3403e3424b7c2bfd125f2955ce55e7676060dbe98bfb668a9223c52d6e6b0812

Resubmissions

04-08-2023 17:17

230804-vtrc5ada54 8

04-08-2023 16:59

230804-vhrvhsea4x 4

Analysis

max time kernel
801s
max time network
813s
platform
windows10-1703_x64
resource
win10-20230703-es
resource tags

arch:x64arch:x86image:win10-20230703-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
04-08-2023 16:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

iZotope_DDLY_Dynamic_Delay_v1_01b.exe
Size

61.8MB
MD5

af0e66db64aaba213ac405379fed888c
SHA1

85ad31eaf44957c8438f7e1dd98b8acc877e875a
SHA256

3403e3424b7c2bfd125f2955ce55e7676060dbe98bfb668a9223c52d6e6b0812
SHA512

0594aaa756fb3956e28345f84a29e2c87fb9ff26220dea615a0040edd54026caef0920f9dde685cc9644663f9e70a15756bd86bba36b499133ddfca3d0155217
SSDEEP

1572864:4eisP1iE7COz0aax0cJt/pJH6AfNeWeWJ0Wp3eKhLYnaa1:472LCOz0aktR5IWeCcKhLpa1

Score

4^/10

Malware Config

Signatures

Loads dropped DLL 17 IoCs

pid	Process
2300	iZotope_DDLY_Dynamic_Delay_v1_01b.exe
2300	iZotope_DDLY_Dynamic_Delay_v1_01b.exe
2300	iZotope_DDLY_Dynamic_Delay_v1_01b.exe
2300	iZotope_DDLY_Dynamic_Delay_v1_01b.exe
2300	iZotope_DDLY_Dynamic_Delay_v1_01b.exe
2300	iZotope_DDLY_Dynamic_Delay_v1_01b.exe
2300	iZotope_DDLY_Dynamic_Delay_v1_01b.exe
2300	iZotope_DDLY_Dynamic_Delay_v1_01b.exe
2300	iZotope_DDLY_Dynamic_Delay_v1_01b.exe
2300	iZotope_DDLY_Dynamic_Delay_v1_01b.exe
2300	iZotope_DDLY_Dynamic_Delay_v1_01b.exe
2300	iZotope_DDLY_Dynamic_Delay_v1_01b.exe
2300	iZotope_DDLY_Dynamic_Delay_v1_01b.exe
2300	iZotope_DDLY_Dynamic_Delay_v1_01b.exe
2300	iZotope_DDLY_Dynamic_Delay_v1_01b.exe
2300	iZotope_DDLY_Dynamic_Delay_v1_01b.exe
2300	iZotope_DDLY_Dynamic_Delay_v1_01b.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 28 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3148	chrome.exe
3148	chrome.exe
5320	chrome.exe
5320	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4176	7zFM.exe
6120	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2400	firefox.exe
Token: SeDebugPrivilege	2400	firefox.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
2400	firefox.exe
2400	firefox.exe
2400	firefox.exe
2400	firefox.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
4460	7zG.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
2400	firefox.exe
2400	firefox.exe
2400	firefox.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2300	iZotope_DDLY_Dynamic_Delay_v1_01b.exe
2400	firefox.exe
5352	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3844 wrote to memory of 2400	3844	firefox.exe	83
PID 3844 wrote to memory of 2400	3844	firefox.exe	83
PID 3844 wrote to memory of 2400	3844	firefox.exe	83
PID 3844 wrote to memory of 2400	3844	firefox.exe	83
PID 3844 wrote to memory of 2400	3844	firefox.exe	83
PID 3844 wrote to memory of 2400	3844	firefox.exe	83
PID 3844 wrote to memory of 2400	3844	firefox.exe	83
PID 3844 wrote to memory of 2400	3844	firefox.exe	83
PID 3844 wrote to memory of 2400	3844	firefox.exe	83
PID 3844 wrote to memory of 2400	3844	firefox.exe	83
PID 3844 wrote to memory of 2400	3844	firefox.exe	83
PID 2400 wrote to memory of 4568	2400	firefox.exe	84
PID 2400 wrote to memory of 4568	2400	firefox.exe	84
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 1780	2400	firefox.exe	85
PID 2400 wrote to memory of 2752	2400	firefox.exe	86
PID 2400 wrote to memory of 2752	2400	firefox.exe	86
PID 2400 wrote to memory of 2752	2400	firefox.exe	86

C:\Users\Admin\AppData\Local\Temp\iZotope_DDLY_Dynamic_Delay_v1_01b.exe
"C:\Users\Admin\AppData\Local\Temp\iZotope_DDLY_Dynamic_Delay_v1_01b.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2300

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1596

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
1⤵
PID:3104

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3844
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2400.0.769612420\762854444" -parentBuildID 20221007134813 -prefsHandle 1704 -prefMapHandle 1692 -prefsLen 20936 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {825556db-a49f-464a-ae6e-54e1e84e573b} 2400 "\\.\pipe\gecko-crash-server-pipe.2400" 1796 1b07ded9c58 gpu
    3⤵
    PID:4568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2400.1.148430182\126216199" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 21017 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d035a125-9462-4cc4-b7ae-4e832941eec1} 2400 "\\.\pipe\gecko-crash-server-pipe.2400" 2152 1b07ddfcb58 socket
    3⤵
    PID:1780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2400.2.413549175\1699495714" -childID 1 -isForBrowser -prefsHandle 2908 -prefMapHandle 2764 -prefsLen 21120 -prefMapSize 232675 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a08b226-a6ad-4147-8ebc-9efd93596a63} 2400 "\\.\pipe\gecko-crash-server-pipe.2400" 2904 1b07de6ae58 tab
    3⤵
    PID:2752
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2400.3.1285340177\1065394908" -childID 2 -isForBrowser -prefsHandle 3460 -prefMapHandle 3456 -prefsLen 26480 -prefMapSize 232675 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1f1c4d1-c89c-4b21-b37f-ab85502a43e5} 2400 "\\.\pipe\gecko-crash-server-pipe.2400" 3472 1b004042258 tab
    3⤵
    PID:320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2400.4.1657965959\1647614456" -childID 3 -isForBrowser -prefsHandle 3732 -prefMapHandle 3728 -prefsLen 26480 -prefMapSize 232675 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {522c55d8-e589-4648-8a66-81b8175840e7} 2400 "\\.\pipe\gecko-crash-server-pipe.2400" 3744 1b003472258 tab
    3⤵
    PID:4904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2400.5.112781758\1935729632" -childID 4 -isForBrowser -prefsHandle 4792 -prefMapHandle 4776 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f95adf11-3e10-46df-af9a-b2c67273317d} 2400 "\\.\pipe\gecko-crash-server-pipe.2400" 4780 1b00719c658 tab
    3⤵
    PID:2016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2400.7.2003603541\673598444" -childID 6 -isForBrowser -prefsHandle 4896 -prefMapHandle 4716 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1785687-1a51-40ee-a472-0adde84eb4c2} 2400 "\\.\pipe\gecko-crash-server-pipe.2400" 5112 1b007b18c58 tab
    3⤵
    PID:4932
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2400.6.1540861584\347684474" -childID 5 -isForBrowser -prefsHandle 4904 -prefMapHandle 4908 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2e3a9a3-41d2-4372-8e24-c51110cbcab9} 2400 "\\.\pipe\gecko-crash-server-pipe.2400" 4988 1b007b17d58 tab
    3⤵
    PID:804
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2400.8.283724889\1086654745" -childID 7 -isForBrowser -prefsHandle 5460 -prefMapHandle 5456 -prefsLen 26793 -prefMapSize 232675 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {81bcfe8f-b238-4b73-b929-86960abe0144} 2400 "\\.\pipe\gecko-crash-server-pipe.2400" 5468 1b00719ab58 tab
    3⤵
    PID:360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd8,0xdc,0xe0,0xb4,0xe4,0x7ff886e09758,0x7ff886e09768,0x7ff886e09778
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1784,i,4823266221985568314,223813241453293603,131072 /prefetch:8
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2120 --field-trial-handle=1784,i,4823266221985568314,223813241453293603,131072 /prefetch:8
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1784,i,4823266221985568314,223813241453293603,131072 /prefetch:2
  2⤵
  PID:652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1784,i,4823266221985568314,223813241453293603,131072 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1784,i,4823266221985568314,223813241453293603,131072 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4508 --field-trial-handle=1784,i,4823266221985568314,223813241453293603,131072 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=1784,i,4823266221985568314,223813241453293603,131072 /prefetch:8
  2⤵
  PID:5176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1784,i,4823266221985568314,223813241453293603,131072 /prefetch:8
  2⤵
  PID:5252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4996 --field-trial-handle=1784,i,4823266221985568314,223813241453293603,131072 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4592 --field-trial-handle=1784,i,4823266221985568314,223813241453293603,131072 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4500 --field-trial-handle=1784,i,4823266221985568314,223813241453293603,131072 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4328 --field-trial-handle=1784,i,4823266221985568314,223813241453293603,131072 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3168 --field-trial-handle=1784,i,4823266221985568314,223813241453293603,131072 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=816 --field-trial-handle=1784,i,4823266221985568314,223813241453293603,131072 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2992 --field-trial-handle=1784,i,4823266221985568314,223813241453293603,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3400 --field-trial-handle=1784,i,4823266221985568314,223813241453293603,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5320

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3596

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:4176

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\iZotope_DDLY_Dynamic_Delay_v1_01b\" -ad -an -ai#7zMap7534:124:7zEvent8079
1⤵
- Suspicious use of FindShellTrayWindow
PID:4460

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\iZotope_DDLY_Dynamic_Delay_v1_01b\.rsrc\version.txt
1⤵
PID:5008

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:6120

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b4268a6b357162769bd3cb9ff937d7f7

SHA1
b8a882b464592500d2c212dba2573beba00bd6b5

SHA256
a90698fc9af92325d9a8261b936630d7cd4bc5e9f7584cc64dc1d8bc554fdf15

SHA512
98166dfb031eb3a4fdfadbb865f9e7534a2a396dd087c58486ce7c18cf713cc79b810a98b806d2113b61c9ba515d15cc4ec384467b305634ac65904a94cedd42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
37fd19040c37074b9ac1ee1c37baa12b

SHA1
d0f9ace6ff4b3d9349b55ad9afa5fd2388032bd6

SHA256
1adfb7f290555dc51789cfc4cf4e394fd2f81e662afd89dbb594dda5c4e8e4ff

SHA512
6cceedbbfa108b0753ed4cccc45158e3807edd2721bd160637ce46be98f7b0dcf35c0358087498faf3e902c808f7c412f8bc238a4fc2785754caea4076f2037c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9f5c469c92824d6842121838cb2de5f5

SHA1
8ddf7ddcf6eb7ee120fde7e4b35ed7d080487796

SHA256
5a700af564a8d81e74dd726f07cb2db511938874548ac72fc98451de3c4bbb4e

SHA512
69207a8c597b111c9a8ce0eb72cad67b217680166d050e9807486abb109728654ef2b9b7fe4f96a87a4f5dfe813b8c654d231635931ea167c84b104c528ccff1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1d729c5af7218ff537808123f2522570

SHA1
da1d4693ad5cff2986ea8fbb9d65dc6b773da95a

SHA256
be6851c9a2568da015011db76aa5e5c072630798739c3972efc261db62d40d0d

SHA512
242862162394810f0305402d378f6496080f1667159a4d8b4105c6b68d6432f45ca1cd47d1517d5c6d0704591ca2d03860aaa2a38e32d3d39a6651a1740769e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
87017035c46aad290a67e3d9f033786f

SHA1
8075c3e21d2e3774f5f7e9287364d7925f67bb50

SHA256
7e0cd2826a064f55f8a04b2a51fa7cfe139e1e45d677491ba4a27d1b1ab529fc

SHA512
4be0da4d124db5f711f94e44c58aee2415492a53879b2f429eb077d409b76bb77cc031b527b4041b43084245642b2481a3c381c0d627dc91d87145ea6eb26826

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9769c6ad0a58223fcfd7233cbecb310a

SHA1
71b5d2efbf306c3dbdf0ae3471837f025054cb14

SHA256
be5fc3a2976cba84c2039a0d8dec4404300e95dbeb76f52a8cb9f3d8c27059be

SHA512
fb3ed5db00eeb421b898ebf1fdf04b02c2df04744dfe915a9adf0ccc4beed3def895d16031848d238f639d7fbf4444a07fb1bf3e3694178f1f085293809fe53a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
73c24e90dfafa4d68f853ed86f7043c0

SHA1
75d02fcdef65f3c0f4f6ca38436c9a8d7bd376ba

SHA256
c03ec62b4805a956605d0f8c3a561ebfce05f6905441db22f8a091cf29000284

SHA512
095bc83cafbd528cc7ef04c22538b7632a19db19f8ce6a96defaa230d18dd31bfd57868cc3b6358d6ac55844f24ce49b5b627fa12f8ccd6e9790959b25f2788f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
b7595260488fa3a2de2d06449066bd48

SHA1
92f4178fc29c3de4e34c1d744076935de7c0976e

SHA256
3518e715a21c0382dd068ecd5b413c391fac874236018e55d8a894dc63812048

SHA512
194530b5b5f2facbb8e7cc8805920164e08cac866f4468f1726b6579c19845cfaaa76bd48403e1af7f6eebbd25f5e56e16703a91f064ea3df092be2d1b687e0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
177KB

MD5
bae5c0b40e21f486c1a44cd1475cff4a

SHA1
c5c366646a2f932441bd636d22ffe4f96e3d2402

SHA256
7355d671c9e1c8cead493f0b524af8cbe60f42b36dbdfd43752ef093d427d2af

SHA512
5986dddf3244960f7a3c5bebeaae7d2b5778c859d9c7c7bfa88aabff95e72fae91158bcbf9b64d6d6a19e57f320175d595546163a74cddac7a64fd88219e9482

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRBC6B.tmp

Filesize
403KB

MD5
a210f1ac135e5331c314ce5f394fb5a5

SHA1
355afc1c61e1f65834472b16a4ca718e61537dc2

SHA256
65b32ea2982078fb9a18e88feec238cb76ed2ae6c2bb4ddb0f6a9c4f57b1d62b

SHA512
e4e70ef75e2f7897837f6772b9a0dcaaf4515d8be4210b28509f12cdde9d85bd7bed604ad5a9ee587356971f75e6f79874dbdb974cec4996262295e255501cf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRBD37.tmp

Filesize
35KB

MD5
08ad4cd2a940379f1dcdbdb9884a1375

SHA1
c302b7589ba4f05c6429e7f89ad0cb84dd9dfbac

SHA256
78827e2b1ef0aad4f8b1b42d0964064819aa22bfcd537ebaacb30d817edc06d8

SHA512
f37bd071994c31b361090a149999e8b2d4a7839f19ea63e1d4563aada1371be37f2bfcc474e24de95ff77ca4124a39580c9f711e2fbe54265713ab76f631835a

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRBD86.tmp

Filesize
121KB

MD5
1199bfa06b996be79b987c6506328a22

SHA1
e04d52d1d40bf161e7d64a5143b6908aac3be772

SHA256
481f2fa60cc99ba5784af304906acb4e356a704e440d6d141054d8226e73c56d

SHA512
354c977c63bbd8659969babb46f3a05b04396c91a8c1905fe76d45d2ab1d9b2d49e67630aed310921c3e3d64164424e2915c5a4868757e7c75758c655c085786

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRBDD6.tmp

Filesize
400KB

MD5
027491b39a7b16b116e780f55abc288e

SHA1
62c0ab7c3e374d5fc9920983ee62baa4421076b4

SHA256
eef69d005bf1c0b715c8d6205400d4755c261dd38ddfbbfe918e6ee91f21f1f0

SHA512
fe0ba835d9af2a2c297a545bb7e30d315b580273bb1f558f16d9cba59755200a4735f75b1672e5e5fbed449eb7a5abb6d905696674c181b742bf637028953194

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRBEC1.tmp

Filesize
72KB

MD5
c04970b55bcf614f24ca75b1de641ae2

SHA1
52b182caef513ed1c36f28eb45cedb257fa8ce40

SHA256
5ddee4aab3cf33e505f52199d64809125b26de04fb9970ca589cd8619c859d80

SHA512
a5f2660e336bf74a1936fb2e1c724220d862632907f5fd690b365009ac3e1bf35fa6689071f3da4049e495f340ff83f8438b79079ef1f248b9dcaedbdd5d3e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRC171.tmp

Filesize
74KB

MD5
924b90c3d9e645dfad53f61ea4e91942

SHA1
65d397199ff191e5078095036e49f08376f9ae4e

SHA256
41788435f245133ec5511111e2c5d52f7515e359876180067e0b5ba85c729322

SHA512
76833708828c8f3fad941abeea158317aff98cf0691b5d5dfa4bca15279cdad1cc23a771258e4de41cf12a58f7033a3ee08b0b5eb834d22be568ea98b183ccd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRC1A1.tmp

Filesize
102KB

MD5
cd326d958ad1eeb46b99b7aaccab5edb

SHA1
c424d750fa5c85cccb10ee42acf43e640e9ffc56

SHA256
b966b6e0cf704e65627b74d9f4e4b7af31a9ce5d9564d00cfef822af427ec88d

SHA512
5bf45cebdf56cb66cdfad4be14ab3a2db93098d90c753018e2a257aa1ab4cf033db2d23a18ef20ef0b20a19d3dde8d2b274fcbdd2d77dd6844ab48259212c01c

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRC210.tmp

Filesize
24KB

MD5
4cf27e0747e5719a5478aa2624f6b996

SHA1
13df901e34f77e5ea11f36c0afedda7f86a2c003

SHA256
e69a9d06f2c17cc021ebf9b62ca110548facdc147b67dea4846e09865043d2d9

SHA512
4b0ddcbd7321128f977e1dbbe18cc76c7e489d4ee84b7775989e99778b5a60daa683c6063c5b700794b7f2070ae381fef20b19b3cb35c1babef9be79ff264941

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRC220.tmp

Filesize
24KB

MD5
124e89d0fcc409ede3595a253b788708

SHA1
bc88e037c3edea02dd20aeff10818105be9f4033

SHA256
27ea1b57a3024aec4a03188e80fdb2aa301fa5179c19be9c8b0dfc2aac73a114

SHA512
7cd0ca268a5dbd2aa22dbce1f253a2d067ca30c5195e059c3f431d546a20d1811592f8bd8fe88b6ad9cb5c6fdd6a4666ff451b84a5e790a9d5058865d48790b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRC260.tmp

Filesize
100KB

MD5
606f13d4d580b1f322b3f3d3df423bba

SHA1
02cb375e13b415edc8b5360dffdba531e47827ed

SHA256
c71a16b1056e522cd0365449448116d06f37a3273d77694d170340064511dd25

SHA512
867a45dc15e99148f24fc528fbc9255582e5534bb4696700292b70163fddb15f35ddf2acd0536a9cd78b4d8f9d827bf7530d2303bfd7e428f11573b381a0986c

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRC29F.tmp

Filesize
56KB

MD5
145d5c49fe34a44662beaffe641d58c7

SHA1
95d5e92523990b614125d66fa3fa395170a73bfe

SHA256
59182f092b59a3005ada6b2f2855c7e860e53e8adf6e41cd8cd515578ae7815a

SHA512
48cb0048f4fcf460e791a5b0beca40dbf2399b70f1784236b6d1f17835201d70dfa64c498814b872f57e527793c58a5959230fe40ddf5ebdcb0b1de57e9c53ef

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
b90d2eace43b49008cfefd9d20f584e4

SHA1
ff04036cca4a293f4c5b2dca1840e22e927da596

SHA256
1b85c1600f49218ee67b02cd9ba4bae5eacffd37b42a0a547e3cc9a56deabd17

SHA512
ea70978600f7fc349073cec0451f8bb36a9d6d503c81b42f65f03cec5ce12e091035b5996b3f3163459ccd7010940dcba175c6db934013dee67b9597ec601a0c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bbvefu0b.default-release\prefs-1.js

Filesize
6KB

MD5
6713bb5d0699817bee1b31d88e738bd9

SHA1
9aa63971cb04809189af71b1606aecb0569cef65

SHA256
f37ac2812ed30981688fd4114469078fbe991810293ab22d32a7e075d6cd8301

SHA512
8ca521b05edd66dd0344c605c322754576bea10bebefe8ae138ea430f56e04ec10fe613f7eb21b0fb57bf11991161fe2ab019fc5862b3d694e21ac4a139ca993

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bbvefu0b.default-release\prefs-1.js

Filesize
7KB

MD5
2cb7d69305631b32283cff9d240325cb

SHA1
dd8ea68b8de35cd875f44ff7bba834408b340083

SHA256
78b5de55a1b87857ec564e749a619b9a092e745905e09c88529d9dd7066d2787

SHA512
4568ec5a68855d853adbbee1821ffceb27906fbcd0f0f709ee47f13f2522593692c9d82a275755eb72e7d2b766cb2a09fb4c22aab0113a676bcf048315e3cf2f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bbvefu0b.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
f2ffbe6330205747ef7f7f39e5ed7683

SHA1
fdee1cf53488993f0e6868f8c529cdc19dfb4c2c

SHA256
6dff9a1c2a40381e285a5094fb89634187aa3ce0d0f3227ca655fd97ccb65ea5

SHA512
0a394befe6d847dc82bcbe65966e3cdce7d21044f0909c8680555e9987183df18ea1c1d5a3802a0444867e99d0067b93cb254c04411f1efd9b9b38f27ff415cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bbvefu0b.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
47583be9ba59ebf076a0c736bcbb5a1f

SHA1
335bd82c0399f360798b2ad1b3d93033d55729b0

SHA256
13250608924b27ce467e979fd4cf196edcbbac952cce1fba07bb5036c4184457

SHA512
6b9533e89a028c294258847072af7202c04cb60b0bb2a161fe08130a06a5be13da37979b9f06308448e0619728cd5c99f75e35c217a0a34b6370fb5f6016bc96

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bbvefu0b.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
16ca34277e5b057e963028150c99bdae

SHA1
ac9092c362e89546cd55797ba10783d031496e6a

SHA256
b8602462e750040af65be587de60d8b04259f852cc355f872c6f7af180ff1c24

SHA512
a37f10efb70f36e6578714382eaadbd1d1fe398c42281c614c101bc8c719d91112df4908b0b01d66e84d8d02e3df54a7ea423482d5f1a0880d2c94f80d5bcd9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bbvefu0b.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
59703e167fd90e44927db54a6f236ffb

SHA1
f58490a5bc2062fa0c4961628c6fc31a1a01b7fb

SHA256
d4632db0754023307bcb3a1f3df4b21c3e0c448dcc4ca116e22b01137e500bbf

SHA512
9d6e408dd254e64c94d06f280803c0bba948ea32d4b8e07b3caea1f29a052c7bfcdb467d9a6b3582ac37a70acb4755d1bf343fd02be9b5856f1c234a5f982017

Download Submit
C:\Users\Admin\Desktop\iZotope_DDLY_Dynamic_Delay_v1_01b\.rsrc\version.txt

Filesize
1KB

MD5
d61151ba714bd1748546ae745b147038

SHA1
68c57a518415a18df89aa67afd07d4b869acc388

SHA256
6ac5a54466a9d1e6e75f6fab6206073e91c2176d1b02386ad0cc7e186a71c408

SHA512
509b654234fa5d7ac7709f0df079dd27d1eac92835c8b9615276e6c1bd2b6aef324640949eb5e2ff15ed5134290aa09a890eea437e203f204d2289a835089e4f

Download Submit
\Users\Admin\AppData\Local\Temp\BRBBBE.tmp

Filesize
43KB

MD5
043912c143bd6bc1a55fcd1acf8e368c

SHA1
042f241324989a21d1a61eee543e935ae1b9f163

SHA256
f7396330d3aef2201766cd94e90d7ada1bebc2092a3b177274b546488dd21955

SHA512
9dcdeade6e9e56e5763842b55f5d3258f7488098f964e1e882e9415dd490273bd2a44ac1cdbb2e352f1feea6aabf0b1a75f29441ad70ff898f636ee67b819156

Download Submit
\Users\Admin\AppData\Local\Temp\BRBC6B.tmp

Filesize
403KB

MD5
a210f1ac135e5331c314ce5f394fb5a5

SHA1
355afc1c61e1f65834472b16a4ca718e61537dc2

SHA256
65b32ea2982078fb9a18e88feec238cb76ed2ae6c2bb4ddb0f6a9c4f57b1d62b

SHA512
e4e70ef75e2f7897837f6772b9a0dcaaf4515d8be4210b28509f12cdde9d85bd7bed604ad5a9ee587356971f75e6f79874dbdb974cec4996262295e255501cf4

Download Submit
\Users\Admin\AppData\Local\Temp\BRBD37.tmp

Filesize
35KB

MD5
08ad4cd2a940379f1dcdbdb9884a1375

SHA1
c302b7589ba4f05c6429e7f89ad0cb84dd9dfbac

SHA256
78827e2b1ef0aad4f8b1b42d0964064819aa22bfcd537ebaacb30d817edc06d8

SHA512
f37bd071994c31b361090a149999e8b2d4a7839f19ea63e1d4563aada1371be37f2bfcc474e24de95ff77ca4124a39580c9f711e2fbe54265713ab76f631835a

Download Submit
\Users\Admin\AppData\Local\Temp\BRBD86.tmp

Filesize
121KB

MD5
1199bfa06b996be79b987c6506328a22

SHA1
e04d52d1d40bf161e7d64a5143b6908aac3be772

SHA256
481f2fa60cc99ba5784af304906acb4e356a704e440d6d141054d8226e73c56d

SHA512
354c977c63bbd8659969babb46f3a05b04396c91a8c1905fe76d45d2ab1d9b2d49e67630aed310921c3e3d64164424e2915c5a4868757e7c75758c655c085786

Download Submit
\Users\Admin\AppData\Local\Temp\BRBDD6.tmp

Filesize
400KB

MD5
027491b39a7b16b116e780f55abc288e

SHA1
62c0ab7c3e374d5fc9920983ee62baa4421076b4

SHA256
eef69d005bf1c0b715c8d6205400d4755c261dd38ddfbbfe918e6ee91f21f1f0

SHA512
fe0ba835d9af2a2c297a545bb7e30d315b580273bb1f558f16d9cba59755200a4735f75b1672e5e5fbed449eb7a5abb6d905696674c181b742bf637028953194

Download Submit
\Users\Admin\AppData\Local\Temp\BRBDD6.tmp

Filesize
400KB

MD5
027491b39a7b16b116e780f55abc288e

SHA1
62c0ab7c3e374d5fc9920983ee62baa4421076b4

SHA256
eef69d005bf1c0b715c8d6205400d4755c261dd38ddfbbfe918e6ee91f21f1f0

SHA512
fe0ba835d9af2a2c297a545bb7e30d315b580273bb1f558f16d9cba59755200a4735f75b1672e5e5fbed449eb7a5abb6d905696674c181b742bf637028953194

Download Submit
\Users\Admin\AppData\Local\Temp\BRBEC1.tmp

Filesize
72KB

MD5
c04970b55bcf614f24ca75b1de641ae2

SHA1
52b182caef513ed1c36f28eb45cedb257fa8ce40

SHA256
5ddee4aab3cf33e505f52199d64809125b26de04fb9970ca589cd8619c859d80

SHA512
a5f2660e336bf74a1936fb2e1c724220d862632907f5fd690b365009ac3e1bf35fa6689071f3da4049e495f340ff83f8438b79079ef1f248b9dcaedbdd5d3e40

Download Submit
\Users\Admin\AppData\Local\Temp\BRC171.tmp

Filesize
74KB

MD5
924b90c3d9e645dfad53f61ea4e91942

SHA1
65d397199ff191e5078095036e49f08376f9ae4e

SHA256
41788435f245133ec5511111e2c5d52f7515e359876180067e0b5ba85c729322

SHA512
76833708828c8f3fad941abeea158317aff98cf0691b5d5dfa4bca15279cdad1cc23a771258e4de41cf12a58f7033a3ee08b0b5eb834d22be568ea98b183ccd9

Download Submit
\Users\Admin\AppData\Local\Temp\BRC1A1.tmp

Filesize
102KB

MD5
cd326d958ad1eeb46b99b7aaccab5edb

SHA1
c424d750fa5c85cccb10ee42acf43e640e9ffc56

SHA256
b966b6e0cf704e65627b74d9f4e4b7af31a9ce5d9564d00cfef822af427ec88d

SHA512
5bf45cebdf56cb66cdfad4be14ab3a2db93098d90c753018e2a257aa1ab4cf033db2d23a18ef20ef0b20a19d3dde8d2b274fcbdd2d77dd6844ab48259212c01c

Download Submit
\Users\Admin\AppData\Local\Temp\BRC210.tmp

Filesize
24KB

MD5
4cf27e0747e5719a5478aa2624f6b996

SHA1
13df901e34f77e5ea11f36c0afedda7f86a2c003

SHA256
e69a9d06f2c17cc021ebf9b62ca110548facdc147b67dea4846e09865043d2d9

SHA512
4b0ddcbd7321128f977e1dbbe18cc76c7e489d4ee84b7775989e99778b5a60daa683c6063c5b700794b7f2070ae381fef20b19b3cb35c1babef9be79ff264941

Download Submit
\Users\Admin\AppData\Local\Temp\BRC210.tmp

Filesize
24KB

MD5
4cf27e0747e5719a5478aa2624f6b996

SHA1
13df901e34f77e5ea11f36c0afedda7f86a2c003

SHA256
e69a9d06f2c17cc021ebf9b62ca110548facdc147b67dea4846e09865043d2d9

SHA512
4b0ddcbd7321128f977e1dbbe18cc76c7e489d4ee84b7775989e99778b5a60daa683c6063c5b700794b7f2070ae381fef20b19b3cb35c1babef9be79ff264941

Download Submit
\Users\Admin\AppData\Local\Temp\BRC220.tmp

Filesize
24KB

MD5
124e89d0fcc409ede3595a253b788708

SHA1
bc88e037c3edea02dd20aeff10818105be9f4033

SHA256
27ea1b57a3024aec4a03188e80fdb2aa301fa5179c19be9c8b0dfc2aac73a114

SHA512
7cd0ca268a5dbd2aa22dbce1f253a2d067ca30c5195e059c3f431d546a20d1811592f8bd8fe88b6ad9cb5c6fdd6a4666ff451b84a5e790a9d5058865d48790b1

Download Submit
\Users\Admin\AppData\Local\Temp\BRC220.tmp

Filesize
24KB

MD5
124e89d0fcc409ede3595a253b788708

SHA1
bc88e037c3edea02dd20aeff10818105be9f4033

SHA256
27ea1b57a3024aec4a03188e80fdb2aa301fa5179c19be9c8b0dfc2aac73a114

SHA512
7cd0ca268a5dbd2aa22dbce1f253a2d067ca30c5195e059c3f431d546a20d1811592f8bd8fe88b6ad9cb5c6fdd6a4666ff451b84a5e790a9d5058865d48790b1

Download Submit
\Users\Admin\AppData\Local\Temp\BRC260.tmp

Filesize
100KB

MD5
606f13d4d580b1f322b3f3d3df423bba

SHA1
02cb375e13b415edc8b5360dffdba531e47827ed

SHA256
c71a16b1056e522cd0365449448116d06f37a3273d77694d170340064511dd25

SHA512
867a45dc15e99148f24fc528fbc9255582e5534bb4696700292b70163fddb15f35ddf2acd0536a9cd78b4d8f9d827bf7530d2303bfd7e428f11573b381a0986c

Download Submit
\Users\Admin\AppData\Local\Temp\BRC260.tmp

Filesize
100KB

MD5
606f13d4d580b1f322b3f3d3df423bba

SHA1
02cb375e13b415edc8b5360dffdba531e47827ed

SHA256
c71a16b1056e522cd0365449448116d06f37a3273d77694d170340064511dd25

SHA512
867a45dc15e99148f24fc528fbc9255582e5534bb4696700292b70163fddb15f35ddf2acd0536a9cd78b4d8f9d827bf7530d2303bfd7e428f11573b381a0986c

Download Submit
\Users\Admin\AppData\Local\Temp\BRC29F.tmp

Filesize
56KB

MD5
145d5c49fe34a44662beaffe641d58c7

SHA1
95d5e92523990b614125d66fa3fa395170a73bfe

SHA256
59182f092b59a3005ada6b2f2855c7e860e53e8adf6e41cd8cd515578ae7815a

SHA512
48cb0048f4fcf460e791a5b0beca40dbf2399b70f1784236b6d1f17835201d70dfa64c498814b872f57e527793c58a5959230fe40ddf5ebdcb0b1de57e9c53ef

Download Submit
\Users\Admin\AppData\Local\Temp\BRC29F.tmp

Filesize
56KB

MD5
145d5c49fe34a44662beaffe641d58c7

SHA1
95d5e92523990b614125d66fa3fa395170a73bfe

SHA256
59182f092b59a3005ada6b2f2855c7e860e53e8adf6e41cd8cd515578ae7815a

SHA512
48cb0048f4fcf460e791a5b0beca40dbf2399b70f1784236b6d1f17835201d70dfa64c498814b872f57e527793c58a5959230fe40ddf5ebdcb0b1de57e9c53ef

Download Submit
memory/2300-280-0x0000000001250000-0x000000000150E000-memory.dmp

Filesize
2.7MB

Download
memory/2300-238-0x0000000001250000-0x000000000150E000-memory.dmp

Filesize
2.7MB

Download
memory/2300-231-0x0000000067E00000-0x0000000067E1B000-memory.dmp

Filesize
108KB

Download
memory/2300-228-0x0000000066680000-0x000000006668E000-memory.dmp

Filesize
56KB

Download
memory/2300-230-0x0000000066C00000-0x0000000066C14000-memory.dmp

Filesize
80KB

Download
memory/2300-227-0x00000000744F0000-0x00000000744FE000-memory.dmp

Filesize
56KB

Download
memory/2300-226-0x0000000001250000-0x000000000150E000-memory.dmp

Filesize
2.7MB

Download
memory/2300-223-0x0000000001230000-0x000000000123E000-memory.dmp

Filesize
56KB

Download
memory/2300-232-0x0000000001250000-0x000000000150E000-memory.dmp

Filesize
2.7MB

Download
memory/2300-229-0x00000000710C0000-0x00000000710DF000-memory.dmp

Filesize
124KB

Download
memory/2300-244-0x0000000001250000-0x000000000150E000-memory.dmp

Filesize
2.7MB

Download
memory/2300-212-0x00000000009C0000-0x00000000009D9000-memory.dmp

Filesize
100KB

Download
memory/2300-274-0x0000000001250000-0x000000000150E000-memory.dmp

Filesize
2.7MB

Download
memory/2300-268-0x0000000001250000-0x000000000150E000-memory.dmp

Filesize
2.7MB

Download
memory/2300-262-0x0000000001250000-0x000000000150E000-memory.dmp

Filesize
2.7MB

Download
memory/2300-256-0x0000000001250000-0x000000000150E000-memory.dmp

Filesize
2.7MB

Download
memory/2300-250-0x0000000001250000-0x000000000150E000-memory.dmp

Filesize
2.7MB

Download
memory/2300-158-0x0000000004200000-0x0000000004265000-memory.dmp

Filesize
404KB

Download