5ab5f39d143b6ff77df2fd5026ac8e4788edfd3de27a4e1fa4b420a7d2f61d38

Resubmissions

03/03/2024, 11:27

240303-nkmj9ahg51 7

02/03/2024, 09:29

240302-lf8wkscd47 7

02/03/2024, 09:24

240302-ldgdjscd26 7

02/03/2024, 09:19

240302-laarlacc93 7

Analysis

max time kernel
246s
max time network
260s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
02/03/2024, 09:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TLauncher-2.86-Installer-1.0.1.exe
Size

21.7MB
MD5

f643be370cc9763a17f7746b1b6a0243
SHA1

c65391f59a6e1421d783eaf43eb9661cfd476f82
SHA256

5ab5f39d143b6ff77df2fd5026ac8e4788edfd3de27a4e1fa4b420a7d2f61d38
SHA512

5ce377dc1a4a59723cf2b969c0cadb3197e5bf61d0064e2e8c94a0be9d4fd1cd9b33e05078a17e89f54b763e180be32ce14b46949a58ff47e5df18183291142f
SSDEEP

393216:WXYwVCtYto0fs/dQETVlOBbpFEj9GZdqV56HpkbGCST7yuk9sLx:WowVCWTHExiTTqqHpMsV

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000700000001abea-4.dat	upx
behavioral1/files/0x000700000001abea-5.dat	upx
behavioral1/memory/2252-8-0x00000000002A0000-0x0000000000688000-memory.dmp	upx
behavioral1/memory/2252-329-0x00000000002A0000-0x0000000000688000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 1 IoCs

pid	Process
2252	irsetup.exe

Loads dropped DLL 3 IoCs

pid	Process
2252	irsetup.exe
2252	irsetup.exe
2252	irsetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133538452525311069"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1104443672-3570440473-4052989528-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2148	chrome.exe
2148	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
3696	firefox.exe
3696	firefox.exe
3696	firefox.exe
3696	firefox.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
3696	firefox.exe
3696	firefox.exe
3696	firefox.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2252	irsetup.exe
2252	irsetup.exe
2252	irsetup.exe
2252	irsetup.exe
2252	irsetup.exe
2252	irsetup.exe
2252	irsetup.exe
3696	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 236 wrote to memory of 2252	236	TLauncher-2.86-Installer-1.0.1.exe	75
PID 236 wrote to memory of 2252	236	TLauncher-2.86-Installer-1.0.1.exe	75
PID 236 wrote to memory of 2252	236	TLauncher-2.86-Installer-1.0.1.exe	75
PID 2148 wrote to memory of 1648	2148	chrome.exe	85
PID 2148 wrote to memory of 1648	2148	chrome.exe	85
PID 2148 wrote to memory of 5076	2148	chrome.exe	87
PID 2148 wrote to memory of 5076	2148	chrome.exe	87
PID 2148 wrote to memory of 5076	2148	chrome.exe	87
PID 2148 wrote to memory of 5076	2148	chrome.exe	87
PID 2148 wrote to memory of 5076	2148	chrome.exe	87
PID 2148 wrote to memory of 5076	2148	chrome.exe	87
PID 2148 wrote to memory of 5076	2148	chrome.exe	87
PID 2148 wrote to memory of 5076	2148	chrome.exe	87
PID 2148 wrote to memory of 5076	2148	chrome.exe	87
PID 2148 wrote to memory of 5076	2148	chrome.exe	87
PID 2148 wrote to memory of 5076	2148	chrome.exe	87
PID 2148 wrote to memory of 5076	2148	chrome.exe	87
PID 2148 wrote to memory of 5076	2148	chrome.exe	87
PID 2148 wrote to memory of 5076	2148	chrome.exe	87
PID 2148 wrote to memory of 5076	2148	chrome.exe	87
PID 2148 wrote to memory of 5076	2148	chrome.exe	87
PID 2148 wrote to memory of 5076	2148	chrome.exe	87
PID 2148 wrote to memory of 5076	2148	chrome.exe	87
PID 2148 wrote to memory of 5076	2148	chrome.exe	87
PID 2148 wrote to memory of 5076	2148	chrome.exe	87
PID 2148 wrote to memory of 5076	2148	chrome.exe	87
PID 2148 wrote to memory of 5076	2148	chrome.exe	87
PID 2148 wrote to memory of 5076	2148	chrome.exe	87
PID 2148 wrote to memory of 5076	2148	chrome.exe	87
PID 2148 wrote to memory of 5076	2148	chrome.exe	87
PID 2148 wrote to memory of 5076	2148	chrome.exe	87
PID 2148 wrote to memory of 5076	2148	chrome.exe	87
PID 2148 wrote to memory of 5076	2148	chrome.exe	87
PID 2148 wrote to memory of 5076	2148	chrome.exe	87
PID 2148 wrote to memory of 5076	2148	chrome.exe	87
PID 2148 wrote to memory of 5076	2148	chrome.exe	87
PID 2148 wrote to memory of 5076	2148	chrome.exe	87
PID 2148 wrote to memory of 5076	2148	chrome.exe	87
PID 2148 wrote to memory of 5076	2148	chrome.exe	87
PID 2148 wrote to memory of 5076	2148	chrome.exe	87
PID 2148 wrote to memory of 5076	2148	chrome.exe	87
PID 2148 wrote to memory of 5076	2148	chrome.exe	87
PID 2148 wrote to memory of 5076	2148	chrome.exe	87
PID 2148 wrote to memory of 508	2148	chrome.exe	88
PID 2148 wrote to memory of 508	2148	chrome.exe	88
PID 2148 wrote to memory of 4056	2148	chrome.exe	89
PID 2148 wrote to memory of 4056	2148	chrome.exe	89
PID 2148 wrote to memory of 4056	2148	chrome.exe	89
PID 2148 wrote to memory of 4056	2148	chrome.exe	89
PID 2148 wrote to memory of 4056	2148	chrome.exe	89
PID 2148 wrote to memory of 4056	2148	chrome.exe	89
PID 2148 wrote to memory of 4056	2148	chrome.exe	89
PID 2148 wrote to memory of 4056	2148	chrome.exe	89
PID 2148 wrote to memory of 4056	2148	chrome.exe	89
PID 2148 wrote to memory of 4056	2148	chrome.exe	89
PID 2148 wrote to memory of 4056	2148	chrome.exe	89
PID 2148 wrote to memory of 4056	2148	chrome.exe	89
PID 2148 wrote to memory of 4056	2148	chrome.exe	89
PID 2148 wrote to memory of 4056	2148	chrome.exe	89
PID 2148 wrote to memory of 4056	2148	chrome.exe	89
PID 2148 wrote to memory of 4056	2148	chrome.exe	89
PID 2148 wrote to memory of 4056	2148	chrome.exe	89
PID 2148 wrote to memory of 4056	2148	chrome.exe	89
PID 2148 wrote to memory of 4056	2148	chrome.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\TLauncher-2.86-Installer-1.0.1.exe
"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.86-Installer-1.0.1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:236
- C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
  "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1908426 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.86-Installer-1.0.1.exe" "__IRCT:3" "__IRTSS:22693301" "__IRSID:S-1-5-21-1104443672-3570440473-4052989528-1000"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2252

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\42b4b5cfdfd84fe39f3db839f59063e7 /t 2196 /p 2252
1⤵
PID:4360

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffcf079758,0x7fffcf079768,0x7fffcf079778
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1844,i,3074259162873552679,31862170153038466,131072 /prefetch:2
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1844,i,3074259162873552679,31862170153038466,131072 /prefetch:8
  2⤵
  PID:508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2120 --field-trial-handle=1844,i,3074259162873552679,31862170153038466,131072 /prefetch:8
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1844,i,3074259162873552679,31862170153038466,131072 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2916 --field-trial-handle=1844,i,3074259162873552679,31862170153038466,131072 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4440 --field-trial-handle=1844,i,3074259162873552679,31862170153038466,131072 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1844,i,3074259162873552679,31862170153038466,131072 /prefetch:8
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1844,i,3074259162873552679,31862170153038466,131072 /prefetch:8
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5068 --field-trial-handle=1844,i,3074259162873552679,31862170153038466,131072 /prefetch:8
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:4856
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff6dc6a7688,0x7ff6dc6a7698,0x7ff6dc6a76a8
    3⤵
    PID:524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4864 --field-trial-handle=1844,i,3074259162873552679,31862170153038466,131072 /prefetch:1
  2⤵
  PID:1120

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4448

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4344
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3696
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3696.0.560966594\1544976263" -parentBuildID 20221007134813 -prefsHandle 1740 -prefMapHandle 1728 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4b85ba5-5fe7-4b4c-bb89-05e281cc060c} 3696 "\\.\pipe\gecko-crash-server-pipe.3696" 1828 1fe189d7758 gpu
    3⤵
    PID:1840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3696.1.1200267706\732608757" -parentBuildID 20221007134813 -prefsHandle 2172 -prefMapHandle 2168 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3f1d111-136f-4ce2-89ff-872073b35016} 3696 "\\.\pipe\gecko-crash-server-pipe.3696" 2184 1fe0dae4e58 socket
    3⤵
    - Checks processor information in registry
    PID:1452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3696.2.947015501\1055280927" -childID 1 -isForBrowser -prefsHandle 2932 -prefMapHandle 2832 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {709368a1-a223-4f8b-b49f-a9bc8f1720ef} 3696 "\\.\pipe\gecko-crash-server-pipe.3696" 2768 1fe1cdd8558 tab
    3⤵
    PID:4192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3696.3.1508512378\1520181156" -childID 2 -isForBrowser -prefsHandle 3416 -prefMapHandle 3412 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d86cfccf-12a3-4bcf-8413-44eead6cf046} 3696 "\\.\pipe\gecko-crash-server-pipe.3696" 3432 1fe1b212d58 tab
    3⤵
    PID:3476
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3696.4.1645262384\1508709663" -childID 3 -isForBrowser -prefsHandle 4120 -prefMapHandle 4116 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {204978a1-ccb4-47ae-8cfd-5185cdf508eb} 3696 "\\.\pipe\gecko-crash-server-pipe.3696" 4132 1fe1ded8b58 tab
    3⤵
    PID:2928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3696.5.964059413\1726964845" -childID 4 -isForBrowser -prefsHandle 4864 -prefMapHandle 4860 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {82ed651a-7c34-41fa-9703-1f568d4e1ed0} 3696 "\\.\pipe\gecko-crash-server-pipe.3696" 4872 1fe1ded7c58 tab
    3⤵
    PID:2388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3696.6.2022120796\230637917" -childID 5 -isForBrowser -prefsHandle 5008 -prefMapHandle 5012 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {23b07e11-704e-4a74-8e8e-ef4ac66ac6b6} 3696 "\\.\pipe\gecko-crash-server-pipe.3696" 5000 1fe1ea82258 tab
    3⤵
    PID:2532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3696.7.1808892209\1918448390" -childID 6 -isForBrowser -prefsHandle 5204 -prefMapHandle 5208 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ff65232-50c4-4935-900d-dded5c791103} 3696 "\\.\pipe\gecko-crash-server-pipe.3696" 5196 1fe1f080558 tab
    3⤵
    PID:1532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3696.8.128906750\1255442831" -childID 7 -isForBrowser -prefsHandle 5712 -prefMapHandle 5708 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e94203ca-fd7c-44fe-924f-d52663754977} 3696 "\\.\pipe\gecko-crash-server-pipe.3696" 5720 1fe21443658 tab
    3⤵
    PID:720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
195KB

MD5
89d79dbf26a3c2e22ddd95766fe3173d

SHA1
f38fd066eef4cf4e72a934548eafb5f6abb00b53

SHA256
367ef9ec8dc07f84fed51cac5c75dc1ac87688bbf8f5da8e17655e7917bd7b69

SHA512
ab7ce168e6f59e2250b82ec62857c2f2b08e5a548de85ac82177ac550729287ead40382a7c8a92fbce7f53b106d199b1c8adbb770e47287fc70ea0ea858faba6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
7d2ad64bdd7fc3ac218f5b6731cca56e

SHA1
279e34d702cf23ca17d7c8eec34adc43e4d0e4b5

SHA256
b89d898b187cb61a05827d72b6aebc0fb929690d054b49dc199c02cb5d64f442

SHA512
b21f519f72037ab67a384699c964e31e29525b33baade6fccdf6acfeba83e66b566791ae37fc1b4a06257bfd33a5fc96e7e25de6d11a3f667ae64780a3b8dfd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
de9b7237aadbff6b7a10ce02d1468b19

SHA1
281bec46e5aa4de09aa07bdb1b74615d6999ee7a

SHA256
14d3e5948259fab3596ef5246184870b0122ea1704b3530419be0bee255058d8

SHA512
7f5c040c84aec8dc9e261d8acde0f27729f24c7e2792fb09ebcee388bb6463180071a3cc48c60a0c3d7b19d3d4d1172fefadb8ef48233ba7fcaacb5c8853cc6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9ef749ab0e5fb872f10176f99c0e4cd8

SHA1
7a4fe33815080b7520ab512e9e6b0a3c264f523d

SHA256
120b59c8c7e318277e7dc5e0ed5494ed06dbb98f5c4f1498c7af693b03e6ae79

SHA512
f30316d59bed5d290002a68dc01ecf94c63aa1bc6e532807adc0afde4b3d6ec8e927fc531ab2fe341087ba91893421ea27841192acf0fe508f641c01da3e393d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
a2236137a8d5e87332d85949c6d4f695

SHA1
eb72d35cccc7cf240f06c7a32f0f06a1851843e7

SHA256
79c86878a3f32f194cf493481f8ac4a5d5f9137764e88298ab6bb7d2ea58ae18

SHA512
400e3a9d867f9f52f8bc50392d7e746aa136812fe0a1cc214b8abefa31bba4af3cbc93d5186aed76cbe9fd1a568ff81100c7544015b73c0f6eed2627fa79a383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
d2ef4348d6e7075e145d07f1a8e64ff5

SHA1
59f52426e4eca688b93c9f07b2c6fd301028b79d

SHA256
e3fd77569f84d9002bafae14a113538e1fad6a9a4cbed47f64c8514d41c4aad6

SHA512
f03bd23ad5ea205c5ed5688cb5e990cb7f85e974adf5c23b0013406fb7d01bc64c8d158326f37000496a2da4de0b650c5c0e392c9dc2e21496fbe173dea22e9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
16a7141036b357029dc96c053234a673

SHA1
64c31a52b4945c38acf7689df69b75c0ce3276f0

SHA256
ea41d919d7f0bfca9847049dd7327fb859f120b7d0538b4de520078bd75f3c0f

SHA512
e75dab4d6ca27f62a1364a5f6c1018f67806c277f55acff4bb0f2eeb2e78db22e9c68329062c43f1d338816a0e54585a1320d7856eff73fadfc4628b14caf8fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
cc3715069044315d118e69a0d2769b7c

SHA1
708ead80f2d4ef5a3f17d616f73e6ceb74b0b79d

SHA256
c852e620c9c31fcede8c9fec7aa082b862ae2503852e822dbccc598b4081bc34

SHA512
9bb3b189e98740a177f9f118f17449a0a99c6de999824e44543b03d562da7f2999e60ec76cbc10dd69d685f8d34c6015a0e28cb110710451b726926d63ef28ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
afb28f8a0188da1bfcd1f8578b9658a4

SHA1
b1776e991c09708aeae709b504898584f28ea92e

SHA256
67ac702aa122a32a28a314c123aed91c0138a022ddabd23cac0e54a52a8013bb

SHA512
e263a2048d28d59366aac0757dd7f157a1da97020f485879116c6eed38c1db60117ba4e80027c311a613f3806ac163a84310f8fead8d262602564d2c84e85cd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
53cdba7e40124424e22a7fb537a1ec14

SHA1
20ea1007e9358b341225e2dc070ceb07ddb74107

SHA256
213d37e59e9dea5ba17e4b6a1451922e750310fd56689121a792d32ea506e1f1

SHA512
b1b8a7b90ecbf6c18a96af54441129cee80f031c8e234d870471b58bc77813cfd27e93027a6d52ac8f5720a85be8269d04964508e94d4db18f2782ee341f664f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
53ee813774cc1cbdce7c615f1e40c502

SHA1
7f3d5ca607ac6012087e2ba2efeea7488de39eae

SHA256
f5f7e6299a1dfdffbda216359f53ccbcbc4d17d8932667172b5eef4643a0322b

SHA512
06051c01a8772671027612e6fdae281169b55173598b0431345bd87e4da8486a54007e38606e26f0036d768bef6dbe1c66de696aa4d565794a24cb395b99531f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
075285652229bbad48c65d36efec150d

SHA1
8d600dbf121a21f1658e487bdeda9b5c4dde8ca8

SHA256
57164d2376bfcf3652ea32d6f0c2a11b794ac42e56bcf55f20b5c613692c01bc

SHA512
561779a96b89ec3f2c6a83fcac2c0b3828e412cf05a1fb8f1d9d3d0cce2daa734c921ff23bf4dc7bbabec7996fae4d6230af1784b27362cd97e565752e21163f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
a5a3870e85c106d87aba93805a31d80a

SHA1
9239c44ba3998d028a6e05df303614ed5b93c055

SHA256
73a52baa1c2723a72a5f0fa11553368f0ffd8f1ffd7770421d1ffc9dee5742aa

SHA512
1a86b678d2861f238a9e677b6a87eeeeb08ab96210c685a91a438623e6a7b27195ae6e485abc22b9c3ae23bb29749fb702ccce74219d27999a2e11b74da424d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
8729c1d3afbf18772eea8af5aa94dbe6

SHA1
93322f6ff7dd72c98c636acc00943faa75edb413

SHA256
3637da621ea123b4d21a40ce100c359cdcaa1c12cfb0f2a7a38655e961f11990

SHA512
b3c7b7e2e8813e6fbac3dd10c28ec3610f1deea3e627762ab2ec7e8d94fe318751f7e9f22a06c0c209a72ea9d3bd556bcae02fe93f5aff63e9fe45fa6eb62bd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\cnkbikd0.default-release\cache2\entries\36FB0FCEB190E58A7FD3A8C121CF0E03C989C185

Filesize
33KB

MD5
c7befb5fae2f362959352e29508fe3cf

SHA1
c18d076b5d1e4d800e3593614a56d7f5a80f75f6

SHA256
9f818686df571f0658c473b88cf1570066ed4c100d52b10001cc7e680f531a90

SHA512
a9e36de0d70fc68489198cfe2e5484db629a25feebba80c11a6d8c71bb869e862c626bfdeb103902dbc0b9cfadfaafff50846091579dbedcbca73e634f6955ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

Filesize
116KB

MD5
e043a9cb014d641a56f50f9d9ac9a1b9

SHA1
61dc6aed3d0d1f3b8afe3d161410848c565247ed

SHA256
9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

SHA512
4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.PNG

Filesize
280B

MD5
08e076e5bd1c9736f740ce51ba176e19

SHA1
aa9fd5cf9dd15025db3c00812874da588ba3af5a

SHA256
2631440f073843a3303bbd84badca329dc3fbdfb1f02fab29d942974b32bee94

SHA512
33116770ccbbc54586853055dc7de9c5665b8e93749becfbd90af4fb61e5f1ef04bf4f0f277e29ef2d5dbee22c0077623bebc10fe05895b0d399a013cc01dc7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.PNG

Filesize
281B

MD5
07a3b8fc5002fc45c2b85b4da8707867

SHA1
8dc04640e126525e461b7958150d8fa5b889c585

SHA256
42f065601e38b4ec134f94abfa2fef6e4dee23e04a35dbafb442460090983f87

SHA512
93ef8d12a75833cc44d4b82ddf1cc2d98ebafc17b11a116de92d6a7bce613f7cbe0d94e68a15f341b6624371a0df69e4520df9fa4623666344f93cc3634c2453

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

Filesize
1.7MB

MD5
1bbf5dd0b6ca80e4c7c77495c3f33083

SHA1
e0520037e60eb641ec04d1e814394c9da0a6a862

SHA256
bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

SHA512
97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1024KB

MD5
e47757c0befcf7ab241da553a7f87b1b

SHA1
696e16ac1a27a8f6a70fba95af5d210985d59ef4

SHA256
60c26ebea5932e6b56414098fb3361a5962cbc5b77aa5cc2b1eafa8924eab541

SHA512
ca8b1634e36cf03bdb24c652f34e2479e381ba8af1bf6ad1fbc8a69371d4fee40866c58c137d580625b2fc1fbc97cd5d5b589cb6a343d44690f16e1605d07a6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
576KB

MD5
8bb5f0461aceeba3a6d90931f0949c18

SHA1
bbe81497cd2d0b906de76bebf07a9b776320550f

SHA256
1ec4a1a37501e7203d3127790a5adce1acdc66aac33636bc28d1c79af19bf9c8

SHA512
e27c68cad4e0285c05fe33c1d42b6cf5d8bd27673773a7fc79b9c0f6fd2ff32e2315680a197edf543af06c6b67aba67bb99f094d04d4ca37e9cd6e1e1d44d072

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
128KB

MD5
0dd4ef6d2886449d041dc72352a8c1be

SHA1
4819159a9cc6c599d85c2ec8831e566234f2d152

SHA256
b830066122968503a20052359dc05e6af8221462002fbbf15359323c255ac00b

SHA512
16a5f4755b6f2b331dc2cc49bc56aaa1155a573784ee47f334f0c76bf648af97a6863c590129f01e264dc629a5c7407e203c7896b0d38d0962e9d1c775962356

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cnkbikd0.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
622783cd9a67113b3368ebe9bdb7d048

SHA1
5496fdca0b3fcf3fcac1affc1ac467220f34065f

SHA256
efd783932a8f9338e7abfb60d28c28754032bd4d604695a67c945fd19e257dc7

SHA512
d717e4d9996c34507f5907aa4ba1f6d1729dd84e91be5d9f71b5efafa8b4c03864f26e214c88619f14752756a455bca139d4e7d3578f94470e31a66411c19103

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cnkbikd0.default-release\datareporting\glean\pending_pings\33dc24ca-839e-40e2-bc59-fe9196298798

Filesize
746B

MD5
e828fe823af97db9b4c1a0fd87fbc7e6

SHA1
0b11401541e21fde0c0eb81ec6fc7cbf09dee85d

SHA256
c44acd5ef5198664c3c8ca42037b087a3e0d78d30c3ee6182ac480f9690bc3aa

SHA512
670b196b7da1710252944941d2d91791b88d145447ff10a32afe0748ac08eb6952d54e65f1d116071615552acfd794e068d2c3466abc2f4d4685368ae612c955

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cnkbikd0.default-release\datareporting\glean\pending_pings\bf1e59d4-bd82-4dad-a650-f82079238187

Filesize
10KB

MD5
86d47667a5c19b1b4d09b33f03ff7485

SHA1
f66f221d9536ef546a302da035da9571da8397c6

SHA256
b3492c3787be85ac0713545d14572dfa72d16d56f2d1d4be515ab7152d76480b

SHA512
a3ee80bc36a99cf9dbc44faebd7506e41f8b87e6d661f7ed3a0497ff6e6ffba89ba8b3042486ce4079588c59e2c6c6832c16eacbccfc32e81f3989f4c775262c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cnkbikd0.default-release\prefs-1.js

Filesize
6KB

MD5
eeb46f4cda71e359ffbe8b92baaed602

SHA1
8a637d372a7b36d34baa6c2d4e83dab8b2c7d512

SHA256
437418d96c847d7130f1c67f79912bbe11c9cda8e0e7f955cdc34d00c52262f3

SHA512
aaf5581102fc009807c90184161bd8302cb82a2021d1a051ea67514ba6a7221478b1fc6591691f8552f0e193cc4b723ff63f71a1796ea2ee888c36a26cbad405

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cnkbikd0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
bd720e14fd728efb488015eef32e0a5a

SHA1
878519055530b61dd9a1f62a05e0397996136bd8

SHA256
29e0034797d99b3ba87e5589f683332011dc7a8ef68615ecca6bf13ac54eec4b

SHA512
ce9a32a5bf9022ff53d9fe8fcbb2aacf0a0d25de72cbefec152e5d6eed464489bad374feaf3c3b6ca956f7fccbcc45369dafd8dfc909540e328b026292031d42

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cnkbikd0.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
0370d64203ed876dd887e9b5e472ae33

SHA1
c71152fcad3d7e27c81c519d35017a8afbbe1884

SHA256
49f49e178f12cfd91c1652b11d7b5107bb97cfa41337e8ad5fd397df347a0d5f

SHA512
478fba67a8dfc6a3b6218bc3195836184e811051292bcf7837bb667372c9253f9a3aedf045a749f090b054b94a49a6a3ce8281290e0dbac4c2d61489f1513db6

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
320KB

MD5
38553dbb7407ac02009e5c6b426370e9

SHA1
cfdff949f1ea600772d1f00ba23cdbb28265cedc

SHA256
2f172ee342e9517fbced518f39a64b667315a1d829479b7ca370dcb6189d28df

SHA512
531fb95f1ff2b604af2151ebf5dc8ba46b35e4c741558691145903c918c51e9e93c976cd7b90c83801873ecaa95fdec3c9327a24d73e19fcdc8c7814c1ec7e7e

Download Submit
memory/2252-8-0x00000000002A0000-0x0000000000688000-memory.dmp

Filesize
3.9MB

Download
memory/2252-329-0x00000000002A0000-0x0000000000688000-memory.dmp

Filesize
3.9MB

Download
memory/2252-297-0x0000000006370000-0x0000000006373000-memory.dmp

Filesize
12KB

Download
memory/2252-295-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2252-330-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download