e9c96e54

SHA512
37823da4bee1fb67f0bdec7a1b25a914feabb0f159c9405265670877eaa88ba7ea069d6dc7fb68f3809c9475349228d8e3ef646b60b1a4ee21c3295738ed93ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cccb7c15ac34a0f7f0fef6a413c13291

SHA1
fe3097712b8532e90a6b77c181ca5c162350a6e2

SHA256
985a28b018428d869d65efe362fe795d8da3af190a743b8608fd738e51733765

SHA512
f068289422c1da3d9ae6177f26b44b2b460140e8343647396e62d6d6ef4284835ace5a407a2d08ceeb3d358f2531c8f6ade9cde192e056428f953525212b3d82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c1da045d1f2adfda381ba82ddcf99149

SHA1
7f575563db0f72aea5951c0c23588a853ef2929a

SHA256
957d7dd218d18c23349bd26273a5e35814d133ffcb738e2c674ac722a0c79c78

SHA512
9b3790613f4cd736654169be21ef349001ff8251fe880783023a02fe31707a018266a4dd8cb957b970853acb16620411c9ba6da64f74c047ecaa278e3a62db58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e5a469ad1101fa2520be00e09c590ad

SHA1
be063f7c1ebfc126c6532e68b84e312a47d7e0e1

SHA256
27dfb0851dd44a508f1355fef80aeb6af06bb4bc4f0e7d19bef28bb56ac9ade2

SHA512
c06d327064ff3a278506fc24b5f82616f97edaaaee53468b787773d30c1c94fef7b50dd90bc8b860649b8405b7af981c314f1eaef45d1e567e3a12bcac892f28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e196fa955f9750e13d5a283c229bea95

SHA1
cefd87facfccbd37017df4396fec052ad4d24e53

SHA256
e2b63da7d1370b60bd7d2777bdd7d9938cdb75f3026f70cc146e973c691971e1

SHA512
357087f2170db03e3111475fd3c98f6c6e793259601b822392ee2d7fad7ae2e28ba10c7a84522951d38e2535e3218f3fcd60d1f7b6acd381c4f1171831d31e13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c39d551e2d2ddffd3cbdf5ccfee0a822

SHA1
7db6e1e4b9caeecdf9a53ae0cb485ae9b01d37f9

SHA256
9a03384f10da8efad80aac8ab96a3816da546e2c4faa7df6e003b1c353ae5015

SHA512
a93241129ee12858955872d779c4e2cccf3528d05183588230da0221a7590a29e7b9d17b41287de05ba20ac89fc8b97d6b57fd637bed860ddae7d94a4eb131dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
03312181389bc85acf1adbcdd67e98ac

SHA1
9babd43341a07a6e54acf8e77661a5e95ada4b99

SHA256
f36c02c473b554102fb02e4fad32086b3ed3d036f17846ae3b3546bcd36de455

SHA512
2cce734db14cb8a4409aafd52868cc085ca958f30f4a15e793f987fe6c045bc44aa4c129dc141306351777ec5c714c58be8f321d7eebd526274651d11b486b4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
07297fca2657bf5e70d935edc329d0cf

SHA1
84684a874a575a46b73da7bac3f1c2a6b5df31fa

SHA256
293115e52c567813c3b83a4c73d6c52766d359a77dd6bf4eb79bbf2d06be1a13

SHA512
4badeaab503184967e1b7ced15f4cbc34e84bf110873b9aff74fc583a10fd2f9dbe70bcf7b0976594515a8391660971a254331740b6c5a80e8316e4721ebe419

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba6ec93420729dc3ef65ea825f9b4feb

SHA1
c2db35fa10ab86bf140dd64af76ec2179ee25692

SHA256
f8ef03a6d86a6f0e9a283f1df816f2cedf8dfe1d747444ca6e4e340a570da7b6

SHA512
6c657d1b68b7400e113e748ee7fd93bcc1d8cc99834818866762f18f31d5c3643f93b678cdaf74e88a67f120187d4e775faa4c7bc48678ea3963c759a4027f5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
040e665bf467d83c91f69259df217afb

SHA1
7ef6450ac977242e2c3deff8ee4572e43de18788

SHA256
51f51f3f964d5bf6fe55b44735039cd950ba8306a6c9fd71efb0ed5bedd42389

SHA512
b12e635ce30353f15167ad5cf440b04f943bcb10ee9acbf61b35607470ec11a07ca4d9e31e016e521e06b9e90ef65d9c83a239285b85eecd528c598188eba599

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dde72c71db48278374617e972645d00f

SHA1
7c702b934d069472d57533b9b975293a89225138

SHA256
274e5b17a93fb6a0af9672d2c95f464677c27142156c5a1fd4890aab65b0f881

SHA512
9d1dd1da3d861795698cb1623fd6788337a8a0372ac8c3f339774716f80fd530fbe361e8b51efd59adf24ae4ebf3f07599b2fdbe2554be2dc871b5beaa6b1721

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b4195ba8e123ca159e4f8939ff16882b

SHA1
b85926930893d0857d9ce9b2add5ac5561f8827c

SHA256
90a88df6de63f3739929b0cde47beeb1e90e4785d4b1b76ecdb3d0a48f40f184

SHA512
5713604ae7a3232fabcca772393721f8982e6b8db03f7afe11c53901df581d6201aca92222fb28ded5096c5949902e437cd32003320ea0d44c5d4d34351a8b70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3263aa62de4cab91ad0e31194a719536

SHA1
8f5dd1765f54445e128aa2cdb7317a893585b688

SHA256
a24e4c2f6a949551f061280cebd3fce63d6ce4f5a87f1895da4d1451c400d3ca

SHA512
8b911bd7e19976360c4e8302a76a3b612f9e4a1fe7588ded27494e62df7da8f68eff78b0f5613672c2c57c74a2cd253be28f944af43defc00376ef415bd512f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da09aa5b2d26271208119c388ffb20b6

SHA1
77c30ee253a6e2d59208e1c454447059499d5047

SHA256
81209d64ff38b4f9190ba937c16aa6cfa8811828961cb01bb5d895599ba38a75

SHA512
de8341afe7d4af483401caa403d2fa23c4c87b7bbb40e0c38a538314f80f1041631c485f6be324d1f5844f4ebd858c70e019f2f8ea2e9b5b0fc393db21c7262e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
900399ba199e984ee15ebf909efb2f46

SHA1
04bf9e5efa164d7070b11820cf54c79ad1aa71c7

SHA256
d626cccff0737caea0e38828c867ef28c8ff36844715a6a33be23576b58655fd

SHA512
d9f85abe7b2f8e63b131746ea458f998732954029a4195c7b99c0dd7fed27550908be07bb3fa8322903089b861ff1d03e89e48b1934a17f09ebf98df9c195cd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
28ea8761ce638d15e49b5af0fdef8825

SHA1
2102d9674364f9263ee9b4e5df46254629ffb600

SHA256
d02b2cec4e02b74d5563b28260fb819c2213d480cb252154f2e3f6e2bae70cd6

SHA512
744662de74d8ea31e148d7fb3639abf6223ad578af4fb16fef6f79f5954c4ade15a1dbfe1bd458ddd69fe042e6c0a76a3adfdc1c1b3a0e557b9e930afb953eed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b02456ab37f185f6b7b7aca8e0faea90

SHA1
e6ec8ca3676eda6feb4d94ce049c3ecdb0ea0bd2

SHA256
9ae0df8bcd947037e441d18e300515712ed649b285c86ff98527146a43cb0151

SHA512
7481f2b98c33056976c9407bef4501e425ce7fda5613decd98a7e083505e7a8b4c573aae7df57e9f562c0544ba50f9be3d5e90e971a73a745bf78ab4e57b895f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f8a9a8d316ed93b12820f0d72ff0807

SHA1
65109c4cd88b845943ae2519d53e83948a6d895a

SHA256
a747230ac2a5e1229ddbd6c6932adcee4b9b7987cd0c8004309cf26a0102a2fd

SHA512
7fb375ed64e1678c2398e38f063775b824b780bcaba42facef364b3e793bfdfa5e3801811d51b21c7b9a990472812afa1e6f24f5a0af387c47d537f0cfe621ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b2f0c5bf62e53d013690b2f86fddd0d5

SHA1
c88c4de66d2648bd221364f3ee7545a336bd8551

SHA256
e46dbb1c4f7d0bade8cb1cf2a79cb8f11574a4a9ef693b4c6f971170fda4177c

SHA512
838b99d77fbac2b2a5ab77f9508b457f497c20c23f8097314e4d8f6dc0a92f801b7f0ca2ad6b533a71e38ea95e864cfae08aebab9dfc1cb6e3ea1646389077b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
759d4a55e4cf13b6dc37ff656eef9333

SHA1
527215adbf59eb1be37a669e14d26202a7a3f16f

SHA256
71c100fc9e7f01a83f782668072dabff9834ab117a46355f24a4f7ff6c943944

SHA512
ad0b04cdc7ec128a9c35f7bf57627a03b301278bbaf39afd27be66b024a3623a899b3c692c70069ce1f93b1b56799d8d31ca34aa4626ed799f7f4b629703e013

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a9e411bfe8c672c5cfc75551292b3dc0

SHA1
dac09103338ec1eb5ba16f4a1b37596876bb5e89

SHA256
2fc8031464b8efc53256b8fac86203f497b7fd237cc267847ee335331eef2e88

SHA512
ec34803c1b887e0ed59e859d542c73a95c889072c8b7b09f413935166979c3d355f0d30d87d5e4539e5f88dd26f30d7c3629d62892fb44d3c52b77f63d38b23b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
242B

MD5
201c0ef1f50ef621051c38aac53a033a

SHA1
622117600d07a8c3ae304a654beb0f056c38add6

SHA256
3721abe4c0e43eb854ddb4d2e3bd0e38ebc85c51e6a51012d2926148f3f62b61

SHA512
9fda6f0ce1300040b818e2d57bae46e0f4ed66e3172c32d23e5d207d1e7d3641413f59e2a81399a0a9c39e4bbe3f923dc6b6d5d96e67415e792f5d12fa73e9ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\3d282eb0-0c86-4358-996d-ef15407f67bf.tmp

Filesize
142KB

MD5
9d67aa7f065faa9893497ca8a0f4cf59

SHA1
80074c689d0276a338421d0c456047995c1d9cba

SHA256
208cafe553c58a76b1df11b6d3a16a6fa2db231d6420390da51f1191361b1dd4

SHA512
4355f3437980efee0100cbde47645dc86f7388d14df132627910b52f6b8c29fa66f791a623c72413afae630ac2163fe167608636c0fa0d095f260333f649cc31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
49e2e4902c661a73c3ab7c845e538bc2

SHA1
a9ea8f2debe84a23bde1251231ca442e70f81233

SHA256
6beec85963f0db763693982941f69ea7d1e37f55a692090d772d877e288cf707

SHA512
cf6a56a0d536ffd237e76ab87d8e231b0a0efc26a47de012311d4ec72ef9adf4406ba102e2f45c7f7e56e15b93699de360a8451fc3e0ba2fd17e957de140b3a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
f61a55e9a39051e57befe91b87cbcfb6

SHA1
66bf2ef1a19ff463c4be26555243ac960e93bf63

SHA256
aaf7818a008f36f49ed7b8bbf24747d9a9e7eee6989362b23f82ce94d7cc6a85

SHA512
0c1f6803b85cfbd7af877d62190c5c3fc229b303d78963d8c5f1f07db54f5b9615a9b8773aa9cc1a2c447a7c74a6f8847441566fc11e6b05c033920956a3819f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
142KB

MD5
e02cea86507611ec68c11c3796eb5e96

SHA1
d9d955bb85a8794fc118927845b2f485252bb09f

SHA256
373f76540ee8b52240341af9357d90e06db17d46ded4ba25da292b66c747a0b6

SHA512
1d0806d2ef370bde687698a9f48b35ca68357e06dab79dcfec55a13cfe38917f4fa78effc3ca2895db07b6da8f1a3860d54ffa761d9941bbb2f7ae874f348d3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\07asiie\imagestore.dat

Filesize
5KB

MD5
d6de96f3ea94c73fbbc762af34d0405e

SHA1
56d940bd11748ffe60cfa5c04c18c090332a5540

SHA256
b852226075d376ecd6fb8a9ee44d1f301128e7345fe4db85aa064eca02d481e2

SHA512
63d23b944dd41ca413c763d8173e759cbc6752bee7a84a365cea946ef9cf0dc859adbf8eb78bb54968056d91c9ecef25ac6d0233fc9c42eb841ea4a71da88a03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4D33E1QE\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7FIT0B8\favicon-32x32-anonfiles[1].png

Filesize
1KB

MD5
ee0e6dd4ef643128a1b7bd4ab32b8a79

SHA1
8136c70aac1e50f8356c83f91fb77ea4b6596cbc

SHA256
51f305558b4ed6fcf3a31b4f9e404fc2ea426cb5e785ac46ce827de0c5cabb4c

SHA512
f57a1882e4d57f6cdb67fc5b8ed61d0dba28f000af87644bfd402275958163b66f7748b83e4d78dff72bb8edd9077c3fe67f5e831a6b79bce72ca4bd1d086b34

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0fuzji1n.default-release\activity-stream.discovery_stream.json.tmp

Filesize
153KB

MD5
74294f9904142a1bcd5a33537c721433

SHA1
4143d64dfd6948b98ec27a11e73dc5c72fbc2e67

SHA256
565cc0327789d86313238581a40b9d3fc098d88b488c0dad2915e44e1bbe4689

SHA512
d2c84ef525e186a7038e62b4b26f9fd3b66e5061e8068140a78228000784db5f5c09c9125f430d8ca7e84f8cdfc888a7824dfe4db01671f35694d9dd83481d1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2AEF.tmp

Filesize
161KB

MD5
be2bec6e8c5653136d3e72fe53c98aa3

SHA1
a8182d6db17c14671c3d5766c72e58d87c0810de

SHA256
1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

SHA512
0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF8D2D99D805D31A14.TMP

Filesize
16KB

MD5
3e57f34c171214b507062671bcf9b440

SHA1
819460717385bc616aba1b464d4d91df85182cb4

SHA256
4f8d32cc78f3bfdd181d1df90f37709a86cc4ce7e204e993666f24bef8624345

SHA512
ef6cb44def963168525cdecff18bede9c1d2a31503e37d8aff36d9cddcbd87d9a2579925ab1ff6786eb7e54192f9a3122ab260a5156205f9cbd44183165277b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0fuzji1n.default-release\prefs.js

Filesize
6KB

MD5
024c6fe18df82522164511c697474338

SHA1
152f2037990159375f4846bec398c223ac5e6ba0

SHA256
2bf01fd3c6c1e12236d23ad9d41fc04528bd1af72be08efb6ea097f4c8f64bb2

SHA512
071602ab881eef19d5369f88a8aaf0194f931c8a013088466c5b493f600a7ab914693899e37dd84e30e380b25c4faf674616ea09b76f89465cec406b5ffde225

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0fuzji1n.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
9d3f9c3dc014fcfc1f21ba685f725b19

SHA1
99ec6ff90f29827ecdde5175fee993f1148650d4

SHA256
eba4110e43a933f799b3371aa5d48da3e7de4c07eb6e291c4af988990b6cef19

SHA512
7ab3d4a9ebf920d7949a3d96aedf09968e21680fa75582121762e92224f09088f6d37d6fad1eaac87a9f2817c4f22c8e4777764fba89a3cb895fcb696c41ee70

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0fuzji1n.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
42f69db0a81b82fe080a0d9fdcf71eb4

SHA1
a5425091286fe3cc9a52f085a990d9fe35202c59

SHA256
ceaa8d201c0bdea75cc0c255f174a76ee2e28bfea5d5b5611802e69a27719de5

SHA512
dafc19ae91a0ccc54bfdfcf5121e7d7c6e745e0b89b5180b3c53cc2409db0e346df7072b76257a946bf2a279333391fd3b666ee2db5e7478f23b9f9ae74b3e7f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0fuzji1n.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
7ec31b0cf77ad91d89ba864b7e5e29ac

SHA1
b7a88594dcce7f0fe1cc9ae9362c58d1a16f1993

SHA256
38ce562826eb2c710ae62b9d0549e85da8b68bf11118b37d98df11a0696849d5

SHA512
6571d2a2d570d6e78e2b36667dbc20f53ff7b9f5f431f557aa1d1ec0bb7456e3c884b402a898ed69db94da0a8f70125ed15f30067d673e64e4dd46187b140983

Download Submit
C:\Users\Admin\Downloads\LagTweak.JF7_YtqV.rar.part

Filesize
1.1MB

MD5
b7628b425a0ce57bf7b53c00b3970c15

SHA1
9a1f6abca37b3f7f29828fc2701cf2fe5e0c2e76

SHA256
2029559ba6cc5c54dd744e6c282b68be664fcadd6e0fde963ff89c93b155dde9

SHA512
c5b55fed7e84a7873687f511303bca00f732875889199802f7bbe366ead0c8935bdf058ce91ccee0aaa77ee04daa241fa4866351ffec90ffacaac745cbb9710b

Download Submit
memory/1432-54-0x00000000023A0000-0x00000000023B0000-memory.dmp

Filesize
64KB

Download
memory/1520-55-0x0000000002EB0000-0x0000000002EB2000-memory.dmp

Filesize
8KB

Download
memory/1532-1815-0x0000000077E20000-0x0000000077E21000-memory.dmp

Filesize
4KB

Download
memory/1532-1762-0x0000000000060000-0x0000000000061000-memory.dmp

Filesize
4KB

Download