hxxps://cctdigisol-my[.]sharepoint[.]com/[:]o[:]/g/personal/smeet_m_communicationcrafts_com/EhlforyapBlAtVaTHrsoykIBY4ESkDz7eko4t_qhDIoFmQ?e=K6IS0y

Analysis

max time kernel
134s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
22-03-2023 13:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cctdigisol-my.sharepoint.com/:o:/g/personal/smeet_m_communicationcrafts_com/EhlforyapBlAtVaTHrsoykIBY4ESkDz7eko4t_qhDIoFmQ?e=K6IS0y

Score

6^/10

microsoft persistence phishing

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Detected potential entity reuse from brand microsoft.
phishing microsoft

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEiexplore.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3461667827"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3461667827"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31022280"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "386259495"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000016b1b6fc7cfc59429b2ebf78760d5fe3000000000200000000001066000000010000200000005ee0c79f4d8bc1426786d45822bdde2b7f371e5e0f42f3888e746603aff9ce11000000000e8000000002000020000000ca42ffb93f8424e9dc683083c8af4d8f11dd349dbf8b8b5f97209bf8e3626cdb20000000178aa9464514e4da9fe054a2f386936325de4579d892fdfbd7bae408fcdc3ef14000000077be0c33af1e454c59cb6db1d8361cab64148db6d5a3f0d4b92ddcef08214d3361a9d3060f194a1c0cee19f8c4b6700f23f690d792473ebae4c0f117f211ce0f	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3473573708"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e00683d1c85cd901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c07c8cd1c85cd901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31022280"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000016b1b6fc7cfc59429b2ebf78760d5fe300000000020000000000106600000001000020000000903ee7a16ec1fa81e653ae3ab9885fef5af1e0af5940bf9648310562625ba678000000000e80000000020000200000001affdb6170d4c251fb55b88880564ecad6a2113916eac560a512a9dc5f743b3a20000000e6964e0aa88eaac385563dacc8ffe1d4a625b5082a61062d19a945e3e8e7569a40000000f5d53a4ee31793d857c48369bb865cdcf4bfd930dc4bba4affb338262d14b5fe7710319f976fee4b9fb5f0d1227a87f14f1498a1ffc581281ac4c8107027b622	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{F96F8338-C8BB-11ED-9EF6-6E9A6C474791} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31022280"	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133239682421580071"	chrome.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings firefox.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

1404 chrome.exe
1404 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

1404 chrome.exe
1404 chrome.exe
1404 chrome.exe
1404 chrome.exe
1404 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings	firefox.exe

pid	process
1404	chrome.exe
1404	chrome.exe

pid	process
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe

Suspicious use of AdjustPrivilegeToken 44 IoCs

Processes:

firefox.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	2408	firefox.exe
Token: SeDebugPrivilege	2408	firefox.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe

Suspicious use of FindShellTrayWindow 32 IoCs

Processes:

iexplore.exefirefox.exechrome.exe

pid	process
2192	iexplore.exe
2408	firefox.exe
2408	firefox.exe
2408	firefox.exe
2408	firefox.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe

Suspicious use of SendNotifyMessage 27 IoCs

Processes:

firefox.exechrome.exe

pid	process
2408	firefox.exe
2408	firefox.exe
2408	firefox.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

iexplore.exeIEXPLORE.EXEfirefox.exe

pid	process
2192	iexplore.exe
2192	iexplore.exe
4136	IEXPLORE.EXE
4136	IEXPLORE.EXE
4136	IEXPLORE.EXE
4136	IEXPLORE.EXE
4136	IEXPLORE.EXE
4136	IEXPLORE.EXE
2408	firefox.exe
2408	firefox.exe
2408	firefox.exe
2408	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

iexplore.exefirefox.exefirefox.exe

description	pid	process	target process
PID 2192 wrote to memory of 4136	2192	iexplore.exe	IEXPLORE.EXE
PID 2192 wrote to memory of 4136	2192	iexplore.exe	IEXPLORE.EXE
PID 2192 wrote to memory of 4136	2192	iexplore.exe	IEXPLORE.EXE
PID 1716 wrote to memory of 2408	1716	firefox.exe	firefox.exe
PID 1716 wrote to memory of 2408	1716	firefox.exe	firefox.exe
PID 1716 wrote to memory of 2408	1716	firefox.exe	firefox.exe
PID 1716 wrote to memory of 2408	1716	firefox.exe	firefox.exe
PID 1716 wrote to memory of 2408	1716	firefox.exe	firefox.exe
PID 1716 wrote to memory of 2408	1716	firefox.exe	firefox.exe
PID 1716 wrote to memory of 2408	1716	firefox.exe	firefox.exe
PID 1716 wrote to memory of 2408	1716	firefox.exe	firefox.exe
PID 1716 wrote to memory of 2408	1716	firefox.exe	firefox.exe
PID 1716 wrote to memory of 2408	1716	firefox.exe	firefox.exe
PID 1716 wrote to memory of 2408	1716	firefox.exe	firefox.exe
PID 2408 wrote to memory of 536	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 536	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe
PID 2408 wrote to memory of 3864	2408	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://cctdigisol-my.sharepoint.com/:o:/g/personal/smeet_m_communicationcrafts_com/EhlforyapBlAtVaTHrsoykIBY4ESkDz7eko4t_qhDIoFmQ?e=K6IS0y
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2192

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4136

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1716

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2408

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2408.0.888805689\1886066358" -parentBuildID 20221007134813 -prefsHandle 1856 -prefMapHandle 1848 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac4463e8-c665-4c57-a40b-4772569d2b34} 2408 "\\.\pipe\gecko-crash-server-pipe.2408" 1936 1340c318c58 gpu
3⤵
PID:536

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2408.1.1384085842\1600800548" -parentBuildID 20221007134813 -prefsHandle 2320 -prefMapHandle 2316 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30bf70c0-d76e-4d0c-aa7d-558e8445f4b8} 2408 "\\.\pipe\gecko-crash-server-pipe.2408" 2332 1340b211b58 socket
3⤵
PID:3864

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2408.2.1595536716\443108301" -childID 1 -isForBrowser -prefsHandle 3168 -prefMapHandle 2996 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c432bee9-3805-4b6b-8cc3-c8e9b4e40c12} 2408 "\\.\pipe\gecko-crash-server-pipe.2408" 2896 1340b290e58 tab
3⤵
PID:5084

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2408.3.378571258\1235482879" -childID 2 -isForBrowser -prefsHandle 2376 -prefMapHandle 1452 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8d997ea-f5fd-475e-af63-2ad116ad6887} 2408 "\\.\pipe\gecko-crash-server-pipe.2408" 3528 1340d4f4558 tab
3⤵
PID:1904

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2408.4.345813682\1621899897" -childID 3 -isForBrowser -prefsHandle 4124 -prefMapHandle 4120 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {19a867b0-6f63-40a7-8878-0f710ee45cca} 2408 "\\.\pipe\gecko-crash-server-pipe.2408" 4136 13410395458 tab
3⤵
PID:748

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2408.7.2133826006\821508730" -childID 6 -isForBrowser -prefsHandle 5324 -prefMapHandle 5328 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99261fc0-71f6-4a05-bd58-272d07260bda} 2408 "\\.\pipe\gecko-crash-server-pipe.2408" 5316 13411840558 tab
3⤵
PID:5376

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2408.6.770520091\1839351549" -childID 5 -isForBrowser -prefsHandle 5128 -prefMapHandle 5132 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12908fe9-fc01-4cf3-aecc-b5cc7143307f} 2408 "\\.\pipe\gecko-crash-server-pipe.2408" 4956 1341183de58 tab
3⤵
PID:5368

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2408.5.800582647\713795225" -childID 4 -isForBrowser -prefsHandle 5080 -prefMapHandle 5084 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb6d7b09-96de-41a1-9de3-f76ab55acb44} 2408 "\\.\pipe\gecko-crash-server-pipe.2408" 4944 1341183d858 tab
3⤵
PID:5360

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2408.8.1898708319\2055011639" -childID 7 -isForBrowser -prefsHandle 5864 -prefMapHandle 5872 -prefsLen 26913 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d7fd71e-6f2d-4b76-b730-9b6de0ee7d2c} 2408 "\\.\pipe\gecko-crash-server-pipe.2408" 5884 1340d4f4258 tab
3⤵
PID:5980

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2408.9.1331074501\811808921" -childID 8 -isForBrowser -prefsHandle 5100 -prefMapHandle 5068 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1cfaa7c2-2db2-4cca-849d-de7a4941a5a1} 2408 "\\.\pipe\gecko-crash-server-pipe.2408" 5516 13410eeec58 tab
3⤵
PID:2984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff950a39758,0x7ff950a39768,0x7ff950a39778
2⤵
PID:5676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1764,i,16636501749453385888,11444653136345499175,131072 /prefetch:2
2⤵
PID:4992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1764,i,16636501749453385888,11444653136345499175,131072 /prefetch:8
2⤵
PID:5560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1764,i,16636501749453385888,11444653136345499175,131072 /prefetch:8
2⤵
PID:3492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3192 --field-trial-handle=1764,i,16636501749453385888,11444653136345499175,131072 /prefetch:1
2⤵
PID:5184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3320 --field-trial-handle=1764,i,16636501749453385888,11444653136345499175,131072 /prefetch:1
2⤵
PID:1824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4564 --field-trial-handle=1764,i,16636501749453385888,11444653136345499175,131072 /prefetch:1
2⤵
PID:4600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4716 --field-trial-handle=1764,i,16636501749453385888,11444653136345499175,131072 /prefetch:8
2⤵
PID:224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4856 --field-trial-handle=1764,i,16636501749453385888,11444653136345499175,131072 /prefetch:8
2⤵
PID:4656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5020 --field-trial-handle=1764,i,16636501749453385888,11444653136345499175,131072 /prefetch:8
2⤵
PID:5304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4860 --field-trial-handle=1764,i,16636501749453385888,11444653136345499175,131072 /prefetch:8
2⤵
PID:5708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4872 --field-trial-handle=1764,i,16636501749453385888,11444653136345499175,131072 /prefetch:1
2⤵
PID:1904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3432 --field-trial-handle=1764,i,16636501749453385888,11444653136345499175,131072 /prefetch:1
2⤵
PID:5644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3244 --field-trial-handle=1764,i,16636501749453385888,11444653136345499175,131072 /prefetch:8
2⤵
PID:4324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5224 --field-trial-handle=1764,i,16636501749453385888,11444653136345499175,131072 /prefetch:8
2⤵
PID:5724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1764,i,16636501749453385888,11444653136345499175,131072 /prefetch:8
2⤵
PID:5688

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5484

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_1941775A515122A167E3FBACF08992E1
Filesize
471B

MD5
0c032cd92527cbb43123670bebe441cf

SHA1
b725ce7cd543beafc9621346101553c2ed3bf46b

SHA256
928087de558cf887641665b27282fbea286e77b9d83c3e850ce650b83c8220f5

SHA512
5877002d8ba9f340da1612cb4b6516a6705920e8c4ef121cefae34c512b50a47686a0341cbd55fabb4918561ba9f6b1325eac0b1d6ad991eae88f23e7670345a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_1941775A515122A167E3FBACF08992E1
Filesize
430B

MD5
e6bba7f28f3bf738d7bb04ecbace323f

SHA1
90ce6752638ab088b9dd65b66603f99f426a4a99

SHA256
1ed8632e27c7b0927f262c6ff01e55ff3984bc618f9fc2e4b411fb70215bc0a8

SHA512
f22cdce4e7e321343d9522f01352275c6ce7666b59037294ab1151815f06bcee3cfe665febabc0852dbce7ae3c6b20d9cf3ab663daed0cef91d01d4a53be1956

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
Filesize
19KB

MD5
e7ca24dc3a47160c9af0d45e48f1f911

SHA1
c689e79b895a18c9f1334d6eff56744ae22739b6

SHA256
abb85c399c274734c689156024267ece39c2b96d82c752065c9a649a8abb4c42

SHA512
1b6c6e386b8ae1202e7699b2a56c7573ef44661c7c4977b0a9e261c576066ec3c536ea94c7a4cbb5d70ebef2405ad71aa1e3a10c2a9340c69831db53e2fccabd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
1a3a4ec36aae094425475dfbc5677f47

SHA1
2d8aa742e87ac02f9a6de6a997abdd0c6168222d

SHA256
d0d6072ffaeaf24e1d0159e7ae6d279048731a74ba356ab878c3e64e17ee9eb2

SHA512
4e45b30dba0dc0071df66cbaee12594317232bacbae1ce77d57db63355263df48cd3cd52300dc7c459a18ea02145c7a2bab23d12c95f1e0ce2de16c088a70d90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
670851152aed1eb907f260f48482ea4d

SHA1
4dce5085bb5a447853a72052c438adb98da48c34

SHA256
456bb4fc0242244f852e16c76b45173963d2bb84ed4d27c3ba656a047664aaef

SHA512
b9f39c5848572d9029d0581cdd1ca681fbcc207d119066c3e7ac43ed7cff0fb4d7a9959b8a6473af06e3e4a10ccdfbf5344a9226e7de522172bedab65f4ec4a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
874B

MD5
fbd44d86f34fc786f3375ebd89512849

SHA1
c4d8ecffa3bc4a2352debebb10e456aab848c499

SHA256
91adbd154bff436fe7171554bd93f4e822fe82d2a7568f0060cd6628e1f099b7

SHA512
e7e055b3c549032074c2c3d973eb711fbbcf66fd0a67b345adc1ea1485c3f0a7867b94a849885dcd2c39ac86e5223dd8283b3be1270e68436ec506c8185a3217

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
2b331de5069c227c5152d54752388765

SHA1
03286bfae2e824e39ff78925e4c4cb626d14362a

SHA256
29e3806aa45aa1e7bfef4830938e44876fd8018805589e0192beac296295d0d9

SHA512
fd405718c5247fb97594e741286c3674234e4229d68ce2a31a06e9aedca759fdeb6fe9e36379795fc9a938a5bb29364871085012f98d8c53ba818d31ac008cfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
0ab5b7f643778ba114bb288b9b1c728c

SHA1
7837d0693ec79795a9bdf148e1c641126b574f6a

SHA256
1b0045b9b0954292b2b009eea1e548f49b06eb7f8926fb758ba8b70da4f0084f

SHA512
9b211515e8579fac631d10efbb5ef3cc04dd4b775aa2a926d34f2b9d995e52a047e8f8d45e068971888f5d679ab4cdb83c10db68ed8ab5e44e83c69d8d14a4d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
b8572be53b8533e086a3718de020c553

SHA1
48a2aadaf170d9cf1fe480632d8d8171f84350f0

SHA256
e56122a5ede0f8e9e6c03d520a4385c210708fac83f9064b56effa511771c319

SHA512
a975b2619a1f8b243f284baedb1106ca94c32b643587f0419059ce19366b5ba0290330602b80fe5f313d13a32a5a37ca7eb081b10d21ba9373fdcaa44b5b03d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
1c209980ea6931578d3c9491bb41553c

SHA1
9f7544522373f235f98429a4c2495b4092ab3236

SHA256
23e0939f56de589f99cac6ed4293e9bee45873655768f904187a7ae9f2df1fe1

SHA512
d3bb1ecb6e912cfa7cfea5a6f1bce75480c7b218847040ef8278f582f17c5c84799f1230ce1b29a5566fd62864589409167b3bd910027d93280b116ac2ceedd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
6e4f32046940d7b3ee5aa78e62486ca9

SHA1
69e3db146860f934a28d8efaf7108f5848ba0e22

SHA256
0de224757f0f2b55ecba55fb46f1b93d56be61755d9950244dcb29de6a318385

SHA512
a8c89259067760319a4f3528695fcc009b483e21abf49d7db85fec9e0b93433fc5cb3d93030d7995844dac233d4e03c0a2f7843561906af59e71b7703a72d0fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
d7caed661f2b38a5e59a8fdfebdc9f41

SHA1
8b1092ee78b234cd34f519ccc503f75f17fed1c5

SHA256
d3885fb9da66b75e13f469e65d2962bc26418f5da522790ee0f48e58e847ee3f

SHA512
52ba4674969375d16a5381845ca4fc54921a7790661cd90459bab9d06a13cb9f6438754f51e704a279f01dac0e27e266ac2220f0742ebd3bc3d7ff13d3b9927f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\feo4h2u\imagestore.dat
Filesize
8KB

MD5
0aae2d88fed55ef963cd1c23d06a4767

SHA1
b3b04800315498e49e5a3bac20f3c7ae47377060

SHA256
6c2cb465de978db1ad2234dd55999ffcc6766e0a5af9c9e7f4c88615b2047263

SHA512
bb61112c589b6f9e43cca85a71031c3bff6e5fb245c6fa1c44e715f6cf92f029ced3c7650f8108de42ec027640b23a92b57a524a2f46fbdae28cc8cc892e0355

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\suggestions[1].en-US
Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\favicon[2].ico
Filesize
7KB

MD5
0b60f3c9e4da6e807e808da7360f24f2

SHA1
9afc7abb910de855efb426206e547574a1e074b7

SHA256
addeedeeef393b6b1be5bbb099b656dcd797334ff972c495ccb09cfcb1a78341

SHA512
1328363987abbad1b927fc95f0a3d5646184ef69d66b42f32d1185ee06603ae1a574fac64472fb6e349c2ce99f9b54407ba72b2908ca7ab01d023ec2f47e7e80

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\activity-stream.discovery_stream.json.tmp
Filesize
140KB

MD5
f66a5f71b28101fc5a828c6e500ccf27

SHA1
43b31c0046f0960481b4a2a11c73a8bba7ede61a

SHA256
a23bb9f61712320d5dd80fa5c10c2134e648cb80d5f850a6eaf95a4ada25de8c

SHA512
4bfe764585b5550de64766a81024cc27802dbeb7d0f9132229f401d9d50b50f69f532b5e65de4b4c4e50c975a63bcbae6cbfd9c2f4250de52e9ee39deeb6f45d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\D5594A2648EECD01993B5C42919BA64ADBF56052
Filesize
14KB

MD5
69aa9b45b0418c2e75421e548560954d

SHA1
a6166e3b37942c41ec8c7dd2206e8fb31b3ff24a

SHA256
9f0441683b8b106af177db25f7ffbccc18e6aa27fcf853ceb35c4134ae6690cb

SHA512
41edcc07ecfb5b6a59a55530b59b5524c414079c20876f3a28cef1110f218382f66b5befd37b37c7951274e082f464a868b8399ff6ef26d0cd0a3e78d0d3d277

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
Filesize
6KB

MD5
7e5981dd9e9588b29cac1520ceca334b

SHA1
b66a742f120079192d403647f0f2492fedde51fb

SHA256
9a33ca82663f8401980aac372d5620ab80f59ce5965aba32ad3bd372ad79854e

SHA512
a308c97200677d4a52d6e0f9bcf8d438cc326e3b1c7c45fba85d13a9d5d0c36d7b6a63ce87fa0f36301c63a32b06ce25a0a5d8f9af0f877012458fa61272c9b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
Filesize
7KB

MD5
20131e1380e71c03b08dc5f79221bd98

SHA1
3c5b420ab797f1f54fcb3dccb21a322a9bf915b4

SHA256
f76e1d27f378dffea9b62876af499d22b6537a66c658874316c11baef8155c79

SHA512
dc86a2b3f306c0b0fe8d9e3aaf209255cc54ffa374218b997b7af8114a1a018633d6d590d9952e93e532e08484504bb3aad18a8faab38ff3fec137eac2acdda2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
Filesize
6KB

MD5
087131e242c45f4522c17cc908b55f1e

SHA1
725c0a0703b4f20ff67d9be1c5d9a0fa2be755f7

SHA256
f3fc586dba24c1d4e7a7c982210860b1b6a96d3f95d376ea2c91789f5cb3340b

SHA512
8965075eeb4690664588cb9fe5ce3d03194abb785c62df6e3217d0793d49d9ba726d22e6e830a138aa85076e02c317b5948572049a1a26001b6fcb9a23034767

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
Filesize
7KB

MD5
bd090237f2c6dd87426ce736408a0d4f

SHA1
7b2281988b959ee66b1fe2f5d1f4f1f826763bff

SHA256
ca43d6bd3c3113f326aabff7bda48b5baa9a505c8a70f25e30a8b9ebe719dcf3

SHA512
8f4605fb97819825e1a22cb44c2ef1f91e90c406a9e7d50089f173612c4454f9aef7470e455d392c8f3f312a3d660b3cf2c4c74ced497db21baf96494e6e9af4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
Filesize
8KB

MD5
dbc1c82bf67cdf5ce07a03af70402f59

SHA1
c3f238813fc27975564ad71b15dcd19f45713d76

SHA256
a2bd313cc8f96c6b14f2436c0d63516f6d834e13fe4604fd1d0598d9d49839e7

SHA512
f7e53c7b4942061d1afd489831153bd5e4fa3975c166f1903ce2315856378c050f4ddd8b4c54b14dca4d285784afe206359fd8126d37228065b277e277093d29

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs.js
Filesize
6KB

MD5
feb8a52858c8167a58f36caa1b37f116

SHA1
7ae7f9d2721ae3c579f9e18e4fea679e8c848158

SHA256
adbc4c7b5e775c3d401ae811d5be5a69b844f5937e3d0a416d374dd5a7ec227a

SHA512
109d42ec5b9744b3561d29a9cabdcf2ffb81233935fa5c2d80c39f27b92ae55366c3c51ae3d26cc1a8936635662acbd11af89e54efac374aceaa279f13e7dc16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
5KB

MD5
4533eb95cc8d224f56ccb762163ea192

SHA1
03bd525f437779f45bd06d032a2e5932aa69cefe

SHA256
fa05d0644075d59629938bd8a56da4e82db1c86c5d661a88051ea8b67ecbeb77

SHA512
3cfdca5cb5a350de736a88f33e65049f59e75d90ae3a49f3cc3577c76d514385d789249a7780f3db421d2ad223ba8477422f0bc5a70124680632efe688e8cfed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
6KB

MD5
499fb5d437ef4b6947eb5143f709b953

SHA1
a3efc971db0005087a23cec98829c50f69cd752a

SHA256
b06f31fdeff5956e0edccce9d2f2b4c5b09e99bf287544baaa5147c04fbf9482

SHA512
a776a59b17cb0830b0815b8db8146267fbeb8151575615c66db7fd8b5d4d2ad61b80f9abc90a5852b395febc9c1ab3cb2aa98c742d6690483f605c489d7132cc

Download Submit
\??\pipe\crashpad_1404_EMPKQFQHZZCJUOSM
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit