lumma | hxxps://ayeshapc[.]com/videopad-video-editor-download/

Analysis

max time kernel
485s
max time network
464s
platform
windows10-1703_x64
resource
win10-20231220-en
resource tags

arch:x64arch:x86image:win10-20231220-enlocale:en-usos:windows10-1703-x64system
submitted
13/02/2024, 15:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ayeshapc.com/videopad-video-editor-download/

Score

10^/10

lumma stealer

Malware Config

Extracted

Family

lumma

https://townsfolkhiwoeko.fun/api

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma

Executes dropped EXE 4 IoCs

pid	Process
5868	Setup.exe
1924	Setup.exe
3188	Setup.exe
1360	Setup.exe

Loads dropped DLL 16 IoCs

pid	Process
1924	Setup.exe
1924	Setup.exe
1924	Setup.exe
1924	Setup.exe
1924	Setup.exe
3188	Setup.exe
3188	Setup.exe
3188	Setup.exe
3188	Setup.exe
1360	Setup.exe
1360	Setup.exe
1360	Setup.exe
1360	Setup.exe
1620	Tlfa.pif
6056	Tlfa.pif
2804	Tlfa.pif

Suspicious use of SetThreadContext 3 IoCs

description	pid	Process	procid_target
PID 1924 set thread context of 5620	1924	Setup.exe	104
PID 3188 set thread context of 6036	3188	Setup.exe	106
PID 1360 set thread context of 5788	1360	Setup.exe	110

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\4183903823\810424605.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\3877292338.pri	taskmgr.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies Internet Explorer settings 1 TTPs 58 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31088271"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000365922c8e37c8743849460e988fc1b500000000002000000000010660000000100002000000007b51dda52f0c6661d8f249509c62989e7971fe134842c17782eda9e9c0a5fb1000000000e80000000020000200000001887f4c430ef5d1c70d1af1ffdba2fa25419d962294ad02884004c978683b120300100009ee5daa81bdc29146fe03de92207745b5dc9aa9d951dac6fdacf1e04a1887c3a801c950db59af2ef7d8f829e0e670b3de730b5375e2bc0ed21cf76a95b112603559bb3146fdd7b1551d356203dc2cdbc8cc14f82e89666b00ca2f8e1d76beecd6e8dfeb8ab604f95cf8b56392045c563e94994a457d7dfdcbc26b4125f7be6dda8f245c6405efb5168294c08830f22c87158787a57e880a83c796de97d9e425181d946b514ac3c68706bf488233831468af2431f3ef6303cda4920235acb05586b16b41938b67fe05204fe638497748b2c94c6df3bae9225b3e0110d6e56816643c908f3d3c923f40ffc2cdb332198ee8f8131d35178048d7f0ce31675170d15e77ebd37f268922ee1bc45f880bd005f6182db5e59ac171e2cb70b02eca8caac6751d5c31ca169ed490fe5f6baa6fe8640000000684a8e1737d7357039daf7e2d3ae08daaf4bcdecbbb2c1b87b61f6d200ac739f6b2e9ac85f406ba14adaf5e09855284bcf09528070bb87aacf92d8a91265744a	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\FlipAhead\FileVersion = "2016061511"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000365922c8e37c8743849460e988fc1b50000000000200000000001066000000010000200000005d1918ba0108f13adcbeb851438fcb6552be6b4559218120eaa5542230eae30a000000000e8000000002000020000000d22c45ce1de5f11712ad75799c567da7c9812adafda32bd3b9024f982fe24b9c30010000a0973f8171068f53677bb1ae27ff4ad23643c730f0d7805725e452ece02e8b5c6a18d45ece9cc39c3f216b044690abb30ad9cc1a0286062540693f30bee0d1701ee31a03c35207d7960286e69999e0dcf3be8ce2e6184c8ce373b4d1b63416167f9a4277ecc2e649df8ff12219d576eaf23fcc55a4345b4eb12ce970b21d1993d699228c9c795c30e6d1b323a97488de945c002c4f85f62864f7f2b8ab49e0d22fd5fe564ed14fde32fd50ed4f4337fc2df8ff7add4676eac03461e8e89b4165e206ba58e5073387f764f2215892f7adaffc2c1bfc7ce4aaf6c93dbb6be658e5f45c6bdc7cad6a60fb8f19e24d5a0ea4861b3c0b5f03768a2d064e57f794143c8f1a41e00824393306ee1f40d99e8f961e6686e4df17f50ab076fa19020d2102fa47017efe60f5d91f330ee8d045488d400000007cfe51a4ea83cf2a6ebd200268339f0c652069c8bbce6e0534a000de305b79c84a85e844aeadffa1643817dabbc30ee6d8639c2b0f36f56eafa18343c68f04d9	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31088271"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 3	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2361017138"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000365922c8e37c8743849460e988fc1b500000000002000000000010660000000100002000000073231da0f18cb32ead8f5e938cfdeed9af393cb474ed94af97736b84320eaf7c000000000e8000000002000020000000e4fe6cd751f6ff8780c0b71011994997538a209c176878178931e961db8bb39f20000000b26b5c8c9086484d5e77da22359468f6d079f44b843b377df94ee7026268cb2640000000ef32cfcaef7b6e6157007ca073a44a56517e537a97976acbe17371de688a144456a8500d91f2eb0edee283f9df96ab55462516954ab10c1c695485bdee8bb852	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "414602302"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\FlipAhead	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B8494366-CA82-11EE-BE60-760A2DD8A6DC} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2360861237"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "414650888"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2360861237"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31088271"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000365922c8e37c8743849460e988fc1b50000000000200000000001066000000010000200000000aa4d37aa596c8c337349a94057575890ff9328e04e90213feb9759a9f9ef298000000000e8000000002000020000000365b0ae433e6ad67bf65bd46114aa0440577a2b340acfa8112a51ee12a7b12de2000000096063f68a49d367a05052e207d9240979f171a6322ceee7f57f7e95cf2e279d9400000005028a95d050c7c4779a03558835b125256b376b8b86ad1c524af0c95a3852bd0516325f28ada6ef2132bebd53edd314029866ef9edd157de2bc39ecc710b9a2a	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000365922c8e37c8743849460e988fc1b5000000000020000000000106600000001000020000000e8cfd9de02d25789933ef12449484e9b90e2d9e0711241f0be20e036501ad315000000000e80000000020000200000005055bd2ad8c4fd929ce2ba97e09d782fb47072dd1d2100524067f88723ba2cfc20000000aaa1522ef67d9247db432765fb639e2a4f84dea879884c88a027f7a847ae4da040000000b7f6208384ba7002fd4fdaa5c09b979d5eb50de1225703ee8c62c434cb7e230b4c1db9edafb1b78c7e2e91bf612071313593670359ed1eb14819ff047f8bc557	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31088271"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5086308e8f5eda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1027888f8f5eda01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "414618896"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2361017138"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50152e8e8f5eda01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz!	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings	taskmgr.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Setup_5599_Passwrod.rar:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zO03F3782A\Setup.exe:Zone.Identifier	7zFM.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3888	7zFM.exe
3888	7zFM.exe
1924	Setup.exe
1924	Setup.exe
1924	Setup.exe
5620	cmd.exe
5620	cmd.exe
5620	cmd.exe
5620	cmd.exe
3188	Setup.exe
3188	Setup.exe
3188	Setup.exe
1360	Setup.exe
1360	Setup.exe
1360	Setup.exe
6036	cmd.exe
6036	cmd.exe
6036	cmd.exe
6036	cmd.exe
5788	cmd.exe
5788	cmd.exe
5788	cmd.exe
5788	cmd.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3888	7zFM.exe
4804	taskmgr.exe

Suspicious behavior: LoadsDriver 64 IoCs

pid	Process
4012	Process not Found
4404	Process not Found
3792	Process not Found
1560	Process not Found
4288	Process not Found
380	Process not Found
2356	Process not Found
5088	Process not Found
1868	Process not Found
3988	Process not Found
1320	Process not Found
304	Process not Found
2900	Process not Found
5632	Process not Found
6040	Process not Found
5596	Process not Found
3616	Process not Found
5592	Process not Found
5296	Process not Found
5572	Process not Found
5320	Process not Found
3568	Process not Found
2784	Process not Found
5332	Process not Found
196	Process not Found
5260	Process not Found
5748	Process not Found
5556	Process not Found
4192	Process not Found
984	Process not Found
608	Process not Found
1016	Process not Found
1040	Process not Found
1216	Process not Found
1268	Process not Found
1212	Process not Found
1316	Process not Found
772	Process not Found
788	Process not Found
740	Process not Found
3288	Process not Found
3200	Process not Found
3368	Process not Found
3340	Process not Found
3344	Process not Found
3120	Process not Found
6048	Process not Found
5084	Process not Found
2692	Process not Found
4164	Process not Found
1028	Process not Found
1492	Process not Found
2204	Process not Found
3224	Process not Found
2668	Process not Found
412	Process not Found
3532	Process not Found
396	Process not Found
5808	Process not Found
5156	Process not Found
3244	Process not Found
4884	Process not Found
5008	Process not Found
3140	Process not Found

Suspicious behavior: MapViewOfSection 6 IoCs

pid	Process
1924	Setup.exe
3188	Setup.exe
5620	cmd.exe
1360	Setup.exe
6036	cmd.exe
5788	cmd.exe

Suspicious use of AdjustPrivilegeToken 19 IoCs

description	pid	Process
Token: SeDebugPrivilege	4684	firefox.exe
Token: SeDebugPrivilege	4684	firefox.exe
Token: 33	4768	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4768	AUDIODG.EXE
Token: SeDebugPrivilege	4684	firefox.exe
Token: SeRestorePrivilege	3888	7zFM.exe
Token: 35	3888	7zFM.exe
Token: SeSecurityPrivilege	3888	7zFM.exe
Token: SeRestorePrivilege	1592	7zG.exe
Token: 35	1592	7zG.exe
Token: SeSecurityPrivilege	1592	7zG.exe
Token: SeSecurityPrivilege	1592	7zG.exe
Token: SeDebugPrivilege	4684	firefox.exe
Token: SeDebugPrivilege	4684	firefox.exe
Token: SeDebugPrivilege	4684	firefox.exe
Token: SeDebugPrivilege	4684	firefox.exe
Token: SeDebugPrivilege	4804	taskmgr.exe
Token: SeSystemProfilePrivilege	4804	taskmgr.exe
Token: SeCreateGlobalPrivilege	4804	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4544	iexplore.exe
4684	firefox.exe
4684	firefox.exe
4684	firefox.exe
4684	firefox.exe
3888	7zFM.exe
3888	7zFM.exe
1592	7zG.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4684	firefox.exe
4684	firefox.exe
4684	firefox.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe
4804	taskmgr.exe

Suspicious use of SetWindowsHookEx 25 IoCs

pid	Process
4544	iexplore.exe
4544	iexplore.exe
2656	IEXPLORE.EXE
2656	IEXPLORE.EXE
2656	IEXPLORE.EXE
2656	IEXPLORE.EXE
4684	firefox.exe
4684	firefox.exe
4684	firefox.exe
4684	firefox.exe
4684	firefox.exe
4684	firefox.exe
4684	firefox.exe
4684	firefox.exe
4684	firefox.exe
4684	firefox.exe
4684	firefox.exe
4684	firefox.exe
4684	firefox.exe
4684	firefox.exe
4684	firefox.exe
4684	firefox.exe
4684	firefox.exe
4684	firefox.exe
4684	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4544 wrote to memory of 2656	4544	iexplore.exe	74
PID 4544 wrote to memory of 2656	4544	iexplore.exe	74
PID 4544 wrote to memory of 2656	4544	iexplore.exe	74
PID 4280 wrote to memory of 4684	4280	firefox.exe	77
PID 4280 wrote to memory of 4684	4280	firefox.exe	77
PID 4280 wrote to memory of 4684	4280	firefox.exe	77
PID 4280 wrote to memory of 4684	4280	firefox.exe	77
PID 4280 wrote to memory of 4684	4280	firefox.exe	77
PID 4280 wrote to memory of 4684	4280	firefox.exe	77
PID 4280 wrote to memory of 4684	4280	firefox.exe	77
PID 4280 wrote to memory of 4684	4280	firefox.exe	77
PID 4280 wrote to memory of 4684	4280	firefox.exe	77
PID 4280 wrote to memory of 4684	4280	firefox.exe	77
PID 4280 wrote to memory of 4684	4280	firefox.exe	77
PID 4684 wrote to memory of 3488	4684	firefox.exe	78
PID 4684 wrote to memory of 3488	4684	firefox.exe	78
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79
PID 4684 wrote to memory of 3896	4684	firefox.exe	79

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://ayeshapc.com/videopad-video-editor-download/
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4544
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4544 CREDAT:82945 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2656

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4280
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4684.0.699901982\226235833" -parentBuildID 20221007134813 -prefsHandle 1752 -prefMapHandle 1744 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a84a9a33-ef9d-4286-8efe-25409deb022e} 4684 "\\.\pipe\gecko-crash-server-pipe.4684" 1832 1b8630f2d58 gpu
    3⤵
    PID:3488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4684.1.916865558\1817355605" -parentBuildID 20221007134813 -prefsHandle 2172 -prefMapHandle 2168 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {78b58ee2-bede-4cee-ba05-de1db59195b7} 4684 "\\.\pipe\gecko-crash-server-pipe.4684" 2184 1b857e6fb58 socket
    3⤵
    PID:3896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4684.2.691436303\424619681" -childID 1 -isForBrowser -prefsHandle 2880 -prefMapHandle 2772 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7ffee76-dd21-4b5e-9abd-956ae9a37712} 4684 "\\.\pipe\gecko-crash-server-pipe.4684" 2888 1b867194958 tab
    3⤵
    PID:2812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4684.3.708615694\1905497575" -childID 2 -isForBrowser -prefsHandle 996 -prefMapHandle 1236 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {73a97679-0e01-47e2-bf1d-158f194bd6b4} 4684 "\\.\pipe\gecko-crash-server-pipe.4684" 3496 1b857e62258 tab
    3⤵
    PID:684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4684.4.2051228135\662178861" -childID 3 -isForBrowser -prefsHandle 4340 -prefMapHandle 4336 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {25b6f23f-87f5-40dc-ab4d-61502031ffc8} 4684 "\\.\pipe\gecko-crash-server-pipe.4684" 4352 1b869098e58 tab
    3⤵
    PID:5040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4684.7.614772711\1251705277" -childID 6 -isForBrowser -prefsHandle 5188 -prefMapHandle 5192 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {32291303-5ffa-44c8-a9f8-4cfecf60c1b6} 4684 "\\.\pipe\gecko-crash-server-pipe.4684" 5180 1b8656e5858 tab
    3⤵
    PID:3212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4684.6.1850141113\1608732302" -childID 5 -isForBrowser -prefsHandle 5000 -prefMapHandle 5004 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6693efe4-7a90-48b7-9068-8f5bf49f4251} 4684 "\\.\pipe\gecko-crash-server-pipe.4684" 4992 1b8656e6a58 tab
    3⤵
    PID:3016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4684.5.212330512\1058514586" -childID 4 -isForBrowser -prefsHandle 4856 -prefMapHandle 4852 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef3b1c94-4bb1-465c-a6e0-93120ad1468a} 4684 "\\.\pipe\gecko-crash-server-pipe.4684" 4864 1b8656e8e58 tab
    3⤵
    PID:4632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4684.9.2030029300\803733042" -childID 8 -isForBrowser -prefsHandle 5800 -prefMapHandle 5804 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e40aec1-528b-48de-9d43-7d43b9c7a834} 4684 "\\.\pipe\gecko-crash-server-pipe.4684" 5660 1b86a931258 tab
    3⤵
    PID:4424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4684.8.1142665734\262522839" -childID 7 -isForBrowser -prefsHandle 5524 -prefMapHandle 5632 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {28bc0fa7-8150-4bee-83ef-221047ddffce} 4684 "\\.\pipe\gecko-crash-server-pipe.4684" 5644 1b86a56bd58 tab
    3⤵
    PID:4876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4684.10.187630209\476302140" -childID 9 -isForBrowser -prefsHandle 3920 -prefMapHandle 3928 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {887188ee-4df6-49c0-bad6-0b52c1c0e846} 4684 "\\.\pipe\gecko-crash-server-pipe.4684" 4564 1b86a932758 tab
    3⤵
    PID:5448
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4684.11.1515130399\384786325" -childID 10 -isForBrowser -prefsHandle 5400 -prefMapHandle 4864 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a6d564c-637f-4e8e-8c1b-761e59ee0b32} 4684 "\\.\pipe\gecko-crash-server-pipe.4684" 5524 1b86a56de58 tab
    3⤵
    PID:5712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4684.12.1105241688\1744356054" -childID 11 -isForBrowser -prefsHandle 5728 -prefMapHandle 5700 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b0d66ef-542d-46ac-9691-7954d40df697} 4684 "\\.\pipe\gecko-crash-server-pipe.4684" 5712 1b86b023058 tab
    3⤵
    PID:5984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4684.13.1766526935\1746141121" -childID 12 -isForBrowser -prefsHandle 5068 -prefMapHandle 5324 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ca6c4ba-3a18-49f7-b6c1-f515cbc66ed5} 4684 "\\.\pipe\gecko-crash-server-pipe.4684" 5072 1b8657fd658 tab
    3⤵
    PID:5564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4684.14.1194079108\244911605" -childID 13 -isForBrowser -prefsHandle 5720 -prefMapHandle 5316 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {191a61b5-4bfa-48a6-bd8f-967102dfa0ff} 4684 "\\.\pipe\gecko-crash-server-pipe.4684" 6368 1b86be47e58 tab
    3⤵
    PID:6120
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4684.15.1661193022\933951993" -childID 14 -isForBrowser -prefsHandle 6360 -prefMapHandle 4404 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f47adf27-5567-4dfe-b675-a0caa048748a} 4684 "\\.\pipe\gecko-crash-server-pipe.4684" 6064 1b86a56ab58 tab
    3⤵
    PID:4792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4684.16.840541776\641497954" -childID 15 -isForBrowser -prefsHandle 1580 -prefMapHandle 2784 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {89a35943-08bd-4772-8509-39016318b5fa} 4684 "\\.\pipe\gecko-crash-server-pipe.4684" 1644 1b857e2de58 tab
    3⤵
    PID:4328
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4684.17.1869698476\866053351" -childID 16 -isForBrowser -prefsHandle 6208 -prefMapHandle 6204 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b7d3a88-ff0d-48e8-b094-be6c1bb9a705} 4684 "\\.\pipe\gecko-crash-server-pipe.4684" 6196 1b857e62558 tab
    3⤵
    PID:3468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4684.18.1493427073\325072570" -childID 17 -isForBrowser -prefsHandle 5384 -prefMapHandle 5388 -prefsLen 26873 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {68aa2356-89de-4bc6-a4a5-5ce16a25a7f0} 4684 "\\.\pipe\gecko-crash-server-pipe.4684" 4996 1b869449158 tab
    3⤵
    PID:4008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4684.19.1829476461\770045867" -childID 18 -isForBrowser -prefsHandle 7164 -prefMapHandle 1580 -prefsLen 26873 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86d95167-6249-42a2-a64f-357b9229fce3} 4684 "\\.\pipe\gecko-crash-server-pipe.4684" 5048 1b86bee0658 tab
    3⤵
    PID:5312
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4684.20.264976667\905576758" -childID 19 -isForBrowser -prefsHandle 4928 -prefMapHandle 4904 -prefsLen 26873 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0a5f988-a69a-47a2-9349-3a159c8a6df6} 4684 "\\.\pipe\gecko-crash-server-pipe.4684" 5612 1b86c809258 tab
    3⤵
    PID:3012
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4684.21.1460902234\2077698278" -childID 20 -isForBrowser -prefsHandle 6488 -prefMapHandle 6472 -prefsLen 26873 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {61f2e594-8f64-4f42-a28c-915f724c7379} 4684 "\\.\pipe\gecko-crash-server-pipe.4684" 6564 1b86944e258 tab
    3⤵
    PID:5636
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4684.23.1616688030\1928109959" -childID 22 -isForBrowser -prefsHandle 10596 -prefMapHandle 10592 -prefsLen 26873 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0485139c-c360-42c8-885b-e857bbd29e0e} 4684 "\\.\pipe\gecko-crash-server-pipe.4684" 10512 1b86e105658 tab
    3⤵
    PID:4112
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4684.22.1713218035\1084677356" -childID 21 -isForBrowser -prefsHandle 10748 -prefMapHandle 4916 -prefsLen 26873 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9b3f1ce-bcfa-41ae-96ba-5696510be058} 4684 "\\.\pipe\gecko-crash-server-pipe.4684" 4988 1b86e106858 tab
    3⤵
    PID:5808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4684.24.1295631548\719932458" -childID 23 -isForBrowser -prefsHandle 10364 -prefMapHandle 10532 -prefsLen 26873 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {199662c5-beeb-4456-a6ca-1db26fb96747} 4684 "\\.\pipe\gecko-crash-server-pipe.4684" 10372 1b86e09d858 tab
    3⤵
    PID:3980
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4684.25.330836730\405432485" -childID 24 -isForBrowser -prefsHandle 10128 -prefMapHandle 4992 -prefsLen 26873 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {59cff7e4-1927-4881-a8c9-bd1bcc7fc17a} 4684 "\\.\pipe\gecko-crash-server-pipe.4684" 10420 1b857e5eb58 tab
    3⤵
    PID:2232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4684.26.1939752429\614693831" -childID 25 -isForBrowser -prefsHandle 10076 -prefMapHandle 10392 -prefsLen 26873 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d619b8f7-f4b3-47e2-afef-9479138e9ed5} 4684 "\\.\pipe\gecko-crash-server-pipe.4684" 10068 1b86e106558 tab
    3⤵
    PID:5672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4684.27.1834148035\1338722144" -childID 26 -isForBrowser -prefsHandle 9912 -prefMapHandle 4056 -prefsLen 26873 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd0538d4-f026-47dc-9e1c-bc00be952cf1} 4684 "\\.\pipe\gecko-crash-server-pipe.4684" 10084 1b86e9dba58 tab
    3⤵
    PID:236

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3f0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4768

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Setup_5599_Passwrod.rar"
1⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3888
- C:\Users\Admin\AppData\Local\Temp\7zO03F3782A\Setup.exe
  "C:\Users\Admin\AppData\Local\Temp\7zO03F3782A\Setup.exe"
  2⤵
  - Executes dropped EXE
  PID:5868

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5448

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Setup_5599_Passwrod\" -ad -an -ai#7zMap22093:100:7zEvent25346
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1592

C:\Users\Admin\Downloads\Setup_5599_Passwrod\Setup.exe
"C:\Users\Admin\Downloads\Setup_5599_Passwrod\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:1924
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\SysWOW64\cmd.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  PID:5620
- - C:\Users\Admin\AppData\Local\Temp\Tlfa.pif
    C:\Users\Admin\AppData\Local\Temp\Tlfa.pif
    3⤵
    - Loads dropped DLL
    PID:1620

C:\Users\Admin\Downloads\Setup_5599_Passwrod\Setup.exe
"C:\Users\Admin\Downloads\Setup_5599_Passwrod\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:3188
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\SysWOW64\cmd.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  PID:6036
- - C:\Users\Admin\AppData\Local\Temp\Tlfa.pif
    C:\Users\Admin\AppData\Local\Temp\Tlfa.pif
    3⤵
    - Loads dropped DLL
    PID:6056

C:\Users\Admin\Downloads\Setup_5599_Passwrod\Setup.exe
"C:\Users\Admin\Downloads\Setup_5599_Passwrod\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:1360
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\SysWOW64\cmd.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  PID:5788
- - C:\Users\Admin\AppData\Local\Temp\Tlfa.pif
    C:\Users\Admin\AppData\Local\Temp\Tlfa.pif
    3⤵
    - Loads dropped DLL
    PID:2804

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4804

\??\c:\windows\system32\sihost.exe
sihost.exe
1⤵
PID:2948

\??\c:\windows\system32\sihost.exe
sihost.exe
1⤵
PID:2692

\??\c:\windows\system32\sihost.exe
sihost.exe
1⤵
PID:5744

\??\c:\windows\system32\sihost.exe
sihost.exe
1⤵
PID:1492

\??\c:\windows\system32\sihost.exe
sihost.exe
1⤵
PID:5324

\??\c:\windows\system32\sihost.exe
sihost.exe
1⤵
PID:4792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
9e7689e2c9c677a9ad9e78e3035d6a16

SHA1
ad1e7eee787aba3f9d9261dfab625cc201fd637f

SHA256
5efe43a176d2d5c8a7a45cbedf933b8b0e0d87c7c8762b6cc8af7cbd291eb507

SHA512
0fd3ed12b579142e0688c8464ca3b72b06cb49472fa74ea8e00d9b5ce1f21238adcffebc46093c4da71f048f3174463b762475f9e6671ccf3768ffff523da480

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
34a715b7eff98727a79196c12548166d

SHA1
d5e289b29da4499777553a8a18000554d3664059

SHA256
6b41a389423de69980de3d667fca2f72e5ce6224dcea62d765862d07e76f9f01

SHA512
62de58bac2f19abcfd8503f2b0abf64872a6354c140e020975d40fda1c975ed3ccc9f05a58ab45663c3eee52dbb5d6974aca6df78f7e60e780f5320622516860

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
c4a62e01c3d6c2c527a03f35bfd0b335

SHA1
741500b5a13a3018da23091f5420eeba8d381a96

SHA256
f3586a6047785a7939400d2bd7245c5a03f8b7033d91298961b8bf756acdd1a9

SHA512
ac74a8db99a8681f1838007a29c547e6516c4e39e90932ae5dbaa779fa49c1d960fa2b534d9c419510b3a3ee6696a6402ca9c02a3a942fb80591e3e43ec30229

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
fd5be1fce721e3a9c56fe0ca456e3ae9

SHA1
e5516bee4837b444983cc91ad81b50508002135b

SHA256
859172659b7b7be69c0ee9acfb85cf4ff8ac9ea2f387267a0d95bb6b6a8458c6

SHA512
9c53a3cbc022a8ee1751079af547fefdd4514d0df2356ab78198ca6112127dc31e00f3aafd194a2181935205fdd77e3d78596db32e9487b97221138d78ff5002

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
8d455eabfb0d670c8d1174e9ff526cf0

SHA1
9aee2c21a3b265e0d0d7b52b93a7b2cecb0ba084

SHA256
9a67684c7693abaeeff12439c90fcce5128e77b2e02ff6b7a5fb6b2a45e33614

SHA512
2b92f2f556b51e49f9f124b9a8544e757f03fb0bffbc81e4bd098615b1776779cd634ef9cde3241bca570208a104c04a2963f20a9ed3d91f61e702e382da55f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verE7EF.tmp

Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A7JUO40W\c011c819f06ea15afa25521a5afe404e[1].js

Filesize
130B

MD5
b1d8aeffbf0f607d4008d0d6c5ed8a7b

SHA1
25ee5e39a224cf8e7c6049c811b193f3e32d8869

SHA256
edd82b18356622c0c78f916c08b81d70ab28d9806b5874b4e1e22474881db213

SHA512
440b46fb7d7176096f696fe720a1fe215e21d077d0088a8df77238c3f94dc72f12e9b2d7d90f907d75ba894a0d5f604e731aff62c8a34439b01708bf431862ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A7JUO40W\jquery.min[1].js

Filesize
85KB

MD5
826eb77e86b02ab7724fe3d0141ff87c

SHA1
79cd3587d565afe290076a8d36c31c305a573d18

SHA256
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

SHA512
fc79fdb76763025dc39fac045a215ff155ef2f492a0e9640079d6f089fa6218af2b3ab7c6eaf636827dee9294e6939a95ab24554e870c976679c25567ad6374c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A7JUO40W\videopad-video-editor-download[1].htm

Filesize
34KB

MD5
f4ebe33aae300c1deaddac619edf385a

SHA1
c4e0aede1fc06f14d3f0b09bc7eeaa5bb613b8ba

SHA256
f21942e377eeb63354b2fd289f6665ebea16923ab9877ee704330cc02d8dc4fb

SHA512
93566398d84a93617d4ab2c30fe5c1347fa06f1749865ce85fdbd4a62c781b1b55fe32d112387ea9f97d6d19f3d609ccbf72fd7333cf3b338d411ab28e27db6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A7JUO40W\w-logo-blue-white-bg[1].png

Filesize
4KB

MD5
000bf649cc8f6bf27cfb04d1bcdcd3c7

SHA1
d73d2f6d74ec6cdcbae07955592962e77d8ae814

SHA256
6bdb369337ac2496761c6f063bffea0aa6a91d4662279c399071a468251f51f0

SHA512
73d2ea5ffc572c1ae73f37f8f0ff25e945afee8e077b6ee42ce969e575cdc2d8444f90848ea1cb4d1c9ee4bd725aee2b4576afc25f17d7295a90e1cbfe6edfd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\F997UD8T\ba00e9d4c9854245ed5dbf84cc83cebc[1].css

Filesize
146KB

MD5
ba00e9d4c9854245ed5dbf84cc83cebc

SHA1
be56ea0b8d4ecdc988a1a921e251a104121f81c3

SHA256
1313fccd65269013f5e468623b15e415bd4ae2b5c5f63e8bab14a94ccad589b3

SHA512
9da7355f8592906f26a4dc47a4ea988fca3a686c810eacf8c6a5e84fd29f3c05b8abbe81edf63a1ae51a18679847960a37094118d349f43676daa2f0fb7e5ce3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\F997UD8T\eso.Ep5bSEmr[1].js

Filesize
78KB

MD5
81ffb952b7f4b404ca2ed30a25c6894e

SHA1
9749d68780716c4692160b50613224625ed8a3e3

SHA256
1135ba471b302456f546cedd6c38702c4d5cddff4f8cc5c7cdfa3d72fd0828a2

SHA512
334b740f7a88387d176e3cf636b1088651b91015feaaace9e1b35aae78cdb30beb01d89e66d50e0b34752b4ab9dd96d52f620bb20fa62db84089d2148f362e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\F997UD8T\sm.25[1].htm

Filesize
716B

MD5
41b7ed0cbe240173eea85148fcba633e

SHA1
39acd5fe099974486a1c9ba11ba0fe7be6bc97ca

SHA256
274d4116239b63097bb7c16e56e27cbb5a77be20392fb8e2317c0a0235185cad

SHA512
1ee1d21b138a9f55f823b93d809b3bc58453ddfc3b3ee4d00a1010bbd4ec296546277c6777819cfb744c393ba93fe7578b60ccf0259fd17901f4542714d6c06f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JFN4LWJJ\8fafed572ded23bf2ba46bf20494e637[1].js

Filesize
6KB

MD5
281ec21b04e5d2a8553962f4fff9d005

SHA1
47f3bb2f21584c199b782603907a0fa5b0dbb7ca

SHA256
5c9089ee3320135757a822f3a805b0cd964b151694068fa4cfde8ad53c409467

SHA512
10b64c8992448f72cf291d9936a75f4cf209e25ea7fef8e9f9a66265aa144031459b4c22857eb6e428e63db4e6b7330a332451d3ad084a320a185878d00209e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JFN4LWJJ\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KDF4RA7H\443bab7be7b27fd51645b533f712b61e[1].js

Filesize
2KB

MD5
156aa571aba322fbddd73aa07b81afb6

SHA1
97cbb7af61b03d6083ef8c4d08acb50125635fcb

SHA256
c9b9145934e4b38fcb4d360280be7eb7a7edbe65c675f64f9c93fc385d4c57d6

SHA512
e4cf87c0f5506eb81a3a612a9398e780dbd9cdee485aced39b73af5d702ba43716fb688d0894bdf28bc51c9bc2c2a409e6a602bdf39136107f61694bc09b756f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KDF4RA7H\8a1048316db76aa24edbb74029193d4a[1].js

Filesize
13KB

MD5
baf07315015471df7bda37547934e016

SHA1
da1dbf551408f51caf68ebb5b44477d05fecd321

SHA256
bcd8482491d261c223749a5b352d5f29eea4560d9dd7bfa030dc270327c37eee

SHA512
4a2841b478b18f269782ba418c82b756ddbfd8b67d213ad594b5e4ad6d816b993b948269bea3fb509ec6d05882f557c76fa8eb061efa9179eac12629cfaf45c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KDF4RA7H\icons.37.svg[1].js

Filesize
86KB

MD5
901271a6d98d5db3574c625980eb84e3

SHA1
889f92414348ee85c5c88714e9cf83769827c98e

SHA256
8410910c0535c65d188f15f0bf4e0bec6b67d8db07302eb82e98b94d3fe09ecb

SHA512
4288c1387ed889c4f3f00747f60f6d87a7901603d26194af8a359d34b527a66df74493ea450befd6e9d1b356b661bcf1ad1ed34c67de7948853535dbfa4dff16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\3H8SB9TY.cookie

Filesize
543B

MD5
41370b93d162274e37c813b7f8f7f43f

SHA1
2e3493150d8d94261b1bf92f1d296c95d47422ba

SHA256
9c84409133de38515923ed339a755888b1ac1db6e94dd13ef6dd168799923a90

SHA512
39150dc17bcdb8255fbb0a8d621dc21da9496d62a607308ba1a937a13d007b470371edfa22517aecda693e87039bcceac7dc08305ccf55d51326b6561a5d7dc4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\28jjyjhp.default-release\cache2\doomed\12930

Filesize
9KB

MD5
1a3d8accb97d2aa4c91e0bade7c16ca4

SHA1
cb34d6f411239d2c0f1af6be0fa01f2e58db6e5a

SHA256
cf7785ddde104ffc316f84e95df3654677d8a5123a898c18653bc1406f21c0a6

SHA512
5fb33aa4740b11b9a68d43c1117f19cbf7caa6bba65b533aa160b318c72bbfc0fbf0db4c913f10861c23a31399350ada437b78ebd31084e495d01865ef4cf4d8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\28jjyjhp.default-release\cache2\doomed\17604

Filesize
12KB

MD5
368210a3e05932c3a76d591cce10ed3d

SHA1
3ef08545815a03d6847f24a1dfe25cd00849b5e6

SHA256
ed0b13ad53c7a6c6bd4f6b166bb277d98b660ba349c4c008699240f277119e1f

SHA512
85785cd0019f026b69f48579a30766665b5b2454d3675a65675391b7797f400cd2ca5863d04d68978d4d7875f98377fb48a17fc9f2d54ba27f06b74ed9abe220

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\28jjyjhp.default-release\cache2\doomed\234

Filesize
10KB

MD5
27d8a61942f42daf265fcc711521aea9

SHA1
ed4f34154dc7b44816aa5c2baa9dd8d296bb9f2d

SHA256
90f28da7ca3290b92622364e0032c773f0f86f65c8494b6b9a63e1a7ad09c2ab

SHA512
6cb1deac3c6b7e5b0af6e9b3406e629078022b8e1d9045b8b28e147d023b66e96147ea10eac048510fdb488e7de6ae6906f5ab9764686734f887b7a1625ccf6a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\28jjyjhp.default-release\cache2\doomed\26854

Filesize
9KB

MD5
3d76e119c025796d86e2473587f4aeb6

SHA1
5e80133d096cd54cb732215e412190b2b2ad254e

SHA256
22a5ec11db272d943807513738fc939d27aaccdebabd54ed7d16896c843615c0

SHA512
10c98f4279fe301b061a3dea98b142bbde8b16796e2497b1e4f3948ba2a59341594b2e816bf3fb88693bbf25796535cf409030f2f3c44f25c0c9c5cfb7b0fc03

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\28jjyjhp.default-release\cache2\doomed\30812

Filesize
11KB

MD5
17f74e1cab8fd049a66bd984679e434d

SHA1
845b0e1f528ac250a1aeaeffc149a1efe8c93493

SHA256
1513fc90cbf4c96b82618d931b2e6a1ac59668ad537ef08916b36ea88d387fc3

SHA512
78bb9020bd7676a59eb78444440c4157990dad5aeb73d85fb10b5be302d3e49737eccc1a03b30f671f687f93c2591cbfbe58e9cd87dbf0d34ce9bf2ac1402679

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\28jjyjhp.default-release\cache2\entries\08F06ADC2951ADE88280AEE850BBA683B4C14A12

Filesize
86KB

MD5
9fead3539d396e29df4d545333b62d55

SHA1
8b6859c7593a3ded9975868cb81af46829989e5a

SHA256
e0f5795fb5dc2e89a9a75ff928ed051992790ded3e085a479e8a3ce6ab63e27e

SHA512
055dbb673591149791e5697837c54badabfac2cb0b40ba4927243ffa9e7cfb4c13a598db3cc6474e7f5d37a7edb9b9af14eb7e2cef6a4a1e4de27268a198d865

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\28jjyjhp.default-release\cache2\entries\142D8A4A71C6D9C5C6829EA2E1F692761C0A814E

Filesize
57KB

MD5
ba12d09b852b074886d1b6aa1d32c238

SHA1
0f458f9c8979944f6416ee255bd62a30963717ab

SHA256
16855f22eabb2bb1d71aa20607e4d437d946a86e3f0c144671a6dc7031db41b1

SHA512
63b0e9ada7a4c2d34f4e6b03bb82046b3c5933ee86bb528eee6aa730facd9ef6e54613106f297e2322e37390ad75d8dbef5f89234ed2d8264d4bd4bd6dca5d03

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\28jjyjhp.default-release\cache2\entries\46C625DB4964C00323A8EF4C60828B52A454EBB4

Filesize
1.1MB

MD5
3ba3e9decbdd938e09d483afe9e9e70a

SHA1
81d57befe59aee5142fd2b4810d33cdd0f519b14

SHA256
b6b003d09f710115a6f65a5a4fcc9863b853242133b17687721efe664afed09d

SHA512
3c22f39956c5a905e3dd67c1127f4bb734ee14169a43a21e801f03a4ee6b68177c86e5eddc6c879d5b0b838667a51e4f1443d55adf8e217e8040eaafd66a9c59

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\28jjyjhp.default-release\cache2\entries\5AE6D89F9E02E65CE57A707F37A56F985F9BE4BA

Filesize
68KB

MD5
854d3e36d91eacf2693f11d0e365f35e

SHA1
b975a5576d23b937affd8ca8b9c189ba182ad3e3

SHA256
f91586aa6047a2e6bc8f6428fc408083e5966af62e4746929816271b8c648a39

SHA512
7536d3e94888fc0545ff1aeceb9fe988d9e586e7020665358e5d8c93f69882972fe9526d1d4312055d92b3c78de23144a62ed1bfcff83edc8f77c97afed3636e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\28jjyjhp.default-release\cache2\entries\73E571E410346254830F301802FFF980483FAA8F

Filesize
82KB

MD5
bad5d17bd6e9146a70f2c66427e460ba

SHA1
685b8d9ae25abcb327c21785e4317d8ddd2e9d57

SHA256
973cc8dfba75f7c55643d07287e6b32ebd7427f7a2936ff92e2c3555facf5e4b

SHA512
1403d20f3ce47af154bb216076dd361795cff708c8d31a62ce12c00ad608d8a0d78c0e51b4a513daf68693fcd43821b8ba3848042874195f623af059aa3dc8e8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\28jjyjhp.default-release\cache2\entries\80BB96996C8133B0FE5E0D6E5EA21B26135E8EA2

Filesize
110KB

MD5
e5ea15b305a19daea5ed3258a30bfc6e

SHA1
f7f24e11bf06988c87bf83fba23c35470809e1ad

SHA256
d5986db31d704f58d0762aa219ac52fe0b94225979e77b91bf465d0719a12e47

SHA512
8c5628516af69c73b706a5989f42af3b8d5d36a16e16792727190fb9181065895ae541498a41f01b880f012d3b4e95b6dc94b4b7b4a129a1a5fefc282f28c4c9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\28jjyjhp.default-release\cache2\entries\971254C7341460E85C93D0821B91E9985A0B32D6

Filesize
97KB

MD5
fca2c0dd8370bb67ccd7e00428c4a790

SHA1
238f464a33a8bcdada5278ce4ef779ce783ff8fc

SHA256
4e4d5b0d149fe7202fd07e1fb7a83ef450153abcc9ef571e6eed5fab6694e4f9

SHA512
d23ae754cea6bd0b08eea24589b557b7e394d8181216e0d48883f9903333895001688a49463101bd6a3a4e2d98dfb36e1849e8204e3f30abee4322bf1cebcc79

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\28jjyjhp.default-release\cache2\entries\A316A67D82F673191BAD9C75885EB5E7557D7EFD

Filesize
41KB

MD5
b24e853e0edd17964b90d0b0c9c56664

SHA1
899e33260a3afe9808ff70fd3cf02d4bfb1f109c

SHA256
20fd13d4e03c4f91025b1bedc453a003bbd92440021bd8541fd34af89722e027

SHA512
5a7bc9e15b34b7ee38248032aeb48f7c121b65d51103a62b79ae9fccc0231dc178d41870ead2564051be82189a6736d165fd0d34c5c9c57aa2b8a647884ae979

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\28jjyjhp.default-release\thumbnails\447c1d819532470f427483b5c2ad32a6.png

Filesize
41KB

MD5
dd68512be66ccc2fcde277e3f88faa99

SHA1
db55e9b88abc4a1b7c2605aa9430399aa74af183

SHA256
3c1eced52eb35d6387eaf67b4bff742069e46a0e5a847197de5edf2c0ab8bf63

SHA512
a82e39b21cce1138db1b3035be448d2f971bad8470cdb374699fa49a84b54ba1380ca31e6c32353d5ad86f7715482823dea7e1cc370d1baaca9eb25e9e1bd498

Download Submit
C:\Users\Admin\AppData\Local\Temp\2d1616d4

Filesize
1.5MB

MD5
f6f6398f077f9a056b724d237fdf2ed4

SHA1
7de22a688209e88abb1bb3574d1f2b6b8b4566c5

SHA256
9026a8a83965a26e53ff8d84da49402592fd157ad56e85ca508accf5129b1977

SHA512
3179e9bf1091657be186df44b33cb9be89bd020564220f11b1be8555980c98f6a593a5a97b2fe23d00dab0d87a15df91f59e5a3e37d4eea904539a26c1c4c2d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\5b3fdd79

Filesize
1.5MB

MD5
74022f8cae33e45197f3cf0be5ed4b94

SHA1
960187d5ac86ae7ee9a44a3516cbbb10bb9ecbff

SHA256
361492f534122993db5dec64fcd2aaabfefc133447de35d49871d7933d33edce

SHA512
47ec78c099a2f36b3b76534987261083906067f1b30147bb3f53dae771613ae03e34c1f0d48fb926e8e8469b31881e8f5393970faeae7e661e03af42542912eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO03F3782A\Setup.exe

Filesize
1.4MB

MD5
38901633c833cba7f682472ced0dbe4b

SHA1
0c11a1ac834d2b270ba60f3605109933ca11a7f0

SHA256
a5c5487194f761dac90e178c9c1753c0f47b041f3168b5c23a587f33f69e5089

SHA512
70d71197c68c9a92883c482aee76978e2a01e785be6fb3b6082369e25d991d3e03d8467e11d87493e54f5a3dc4bcd59fa588f0fabe5f6fdcf3361de95cb471c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tlfa.pif

Filesize
332KB

MD5
578b84dffcdde848e5726fb87f7795fc

SHA1
54e40becf54cbf4a1c30558140febc872e14ee6b

SHA256
3af13cc9a44cd8ac077ae3d1b8a00625e5e288c51d6d797231b2de4a1aba87fd

SHA512
0d73f2ef0664d273f096fd17a0d4a7c73adbaf1551a041cb7802a9bd6d69c04121c561e57b8dfdd7a415899568baf832cb44307d4024d053049b976cc870e5e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\e32be94a

Filesize
1.5MB

MD5
725980869e2e905cd6f587ea1a775540

SHA1
fc78fc1e287673bf02a716a4efc42c4702aac097

SHA256
78d0136c3b90cbd775212f4489ed57b84a4786947144a0e5ead6a1acec6e9cc1

SHA512
f8e1e79ba74462202cc21bcc8ce41e309fd2ee59a93f8bb56caa29156959e668dcd42cd50cb36792abc79c74f69656becedfa2f2713f1e1fb551faa78796a34b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
9KB

MD5
1306093ad1a984468b1d0cf48ee90c5f

SHA1
ab5c2243d89ccc31a2b872707c0e276bba8ec4e0

SHA256
f53ce8bccc430b7dcdb877d6d376d4fcfe1c3960cf6ddfb9c1c152fffa0a866e

SHA512
dfe169eb5d16337e2893bef48cad9f533a55c674f7592972136f8ea70d126f160df7adf4f67964759e98ea4fdf71bae38ac3cfd5ff8f87299e478d3ba0e100a2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\datareporting\glean\db\data.safe.bin

Filesize
16KB

MD5
ef9f497c5c4da8d0fb3bde66291b3635

SHA1
d57ae4ee9574be05804c679778585bb77129293c

SHA256
44cbc7d2c57fdf11f0bc1026597bc1d0d63b2f0d90ad1f9fa4421e5ee740524b

SHA512
eaf2b6ae4bfc47f2088e6c1416200f12dc150c8f130d31f62dd1224f18911934f14c014aef8db9895688e331680f5932b1a3487c0ab50fcea7ee8d908dfbbebf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
47218cca50be3d31da69b6931f497dc8

SHA1
677dfb8ee7076912ccf28ee51eccb40861a10019

SHA256
18115bd142b14adcaa893ed77ab09232412a484fc8aee28b657fd0b87eecd5ee

SHA512
bf493bd00ce2c74aa6b2f20efb79e4f587608ac64a117cf4dec59570c437aa0c458739bb578326bce0289ebf2b7a6b426721bf9174891373233530423a7e08ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\datareporting\glean\pending_pings\1ef41dac-fbab-4589-9493-dc2eea527ab7

Filesize
746B

MD5
f10cdf0578fea8c06066b1a2de9d1afe

SHA1
977a4c1ac2c6d11c52b5365ea965dc8f50abdf47

SHA256
2ca9629ec233d26a99f2336681373a610ff924f6ee9e5c52f41176829b13b7de

SHA512
5303850c3d87816d3f0ea3f2e24c6811adc0cab3cfbb5b53bda37ef943a0cac947705dd3398e39b97b53cf2631565184d4dabf516f27524a0e516c28d9f86b54

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\datareporting\glean\pending_pings\2373adbf-18d1-4b67-a868-85d62a77f672

Filesize
10KB

MD5
a6724d0a66e52d7ade996cfcad6bc3b2

SHA1
6cfdc812365f4fc8a17ab128b7ca573785e185db

SHA256
0e0aa4b9d987705ded383f99d5f8efd3c0fd09fa2d9a66bc634bf85ad1652cdd

SHA512
5af74f3ebf1ca725cb3298919449f54e333c97aae471e9417d4a819567ef56b7a8806a6bbfb94b38401f464e6a760e99afe56786503cb36d3c39f48547a5b3a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\datareporting\glean\pending_pings\2dde70bc-b098-485c-ab5c-b9e06cae5a70

Filesize
2KB

MD5
7b1506babdf2184431dcd2f206db6716

SHA1
a68e62e6393ad28c00c411c6529a7842089de9f3

SHA256
38f2ce7fbd61594ca5fa9d9e6fad00e3664301b62505ac42bed55156fdd68a30

SHA512
48518e027ae118bb99c832c5c6ae15db7bd0a57d57424ec7d2ae0574b6eb8a8141eab001bea2a1c606129c6220b28757a7bf5ec43479a589c4833081b659a895

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\datareporting\glean\pending_pings\c6cb1b95-b957-47db-9265-2a628d0278ad

Filesize
856B

MD5
bd537ba81d26d60b2472eaf251174258

SHA1
3dd3de82f99a42730af25486f4b6926db6a8ed95

SHA256
926fcb61b3bb09ac870a5ee9c6d199ae416a48b2ddfe2b2be207762df7bc7986

SHA512
190215f61c3557b594d4c480c90a89e0123e88c550798deecc1d726368857bc0f40694f27bc4a8d5b8ad75693958766026a53a704b88c995b44a3f54ef284424

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\prefs-1.js

Filesize
6KB

MD5
026f3a8e5370df759090377403b50e97

SHA1
2ce2721f22db50d2aa2d43f16f0ec13453daa58a

SHA256
cb4743e3c6858350088429df19f157162d3e03ab62143262bf0098c69fc04375

SHA512
e57d632ff6df5e1a84e0f553624cf4cb2e145d76d02f89ec5645d889759728973937036174e567c84ce71817ebfb0bd29d0f523dc3a5701c3bfb64f1acfb297b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\prefs-1.js

Filesize
6KB

MD5
be37694896892e000e8f43e6718d9339

SHA1
655bb8238098828fef6f1c20d85630231d5af043

SHA256
41d9a214087a3d14bcdd31c2e1825e35bc1fcdd60a44915b9523e276380904b7

SHA512
8c91f1a62db9247c73ec52d3cceeac56d352077e67c7d863cc1329594b68039985ba0cf64b63f93c4dec0f015fe2015920f8086fe92d0b242ca6a8d03c4f45a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\prefs.js

Filesize
6KB

MD5
3166dfd857d4c4c524f76764dd507e65

SHA1
16b6d1706b196757a8df8dcdce9aa24e5a77ea37

SHA256
ef0824dbfa1413083a9d7dc1d136d7ba7ab5e38a0f148028d7d167243f1cc696

SHA512
9c4983347db04ea78eff807a3aba77cd9ba85ccf7d855b6771bd129fe09003f3c190e7adef52b442e38816e707b008324cc2c82ddb5f5b1b131c33924b33dbfe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
df9173b0ee66cc17d46c0a03c1585784

SHA1
43e385b9f0d12517b033e64e40cb3d038cef93c6

SHA256
06aa87af04e94a39af9b40c7ae1b587a42da1744c5557f80a66f4306027ea1dd

SHA512
efe1efaf75afa828057905098ec4dc6920c7383fe9148373c12f121f6b699f73a73e30d97879117931b213043ed0f4ef07d762871aefd346742c90dfb988a0da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
12KB

MD5
5d1f46bd4d6148915877ae2d56012fad

SHA1
703155ba277354e28c94b2aba433135f01359af1

SHA256
80fa62a1c46d8adce98826e8219bed9607e0dc47145859363e7bb295ca4a2522

SHA512
7d9b775a590007e4e1a4b6f403220cc956028495fa32e3997e17f00c9dd41794cfa7666ebcecbe850b20579beca7a8c4577b8bef433265f3d9675bb73b951a40

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
13KB

MD5
45015bd222b122ca1819951258e81ac0

SHA1
a0a4ef49ccb414af9a7e5db56ccddfd721d1a8f0

SHA256
f3d2fbe684bfc404ae4af1cec8c4657c3d929b288a1b8e174d54df9587a10aa5

SHA512
a16efedb811b0b94dbbc8a6b69f0105fc687bf853cd06a50db2dedcfbc01dbec58f25f36a1c703e62be8366f531035d3f357e8e5a646cc0dacb74bf1b827121d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
67cbb8c6bea8db9e5d4de2c50c07cd8b

SHA1
eb01bd66fa99616d543b5c6a0b702a8eb8ff680a

SHA256
a0d490b8e247767dabfc87ff2a7a2e399b23dfd3f47a43bb2971b990d453072d

SHA512
f58102c481560375092fb2e356692f72fb02b7249ae4bee0fd71bcfa19fb1af15407878662e31cf01320feac13390aad53ad5c9033ddb2da42354e4771d1c198

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
5c0519d91f0f086acacc5494d217cbd7

SHA1
a13fbc5c7ce8719de66b9088a8eead69949d7ad0

SHA256
54eb79e2f43a8c91b1055d5b4e20713962763c14e5a38b508107dd67af1d5be0

SHA512
77367ba561a3653c0d30307802e33f97f4d5ccdb51146c22215eddcb62e1b9335c0f11aa514e74d2050fa5f3423ba4c56fa816089d0dc87dc6194ab8069b9158

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
150977ec16d0aca267be2819f6a3bcad

SHA1
168c30508c712085cf2cec2d44bb2511909e41b8

SHA256
b39c684a12c93c8d80f769f6f004b4b94ed2e4199c667f393f484dd10b79d0fc

SHA512
61e30e832395dd5b5a3117a0355f54e1a828fb1c2087134229ca815bb5db05f63f17f2bd207b00fd8f9774c57a81878be3c8e7f8e3ec912b864889288451f001

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
13KB

MD5
064b87c1a22bbcf3aca9ab42b75c1971

SHA1
9598e18ad46524c610e93b9610ece0288d29daf2

SHA256
5f2cb5daf759e478c93744efca8e09f5cac9e684243caecfe46682593eaf1c27

SHA512
ba1fbd6be58371bb32a58752615b526f27a2fe1ae7b1e8dfb1991c4d1c7c76b09f171ea0fe29126277f65f44e8c33c19f87f5f36b0f6dbd16a4ffda3fe2d3c2d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
14KB

MD5
e006a6f79d3280d5367dd2879f32f269

SHA1
f9bad9e9063e39418d6d32bcf340920147e04352

SHA256
63cfb58f6acb0ff7a9943f4e60b867c3391d2c1c046e444261a65beacf29c474

SHA512
f9036e133fb66d2570520cd24e319b446942f5f54bb90bdce1131bc6a91dfa643c3d7d03976cf6ef50924a1e9ff470a1beb34452ca89860dc41375eed83aac68

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
13KB

MD5
72d8258dede42042ea2e04f00f92c784

SHA1
64397c177bff1317ba38ba3905e88ada2e58551b

SHA256
a80e9c16d1a9216141f853fbf0b2b753374c1b8a3a135d4b9da846ac56845fde

SHA512
52c3c5f2c179e988add485bcd001398efc448bccfa1963ec6a71888ba8e39533a6a94f424d67f75c47c81b7961c113272c5c172ad12b7e394cbf2125d03bb962

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
4885dbf81cad728ae52bb681d4a3cdf5

SHA1
d69af6dbeba902e0c473b67feea7ca82b85c4c0e

SHA256
5dbf540a1c2cbd3a49da269b93f105d90af283653d56d3e1b8a8e65f72308a75

SHA512
40e7510920bd016aede2be2688a49c3ee47aa5828f0dc2bea3aa82988bd60c25addc7231a32d12c38c3fc94ae0f895c48bb151397d1c0ae37ff84668cfd1d83f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
e97484e2ad18fdb5224a61b920f72ae1

SHA1
9390c2bab04a49e853893874340261625303bd3c

SHA256
8c98c7cfb553f340212f5cdc4a0bdeb1d3f85fe6bdb5bda2be8012ae10fecd4b

SHA512
95fb3ed30a723b75ebfbb8178bd5a24c9dfbe39a4f7043db00e6d2c27714060bc133e6bdd78d5d497f4cfab2afc788e595f89edd8f195070cb895b6af6ebf055

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
eb05b938c417fcb2bfed495fb0e4a29b

SHA1
f2ba352aed52715862e3901b94105f5c3e974eab

SHA256
512bb542302c72c2c463a080e9f4a93465e287ecb08b96ad378e66c4025a9b6f

SHA512
6ead9374ace14988befa2efcc250e2690ab7d6c0641091efdbf16a92a10b0fc87a3ce774e878765ce8691dec334fdf2f358d0efd4133893fb1a710185509b6e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
13KB

MD5
6698cea0b2fc1ace3d0b5c9bf01b7379

SHA1
fe8184c8a74c0ee78a5d77033e1dce54b38836b4

SHA256
794a7bedcd61dbf13195c4ce95d4449a1af33b9f9b0313ef0250dce8185a191a

SHA512
e9f910c03868bde8d6212a877a2685463ac4b44dda7033e7b84b289748a90478f3a7b842acdada047b095b230f90ac567ad88f61fe506887943a43b961343101

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
14KB

MD5
ab9e6036bf5740fc5399ed273c8e1cad

SHA1
a4742c03d7e0d57e513cdba6195ab3338aa3f13e

SHA256
37f91eba8933e83dc5dc8d0ffa4440c01425cb2b85d2af60496df6dc3fbce6d9

SHA512
37f922719d9ceb4c2e4b2d6370df69463473bdf0481e6ffd6dd7d1883231c76fe111ba7c860a0ba5688c419974c93dff4beb43d139e846b46c0d41885d761503

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\storage\default\https+++mega.nz\cache\morgue\37\{b871c0e0-dc5e-4ac3-95a8-ef36b34a7525}.final

Filesize
1KB

MD5
3efa9abd92666265dd81c4f4311a96f9

SHA1
41b6b716d67b93555e444cd453f3c6e3f8c9522c

SHA256
5066b1841e8877db31312ef3af86f9bc9234c95071119e025764f45241a4e2e7

SHA512
5961950f077501608a0f2975e7f69c483eeacc4eec4ac77fd650cc1131609501f87819f93ed23aa508a90426156abf038a859fac4112d2d4435bbb634027cd6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\storage\default\https+++mega.nz\idb\3713173747_s_edmban.sqlite

Filesize
48KB

MD5
efcb95dd59451287dce45fc9a667a226

SHA1
aaa1c158c9e1f07466fe5614e6739fd2828caac0

SHA256
002cbba2793fee345c5c045f4e9d253650186066e358fec5dc6dfcac003cca87

SHA512
b0738b15322297046b27bf444ff4ce926b965176be5fd498d9ccebf2c7492911325840d498a600143c57773fa0a2cbfd31118c63a9551e5f0b06ab7a6777b576

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
c2ada3be3a3a950fb2228c73d79e4efc

SHA1
d13131793c4f0d13e020df7d1b86b2efebe15f35

SHA256
6e005f21fe12a1fdb19b3f378da9cc6f1cd48f0879e14b85044fa80b321e5899

SHA512
84940a477b794db72d8b92aef90129e6698f6c116f1b7157c1b979e0e1cf5713a0c234325ad18eda6a937da4f03f2546db77881b1e84ea65e6bec0879f5d9052

Download Submit
C:\Users\Admin\AppData\Roaming\urfa\piet.doc

Filesize
64KB

MD5
621f2cdde2c3dabd960c96eb2a6949b3

SHA1
0ec3e340b846eeb5c67b51d5f56fe4b14a7b7b71

SHA256
7641c371fd25529d0847a3078a630d05f20b3bd67fc48f3a5e6bfa376c218427

SHA512
d44f2af9ace2ab1c21b9bd99048d814a42a9e49d6fb66901f683833c7ea7895ee94c6491ef94c7e1b71f3ab071b140789a6fb1c2d97a624ed53771ec3e4b709a

Download Submit
C:\Users\Admin\Downloads\Malwarebytes Premium 4.unV-P2gP.6.8.311 Multilingual [FileCR].zip.part

Filesize
64KB

MD5
f3d1817effa55d2feea1e407ee6461b9

SHA1
d4f863796ed4e33c401c2cd0ead390b6f61b0c84

SHA256
89e04cd3146a90ab0fb2a928780215144f7dd5eb64f9ccb54a056880424ea1a6

SHA512
6d9f4fe8b27a5e16d6e84b156acfc2c68e0513502da0266a7fa622bfef7e115873d60775d599287cb04fab646b4f50ec1ec1d97decc1a0e31155e346c579e793

Download Submit
C:\Users\Admin\Downloads\Setup_5599_Passwrod\VCRUNTIME140.dll

Filesize
88KB

MD5
1d4ff3cf64ab08c66ae9a4013c89a3ac

SHA1
f9ee15d0e9b0b7e04ff4c8a5de5afcffe8b2527b

SHA256
65f620bc588d95fe2ed236d1602e49f89077b434c83102549eed137c7fdc7220

SHA512
65fbd68843280e933620c470e524fba993ab4c48ede4bc0917b4ebe25da0408d02daec3f5afcd44a3ff8aba676d2eff2dda3f354029d27932ef39c9fdea51c26

Download Submit
C:\Users\Admin\Downloads\Setup_5599_Passwrod\nomography.csv

Filesize
59KB

MD5
bb4868555bd78bcedb56c00ca10a7cf7

SHA1
1138ad66e56b1b107295329394230f4b02ed0254

SHA256
b806fbfd9d7a32af3281ef45fd83be7ba7b7005dad6929848580a178cfcd8df8

SHA512
4e48b8607263dccb93aa514cd9daa7ff3577a2dfadc0f62a0f8a01cc20378689fb408b3f6cc1d4ad0d0cad8291fa7b56aa79037c7593083201e336fdd5fdeb91

Download Submit
C:\Users\Admin\Downloads\Setup_5599_Passwrod\piet.doc

Filesize
1.1MB

MD5
b7102fa974ae6d8ff70b17c6020e3a88

SHA1
ef971f5bcc1acaf0bc6f5c66d7126fbda4781def

SHA256
e7a7c4543fdf3c1d31c1cd3f71fe0511468d80dbf48b79b965b7e4ca6ad17c57

SHA512
2b53af5cd7b7263f634fd4391af9df2887d9ebd4c9f80b7a1b5a4338e7402f48c5f675987669fee30a320f929f443866e4816cfeaac04057766e9e64be22e3c0

Download Submit
C:\Users\Admin\Downloads\z7puL1C0.rar.part

Filesize
3.9MB

MD5
e6c7c2d4d7c141df515407b36a6f492e

SHA1
22e1ecbc99bbaf2b36327232f6b0bd4a7ecd9c19

SHA256
ede46cd16a6fd782ae2dc8124d49564ad3f81b7113ecf4aa501a6460e00e4d37

SHA512
668a9cf086e758d2df51822571622fabd2290daa29d3069e8330a69fd93b20914ca5868823e6ec530692ecc4e910bf0cb1cde6115f6098e7537c7b9d07a31a36

Download Submit
\Users\Admin\Downloads\Setup_5599_Passwrod\concrt140.dll

Filesize
253KB

MD5
ebcf24d1c4386b128fa10e954848371b

SHA1
6d9a30cefc136ffbfd57a7fc825cab5864b1abfc

SHA256
d23fce535c32d934461a0a39589d87afd592a3176033e3f2c97304122c96bf0a

SHA512
dc46c47cff3f2b1b3944df6e61f6ccddf9d9857cac3570a2a6d8c03134edbd9b2f2e4b3bda98d73e2385110cd5613b3f9ec91395d704a50793e70acc5b03b86b

Download Submit
\Users\Admin\Downloads\Setup_5599_Passwrod\cpfe.dll

Filesize
4.9MB

MD5
6947ad7531ec2c93b28d3d587596a14a

SHA1
a7b212c81b68ce826bdefe096b15e5f7e8990f43

SHA256
3dc6391d924ac618c2accc673f002f453f9d2436316d7df712429f82a3159f05

SHA512
d11a0d3c5fe89c16d6d2d86bad8351379f0decf83d2ff397021a03f66b369265e39d429f0994f4dde6fea34a0f73cd128e978055a3fa24c4d822e9e9e4f0d409

Download Submit
\Users\Admin\Downloads\Setup_5599_Passwrod\cpfe.dll

Filesize
1.8MB

MD5
d010b9bc6d14cb97ee8492f29d94d94b

SHA1
b4fa533f0dea1d020ef1807c293ca72cfeec4eb2

SHA256
ce6229e14925885dc037bbdce00c05d67b4afad5031771355b363b4dafd76c1b

SHA512
a6940a3ce36c3050d5744ff51166a7f5072e00cb38021b43e0b8bb2b1adcee5957a0874e8e5272fcb8aaf4b1f08dba4e526d57fc583b13dad50943e188867af0

Download Submit
\Users\Admin\Downloads\Setup_5599_Passwrod\msvcp140.dll

Filesize
437KB

MD5
dc739066c9d0ca961cba2f320cade28e

SHA1
81ed5f7861e748b90c7ae2d18da80d1409d1fa05

SHA256
74e9268a68118bb1ac5154f8f327887715960ccc37ba9dabbe31ecd82dcbaa55

SHA512
4eb181984d989156b8703fd8bb8963d7a5a3b7f981fe747c6992993b7a1395a21f45dbedf08c1483d523e772bdf41330753e1771243b53da36d2539c01171cf1

Download Submit
memory/1360-824-0x00007FFF41060000-0x00007FFF4123B000-memory.dmp

Filesize
1.9MB

Download
memory/1360-850-0x000000006EF00000-0x000000006F07B000-memory.dmp

Filesize
1.5MB

Download
memory/1360-837-0x000000006EF00000-0x000000006F07B000-memory.dmp

Filesize
1.5MB

Download
memory/1360-823-0x000000006EF00000-0x000000006F07B000-memory.dmp

Filesize
1.5MB

Download
memory/1620-846-0x000000006EF00000-0x000000006F07B000-memory.dmp

Filesize
1.5MB

Download
memory/1620-844-0x00007FFF41060000-0x00007FFF4123B000-memory.dmp

Filesize
1.9MB

Download
memory/1620-849-0x0000000000DA0000-0x0000000000DE0000-memory.dmp

Filesize
256KB

Download
memory/1620-853-0x0000000001260000-0x00000000012DD000-memory.dmp

Filesize
500KB

Download
memory/1620-848-0x0000000000DA0000-0x0000000000DE0000-memory.dmp

Filesize
256KB

Download
memory/1620-847-0x000000006EF00000-0x000000006F07B000-memory.dmp

Filesize
1.5MB

Download
memory/1924-777-0x000000006EF00000-0x000000006F07B000-memory.dmp

Filesize
1.5MB

Download
memory/1924-776-0x000000006EF00000-0x000000006F07B000-memory.dmp

Filesize
1.5MB

Download
memory/1924-769-0x00007FFF41060000-0x00007FFF4123B000-memory.dmp

Filesize
1.9MB

Download
memory/1924-768-0x000000006EF00000-0x000000006F07B000-memory.dmp

Filesize
1.5MB

Download
memory/2804-908-0x00007FFF41060000-0x00007FFF4123B000-memory.dmp

Filesize
1.9MB

Download
memory/2804-923-0x0000000001310000-0x000000000138D000-memory.dmp

Filesize
500KB

Download
memory/2804-912-0x000000006EF00000-0x000000006F07B000-memory.dmp

Filesize
1.5MB

Download
memory/2804-911-0x000000006EF00000-0x000000006F07B000-memory.dmp

Filesize
1.5MB

Download
memory/2804-910-0x000000006EF00000-0x000000006F07B000-memory.dmp

Filesize
1.5MB

Download
memory/2804-909-0x000000006EF00000-0x000000006F07B000-memory.dmp

Filesize
1.5MB

Download
memory/3188-796-0x000000006EF00000-0x000000006F07B000-memory.dmp

Filesize
1.5MB

Download
memory/3188-811-0x000000006EF00000-0x000000006F07B000-memory.dmp

Filesize
1.5MB

Download
memory/3188-797-0x00007FFF41060000-0x00007FFF4123B000-memory.dmp

Filesize
1.9MB

Download
memory/3188-810-0x000000006EF00000-0x000000006F07B000-memory.dmp

Filesize
1.5MB

Download
memory/5620-779-0x000000006EF00000-0x000000006F07B000-memory.dmp

Filesize
1.5MB

Download
memory/5620-784-0x00007FFF41060000-0x00007FFF4123B000-memory.dmp

Filesize
1.9MB

Download
memory/5620-842-0x000000006EF00000-0x000000006F07B000-memory.dmp

Filesize
1.5MB

Download
memory/5620-817-0x000000006EF00000-0x000000006F07B000-memory.dmp

Filesize
1.5MB

Download
memory/5620-815-0x000000006EF00000-0x000000006F07B000-memory.dmp

Filesize
1.5MB

Download
memory/5788-854-0x00007FFF41060000-0x00007FFF4123B000-memory.dmp

Filesize
1.9MB

Download
memory/6036-838-0x00007FFF41060000-0x00007FFF4123B000-memory.dmp

Filesize
1.9MB

Download
memory/6056-871-0x0000000000060000-0x00000000000DD000-memory.dmp

Filesize
500KB

Download
memory/6056-866-0x00007FFF41060000-0x00007FFF4123B000-memory.dmp

Filesize
1.9MB

Download
memory/6056-867-0x000000006EF00000-0x000000006F07B000-memory.dmp

Filesize
1.5MB

Download
memory/6056-868-0x000000006EF00000-0x000000006F07B000-memory.dmp

Filesize
1.5MB

Download
memory/6056-869-0x0000000001330000-0x0000000001370000-memory.dmp

Filesize
256KB

Download
memory/6056-870-0x0000000001330000-0x0000000001370000-memory.dmp

Filesize
256KB

Download