117696f086cb219921a55fb78681136eeccbdd60907eb10042e09744d3bc7e57

Resubmissions

01-04-2023 07:20

230401-h6fe6sgf57 8

01-04-2023 07:17

230401-h4kbcagf43 1

Analysis

max time kernel
148s
max time network
152s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
01-04-2023 07:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MEMZ.html
Size

98KB
MD5

ef041b874734d13e9ff00cc5a017ae41
SHA1

0566bd89305fd7a3560dd94b9247ae7ae5b53c73
SHA256

117696f086cb219921a55fb78681136eeccbdd60907eb10042e09744d3bc7e57
SHA512

79306aece8acc9ca6c89830c40493e10c7b0e226fba3ec1ae7dfc4530ef39d761504eda6363ba3699e0399d245232e024f25328e83ce90b88faecc371b4c92e7
SSDEEP

1536:bCqHXYzu7PtB3Gzc0UOtLuNbAHC3Dgtx3SqjhA/kz1mxBGdV2NVQv:DXYzu7PtB3h0UjbUC3DgtxCqjaK19

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies Internet Explorer settings 1 TTPs 43 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeiexplore.exeIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "647465752"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008a702c863227b745aefca3d2bb9571e800000000020000000000106600000001000020000000f08fed3001097d43c5f88e2ecc9f36cca248c2545e3705512a091005c3bd68b1000000000e80000000020000200000009d8d015aa5c9a8f30f05d0d1bcf0383d959fbf7256b5fc66970bf9529395bc0a20000000ec32e04f2eb2489648996c4473cc4721fee6aaae1073951c447287d17cfa4f244000000055acec255b242fb813a3208bf446506b11ccfc2d9625d81a330f3e2ebba7d7c509e29c7f686dbe6e296104651f94deee2400a3f7cda0a846a372ea12c330b407	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0aaa61c7b64d901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0D35DF2C-D06E-11ED-8E3B-DED4330153B3} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0D35DF2E-D06E-11ED-8E3B-DED4330153B3}.dat = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "647465752"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008a702c863227b745aefca3d2bb9571e8000000000200000000001066000000010000200000005aefa8bd3713cc587f2b3caacca1ae31e91cfb21478cb6387bb33503e7a2b1f0000000000e800000000200002000000004435c535d16f31dd10d52d9fef38d15bc3f5e94a64b9763c012c7343a1512d52000000004f0552c5c50dfb9c8dca600323814dde5b0c5d8c54044c624c481da8779efda40000000365d68b6abc5567134a891c35cc237cb7399dad8739778f1b3f0aa28a3a653309e0d39d6cb649aafb59bc90d381d95d971527c2a68a5a179a4516ad4908bb4dc	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31024251"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31024251"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{51C52B0E-D06E-11ED-8E3B-DED4330153B3} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0cb72277b64d901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008a702c863227b745aefca3d2bb9571e80000000002000000000010660000000100002000000065a02c869f05138048744bceb41cbe26bb4a6e9a9e5eb1a45a52099b250131e9000000000e80000000020000200000004262a2ce2553b58d9e7ea09d47ef963e7dcc36898009c980e6f7ae711d682368c0000000de32496703acc2a8a6469f901f197a667d5fcbb83766a6e9a9cfd0a1091feae354b9498e9326ebbbeaaa6a3cf95ab9c903d53352b3123a30e5c5b2cb548df9255a773f46ba128fb52b412b9d8883c2aadc106b267fd78b21a9f3f0173105173a4973e0c2f4d0bda48c621ebf5947d28620a84924a49a7f42bdb97c37427f486ad1e5ece0e36de543fb5ce7e698fd79409e4f03b16fabca765d6f01b96a1d62ad6d187578268330e11ddc8bdfe9e8168a48c2551685ac2c0eedbb1bc9c63b03f140000000d2e6624f9abe0f8285164caa1c31b61e9d96221c91563a2c9b333fce32c95610488e664255b3a61dd03e49789e34c1f2c1c556d5da6fc3652cbb60337f3c7f83	iexplore.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 29 IoCs

Processes:

firefox.exeIEXPLORE.EXEAUDIODG.EXE

description	pid	process
Token: SeDebugPrivilege	4420	firefox.exe
Token: SeDebugPrivilege	4420	firefox.exe
Token: SeShutdownPrivilege	2672	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	2672	IEXPLORE.EXE
Token: SeShutdownPrivilege	2672	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	2672	IEXPLORE.EXE
Token: 33	2748	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2748	AUDIODG.EXE
Token: SeShutdownPrivilege	2672	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	2672	IEXPLORE.EXE
Token: SeShutdownPrivilege	2672	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	2672	IEXPLORE.EXE
Token: SeShutdownPrivilege	2672	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	2672	IEXPLORE.EXE
Token: SeShutdownPrivilege	2672	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	2672	IEXPLORE.EXE
Token: SeDebugPrivilege	4420	firefox.exe
Token: SeDebugPrivilege	4420	firefox.exe
Token: SeDebugPrivilege	4420	firefox.exe
Token: SeShutdownPrivilege	2672	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	2672	IEXPLORE.EXE
Token: SeShutdownPrivilege	2672	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	2672	IEXPLORE.EXE
Token: SeShutdownPrivilege	2672	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	2672	IEXPLORE.EXE
Token: SeShutdownPrivilege	2672	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	2672	IEXPLORE.EXE
Token: SeShutdownPrivilege	2672	IEXPLORE.EXE
Token: SeCreatePagefilePrivilege	2672	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 6 IoCs

Processes:

iexplore.exefirefox.exeiexplore.exe

pid process

3960 iexplore.exe
4420 firefox.exe
4420 firefox.exe
4420 firefox.exe
4420 firefox.exe
4940 iexplore.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

4420 firefox.exe
4420 firefox.exe
4420 firefox.exe

pid	process
4420	firefox.exe
4420	firefox.exe
4420	firefox.exe

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

iexplore.exeIEXPLORE.EXEfirefox.exeiexplore.exeIEXPLORE.EXE

pid	process
3960	iexplore.exe
3960	iexplore.exe
4620	IEXPLORE.EXE
4620	IEXPLORE.EXE
4420	firefox.exe
4940	iexplore.exe
4940	iexplore.exe
2672	IEXPLORE.EXE
2672	IEXPLORE.EXE
4940	iexplore.exe
2672	IEXPLORE.EXE
2672	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

iexplore.exefirefox.exefirefox.exe

description	pid	process	target process
PID 3960 wrote to memory of 4620	3960	iexplore.exe	IEXPLORE.EXE
PID 3960 wrote to memory of 4620	3960	iexplore.exe	IEXPLORE.EXE
PID 3960 wrote to memory of 4620	3960	iexplore.exe	IEXPLORE.EXE
PID 3572 wrote to memory of 4420	3572	firefox.exe	firefox.exe
PID 3572 wrote to memory of 4420	3572	firefox.exe	firefox.exe
PID 3572 wrote to memory of 4420	3572	firefox.exe	firefox.exe
PID 3572 wrote to memory of 4420	3572	firefox.exe	firefox.exe
PID 3572 wrote to memory of 4420	3572	firefox.exe	firefox.exe
PID 3572 wrote to memory of 4420	3572	firefox.exe	firefox.exe
PID 3572 wrote to memory of 4420	3572	firefox.exe	firefox.exe
PID 3572 wrote to memory of 4420	3572	firefox.exe	firefox.exe
PID 3572 wrote to memory of 4420	3572	firefox.exe	firefox.exe
PID 3572 wrote to memory of 4420	3572	firefox.exe	firefox.exe
PID 3572 wrote to memory of 4420	3572	firefox.exe	firefox.exe
PID 4420 wrote to memory of 4936	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 4936	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe
PID 4420 wrote to memory of 3664	4420	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\MEMZ.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3960

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3960 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4620

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3572

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4420

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4420.0.9468112\1244545494" -parentBuildID 20221007134813 -prefsHandle 1636 -prefMapHandle 1612 -prefsLen 20810 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe1d4fe6-b375-4371-b09e-364accac5307} 4420 "\\.\pipe\gecko-crash-server-pipe.4420" 1716 259ffea6258 gpu
3⤵
PID:4936

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4420.1.607475268\865412372" -parentBuildID 20221007134813 -prefsHandle 2060 -prefMapHandle 2056 -prefsLen 20891 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {093f0196-d273-456c-86a4-c0193395f696} 4420 "\\.\pipe\gecko-crash-server-pipe.4420" 2072 25987d54258 socket
3⤵
PID:3664

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4420.2.70916939\2078554940" -childID 1 -isForBrowser -prefsHandle 2936 -prefMapHandle 2696 -prefsLen 20974 -prefMapSize 232645 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {201eb9c2-bee7-4cda-9304-48c2118fc863} 4420 "\\.\pipe\gecko-crash-server-pipe.4420" 2948 2598a709558 tab
3⤵
PID:4008

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4420.3.932355988\439901451" -childID 2 -isForBrowser -prefsHandle 3528 -prefMapHandle 3524 -prefsLen 26484 -prefMapSize 232645 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {62e8e8a6-2306-4af0-84cc-6f25ad8d3663} 4420 "\\.\pipe\gecko-crash-server-pipe.4420" 3508 2598b5a7d58 tab
3⤵
PID:1880

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4420.4.2033334466\997513246" -childID 3 -isForBrowser -prefsHandle 3720 -prefMapHandle 3708 -prefsLen 26484 -prefMapSize 232645 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0a36081-193b-4f47-a3f3-abc95b6e0304} 4420 "\\.\pipe\gecko-crash-server-pipe.4420" 3508 259fb05b258 tab
3⤵
PID:1628

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4420.7.439813192\1570580232" -childID 6 -isForBrowser -prefsHandle 5084 -prefMapHandle 5088 -prefsLen 26543 -prefMapSize 232645 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8c54796-3ec6-40c4-adbd-0b90d53f2e68} 4420 "\\.\pipe\gecko-crash-server-pipe.4420" 5072 2598ce91558 tab
3⤵
PID:4012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4420.6.1986555390\1273585766" -childID 5 -isForBrowser -prefsHandle 4852 -prefMapHandle 4856 -prefsLen 26543 -prefMapSize 232645 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f87ac1f0-3faa-4a8b-99a2-4e96dd2eb33a} 4420 "\\.\pipe\gecko-crash-server-pipe.4420" 4936 2598c69bb58 tab
3⤵
PID:4016

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4420.5.2146256453\1023890582" -childID 4 -isForBrowser -prefsHandle 4712 -prefMapHandle 4708 -prefsLen 26543 -prefMapSize 232645 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {36b7743c-5733-4567-b155-05870c9f6d85} 4420 "\\.\pipe\gecko-crash-server-pipe.4420" 4720 2598c69be58 tab
3⤵
PID:2320

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4420.8.1537542495\1130869917" -childID 7 -isForBrowser -prefsHandle 4368 -prefMapHandle 4364 -prefsLen 26543 -prefMapSize 232645 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c532a811-38aa-4e6b-a0be-041612761dc8} 4420 "\\.\pipe\gecko-crash-server-pipe.4420" 4376 2598cf1f558 tab
3⤵
PID:1060

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\UseProtect.xht
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4940

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4940 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2672

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3b8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2748

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Filesize
4KB

MD5
f7dcb24540769805e5bb30d193944dce

SHA1
e26c583c562293356794937d9e2e6155d15449ee

SHA256
6b88c6ac55bbd6fea0ebe5a760d1ad2cfce251c59d0151a1400701cb927e36ea

SHA512
cb5ad678b0ef642bf492f32079fe77e8be20c02de267f04b545df346b25f3e4eb98bb568c4c2c483bb88f7d1826863cb515b570d620766e52476c8ee2931ea94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
Filesize
1KB

MD5
b6f26e04f86e4b1d4e2def7a28500064

SHA1
9209c2f1e0693ad71111fbe48f540503658cd7fd

SHA256
51cdbefe064909d87a8e1d4acce253c710ac15c670f49f389fd083c57b49de20

SHA512
45f95d822ff7303badb5b3dd4c6a89480c17887fb1d61fdcdc71c0e9723fc598248eb41e34f12ab23e735d3441a21ad295a408a3367c9b59bea6782732a39d44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize
471B

MD5
bdbbd793778777706223b00a4ea24ed0

SHA1
bf09527cebe8906bfe6aa1e885bc9fb1b3ec54e4

SHA256
8b1034038298faf34d3f580c1ded7212f40d146de7e62cff20826c8b53f80c36

SHA512
7397d981e28bee91dd0e08c3a38444d8524204118548e8db810f5a277cbb08c20a64350063cf36ee4a943edba249f1d0ed350d4cfbc0671461cf27c2534c1f13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Filesize
340B

MD5
8c4a55caa8181b970d0752eae49d3468

SHA1
9813396b680b3c03471f0684d2cbef534d609f98

SHA256
45dd265bbcb6555fc5c26d1f310f86dacf80aada06df808f0c0865ba9f18c241

SHA512
3e793892e91ef4cafbd446f8079fe740e51b3171ca0c7c6929c8a9ccf424137b0b483fb9046cbff57d6e97ef902d611631a1e2f4938d7c3b81f4e29d65bc20ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
Filesize
438B

MD5
b230a0de1e3bdeed10eb90064d215f5c

SHA1
571800776d162fcabf1d4f0f514d44ebeb308f07

SHA256
ce200d539df06780e0fa30d6a49c5544b008d23f5f74d655d9f494c7203dd4bd

SHA512
5a2bf1bb8427b09016d5642673959bfa941ab6692c3d04ddd0a75df13df8fb6995cf118784aba9cfa3bdfac22da8d8db65aed1f995c8451e4c32d2df461af153

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize
434B

MD5
cd1efbd177a9f17eae35525868028736

SHA1
4476e5eb708ba565de4380e9a447855c40672f07

SHA256
f7d17487a623f0a59c93ebf774949e398e87ad454246666496c35a620953416d

SHA512
4e2ace0108e6f879b96373641b9b3a699337b0c565bd3d7cf7a93eb0a80ab4ca2cbf12106d1be4b93359c9448c3734d1c1f5dc310f9958d4ccf43ddbe8af7651

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver9100.tmp
Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0PBDMEPO\favicon[1].ico
Filesize
104KB

MD5
3fb315ef4774bf9d76ff10254829a29c

SHA1
2dc02161b4e1f781d942dd5b5407743c7ef38373

SHA256
4172fa160efaccf8726ce46fe6eea79da2d77ff1978848b06f663a80c53f786f

SHA512
5bb21677b59b52b5580e720a3fa45cf19bdcab46ebeb2b5f3061ad3f92c62b758e41dbfa61c88e124a0afe86201a6af03151ea81368c42884c91cab6f9348a74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\qsml5SJ5HMJS.xml
Filesize
603B

MD5
26aaa939acb43e8ff00ce12aa789a14b

SHA1
53d8980ed458063e8a4c5ca4bbec9afe3831a643

SHA256
366ec6e7e895506eda7c1a081b7eadab3d8124688619f851ebd251cd464dcee6

SHA512
16cb801fa6c6c7d7a355083a0f6da21c92246f3e1266c6ba7f332987fc38c1fd663328923242a165682141080eb565c737cb0c9e010cf2f8b6807c74a18aca7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\qsmlAAA3CR23.xml
Filesize
603B

MD5
a5e52ea5ffcec6573402aeb44f628882

SHA1
3ffb8e317171b8b9735aa1f3d2a67e519dda24fd

SHA256
b37ab573b6bc2c29cfc6bd402b791b120421bfe90bc0a8ef43bfa47fbb55c485

SHA512
b824fbd07aa1042158c41233ec83d808e01a3b9822beca46ac73ae2ee40a0de323597ea4ea000d50a3e53631650e8aadde2b0e4314bd875b78eef61fa9e2964e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\qsmlDKCRRSJB.xml
Filesize
616B

MD5
db38a5d189f5569b3f292acffe63a480

SHA1
e0d639266ea78b932ce9d800fff7a9771e4ada8f

SHA256
f12db5f8d73c5b7d9be552837771791c145e5f78f3ac490bee3c186742cedf99

SHA512
6c947679dd65fcfc7f411021a37ed8201e8d75595334aa5afc616f381061a489d3c9db9dcd595885a8b4188e2f197a41cdcd18cdbc78a3b503d6533f66c945b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\qsmlE0ZWKO3T.xml
Filesize
604B

MD5
3116d46d1470d3b92b492af9636caf55

SHA1
257a2de1fff2885fdbe23c6f0a263ad747ad52e9

SHA256
2419b1e04514a864d7c2b8a374181ce1bdd3a13d1f8c3928e0b64147a7d9c1f7

SHA512
ac1e5171e436b8952924e89defd3ea6143593ddeb89a3c2cc10888bf095e336f86ecfb41e2f0272c07795b684590140ec0970479d85d2d8b9c27593f8866bc36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\qsmlKXNXQSN2.xml
Filesize
605B

MD5
ea073b6411c30cdc01a4975a415c78f2

SHA1
9241e14b801655de5158b895966a15be98b86fe1

SHA256
fa37de1f1ce5c8c4fd9eda815ef1347b7f69300cc3aa415489623c03cebb380b

SHA512
0a64587a83d42042c927071859ace013a17e006e571a0cb1b18dd9d899e2d8e3af353ed3cb2b00ca40aece4f727b890e3254f73050def3736a35d93197925b76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\qsmlL6GJKRNT.xml
Filesize
617B

MD5
ba4a6da6a5c03f9d0a8b6ead529a17e2

SHA1
9de9cb8ee93055f847c4d909fbd799b516ed89d3

SHA256
e3125e2230579a0c20787c80d6158ec2e4445ff1e2c91859e222930f837be25b

SHA512
3d6e81b8deacb6800640d50b2512bbe24be214dedbc5a7f50c42e89eecdf553fef9e15e8b87df0182bc112166364d6b37f39ca2dc42df3a8be9e52ba0d139d3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\qsmlM3RFNXP2.xml
Filesize
608B

MD5
955151607e906765e45b6ec6687edc43

SHA1
63e6d9241a67549bfc2e9df5e934c6a87c98c987

SHA256
b10a780c818a8d3e3fa56fdc21bf3643aa62f5e2d34b7b0fc10c754b5950abc3

SHA512
168586d1ecc783170274537cd39c0408a44078878d72010e50ac908cf736cb47107983fa6ad41fb0e849f23b1c7e93ce1becb79b3ab61d1c1e4d1ef9486dd71f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\qsmlODYWQP9R.xml
Filesize
625B

MD5
2407c60066e3cca7832a10e1a85f78bd

SHA1
7014cab2028b06166523c5549a9138c83e80cc92

SHA256
51406f8aa3af30d63d0f2197855505e41ef708cac9797e3f8712f54f4e16011d

SHA512
6ddb1a2427000d0796e6c965a7f6bf4c72b923baaed098561749b69d2a4998aacdc2daf43618e25a882e7c1059a04e4a23cc3c60261f15f6e7f65293540ac1d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\qsmlVIDDXJVY.xml
Filesize
655B

MD5
ab413037c25f43590a07febbb466707b

SHA1
6fe371445b9e1b68d71fba11e6902153ebce1bf3

SHA256
d71e8b6739e0a4ba33b74028183e6824de7a603c2a7c7e28f4a1d798c728d4f5

SHA512
96dc8edc17a11f26c771edffef1276c62c5168b725ad37918ad73f31d0aa0e2ce0a3fc11446d06c3a0aded0ea9b75030f8e2ac0202c2a9c2e1b9b323733b31aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\qsml[1].xml
Filesize
515B

MD5
41136d59aca0f058a88f7348f8f66252

SHA1
a6ff77b32cd426118e90337e8e875370cedfce7d

SHA256
973f47c633dd4b31889e0b68543042252f68434a79fa8d081e061b96122d8ef9

SHA512
54097406aba5836f3f2d2c33ae8c607f332af4ef0b6d8de551829ae627a8643eabcb2483f1bd137891ede6247e16d2e5b435033f0f2f3453f1ebe3c69ead394b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\qsml[2].xml
Filesize
510B

MD5
bcc8261661b2d2ee7dfadcfccfb8503f

SHA1
f285bf219d6676095203c0712cc629ed3409ec16

SHA256
af9b561dcf7d68637d4c2d63c7dfd2b2770421adfe490b813c1195d21d14eb0a

SHA512
9c446835eab961e49e7e611a4fb0aa3366c4fde292c5a47945d3c05713cc584baeda04dae8328200a5ccac2ebe791603af1b0386f557561209559d06c5fa9612

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\qsml[3].xml
Filesize
516B

MD5
14643bb7e358c8f074acc4abb288f661

SHA1
f433bdb4cf95ca7fa0e3c66fb4b2677038c79e8b

SHA256
3fea8d0c802fc98ddd3cb4fbc225519caacda8d8e5ffe4486b04b883e9b4fbaf

SHA512
f82a3d032b6121aa8d465263e3b6b43de9447e33463cfbab66561e5364da83fc8dc1eb17dfc09155c580957ae06a6740137c4f0e12ddc5c5a6248c139b51c811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\qsml[5].xml
Filesize
554B

MD5
7700b4fd64eeba4763cc97c5bb92ebb9

SHA1
2bd7b31460ce362a527bf7041ede0a05304d6e44

SHA256
63cf394c34ce9be48d7cd220f6a47260c66f72fdd78be7154ed246ef7e29cb64

SHA512
97ce7aa0162300b64c7995bf3112ddb87a69746eaa7b6aa0a80320cc3143178e6e015951c020f81ee51ba105348918076f64d624c5e0218f584afe6d72e5b608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\qsml[6].xml
Filesize
565B

MD5
c1a52b5a2ed48fb3a70b61509c2e1c0b

SHA1
bd8b3a18d1dc5b51035ddb203ac22c933b4a593e

SHA256
2ab9ea530be0f13b9575f945fc330a5e901bcddc41fef568c8d3bc23cc155917

SHA512
2d61b6209cfb9f53925694f9447f17f5f0004114cdce54d54de5c3889bd90f9da7bd0644e1eeea7a10c322f9a13983b8f7894211885eb2ebe75eea80a26ad27e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\qsml[7].xml
Filesize
565B

MD5
02641560c8db475d27c8b193c43cd13f

SHA1
e4352c48ec936936cd65c47408fc74fc6fde95a6

SHA256
2070467c234f4b6f3756efb2be371b3aeac468e962d54a96dddc0d39fdd5266f

SHA512
2ca5a8b5e0c71761d1c91d8cd15b99d42f2494b23f3527aa33efccae94dfbaa507f92f8141ad8bbea510a269f37eb6c8e43cc4ca567b5a0f2e1c3f9f2ea6b5ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\qsml[9].xml
Filesize
597B

MD5
471adc25105995df1dc539badc469b1f

SHA1
18342afc631fc543969a9ebaaf9163bdb5e18c7d

SHA256
7c1b8ceb21bebc12f78deeb5723a525bfb63cce962441cc4cb6abfa6317c1c07

SHA512
b68d64b550ae377c2d62c2761a55dd57507c2285a3fc70ad3a2160a0a8cb28a64d5136cc88a3e3ab7336be61b8077dbff05805ae93b53a534a29907ce6a71a11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PC8JD7GN\favicon-trans-bg-blue-mg[1].ico
Filesize
4KB

MD5
30967b1b52cb6df18a8af8fcc04f83c9

SHA1
aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588

SHA256
439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e

SHA512
7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PC8JD7GN\youare[2].mp3
Filesize
202KB

MD5
9901c48297a339c554e405b4fefe7407

SHA1
5182e80bd6d4bb6bb1b7f0752849fe09e4aa330e

SHA256
9a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2

SHA512
b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\P803SHGP.cookie
Filesize
573B

MD5
71b27bee2f7cfa32f73e61d1df7f8de1

SHA1
c6791171c252e166d6384e722e1c00d336ccdd81

SHA256
84c6b30321d8b7de15c6b7232e5f4e35d72963031aea06056aebd3174982e6e1

SHA512
b1f747fdab9139789644d510cb1506eab0c4d22ca54dde54b9d944ab6ba1fcc8d0128402fbcfff6d1a8d88f4779bd0ddf1ea7acb8456b1b23a4c59e2a1316d81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\ZTDTBRXS.cookie
Filesize
100B

MD5
315afd9094226f5f84b533046ac14173

SHA1
19a39bfff54ebc23aa777ff4b1829d1b8b0b6070

SHA256
6f6241406c6a5019964f1cb0c513ed61d55d376cb265f102218cf81a35e077a4

SHA512
ccde17f6dd569c9767d857121d6f115058410839185374897ca4d2f4c5990a75b38e8b1d4d0bf58bb5fb4179fa69d8ad0f74a3294e716c5ba2533dc6fbff01aa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\oqpbz544.default-release\activity-stream.discovery_stream.json.tmp
Filesize
155KB

MD5
a4537025366a5ee02aabc695fddd685d

SHA1
7f0b3a3423e9e1c1ca025676b768921406b3a145

SHA256
7d86cc2818fea0b60b195db51e227e2861356bb1c2abddbfdbb3c779ea548a3d

SHA512
949a1fbf08174502708db853d2f758864a21b77742d539a90c013020beef25c58683ac5b731c2aaa9d0a990e54fc3171db5dc58b6dd2ef67bce450701a946ef3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\prefs.js
Filesize
6KB

MD5
cdb5a91b7898f75f98e448e80b41dba6

SHA1
c749651f98e32a2320d2e52fd467fd6217660535

SHA256
ed56bd19352777293cf7195af0fe1412d52e25af6a9a8e2bb04e3e32056556dc

SHA512
b99bca03a398f7e068691852106fe03a90489d1e8230720749c25703e59874765ef706e9e27c9215251372efee84d9c9d0eb636a54e45035d5d2095304fee97b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\sessionCheckpoints.json.tmp
Filesize
193B

MD5
2ad4fe43dc84c6adbdfd90aaba12703f

SHA1
28a6c7eff625a2da72b932aa00a63c31234f0e7f

SHA256
ecb4133a183cb6c533a1c4ded26b663e2232af77db1a379f9bd68840127c7933

SHA512
2ee947dcf3eb05258c7a8c45cb60082a697dbe6d683152fe7117d20f7d3eb2beaaf5656154b379193cdc763d7f2f3b114cf61b4dd0f8a65326e662165ccf89cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
1af7453ff089b0c40ed96338e3c990ed

SHA1
cb5fc7d95cd7cfeffa99e63c6321e5a41806d1c1

SHA256
7780ebdf8384f59495942d1dfeb770a232259663a106528b3fd810c4fddc1495

SHA512
bcb52cee970fad075f3dee491819bd6b898c7f4d0d117c4dbca96f507b37970b5d1f7b61746e80787a45d06fa7335dce3706512fbc1281d0f3c1f543c9641ede

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
905ffc42aea1aa2196feeca11d3b05b9

SHA1
a53b85f498cd2f2e574d242e4137122346b6795a

SHA256
68c7847bcab82e05ed012f75fc4c87df83bd99fd024e2e4548b6fb2867e407e3

SHA512
2f5b1a504598297454fc7a13fdf837d944f7d6bf2057a023f442c43d0ca28eccbc37c8a63d900a4253e9f25145a6c277e21d353f4a90067b525961f962c4d2b7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\sessionstore.jsonlz4
Filesize
4KB

MD5
e7352204411c3bbeb69b36224cf23300

SHA1
ed28a43aa5ad5d71fb4caee90833a96684b36afb

SHA256
f5ab135fbb3d490fc65627dee347ef6dfc27efa35a769e6372b2f019fc6572e8

SHA512
360b70be57f44f994d3271531cf287592def9c9167f57eae7ff073c81a5805e97179ff6e4ea9e08bd53404ff5533ba6ce8a4e9d244766fd077a7bafd124adae6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
184KB

MD5
52da1dfd2d332db7747b41aeeb44affe

SHA1
4976876da3e75020785b34ffec0ba6032557d309

SHA256
d1869cd469726183b4cd85c3d7fb5a97f6466ac10e939c772b0c3f0763864b2b

SHA512
8fbac1777be44f61dea963e08f1d658ee2179b1353254de877d38ed4d5ff1de7f4f661f221ff224ee859f169766342687ec0691ce1ed63216d9bd0f7ee0fcd0f

Download Submit