dd059c5a6688494d003df3a62b45b7d02b00ff246dff65dcb216957be8e9a587

Analysis

max time kernel
1023s
max time network
1139s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
23/11/2023, 15:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2023-11-16 10.38.33 AM.png
Size

84KB
MD5

8520daf562536ba398391fbab9f8e749
SHA1

a9ab618668e68510a37915e987d477e95a16a7bf
SHA256

dd059c5a6688494d003df3a62b45b7d02b00ff246dff65dcb216957be8e9a587
SHA512

6a974c9fcd35d89e08e5b142b93fd05453ab13af2d70575da3206a179fcff45fe2b44ee7fb0ad9dc1800fe1e537f8e5afc1bc4320d57424b8ff58fe797246d8f
SSDEEP

1536:pWvSMLEzpDv5bDbjSdhrZSPeyjtnYN5pGt5ldt3+ZL8J+0zH64W3gZvxfMF3v61V:2PL2pNIlSPeyhq5pCldtuu+07dW3wWWV

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Defeat-Defender.bat.txt:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1228	msedge.exe
1228	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	3184	firefox.exe
Token: SeDebugPrivilege	3184	firefox.exe
Token: SeDebugPrivilege	3184	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
3184	firefox.exe
3184	firefox.exe
3184	firefox.exe
3184	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
3184	firefox.exe
3184	firefox.exe
3184	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3184	firefox.exe
3184	firefox.exe
3184	firefox.exe
3184	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1052 wrote to memory of 3184	1052	firefox.exe	99
PID 1052 wrote to memory of 3184	1052	firefox.exe	99
PID 1052 wrote to memory of 3184	1052	firefox.exe	99
PID 1052 wrote to memory of 3184	1052	firefox.exe	99
PID 1052 wrote to memory of 3184	1052	firefox.exe	99
PID 1052 wrote to memory of 3184	1052	firefox.exe	99
PID 1052 wrote to memory of 3184	1052	firefox.exe	99
PID 1052 wrote to memory of 3184	1052	firefox.exe	99
PID 1052 wrote to memory of 3184	1052	firefox.exe	99
PID 1052 wrote to memory of 3184	1052	firefox.exe	99
PID 1052 wrote to memory of 3184	1052	firefox.exe	99
PID 3184 wrote to memory of 1484	3184	firefox.exe	100
PID 3184 wrote to memory of 1484	3184	firefox.exe	100
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 3096	3184	firefox.exe	101
PID 3184 wrote to memory of 2616	3184	firefox.exe	102
PID 3184 wrote to memory of 2616	3184	firefox.exe	102
PID 3184 wrote to memory of 2616	3184	firefox.exe	102

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2023-11-16 10.38.33 AM.png"
1⤵
PID:2164

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1052
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3184
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3184.0.1196601303\786276564" -parentBuildID 20221007134813 -prefsHandle 1916 -prefMapHandle 1908 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a80edece-fef0-487f-9825-2f6fb6e6b2c7} 3184 "\\.\pipe\gecko-crash-server-pipe.3184" 1996 19f373dbb58 gpu
    3⤵
    PID:1484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3184.1.901228210\833535213" -parentBuildID 20221007134813 -prefsHandle 2376 -prefMapHandle 2372 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {96148fe6-c3c0-4f50-84ce-f95ca60eaf47} 3184 "\\.\pipe\gecko-crash-server-pipe.3184" 2404 19f2a872558 socket
    3⤵
    - Checks processor information in registry
    PID:3096
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3184.2.630611966\2074625509" -childID 1 -isForBrowser -prefsHandle 3412 -prefMapHandle 3224 -prefsLen 21077 -prefMapSize 232675 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2d7dd29-4a81-4825-96e7-ec10ffe792aa} 3184 "\\.\pipe\gecko-crash-server-pipe.3184" 3556 19f3b2ac858 tab
    3⤵
    PID:2616
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3184.3.1649200296\340506324" -childID 2 -isForBrowser -prefsHandle 3792 -prefMapHandle 3788 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0bc6493-55ab-471a-a424-cbea7bdc4927} 3184 "\\.\pipe\gecko-crash-server-pipe.3184" 3800 19f3a11ab58 tab
    3⤵
    PID:5016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3184.4.1811750061\1143689987" -childID 3 -isForBrowser -prefsHandle 3500 -prefMapHandle 3932 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {189f9961-e070-4e4e-a342-43473cb8149c} 3184 "\\.\pipe\gecko-crash-server-pipe.3184" 4296 19f3c72e658 tab
    3⤵
    PID:1772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3184.7.1278241763\1465497011" -childID 6 -isForBrowser -prefsHandle 5388 -prefMapHandle 5392 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b428e6c0-4850-4786-9cd4-8a4cf4eb1cbd} 3184 "\\.\pipe\gecko-crash-server-pipe.3184" 5380 19f3d12e858 tab
    3⤵
    PID:5088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3184.6.1940372633\423588948" -childID 5 -isForBrowser -prefsHandle 5196 -prefMapHandle 5200 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {75275699-2468-487a-8744-fbc2cee84b31} 3184 "\\.\pipe\gecko-crash-server-pipe.3184" 5188 19f3d12d658 tab
    3⤵
    PID:4648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3184.5.786016677\980262639" -childID 4 -isForBrowser -prefsHandle 5100 -prefMapHandle 5056 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b70afb84-4b1e-44bc-900d-3fc4fbc5feb4} 3184 "\\.\pipe\gecko-crash-server-pipe.3184" 5108 19f3b5f4f58 tab
    3⤵
    PID:3992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3184.8.292663120\16768760" -childID 7 -isForBrowser -prefsHandle 5940 -prefMapHandle 2852 -prefsLen 26656 -prefMapSize 232675 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {db65aa80-c081-4307-bac1-9cca58911634} 3184 "\\.\pipe\gecko-crash-server-pipe.3184" 5924 19f39a66258 tab
    3⤵
    PID:1836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3184.10.1233171860\432636555" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6004 -prefMapHandle 4404 -prefsLen 27096 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88499176-fdbb-4000-9e51-6c1929436140} 3184 "\\.\pipe\gecko-crash-server-pipe.3184" 5968 19f3f164258 utility
    3⤵
    PID:2336
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3184.9.1156305111\361338852" -parentBuildID 20221007134813 -prefsHandle 4376 -prefMapHandle 4920 -prefsLen 27096 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce92fab5-00f5-44fe-866c-b261a0d740d3} 3184 "\\.\pipe\gecko-crash-server-pipe.3184" 5040 19f2a86d358 rdd
    3⤵
    PID:3020

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3832

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Defeat-Defender.bat" "
1⤵
PID:1108
- C:\Windows\system32\cacls.exe
  "C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"
  2⤵
  PID:5016
- C:\Windows\system32\wscript.exe
  wscript C:\Users\Admin\AppData\Local\Temp\tmp.vbs
  2⤵
  PID:1564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault920a2d60hee61h4e8fhad2eh9a0bb003346e
1⤵
PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9f31846f8,0x7ff9f3184708,0x7ff9f3184718
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,6125554908658007919,2400988214828031041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,6125554908658007919,2400988214828031041,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,6125554908658007919,2400988214828031041,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0629525c94f6548880f5f3a67846755e

SHA1
40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

SHA256
812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

SHA512
f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4c880651eee55ad9266daca7c89fe075

SHA1
b3c0e87feb45047028ab840c45c2e9723a745f14

SHA256
6a37c2705aec5a7a2fbe0b1bdec33f5602788563bdd1a11cbb0adf87fdf321e1

SHA512
e63d801c22f73b160a462894543e13f214ce3bfdc76b1b1d763dd6a88e3f2fccaa2f5948a293e41032133a59bbde92aad7bf74f88ebe5aca83d1f936f0ebb8a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
32731369f88ec93250da5963a10c3acc

SHA1
e39ffc9f35cd9f5756173662ff2b8cb7332f3a6e

SHA256
fe4fb71edc238582998c6ebe613523ff72e5df138cb172e1898b776d5bd3d66b

SHA512
4fb917b1862347adddf27a2c07638632f6a039ce2d41a86c74aa158aefd56f41b3d269abfcbf82a5afe9f9807040a3d0b071c1c5bc73c004b7e4ecdfe78c2559

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f3zxqty5.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
db1a6e508fa3fcee06aaa7f7f1002ee4

SHA1
4a906bdba1565a48c79ebea5bd3772d40d6e2556

SHA256
ff029ecec9d7b353e07a1f867395764ea71667621c74a8e9e4ce76e0a34633c0

SHA512
8f086cce4eed4ab70fd653303604cfcfc60a7d6590c4d1f4bfaedc5009c61eb849a6f663dcd3fb7f9cd4730e71959dcdd251c948d0845ed48baa31f7b5d1aea2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f3zxqty5.default-release\cache2\doomed\10896

Filesize
39KB

MD5
339608426fae5025a7466456065d340e

SHA1
c2d4c29929b25fc0e8277313849837b80c794ace

SHA256
e801f939dab2c88fb51784d4055edda9210b29a120c7efc0d5f50848cac4f630

SHA512
3890605991a0ec2b3a5f3a1ab74b1312692130b0c4598def604078a6147c0d45507d2a9dd9b0dce0f254ae614795e32ad1f0d43c99623d0398c1b1fa337b5bd0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f3zxqty5.default-release\cache2\doomed\816

Filesize
13KB

MD5
d74801596abb4ffa4a660144d6761395

SHA1
3b46b2a9aa57ec358d42e5be0b55f20fd9b48b15

SHA256
92e5110830d49e8ee76a62a00bca2538b92a5be02ff38cf4be0fd67cdcecb717

SHA512
a402fe0891968cca153e669d247548f45e32c46d2451097befedbd26d55355b813015afa3eccbe5ba32bc981e553f4082ab535b12ab5d961c166a83bf1e21d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp.vbs

Filesize
112B

MD5
9313d55e26ad30ddcbc046fe8013a21d

SHA1
a5712ce8864d7b0ca88b94c64226dfeb2221457f

SHA256
121ab5b57fb09d3c520a7fd6dfaa5b87844e1e8379a9635e7a737934e7e9226a

SHA512
77b7f3c2aca2ba61519a9fed7dbb3e7f2dd803bd566eeb9531e1ed038dff68e88c4d2f73a83e37396fd475f57dbdef55966361176dde70d1343747aca5888ba7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3zxqty5.default-release\prefs-1.js

Filesize
7KB

MD5
828163f6bf69d6606c3457efede338ab

SHA1
640d5fc846f34bef64ddeb9e87ef81e4e66d1835

SHA256
e28b7af11f6562133c9f8709501553b1bce2b9ba5470ff2255819f6a4ae8a4b0

SHA512
4be61dccd2a4b74f28f3795b75a4e19c3a6bb8b9223817596975fac047971910e87d612004f7cd2f2452160052e8b6b82e687db473473f8ff664a61cfba5cfad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3zxqty5.default-release\prefs-1.js

Filesize
7KB

MD5
b20e645519d153b1d617d0a8431d5081

SHA1
e1dbd3a2ca5d9faf432860d143034b83818dc377

SHA256
5be9182b6ecc6df3a5653ab8662485d5048d33ad2d42ebe40d0ac27c12b9186b

SHA512
1ae088fbbe17c8d952a8ad7d419ce604a52f381e1c4108fb766e18f0362487f586505d5056a66c44c44504a3bb796780987bb5379906c7a3b0e186c0819d562f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3zxqty5.default-release\prefs.js

Filesize
6KB

MD5
b6d0d892e686c9453b8d0aca7f21b04f

SHA1
2b089c09e9510677566f97d918cce714161a4292

SHA256
fa7cdb89c5b3f66f1d5d907cad4155f58509b3800a1c7d5690ba1b83f800b092

SHA512
d7617bcf5f1f89c54cb6ef62e9ff080c786865edad10531581f921631378b6c5bf247b598fccc41be1ec4cb522301c2000924ea36b0afb6a1fcf160302ad8d08

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3zxqty5.default-release\prefs.js

Filesize
6KB

MD5
84dc81e173a242eb476b7653038dac08

SHA1
b49e0c73cd921db8452d11228d314d2e795dc608

SHA256
5e2c051a6bc501965e562729df5ebd12c5dec7a8e0e1eeb9f895fc847e65d5ea

SHA512
30eb6952e649f8013827bb2750f8f49ee9f47ccf9e84498d244a99c455a3e25227ba22ac6f43e6e09d9d997e6a552bfdc80c7e77d0ae4f6d20e8c25f84a9c165

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3zxqty5.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
c8dc58eff0c029d381a67f5dca34a913

SHA1
3576807e793473bcbd3cf7d664b83948e3ec8f2d

SHA256
4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17

SHA512
b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3zxqty5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
4fef72012481fe90989cdb7766b86952

SHA1
c04a5cba87b939a772e93491c20e0d3db112428a

SHA256
68d8a289b5192500fe196a2d67d4d3c59f475fdb5854f2488434571cfa9cbfee

SHA512
010f8d9b6e8c90cf17a958c754628c083f97f4b8201074c8af3a3f7623e4fdea3cf5927fdbbbd9d9d0d62a32a71890625a8918a8d7523b50eaaf361646625d94

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3zxqty5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
5f536cc2963aac01043b0d9756b36502

SHA1
ded96d8c3e2424c08eaa748c2f3acc5f5b8cb913

SHA256
a081106e38a8925a36b63cbd4339aa438ea39c93068203efb8ebe860ffb8f5f4

SHA512
584acd4314454c75cde18523239e1008ffaac99043a7e739e77a7a40ba0ac14f391f6316994b91fdcaf33888c38eaeb5f5157b367a013bd3ab7d27b8de569875

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3zxqty5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
5b1ea0b65c1f7db822e5f3b044e59879

SHA1
519c901181ee4795ddeaa9a94a4a9a8f480d1442

SHA256
4de7f9f1f5d041746d3feec8279b19822a2a7511a98fe3a151aa92dc33766058

SHA512
9b2e51528032278a9f53f4fa8d80003bdff83c565df8b036d25f8afba8b3744f492f718764963308f3b829edaed22508d43421bf033b608e4baa23c3f1d925ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3zxqty5.default-release\sessionstore.jsonlz4

Filesize
6KB

MD5
773e0fd237c19eda7ae7f464a78f070a

SHA1
78c4b30ba0964659120269497ce8d221711149af

SHA256
e1294f419755488c677ca47fb0254644c35f4677b359c3bab0225c07f04d7232

SHA512
c39d40ab104fc88a0d7b0fc82c762b15457ff885553598bb5a593551781600b03e76880970ba95f502091569f978104fe810cb65f1881e0ef7ff64a81fa4e7db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3zxqty5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
176KB

MD5
a097f5a69efc2172b4cd67d19b9d4c0c

SHA1
b7cf67abc8e749cc2c75eee7fd9fddd3a80f25fe

SHA256
789404e1e53990648c9403fbdb9e79dda737820c1099df289711ad68e0bad4e6

SHA512
2dea805d94b83503ebab9c348337af527e8bbf9965cbfd1b2b48e3935d260cb7a706150da50e40508109707c44ca97f81483fc79ad1f195cf2197da9b9c1a642

Download Submit
C:\Users\Admin\Downloads\Defeat-Defender.bat

Filesize
3KB

MD5
0edd3bbba497161286e30f3743447df0

SHA1
dc39d0d127de01f3e0e16db84b7f7ae6a3edf0c0

SHA256
c795f0e90da524e2656e4a3b97fdd63cb0eb6d87a4b5c2d0a3af48233e933a26

SHA512
296893f68a63c88cec049695dac3c3e1ec03fd37c6e777f3babdabbbdca47f32ad73081b34660d3f08a44346ea440487db863dc66a49bf30b19fcfb19b8369dc

Download Submit
C:\Users\Admin\Downloads\Qzv9TImO.txt.part

Filesize
3KB

MD5
0edd3bbba497161286e30f3743447df0

SHA1
dc39d0d127de01f3e0e16db84b7f7ae6a3edf0c0

SHA256
c795f0e90da524e2656e4a3b97fdd63cb0eb6d87a4b5c2d0a3af48233e933a26

SHA512
296893f68a63c88cec049695dac3c3e1ec03fd37c6e777f3babdabbbdca47f32ad73081b34660d3f08a44346ea440487db863dc66a49bf30b19fcfb19b8369dc

Download Submit