hxxps://www[.]vmray[.]com/the-human-element-enhancing-malicious-email-detection-with-user-reported-phishing/

Resubmissions

06-07-2023 14:57

230706-sb2p2ade2y 1

06-07-2023 14:56

230706-sa2cwacd33 1

Analysis

max time kernel
330s
max time network
354s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
06-07-2023 14:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.vmray.com/the-human-element-enhancing-malicious-email-detection-with-user-reported-phishing/

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.msn.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.msn.com\ = "33"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "121"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "4994"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "395420456"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\DOMStorage\vmray.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "6573"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1423526417"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "282"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "6573"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\vmray.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31043610"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "288"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "200"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30dcc25d1ab0d901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\msn.com\Total = "33"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "121"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "200"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1423526417"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009e70746b52f6804aba4142285479e7a80000000002000000000010660000000100002000000076d13a3a2f149e4634c3f609cb91169bbda53be5ff2bfab5c8b92b38a3ad2e6b000000000e800000000200002000000032c7a5ed0dd944f426cb7e5182ad50d96f4c75f5582612a09a5a7c7d2f1f8a6320000000b8c902994e4d87363db8e0d8255cbca5c52aaf188ab1447820d1d39a096f9ed740000000f6ad1e2037cb27759f9b73d96ee10bc025c2907d006c435939e2806ba4210b25739cbfef28ffd53a35003ddb8934779b334cb55042b3d94d70ac935678dc9b27	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00e2af7c1ab0d901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "288"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "6573"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "439"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "115"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "282"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "200"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\msn.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube-nocookie.com\ = "197"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "4994"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31043610"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1435560330"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\Total = "115"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\DOMStorage\msn.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "197"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "288"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "315"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube-nocookie.com\NumberOfSubdomains = "1"	IEXPLORE.EXE

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-618519468-4027732583-1827558364-1000\{BBBFD8F6-A7DD-4F3D-B203-F004C671751E}	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1244	iexplore.exe
1244	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1244	iexplore.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4160	firefox.exe
Token: SeDebugPrivilege	4160	firefox.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
1244	iexplore.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe

Suspicious use of SetWindowsHookEx 11 IoCs

pid	Process
1244	iexplore.exe
1244	iexplore.exe
1472	IEXPLORE.EXE
1472	IEXPLORE.EXE
1472	IEXPLORE.EXE
1472	IEXPLORE.EXE
2724	IEXPLORE.EXE
2724	IEXPLORE.EXE
2724	IEXPLORE.EXE
2724	IEXPLORE.EXE
4160	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1244 wrote to memory of 1472	1244	iexplore.exe	85
PID 1244 wrote to memory of 1472	1244	iexplore.exe	85
PID 1244 wrote to memory of 1472	1244	iexplore.exe	85
PID 1244 wrote to memory of 2724	1244	iexplore.exe	92
PID 1244 wrote to memory of 2724	1244	iexplore.exe	92
PID 1244 wrote to memory of 2724	1244	iexplore.exe	92
PID 3420 wrote to memory of 4160	3420	firefox.exe	95
PID 3420 wrote to memory of 4160	3420	firefox.exe	95
PID 3420 wrote to memory of 4160	3420	firefox.exe	95
PID 3420 wrote to memory of 4160	3420	firefox.exe	95
PID 3420 wrote to memory of 4160	3420	firefox.exe	95
PID 3420 wrote to memory of 4160	3420	firefox.exe	95
PID 3420 wrote to memory of 4160	3420	firefox.exe	95
PID 3420 wrote to memory of 4160	3420	firefox.exe	95
PID 3420 wrote to memory of 4160	3420	firefox.exe	95
PID 3420 wrote to memory of 4160	3420	firefox.exe	95
PID 3420 wrote to memory of 4160	3420	firefox.exe	95
PID 4160 wrote to memory of 4004	4160	firefox.exe	96
PID 4160 wrote to memory of 4004	4160	firefox.exe	96
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97
PID 4160 wrote to memory of 1428	4160	firefox.exe	97

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.vmray.com/the-human-element-enhancing-malicious-email-detection-with-user-reported-phishing/
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1244
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1244 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:1472
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1244 CREDAT:17414 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2724

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3420
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4160.0.1615471855\826245742" -parentBuildID 20221007134813 -prefsHandle 1864 -prefMapHandle 1856 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4f1eec6-b9db-4f46-b28c-2835c52ea61d} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" 1760 22ae6ddf258 gpu
    3⤵
    PID:4004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4160.1.691599665\1883563741" -parentBuildID 20221007134813 -prefsHandle 2320 -prefMapHandle 2316 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {09733cc3-3b49-4185-b955-eddd88370fb8} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" 2332 22ada36eb58 socket
    3⤵
    PID:1428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4160.2.601699816\1614931060" -childID 1 -isForBrowser -prefsHandle 2984 -prefMapHandle 2980 -prefsLen 21077 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63ee262a-04ab-430f-a4d8-f7755f90b661} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" 2916 22ae6d5e658 tab
    3⤵
    PID:4060
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4160.3.745270675\568426364" -childID 2 -isForBrowser -prefsHandle 3456 -prefMapHandle 3464 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {11901723-8247-4012-b9c7-79901339f685} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" 2888 22ada363858 tab
    3⤵
    PID:2256
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4160.4.800208213\1995270799" -childID 3 -isForBrowser -prefsHandle 3800 -prefMapHandle 3796 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3698108b-b530-4ebd-a8f5-a3517bfd614e} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" 3812 22aeaf57458 tab
    3⤵
    PID:1864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4160.7.765979241\911194040" -childID 6 -isForBrowser -prefsHandle 5288 -prefMapHandle 5292 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f73f563-e8dd-466a-ae2e-e15a68f491e2} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" 4956 22aecf0c458 tab
    3⤵
    PID:4672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4160.6.143511992\1259481304" -childID 5 -isForBrowser -prefsHandle 5076 -prefMapHandle 5080 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5a0d462-b86b-47f9-bf24-eee5ea6bf79d} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" 5068 22aecf0bb58 tab
    3⤵
    PID:3188
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4160.5.1611601797\1032446206" -childID 4 -isForBrowser -prefsHandle 4908 -prefMapHandle 4916 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {80cc37d2-7bca-475b-b48b-f3d616b3a3de} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" 4936 22aecf0b558 tab
    3⤵
    PID:2960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4160.8.692036491\641259661" -childID 7 -isForBrowser -prefsHandle 5652 -prefMapHandle 5656 -prefsLen 26831 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66379a4c-88be-4979-8210-979fa940a2db} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" 1652 22ae940e158 tab
    3⤵
    PID:3628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4160.9.633487500\2059226311" -childID 8 -isForBrowser -prefsHandle 5796 -prefMapHandle 5156 -prefsLen 26831 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58003353-5d32-43b8-96cf-34c88bf9de06} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" 5652 22aee9d8358 tab
    3⤵
    PID:4568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4160.10.762593306\1969166019" -childID 9 -isForBrowser -prefsHandle 5860 -prefMapHandle 5816 -prefsLen 26831 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ff9cf50-4ff2-4095-a9ef-bc064334b538} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" 5244 22aef227b58 tab
    3⤵
    PID:3764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4160.11.1799672977\1773287001" -parentBuildID 20221007134813 -prefsHandle 6180 -prefMapHandle 6000 -prefsLen 26831 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {022f9867-3f26-4698-86d8-9d11807437b3} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" 5992 22aef227e58 rdd
    3⤵
    PID:232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4160.12.340686865\2043000988" -childID 10 -isForBrowser -prefsHandle 4704 -prefMapHandle 4720 -prefsLen 26831 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88eaaab1-4089-4888-a25b-b7418dfe61b7} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" 3904 22aefd8b358 tab
    3⤵
    PID:1536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4160.13.1530575590\1098639276" -childID 11 -isForBrowser -prefsHandle 10004 -prefMapHandle 10012 -prefsLen 27096 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef94f6d8-e128-4290-8939-1aedd45139d2} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" 10044 22ae9457e58 tab
    3⤵
    PID:2868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4160.14.2047692677\894192827" -childID 12 -isForBrowser -prefsHandle 5640 -prefMapHandle 5720 -prefsLen 27096 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee69f90b-7e18-4110-af07-6bb91c6d37ea} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" 5744 22aee2a8558 tab
    3⤵
    PID:1828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4160.15.201805531\2083753664" -childID 13 -isForBrowser -prefsHandle 9912 -prefMapHandle 9908 -prefsLen 27096 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c42c025a-03b5-433d-a83b-7a90a266b97e} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" 9920 22aee2a9758 tab
    3⤵
    PID:4508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4160.16.369166228\1322850021" -childID 14 -isForBrowser -prefsHandle 9900 -prefMapHandle 5764 -prefsLen 27096 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e230af6b-b78b-4478-93c4-4eb769ebe6e8} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" 9848 22af059b658 tab
    3⤵
    PID:2796
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4160.18.863981763\1055567175" -childID 16 -isForBrowser -prefsHandle 9420 -prefMapHandle 9416 -prefsLen 27096 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b358b301-c0e5-4bb6-b670-7b9fecca5181} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" 9428 22af08a9e58 tab
    3⤵
    PID:1328
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4160.17.1099343230\1211114320" -childID 15 -isForBrowser -prefsHandle 9560 -prefMapHandle 9564 -prefsLen 27096 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6151296c-6853-49d0-a4c8-4a2a8217e7c0} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" 9848 22af07fa958 tab
    3⤵
    PID:3344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4160.19.1223107249\1036511333" -childID 17 -isForBrowser -prefsHandle 9024 -prefMapHandle 9040 -prefsLen 27096 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d092e0d-1233-4371-8bd0-4cf2a0de1521} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" 9016 22aeec8df58 tab
    3⤵
    PID:4524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4160.20.1251942752\111506168" -childID 18 -isForBrowser -prefsHandle 9868 -prefMapHandle 9396 -prefsLen 27096 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4591f7d6-1312-4e2d-a53a-ce068f85ca8f} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" 9560 22aeec8eb58 tab
    3⤵
    PID:644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4160.21.1935434317\1374988658" -childID 19 -isForBrowser -prefsHandle 9052 -prefMapHandle 9956 -prefsLen 27096 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5614962-19a0-4ece-b103-c207920fbd23} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" 2820 22af125ff58 tab
    3⤵
    PID:5608
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4160.22.2133447849\115226050" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 8428 -prefMapHandle 5776 -prefsLen 27096 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58fc11cc-adf9-4800-b1db-b39d27f6ab68} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" 8436 22af13e5b58 utility
    3⤵
    PID:5824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4160.23.1634195817\541927996" -childID 20 -isForBrowser -prefsHandle 8428 -prefMapHandle 8264 -prefsLen 27096 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5da871db-3a1a-4150-b739-da1c273dcbb3} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" 8184 22af1cfc658 tab
    3⤵
    PID:5536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4160.24.253586561\1264706544" -childID 21 -isForBrowser -prefsHandle 7908 -prefMapHandle 7904 -prefsLen 27096 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae17adc3-0bcf-4095-98a0-c2c3e1bb9079} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" 7916 22aefa45258 tab
    3⤵
    PID:5424

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
1KB

MD5
eb5ec2d13321c6dfb4e7256fe4141a3a

SHA1
4820d9ac529af2f062c1536a526be886966a8eb4

SHA256
ce2723a3c8bc2c57ecc4422d85f4e36b3fc3cebb0e597da35423ce1f1e04e440

SHA512
a51fb01734486dc36d8501c4275afafbe10840ef44c775251beaa616576c2c245f6c86e93f1a65a8ec72b4b1cf21dccb943710ab11b07474192a8d0880845948

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
aa62f8ce77e072c8160c71b5df3099b0

SHA1
06b8c07db93694a3fe73a4276283fabb0e20ac38

SHA256
3eb4927c4d9097dc924fcde21b56d01d5d1ef61b7d22bfb6786e3b546b33e176

SHA512
71724e837286c5f0eb2ee4ad01ac0304d4c7597bb2d46169c342821b0da04d8597491bd27ef80e817bc77031cd29d2182ccc82ef8ea3860696875f89427c8e0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
408B

MD5
2b9456546052a1c479190d22a2d6ace3

SHA1
7f51245a5de0d20becd82188cd5c31b8eb2e5607

SHA256
fd5f35022bc1110f188ad12f3274837486cd6627cc19da3631f09c83869263b6

SHA512
99ac5ea823c4f06401b18dd872146a07cc583878aad6bcd7cc2598acd01bb9f2e1fc140ead83c8c221ca4b8178ce81f7b16d83b913fd4668d49f643deb3e354d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\A3O26TSF\www.msn[1].xml

Filesize
127B

MD5
e2ceab8d4137580df510047a3974eec7

SHA1
a8a48cc4ccd3930aa4348b149caf17374391ac70

SHA256
131ca45687af9628129f528359da5158ef45c064a84d758f5d1fe40166f0d591

SHA512
7c0f150fdb8705cdbef3d9ee397398c29573e3ecf14f0db054f136e297ee7ab4788af3bca08548ab3febb8f43b22b36bb13aa55c044133ec7b534d1cee4f926e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HZZ8ZRV2\www.youtube-nocookie[1].xml

Filesize
17B

MD5
3ff4d575d1d04c3b54f67a6310f2fc95

SHA1
1308937c1a46e6c331d5456bcd4b2182dc444040

SHA256
021a5868b6c9e8beba07848ba30586c693f87ac02ee2ccaa0f26b7163c0c6b44

SHA512
2b26501c4bf86ed66e941735c49ac445d683ad49ed94c5d87cc96228081ae2c8f4a8f44a2a5276b9f4b0962decfce6b9eeee38e42262ce8d865d5df0df7ec3d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HZZ8ZRV2\www.youtube-nocookie[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HZZ8ZRV2\www.youtube-nocookie[1].xml

Filesize
7KB

MD5
9e93f5c5e67d94c915e4136870fc34fe

SHA1
0468a8cb45d1e1fcf87d715307dc6b9deecd919b

SHA256
b15f172e8c6794eaabb5e7e3d2f83a375c3276efb5dc2e37173e2009ee3ff01e

SHA512
5c0312a36665847c853d2531ca019a2bf406343afa7e6a86d14cc786749a7b582c937e5c7355758fd4be4acc09912831a4a306aaac016429c3be7a7628dddfcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HZZ8ZRV2\www.youtube-nocookie[1].xml

Filesize
10KB

MD5
a28dd8644f847855fcafd926a33b8bcf

SHA1
d8f927d9394631e677de0e10ea8f497cea5fc2d2

SHA256
ba0abcf45d239a20338d5d0dec9416a8934a90e58bdcb1fec87e2f5e86b3d144

SHA512
fee09e8501a86a4b4aad550fcfaa6aa9a957cb9b0341cdc638db556d91e07ec8f4e2aae0ec9c127657e2c8e1856a74971a03620b398e6ee02cf47e38065acfa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ajlopfn\imagestore.dat

Filesize
1KB

MD5
ad383a78369f0d0b59d6ebf84cbc5dbb

SHA1
4d362323a603783da2b7ee021e6431fda831d3eb

SHA256
f45a549c523ab29a18deae09e1947078dd818ad0d3e0dad9c0742b14a306ac01

SHA512
2ea8fd8a0b682aba365599b8991fa79dfda491677e80549efae3b36a735dbd58ff2286848a28d18a44980f0a0605dd28ef8b6b45c497ce574c9c38d41a25e6b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ajlopfn\imagestore.dat

Filesize
1KB

MD5
a76dbf6d111cb3588b4e17944b5f0293

SHA1
6150f82e5be8944ead63b139dd0b1df16bc276dd

SHA256
ec0bd133ff675a45a4cbe23b990a01b95535a67a434b894aae7c6bfc5478397c

SHA512
ce30491800cb4bf4a30c4883d54afb84a11a0a8bc914c50d9f14725f80d8ddb2bbc716a53444be13a7ee95deee8a584b06a9428ba8b1b55a2e896170bd5676d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7T5CRMPS\js[2].js

Filesize
186KB

MD5
faed0d0b8942e0f5e0e1f0eabe88eb0b

SHA1
ba2a79cf9966b1cb020dc3ddfb95034669259fbe

SHA256
aaa72b39d0d8fd2b0b1e8ea03aba42683f07a6fbba2bd3d16285caa793012b9f

SHA512
57918e10f4478e04eef1aab00c530cfc581d5b9d7584df4e4e6f83192a8caa832310f66ff9ef8c85066ad7bb5f2d81fb79b789aeaa17e1c80ea477f64cd1166c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7T5CRMPS\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7T5CRMPS\www-player[2].css

Filesize
374KB

MD5
f71de69f117d84901025612dc3e3a8dd

SHA1
f910c09ed11b8366328f7c1753402e62ebeaab10

SHA256
295ab4ab616f0b893fa81a5e03c5fc3c0e09aea1d71d924099c75605392c1ad5

SHA512
9aa3e7a04835bf5035782e98b02421d123b4489f58504e05fa35d852e61f16eb164cc5534451a2d0f0bafef9dd0e46290febad5f8d338009b7dc5b376d17205a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\92MHWCYC\cropped-cropped-favicon_512x512-32x32[1].png

Filesize
953B

MD5
03429bd5fc977dd5128111bff71dde1e

SHA1
6f11ecf3a298f80b09bf323275740a29942ff85a

SHA256
fe90587380220f5bbd8eb3abfb9a50c8c5092040dd9c343f5012e6ae5e7d08e2

SHA512
07583ec47209acd99279915374ec5d0932506a0f36eb1ee4b8cd9adcc40d3840d3b073bdf874e4f7d2994a4524459634232922a018a6ce3931e39bfe2a7a6b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\92MHWCYC\favicon[1].ico

Filesize
758B

MD5
84cc977d0eb148166481b01d8418e375

SHA1
00e2461bcd67d7ba511db230415000aefbd30d2d

SHA256
bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c

SHA512
f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\92MHWCYC\fetch-polyfill[1].js

Filesize
9KB

MD5
949e94fed78d252b728cdc2aa6ddc56a

SHA1
d2bfdd653bb3da592097fb4ddb6eabbdc3060562

SHA256
ac8177161c3038b07597ec544de3c00f46e1a0aa6b4b4c045ff0495553cc5069

SHA512
d0858f6ca174c0c1597006ad68a89437147388053704011054008f7d3c794cdddf0c79862e04be93d7ff44f622d684240625af4d5173aa7fa91128a4413e888a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\92MHWCYC\insight.min[1].js

Filesize
1KB

MD5
ae462e3efe77740bad125f4db6a14f85

SHA1
96346bac4a016748717bacdcee22bb25f34696d9

SHA256
42c9d1df23e2f7d82d90b2bd6bab3b5398e81889cb9bde1d4a530acc663c9c63

SHA512
63cc050ed2612bba6c84cf0a844a43adc10fc483b9d04300a4fb108e935bfbc882acae0eed03c66a606b8f42ced940cedc5a56808751610472c981562e6013a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\92MHWCYC\pd[1].js

Filesize
5KB

MD5
0c0335550002dc4c4db0de1d9dcf043d

SHA1
0bd0357faa46e9ff78d939b196d43ed47c701160

SHA256
41402adfc915ad6dfd6328c06c8038763d25fe603e63beba4a2638a2bbc03136

SHA512
449683e6a927848f403214c49705a91d54a880d4da605f2e7b3fc52bf178c7475ca6131fad823a6aead84a1eb4a3e0501b122900c97241ce620ab45330861f12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\92MHWCYC\www-embed-player[1].js

Filesize
310KB

MD5
2babd95cbf04974861061630ee6899e0

SHA1
739eafd5160feacddd167f9d5f03bb32d8365551

SHA256
297fec9e0574bb51742bdde0ce9b5c90e15c46669e80f45b6627bc2b608af73d

SHA512
66d66c61bbd770b96d14e6007c9d414437a2779fdff469909b4f3f648776aa565fd65472692a8ef183d3ea350aae65bd091edb40a17b92320ff361229078c29e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\C7IPBQYV\analytics[1].js

Filesize
51KB

MD5
575b5480531da4d14e7453e2016fe0bc

SHA1
e5c5f3134fe29e60b591c87ea85951f0aea36ee1

SHA256
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

SHA512
174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RM50SD1U\js[1].js

Filesize
121KB

MD5
663c377c0b4ff40ee880f06e8308dc0b

SHA1
850f81833b5ba434b068eeddf02df6c80f1b5f18

SHA256
9fda7ba70d96862811a9cb6e0256baa3f8a1a4a3aca7e9c838cae0b0865f44f1

SHA512
80b028d8cc2ff89fa1fc83b60024801b541a8f02b4afa4048d16ef6399f4b5a45c2ea59d8df424371116b02ab9a8c2237ec01303eb91334a14d4fd6062386050

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RM50SD1U\js[3].js

Filesize
241KB

MD5
3219f77487e4b8d5eb9e90aedbffe9c8

SHA1
7a28ed3e1e7a2f17e9cca960e291aced11ae9be9

SHA256
01572b01cccaea54aa1679c975117a5d2601da7a8e594e90436abeb9524989d6

SHA512
6ac014ca512ad14cfa5b2cc68961faed51b2c64e2a7cec00eea896a9a1cb4657385203f41b57079830050ea22e5223e3f8477ff42033da9f59cf6bf1e5f72101

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\05ypapi5.default-release\activity-stream.discovery_stream.json.tmp

Filesize
155KB

MD5
f97654c869304c78fadf80ac2dc88043

SHA1
3d01f1ab2ccc637fc79e76314ac999e1acdce742

SHA256
292e64c390ef24ca12cc95690c4b4faba8c4cd52786928e9d76c4c8cd15aa502

SHA512
870873479343f018879eff4828308e5577cce5153fdb1b3a2898e5fd0ee75334eb0542f1fb714bcb17f3baf31148cedd2dcf4620aa97b652f16e30d98fecd563

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\05ypapi5.default-release\cache2\doomed\16544

Filesize
20KB

MD5
01af3ab2cdc58abcfe7f4dcec1d8ac9e

SHA1
3f2caa99df9f58d02216ebde2665b1895dd88ac9

SHA256
b2235cadb6d1930c5c4cf6929d2bf6d9f738be565157473d200210117409d949

SHA512
efa920bea654ef24932fadd3ff11adf09a6d18e1a0d68d411c8a9a885fdc2384c29373587a8dba5262e783ce69913a4a8b100ccabcd136f67ef788fa664f52ae

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\05ypapi5.default-release\cache2\doomed\19621

Filesize
13KB

MD5
93dc28d4c857b12690118f0322509141

SHA1
b7ce409fbcf31e325d56c6e6b02c7f728897d940

SHA256
98be2a57dae57e38fc5356381fb43e95d420901f6a3d5ca63901fa54e7cd7a91

SHA512
7dc783bc5b6b0a9946d99c3fb903adc470b7c23796411e271f98260a8657f1faefcd32c7465b877d12ca87522213ed83d944eed60d6b8f7e15df43c32a1fcae0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\05ypapi5.default-release\cache2\doomed\21136

Filesize
9KB

MD5
c14bab75410b3cb9934c39c3c0125bf6

SHA1
2d71941e929d3d2757b76dacf6ab5b5e50de3483

SHA256
bb87cbf9286286dad49ad407a5d63e31732748bb7c68192ae5c1dd4cef570f15

SHA512
b93e52876f68ba601ec55f9ab2ed43c7f272a9f26f87794a22f566e847acd614f58563340dc1fdd52cbe7581ebae60d87d63daaef12bc405f1603d64a52100e3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\05ypapi5.default-release\cache2\doomed\21745

Filesize
20KB

MD5
993d928978707714d915f4a125ef90be

SHA1
8badb74766f92d1bdf97170be3db76ef8ae5714d

SHA256
c82e31e2b7251dee4146cd2ce68b97c6d090b3296a296433a83874571a5e1702

SHA512
0640ff8ef4703b6c0cd7abe89e272681d5dc6a60d5edd8bcc7d3255c3217f6014edb706d881c5991c70022ca7cba2209561ebd2dc4379e8a0cf12d5d949a02fe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\05ypapi5.default-release\cache2\doomed\28760

Filesize
20KB

MD5
5bcd1f2b45788447d37d22ad1fd64501

SHA1
13e5de692d386715f9eabc3f67a24397a48c26ba

SHA256
f66bd55011edc4a572d2711f935140a56320652a7624019223b6d732d61ebd03

SHA512
df4610884a6b4ba766ab8f2ce50181077e9310dcdff45263016bdfab295ebcf50f66eba928af93816351e483d039e55fcdadf284bcacdd6769a336cf596bb96f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\05ypapi5.default-release\cache2\doomed\30023

Filesize
9KB

MD5
bae483669454069a2dac7f19ca50f347

SHA1
96aa7aeba22b38fec486dff24d32e112ad09e265

SHA256
307caa4b724775bb5438fc0a54634ff0b7ce86cf9ab609903b97ae76db515c52

SHA512
345cd7f8116256703cf272e8c63cdbd1d475c2dc23671fb0a0f315b34b28588db9bf7a2fea40a6da7e895c0af0a302c3e2c042108c0b9f55aab1aa79647e838f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\05ypapi5.default-release\cache2\doomed\4090

Filesize
13KB

MD5
35b5d1daf2a88dd39ead17d64f5ce391

SHA1
f19f56587e3e264cfff8aae98fc164b1c2613712

SHA256
d394384fe907f2ca23efda6758a4639c386aa8266e7f6234ae0d8d5f6703828a

SHA512
48b98ed9ed3537b425963e2304823320dd7fb146248bf9f7f43c1a2835c452f98ce9e983920c80f0c11060bd5da7216d0b94d81c67bdff225d366c601f856123

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\05ypapi5.default-release\cache2\doomed\6759

Filesize
20KB

MD5
fb7df797d381ea247a0e66440b10c164

SHA1
c4c952de9c48db6d720216e6719953ef7d8b76d3

SHA256
dd0f5ab37673bebab83c617f2ca1459dd690732eca1ba74619664e3212a1f89d

SHA512
f1a0a3e2ec9dcc15b121e23585d1ff60f1e7021c51ad6cccec120ba2d84ef30c05633fe82ab205b6805d60dd10ee4329c6a6d2781f97a669eec82b550abb0a8a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\05ypapi5.default-release\cache2\entries\5715311EE7DF9C4A94C344576A790A58F98686BE

Filesize
95KB

MD5
5cfcecbaf5fceec29e4ebd6e517f4de9

SHA1
097b5cc5363ca607dd403890ede42435ea8e5cf4

SHA256
37ba3de7f4ee148925712bed3fdcb50cb538b328579f2eb11735b54ef17f39dd

SHA512
280f9f20528870a9cdb7462914c836c03b5d09de2ae4888cf0c744957572398101907891279664be0a6450286362f63e8e90796774c532ea9198b73adc94ba76

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\05ypapi5.default-release\cache2\entries\5EE03FF1F1B2745FB0B08304A4F02E1CE0F0AB41

Filesize
13KB

MD5
2154b9c57ab018b2cda7dd44e6c1e7a0

SHA1
710209d9cd958d86ff69163cdeefe241d845d5c6

SHA256
2a7f323e368c0e1d072574db48a24bb77f0de0f6b69bf2b44d9d5ce3ce78c4f9

SHA512
e398b4e05deb6b2cab912732d24fe6a965f9aa467e46f2b9ed4a030ffe1dc781f44eb9716422518909b0cf7c1f4235bef30e819d24255e6dfe7268231db91c07

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\05ypapi5.default-release\cache2\entries\678AEA8CFC55C868E4A5C8D38C2F6D29A1F99E96

Filesize
235KB

MD5
c2bd1d8412e2417ad6a5635bc71e4efa

SHA1
4480f1bf2a2f9e618aba45498968a9d4c9e86871

SHA256
faf201379afd6a6f28f244e0ae8f7f421c08be472c2bffd489b2f96080d6bb58

SHA512
af8929e8e48f438dabd489c9d40bfea16e7841b14b5d49ac710ef28d69d56553de57c3d3151eaf0ea04ec4c0f805d449bda2cd4ae5b2d60b26a7f4e9a6852b78

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\05ypapi5.default-release\cache2\entries\6A7AD874D4868AD3DB7D45BAE8854E4B2274DF38

Filesize
1.8MB

MD5
9cb41a8dbf8acdac5458c0d64371aa04

SHA1
cb811f1bef17c1b88aa29073d71a6c5a2faea025

SHA256
d3f1539474a30750b701407ce3d0227b053dc98cf6f142e0cb7c43b0e8437a2b

SHA512
d8828f6a7862b7916e74b7c44c486a4fb6e83dfeae27a630145ab1feb8177c1d68246448e1af8c293df86c37a49778ae8bb1ed60b1e1c6ffba1ec2e6eb2c2940

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\05ypapi5.default-release\cache2\entries\6F10D7BD057DCA2CF9564BBE19D2FCB612AF41F6

Filesize
295KB

MD5
7faddbf099412ca05f8f9ea24ff5ea8d

SHA1
b466119a9c79012ad6412e4ca4f1b46bf7cb30b5

SHA256
027dd15efcdfe5337ab97cca1f05ed1ed0ac4a175010448f4f7b274b019d621b

SHA512
f6253409310f0c01049efd12b7ddf491261cb0d1fae43516122cfedc7aedd57e9d05a393bb5f6d7e2c4edda66d56c3118085a8c78c591b120b2df3ef56f8d6bc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\05ypapi5.default-release\cache2\entries\9BCA626400C20496AE4DDEADD6615AE113A21FB0

Filesize
17KB

MD5
0795bbfa3796e04e0c7df56ef300795a

SHA1
f527d992358ca1ad2b17350b08138f1c6eea28c3

SHA256
c5520e2787ad2536354459c13b5337ba71ceb9f3a22cbbe44df7d7c77a89583b

SHA512
b674df61cb9f3e51ec6c4b12dd63a959b68068584b3c20d770aab0eae3fd10f61d467ae35bf05530fcf72ed89f87f83b8ad5f3e0d6e74624d9aac36d13123515

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\05ypapi5.default-release\cache2\entries\9D35BE20F3686BA123A7DD775FCD243DC8B35F40

Filesize
65KB

MD5
8b88b7384197e4e793e19cc3a3fe5fba

SHA1
f0f134ca01490a7a242f14f37a7666ed5a3d6913

SHA256
7376e52253a687f15cf5c286ef7b0d5e6e80d14ac557a50ccf702bc3662fce39

SHA512
a05eb36fd9a50177fc22edca92bd318d4cfb121699986cc4b6955996edd1955265a56e2096cadab56c2532ba6c72220aba7a2e2ad6cf0009161c7bc8c7c1f65b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\05ypapi5.default-release\cache2\entries\A38731F3385A14221A3B70100C94F7F66EEE93FD

Filesize
683KB

MD5
970f60ea85e7886f38098c555aa58d71

SHA1
10c98dd91372f40d564603935631bf2ca753149f

SHA256
b78afcba85c16d1787e49cb500f954ae824700e2bb439e8bbeeec4f49658b79c

SHA512
fd38e793d443c2d6521bb2158f95de08838bfb4aeadaa06c11a787353244f1c8fde65324ed6a9b65205bad2751f4987dd75525aeecc4cd2b3cfdab220bd4b20a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\05ypapi5.default-release\cache2\entries\BC402178E7D81A427E67D1D0AD8806BEA5508475

Filesize
100KB

MD5
5699746fe6326fb8ec454edae2fc8b0c

SHA1
7c0c40ad24b32f93ac450fc7e78c3cc588ab1c91

SHA256
dfe41abb54d13f65552f198eb733d3dd73823c530c2bf478835ec9c9a85d4592

SHA512
ad076215d94db39ed6f5483424127b262ee9e0bfbbf1b8e4e5f11e431e2eb3a0083769bc8bd5be4804d02e1e4461cd277581bd89bf63ca813ff8e5619a6f56a7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\05ypapi5.default-release\cache2\entries\E75CF81C7827BDDC92B7B8CF58F9434658670516

Filesize
350KB

MD5
3d7782cfc8f8a01e9938ec86e8986e8e

SHA1
5bf189576b30af5d72bb3abadfb79ac2d3bfd3b3

SHA256
53911a19fca42b2f1efc10eca7a3adc821346fcdc800089a12f71204255cfb79

SHA512
06e6dd3fb35647bbcd85f2ed55ecbc68d7af646d107893226c1d715dbfb19a05e0d154432827724805fb1e41b41bb3cfd1f1a67b86fb0c08ecf810b4c2ae6012

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\05ypapi5.default-release\prefs-1.js

Filesize
6KB

MD5
2cd63183b68ab9c7b0db3be776e24728

SHA1
e39a670d300d2e57649f610660e9fa9a654f4c60

SHA256
8da5480eff1d33950fef15339b3128fbbf014399abac620ba49dc54d2ccb935c

SHA512
49699bd1743a38c531c34384fcf159f32c705739726a9f19e8aac16a30c5e5eba8d068a3122674911a227d9883eb254d559dc4a34c7870b5649e8b4d8e3fa6a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\05ypapi5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
4e2fb1c9883ce8e6342f8cf5292faef4

SHA1
02c1bae3bc92ec1f8020ab80e49c25999b9afbbc

SHA256
bb489a4de6d375f616b5ddb4b8859d1f791b81ebdfa13dc1ebae0a35351c11c6

SHA512
39fa79024bcc1b1b1ccadca8798e45a63bb308417506c18f5bb9eb5674f8a7eb8b205f0284e8e9eb3d6bef6134a2ffd011f311bcdae94de5a19dc78315d02c6f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\05ypapi5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
effcfba210145db4fd9a4f5613928d5e

SHA1
7dc84a3d8b906d42f746af7c1d51e38479ec6a1f

SHA256
95c61fe3789416a665684d9ccf7d352d2ff7d6c2d431f9e9fad8b1bbcfbef83e

SHA512
1a499e14479606316ebf58f2315af5850a522887b69f09d480ee24359f14f1896cc8220699e507942b07fa1dd20e9490497579045be1c12fac9731bdbde19e4f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\05ypapi5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
091ee2602b889c6e233cfc1075fdf9b8

SHA1
027d4a8a070a43a72958951513bb57fceb21e44a

SHA256
268e79929898b1cff32c9225d8813fee577bc2750d4052ffb5b2bff8ce34e387

SHA512
3bd9bf5c22011021d463e372b294390dcc0f118807e6e9744bd95f2b3d23fcbd6b73100de6f1e035f80c25f40f455b7181d3e33fb3dc0dc225df782955c43326

Download Submit