hxxps://sejabemvindo-acessobra[.]duckdns[.]org/home[.]php?hash=1278627146645a5af7623f56[.]00911986

Analysis

max time kernel
97s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2023, 14:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sejabemvindo-acessobra.duckdns.org/home.php?hash=1278627146645a5af7623f56.00911986

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31031957"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1619406899"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1637018526"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{8B820010-EE88-11ED-9EF6-D660CAC54930} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "390415550"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000016b1b6fc7cfc59429b2ebf78760d5fe300000000020000000000106600000001000020000000bc12259c3745e32e82bccefa06c5c9bde4edfeff6e7a084ff47495f7d61a171b000000000e8000000002000020000000b8575d9750aa2756047d11e1c59172014eb7a7986d2adb8ac5ce62066ed4040c20000000782ebb5c5cc5560e384fde506ad1a441ad31fb43568964d57fce1a247e423767400000004bc49a8f320e0e1dd8cd886b72a968b79b98262929ec5177c57c113951c0f53b27847fc89fedf3ad168114465b13408e84d09f6b7cab37c70deda84319166695	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 903af3769582d901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000016b1b6fc7cfc59429b2ebf78760d5fe300000000020000000000106600000001000020000000e205363ef4919309668551f068710ce8c2d7fc7f029c34aa79d11df03be8a6bc000000000e8000000002000020000000586b78e6ae43c42af2722372dfa1ec88860813e1273369905f6709662ec1bb86200000005de28b2b4344c5ac993690cf13a483df9cb216dfc30aef8666b74111634e8c6c40000000ca1bd093e221d7b3ef448d6d3b4611a8e99b2dbe373cc9e8b3f93fc84784290231a21d98ea6f1e834dbfc925bc83a724420e5b6a02161ee8c5e9f4fd52dddfe5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1619406899"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31031957"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31031957"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50dae8769582d901	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133281242576741133"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
6012	chrome.exe
6012	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe

Suspicious use of AdjustPrivilegeToken 40 IoCs

description	pid	Process
Token: SeDebugPrivilege	404	firefox.exe
Token: SeDebugPrivilege	404	firefox.exe
Token: SeShutdownPrivilege	6012	chrome.exe
Token: SeCreatePagefilePrivilege	6012	chrome.exe
Token: SeShutdownPrivilege	6012	chrome.exe
Token: SeCreatePagefilePrivilege	6012	chrome.exe
Token: SeShutdownPrivilege	6012	chrome.exe
Token: SeCreatePagefilePrivilege	6012	chrome.exe
Token: SeShutdownPrivilege	6012	chrome.exe
Token: SeCreatePagefilePrivilege	6012	chrome.exe
Token: SeShutdownPrivilege	6012	chrome.exe
Token: SeCreatePagefilePrivilege	6012	chrome.exe
Token: SeShutdownPrivilege	6012	chrome.exe
Token: SeCreatePagefilePrivilege	6012	chrome.exe
Token: SeShutdownPrivilege	6012	chrome.exe
Token: SeCreatePagefilePrivilege	6012	chrome.exe
Token: SeShutdownPrivilege	6012	chrome.exe
Token: SeCreatePagefilePrivilege	6012	chrome.exe
Token: SeShutdownPrivilege	6012	chrome.exe
Token: SeCreatePagefilePrivilege	6012	chrome.exe
Token: SeShutdownPrivilege	6012	chrome.exe
Token: SeCreatePagefilePrivilege	6012	chrome.exe
Token: SeShutdownPrivilege	6012	chrome.exe
Token: SeCreatePagefilePrivilege	6012	chrome.exe
Token: SeShutdownPrivilege	6012	chrome.exe
Token: SeCreatePagefilePrivilege	6012	chrome.exe
Token: SeShutdownPrivilege	6012	chrome.exe
Token: SeCreatePagefilePrivilege	6012	chrome.exe
Token: SeShutdownPrivilege	6012	chrome.exe
Token: SeCreatePagefilePrivilege	6012	chrome.exe
Token: SeShutdownPrivilege	6012	chrome.exe
Token: SeCreatePagefilePrivilege	6012	chrome.exe
Token: SeShutdownPrivilege	6012	chrome.exe
Token: SeCreatePagefilePrivilege	6012	chrome.exe
Token: SeShutdownPrivilege	6012	chrome.exe
Token: SeCreatePagefilePrivilege	6012	chrome.exe
Token: SeShutdownPrivilege	6012	chrome.exe
Token: SeCreatePagefilePrivilege	6012	chrome.exe
Token: SeShutdownPrivilege	6012	chrome.exe
Token: SeCreatePagefilePrivilege	6012	chrome.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
3500	iexplore.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
404	firefox.exe
404	firefox.exe
404	firefox.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe
6012	chrome.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
3500	iexplore.exe
3500	iexplore.exe
4148	IEXPLORE.EXE
4148	IEXPLORE.EXE
4148	IEXPLORE.EXE
4148	IEXPLORE.EXE
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
4148	IEXPLORE.EXE
4148	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3500 wrote to memory of 4148	3500	iexplore.exe	86
PID 3500 wrote to memory of 4148	3500	iexplore.exe	86
PID 3500 wrote to memory of 4148	3500	iexplore.exe	86
PID 828 wrote to memory of 404	828	firefox.exe	89
PID 828 wrote to memory of 404	828	firefox.exe	89
PID 828 wrote to memory of 404	828	firefox.exe	89
PID 828 wrote to memory of 404	828	firefox.exe	89
PID 828 wrote to memory of 404	828	firefox.exe	89
PID 828 wrote to memory of 404	828	firefox.exe	89
PID 828 wrote to memory of 404	828	firefox.exe	89
PID 828 wrote to memory of 404	828	firefox.exe	89
PID 828 wrote to memory of 404	828	firefox.exe	89
PID 828 wrote to memory of 404	828	firefox.exe	89
PID 828 wrote to memory of 404	828	firefox.exe	89
PID 404 wrote to memory of 1364	404	firefox.exe	90
PID 404 wrote to memory of 1364	404	firefox.exe	90
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91
PID 404 wrote to memory of 2132	404	firefox.exe	91

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://sejabemvindo-acessobra.duckdns.org/home.php?hash=1278627146645a5af7623f56.00911986
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3500
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3500 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4148

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:828
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="404.0.187443468\505749289" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1d933ea-a927-4ecf-a163-e745cf021fc9} 404 "\\.\pipe\gecko-crash-server-pipe.404" 1928 14e055a5b58 gpu
    3⤵
    PID:1364
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="404.1.1969663362\952405810" -parentBuildID 20221007134813 -prefsHandle 2288 -prefMapHandle 2284 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7fbcf172-b2ef-4043-89f9-01d3431fca83} 404 "\\.\pipe\gecko-crash-server-pipe.404" 2300 14e05a55258 socket
    3⤵
    - Checks processor information in registry
    PID:2132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="404.2.1147697718\168077429" -childID 1 -isForBrowser -prefsHandle 3220 -prefMapHandle 3248 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24dd2404-c856-4165-a83c-c32b4ade6ca5} 404 "\\.\pipe\gecko-crash-server-pipe.404" 3152 14e0822ee58 tab
    3⤵
    PID:4556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="404.3.1723453113\1810918724" -childID 2 -isForBrowser -prefsHandle 3580 -prefMapHandle 3464 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d0b9699-1534-4ebe-8714-509407428b31} 404 "\\.\pipe\gecko-crash-server-pipe.404" 3452 14e0822d358 tab
    3⤵
    PID:1448
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="404.4.927453277\1304928615" -childID 3 -isForBrowser -prefsHandle 4220 -prefMapHandle 4216 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {536aa32a-a4d8-40c5-a8de-afecf1b60c5e} 404 "\\.\pipe\gecko-crash-server-pipe.404" 4232 14e7755dc58 tab
    3⤵
    PID:2468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="404.7.140329186\1342415402" -childID 6 -isForBrowser -prefsHandle 5296 -prefMapHandle 5300 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e9746d3-3571-4e4e-a2bf-2b1ebfc090d3} 404 "\\.\pipe\gecko-crash-server-pipe.404" 5376 14e0a9f6158 tab
    3⤵
    PID:1216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="404.6.2076212753\1910589466" -childID 5 -isForBrowser -prefsHandle 5100 -prefMapHandle 5104 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4359573e-6870-48e7-a804-def1740d01c6} 404 "\\.\pipe\gecko-crash-server-pipe.404" 5092 14e0a9f8e58 tab
    3⤵
    PID:2476
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="404.5.1255042685\1988817166" -childID 4 -isForBrowser -prefsHandle 4944 -prefMapHandle 4948 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {78e1d326-19a5-48df-8e3c-c508bb21b963} 404 "\\.\pipe\gecko-crash-server-pipe.404" 4960 14e0a9f8858 tab
    3⤵
    PID:5116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="404.8.1538977030\298336318" -childID 7 -isForBrowser -prefsHandle 3068 -prefMapHandle 3344 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcbe2bc5-8f2a-4af2-81b7-bf2506a8d775} 404 "\\.\pipe\gecko-crash-server-pipe.404" 4600 14e0822d358 tab
    3⤵
    PID:2408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffe5969758,0x7fffe5969768,0x7fffe5969778
  2⤵
  PID:6032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1840,i,3205013607829411310,10843657583058400694,131072 /prefetch:2
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1840,i,3205013607829411310,10843657583058400694,131072 /prefetch:8
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1840,i,3205013607829411310,10843657583058400694,131072 /prefetch:8
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3216 --field-trial-handle=1840,i,3205013607829411310,10843657583058400694,131072 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3356 --field-trial-handle=1840,i,3205013607829411310,10843657583058400694,131072 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4612 --field-trial-handle=1840,i,3205013607829411310,10843657583058400694,131072 /prefetch:1
  2⤵
  PID:5568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4884 --field-trial-handle=1840,i,3205013607829411310,10843657583058400694,131072 /prefetch:8
  2⤵
  PID:5604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4720 --field-trial-handle=1840,i,3205013607829411310,10843657583058400694,131072 /prefetch:8
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4888 --field-trial-handle=1840,i,3205013607829411310,10843657583058400694,131072 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 --field-trial-handle=1840,i,3205013607829411310,10843657583058400694,131072 /prefetch:8
  2⤵
  PID:5708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 --field-trial-handle=1840,i,3205013607829411310,10843657583058400694,131072 /prefetch:8
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5368 --field-trial-handle=1840,i,3205013607829411310,10843657583058400694,131072 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5504 --field-trial-handle=1840,i,3205013607829411310,10843657583058400694,131072 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4660 --field-trial-handle=1840,i,3205013607829411310,10843657583058400694,131072 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3420 --field-trial-handle=1840,i,3205013607829411310,10843657583058400694,131072 /prefetch:8
  2⤵
  PID:5904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3408 --field-trial-handle=1840,i,3205013607829411310,10843657583058400694,131072 /prefetch:8
  2⤵
  PID:5980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4984 --field-trial-handle=1840,i,3205013607829411310,10843657583058400694,131072 /prefetch:8
  2⤵
  PID:5564

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3524

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
9e7a30737eef69b3a99f0b0b73bbd04e

SHA1
67dc4aa432a201ff96d1ecc0e6e72a225a386d5e

SHA256
200dd26c65e12aa42a5cba464f2e2e49622ae90015748d7febfbddc0e64b1b5f

SHA512
b71734587f36638cbc18eb6ed9d8b785c40771d2daf24e717c1458a911a90f0f33f609b37f3d2f50aced654250b3a6b6712ccb07e0950a640d496a0598d0d18a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_15968011F70DB2824F1334C20F0C2703

Filesize
472B

MD5
23f36fdc3282cfae713d0eac63263309

SHA1
e1008d742740abadb6168a587b7b5ebe87728afc

SHA256
289ba648e17a1e005dfcef63737be56191f4f983f26b00fa42090b1815612833

SHA512
f59c7dba20451057b7736134ab18a76aa6f66fdd3e12c08134808ad23ef07b4f194fd5cbb2da9a360ba21701a9bea19b9b930742aea016b4a2177eb09ebfb0d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
bd71617256882953841a8337a4dd5d5c

SHA1
d9b47492fafc72a5fbca10c56229fe6a2757331a

SHA256
8f2693e8b656256ad2faa63c3421eb6f1a4e278d2e2e3cc97d5acd5642f97ba2

SHA512
2d40d636e04523d2095e6896f24a911c523d581b93d486af41275b3b6dc94e05bf5e4de8e2c8479886e4c3f2ff87215fd25c028846ba5a868258875dcca3fa2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8A8E48126A7FD075A87145AB6ED5C44A

Filesize
503B

MD5
3e30b6bc7d91026e2ad7efdfa97f460c

SHA1
596b1c3a4b1d4f3d3a6eab81b316d6bb788d33a3

SHA256
77625ebd23d7afcc5aa88ba3270d44e554deef3b7e211d5f678c6ff8265bdcca

SHA512
c31998045638c047e5d96b69a217861d29cf8bda2ad47aa8b29088777a0503ab51b10d247c7bfb6bb111328c89a7b83a0b804f5d1b7c69526ced41a1793e1bb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
aa62f8ce77e072c8160c71b5df3099b0

SHA1
06b8c07db93694a3fe73a4276283fabb0e20ac38

SHA256
3eb4927c4d9097dc924fcde21b56d01d5d1ef61b7d22bfb6786e3b546b33e176

SHA512
71724e837286c5f0eb2ee4ad01ac0304d4c7597bb2d46169c342821b0da04d8597491bd27ef80e817bc77031cd29d2182ccc82ef8ea3860696875f89427c8e0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_0BDEC59BB2233F8410DBFFEA7346BBBC

Filesize
471B

MD5
d44cbefc5a206c01c4b7a5fc624a901a

SHA1
060cd1d7d8a1b515aa98293dbdd74424712563a2

SHA256
784da10a97c4733adf1ca9cc400c8fc8108802b633afac3feb2f3f3baad579ae

SHA512
232009b5ed43f518197d735a906b59c55ae3704bcd6fbbd625181136ff3da05887b3b1e849aa88217d21d903451afd03c6403a6d15eb7a94f4d31cec9207a336

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_5BA17A2CB531BF840B50C3F38BA01D21

Filesize
471B

MD5
a6da0b8ec487c9ffd7bc4988e01ee646

SHA1
f68270a827e68414eafb5ea37009e41de0890591

SHA256
fe9d96f872b486de995156459e3005532ad6c6140975266bd43023286a6aa76e

SHA512
4dc8e49b78a4a88510f9429670187b0f49bdcd0e6a23d71d0a3cb7e60a39d50a38a8892ae90bbf7605527171a73536c48ab2acd8d0ff7468567591f19299310e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_A954A9E707464BF50BFC4C596957609B

Filesize
471B

MD5
c7c4cdb8b4995861c314699ea9547d12

SHA1
5f3360d3cfaded75a895c52a94696371412b9d8f

SHA256
8d1590c82156346301e1d33fbbadb77b416c694d85b3258230ba5cb981abd49f

SHA512
08e0d8996fd444579fdaf58827c1a924bcaf8719ea3198948d0e529358567b026a805add940836692a23981ac74816eb1f42cf0b77b19ea74acb80ca7edf0b26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
886b009c76f6e1bd9160953602f48c0a

SHA1
76212c983396f88cdbcb8886fafdceaa165356d8

SHA256
32859e21e3aee6f4ee08abc7fe5ea9852902567714dac1b0adcc82d06f0e10cf

SHA512
bc522ce23380622f0ab1503c0bf26eb7e19c3f017412463575e1884886ef71e9995f6c4402d746d9b30249d5c1e14a6763f50550864329cf9a201b166a005ebc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_15968011F70DB2824F1334C20F0C2703

Filesize
402B

MD5
9b19e889ab83453b4ca87f78927d1a07

SHA1
610f80bd9d7f30e0d4ce7e69b81c19ef15201062

SHA256
3f49c204f555a99645042edd0f701859aa1722dbd5738be1587692cb298857e6

SHA512
bcbe01ec40874fe3e27871dc1d88633cc23b9ad71d39684ab237a20d1861a072d6536a6c8170f6fd6fbab8e02952f51f312ee87b20f3295b1bdf56288f86ed71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
434B

MD5
3865b9637d68157fe16d0808365678f9

SHA1
e2eb307925a0cdc63c3dae2ca17e0a0ba94a3ce9

SHA256
d7c055c175b0be12ea4fbf5b4b443d678258f75c419f04f370048d59f171af64

SHA512
6b61d794b9bd5d01dc314bfbbdb33e5afc61ddc1118a580f681b09f57fd58bc24acbdf147fc5029df37938e2a9168492708095f2bf991d6882bdd8b23a0d3e64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8A8E48126A7FD075A87145AB6ED5C44A

Filesize
548B

MD5
48ae6eedfb768da5c07342aa2103e946

SHA1
2193b6c58bf13139fc591daeb3c75bdfe0b5fec9

SHA256
ed56027f1f70d0cc3b21ecf2cd4d8ac1350ebe5506ba3e6640068ce84365d4f8

SHA512
f6105417eedf3fc804deee256f78e25ffcfcc2f76ffd069be21e027289b798ef3721a0c9c5857bd7bd2f7a3c9d4c3508b695b8f2503dae639b5ce83c2423b142

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
72786113d066777a5a6812d5ac8e8b6f

SHA1
6e2c282cff8162350a3a97e66d9aacc3e3eaca8b

SHA256
d4bc5debfe7093591b408b739366f835e57bb00a588be09c7a95b50d2d8bfaeb

SHA512
f2cb8743ac56ee0603658d5636d217c9f7e8ce393ab3db7652d4d7c97c3e1f5cb4584ceaab0d399efdc8527317a5d6f6236d21c0b7ea183e935158c0ea376541

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_0BDEC59BB2233F8410DBFFEA7346BBBC

Filesize
406B

MD5
b6a947e686c6f8550965065cba3f8438

SHA1
4d2984868b1778707be7e5dbb0925afb88ec9f1a

SHA256
59607219c9c9ab8cdff5c4e61da746194aa6cd8ca5c78c697ff072f205d65151

SHA512
0168e04e60d09683218819d7d62dd69e5760245ae664a44eaf193cbb2aa65c545b2565dcd8e457873abf09240094af6e430b0f8868ee585d91e9c8b1e8220c86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_5BA17A2CB531BF840B50C3F38BA01D21

Filesize
406B

MD5
5c6b1cdbd06e7323e0854a99a8d12da5

SHA1
16c8163de2aac2ef9db573f0c6fdebe65ca1ea15

SHA256
48b9a668d7d58d1d5a03bbd630e523e54d5647f075184b3a5f7dea051c90beb5

SHA512
bc9ae289ee23392b4ab1a7bb496f4388f4f85ae6ad66cd28bfa8eafbef43542d4a2b9b82542f1b6c8068c0dfcf1b2df94f4980d7617358e9e45936752b8eb829

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_A954A9E707464BF50BFC4C596957609B

Filesize
406B

MD5
bb272d68c454e209697c3e46daa54447

SHA1
2c04da3bf2523574f6713c938aec42f14a08aa97

SHA256
3ece93d854d449cd000902387ab0ce0002d8f5a219612805248a6a144c3e5f91

SHA512
6039679701ba25da3b9da079029e20b73d273283db188cad3969f5a28800910af297027ef4a97672cb286856500588581ffd5710f4bcec6eddfc6367d01df9e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
37KB

MD5
519005befdbc6eedc73862996b59a9f7

SHA1
e9bad4dc75c55f583747dbc4abd80a95d5796528

SHA256
603abe3532b1cc1eb1c3da44f3679804dd463d07d4430d55c630aba986b17c44

SHA512
b210b12a78c6134d66b14f46f924ebc95328c10f92bfed22a361b2554eca21ee7892f7d9718ae7415074d753026682903beba2bd40b35a4eeb60bf186dcdf589

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
64KB

MD5
553fc1fdde5378d5c9c5099a6cfa2791

SHA1
cc09b114362bcee8b362cd87adce01cded5ba888

SHA256
556c0627df685ccaa1a152d8a49170c4d53c6ca9da977ff38b63971eec81423d

SHA512
c2a31df05448d67158e281bfcf913196685d2a01b089bcfabaed37f61ee3e5b42361f230dbfc4ee42daa1051218f4ba8797abef84771fea70e00a6ad23803c0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
21KB

MD5
7d75a9eb3b38b5dd04b8a7ce4f1b87cc

SHA1
68f598c84936c9720c5ffd6685294f5c94000dff

SHA256
6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7

SHA512
cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
92KB

MD5
e64598bf70eed6fc16244c08969e6cfe

SHA1
350a15e199e7e7021ce708e4f3f72b959e38f5e3

SHA256
4f09ca4d0b49923572044c0aacd62a64919e8f2650f38df36d8c45ebc16d585b

SHA512
2f5937ea2727eaa85b8a6ce0a9e6ca4fecdd9937681eb1d5b7eb40809321167b4bf0da6d9c96ac58da8d513bf74e2d88592a013daa33e75b69793b51924f5ecb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
d25b4e9f21e2fb8d1ad818addd9201f4

SHA1
a35ee34f698681568e60325976928c7610697ec6

SHA256
e9127a936963e826541217b63fa3a261c2b4264db6fc81863b661f06d83f56d0

SHA512
b8ee821f82b19cf1bb139f8557cef2a82a9e230011aa87acae9178b719df61f2c46d4c3b82ea3991947d1d40e3b865e3fe450146fbf2cd084c9294b85f4d694c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
df2487cafdafd8559a7a253f356f2a03

SHA1
2fccc51c9b17b67fa4b65e774dc394ab73e42e5d

SHA256
f6ce7d855053595cd5a9d6716df252e2519deba93f4e91ca60539a8a1ec7b669

SHA512
f99142aa3cc432c5194e918b27b29a358fa2854e23c2880df3ebc91250df08ab9033736d59757df2bcd233eb9e8d98cbae863ea42024bf793afa9d6b99b63003

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b8572be53b8533e086a3718de020c553

SHA1
48a2aadaf170d9cf1fe480632d8d8171f84350f0

SHA256
e56122a5ede0f8e9e6c03d520a4385c210708fac83f9064b56effa511771c319

SHA512
a975b2619a1f8b243f284baedb1106ca94c32b643587f0419059ce19366b5ba0290330602b80fe5f313d13a32a5a37ca7eb081b10d21ba9373fdcaa44b5b03d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
149KB

MD5
4ce9101c4d4e9462257989d9b64df3f7

SHA1
b4865ddc65b4da7d5a5746c239f6e9735b8fe8fb

SHA256
cf25206c79e38f1f389343607ae264bcaf55d15e7050e7cba303bd0da4b74efd

SHA512
b72b0e848df512777b708f62f01169ac37a0cc8979c4622ccf7beec58e0fc1693125e4d578d8c955eb3d2600a3b29327a331c676f5984840b857a2a173d3ea2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\feo4h2u\imagestore.dat

Filesize
5KB

MD5
25a718f77c383f62d2bef03e6076d15b

SHA1
0af44e98fa3543dbf7624549505e275bd68e5b68

SHA256
17b6cbf786b260c369cb7310e7ac31530df907e53bcad4e4549717fcf5d506e0

SHA512
e0a6d31db5476f0e7b02d3834ac719eef8b1152cdeaa92958ce5f46dc97e942e3f39ac235154b1b544c33441dc9e29355bd385ec545a4b8438092a8b4b2889e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\favicon[1].ico

Filesize
5KB

MD5
f3418a443e7d841097c714d69ec4bcb8

SHA1
49263695f6b0cdd72f45cf1b775e660fdc36c606

SHA256
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

SHA512
82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\activity-stream.discovery_stream.json.tmp

Filesize
152KB

MD5
01dbe24291e93038934b92053663bac2

SHA1
104b0f3620e53d0478e67fe8489f0bb301352c4e

SHA256
43bd22f679a1fe73cd2d082b97d6ff63461843e3ebb7973f7732e7813639b850

SHA512
5865d16e0a3fcd10d1d91f0588967f7c63047d375017f820850933fc606e6b0eb4bbf47a7d7d714f51a1d7d54a83a7d0e5ef16f9e053d75a92738fb56ab25842

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\1504

Filesize
49KB

MD5
3d7ee9721adacad50fdf55e7f2cd96f1

SHA1
df3feb947a84f38bee7fea3e05d5e98a64107ad0

SHA256
f3861460f8e47d731ad63d8d5ffec4e3b8681072762ccbf74d435748d1bdd75b

SHA512
b5a1e266b2ef5789060c59b063e1fcfec78a93b514f95529e9080ff0ceabc2c1f5b4d6998db19659af4b3ab647a01773b1c455a79e5f71fac0cf30004614d2e8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\20223

Filesize
15KB

MD5
6ffca2796a0e8a7ef87ce09bb8864050

SHA1
1ea429fc12777253f6731972d9931ce250822255

SHA256
402e8fd73bc499c8efb540eab6fadae3fb0e5874b5c5d7d0894f6d356935d1eb

SHA512
9ce31f3f4200aeee25ed1762f3f079b8153e8b3151eb881d448906af03acc61d956a4ae7f56835bb2d26cce399c4946e52a67fbef4f9d2afa8e2555f8cea474b

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir6012_204975118\4ef136e0-78ef-412b-ab63-ac9212a5ea3e.tmp

Filesize
88KB

MD5
9caa8c614bab0c667ec308c2fc7268d0

SHA1
118810cb2e84e9fb58b45786809e1062c1032658

SHA256
3474c2e016e2e6558afa52729659a90e014e7437be68f8606f9f152f1ba2f8fa

SHA512
85111e6075bd5b5a260684cdcb30718f6b0ea295faeeb5e8e406848597a3e35b62a15cd0977c6a13c62537021db00d0bb2317bfe3773e40028495f4e19bf7369

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DFBC23DC0264E8D753.TMP

Filesize
16KB

MD5
2585450ab21806de5aece945908b949c

SHA1
23367b24b5c333cfb0309fc8106cc17f175592e4

SHA256
49d9edd1515ac6f8c9997302552b01663afbd8cce8d7e74870d70e72252bc1e2

SHA512
b0dcaed00b5e22eeb69ff0c8807a1acb76e040ac420ac372a832b1218169214d85429626f49c0cf985529a383b80742fcf89d650400d447db3650d1e846ffdef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
6KB

MD5
ebcc079562cd4079a48145e9c77f5f7c

SHA1
e61092c2afe3eb364d34a20e613b560ca796843b

SHA256
a5b0e04c5f3cf910d2f7907b863b26b04c4ce75f17c98cded37174c7faf9ea84

SHA512
d478b7670c9a604ed52fe9f540bba24d84bbb723c3de3f179486dfa34b716faca0e5c6f36e124c68a737ee8ff62c683198f3b36e032ee2602b41d3af5f15ccee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
6KB

MD5
c126b0d6fe9fa8cb3365ff8f45e081ef

SHA1
912a11465357506801fe9f193a612d8f433a6c66

SHA256
098454042faa696f5678b3c2bc2ce1f4acc10d4c52ee7425f76c06346f35f850

SHA512
94fc929037834ed70db1f62756e1e25ad91a226bd8e654bf883bf43f0786a584c75bfa3cd29566a736e0bab412b586f1ca5e1df434e7afa53c14ddb2619bc912

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
7KB

MD5
ffad486a38e800873ab201eb1ab296bf

SHA1
47766e55ca55c017d092d4f3aed2841757208456

SHA256
9a67ed6358cbc37df7f08c0cb07656f5724201998cad06340da82fe373069d6f

SHA512
05d8b9a395fe064f0722d4efa6aa6f6ecf2effa3cb8f98f4a9efa95220b66916dbf04fea1890a5cb5d02b8d48719a2fe1d62957580762e197c646b0e5a2e18af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs.js

Filesize
6KB

MD5
feb8a52858c8167a58f36caa1b37f116

SHA1
7ae7f9d2721ae3c579f9e18e4fea679e8c848158

SHA256
adbc4c7b5e775c3d401ae811d5be5a69b844f5937e3d0a416d374dd5a7ec227a

SHA512
109d42ec5b9744b3561d29a9cabdcf2ffb81233935fa5c2d80c39f27b92ae55366c3c51ae3d26cc1a8936635662acbd11af89e54efac374aceaa279f13e7dc16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
80ced328174ff696221b7a890e11d091

SHA1
02561c1a455768ebbd6904e347acfddf86d77ce5

SHA256
7a806a7262b794158421e67ef3358da1781d4f6b3beef6210305798f69501647

SHA512
ba37151b432a292192586e90480963746d5e5961c0362e717ff85bf5fa5549f5e89253eac913b31c90cdfd5582226b1278b60b4b881b7ff0f949dc83995bc289

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
3e274db902c1aed5e3a89d4670690037

SHA1
802e395073f9b2e2d96ca31a8705e48d58410d8d

SHA256
64d99274d7cdc9bb28c3a4729eb5aab81dfecc3dcb320caacd75656725a3c510

SHA512
38eeae88049696172b931825b2ba9fd18148f156e93724708a83345ebf5921bc08c5b6c319980783750b7d80776852e0ec30bc689a92b6ad4f79d1e6f8aade47

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
f95cbdc5bf44e8e69f222e46276826aa

SHA1
3c1fafd79e57f2d489988523f984f6fd096de854

SHA256
b7c767aae1d2c5bae47aff16b56a0dd8c6c30e05812bd502aebf45356e9c2508

SHA512
8297adf28d7d7ae1fa89fd4f841d4a1c1352b9e3ed5b6cdcc7b26a76ed92c047cb66ed06ee523d2e450c92c085b8e4c9f5a7930b110f505e1a5368648b6c0076

Download Submit