hxxps://www[.]sendspace[.]com/pro/dl/x1wf1p

Resubmissions

09/05/2024, 05:59

240509-gpzxtade8s 3

09/05/2024, 05:39

240509-gcfneadb3w 1

Analysis

max time kernel
447s
max time network
450s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 05:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.sendspace.com/pro/dl/x1wf1p

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e93610000000002000000000010660000000100002000000004d62fdd33ef5a332c35de5b636c0081bda30d5d4eddae3008ec04e5fbe35f8c000000000e80000000020000200000003c2056e07483bffd2b1d80e330e80a68d408637928c7edb368ab2ce404735a0120000000a28e8a96f20db937d20b300517f9a0f52fd029399913873a3a23c5c7824befe240000000db91d863f4b353029898abaed59e54f178de905b22d200692d8cb112f40c4346948b5a3905779bb273ea7ff42f92fd66954a62dfb21ea5548c000ba627d4b2a0	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7E9CD651-0DC9-11EF-B04F-52AF0AAB4D51} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5027fa52d6a1da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421396321"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000c829236dc4e8b9805a931db1254946659413819246516291925d048e112fa1c5000000000e80000000020000200000002267a7460e35d80f6e0a9c1091b64695e747013d7ed0da23b360706a7e8ca6b290000000a256f2373c4fe7c4b84f82ce0bc4ccfaabd8112885f30e604b68d699fa3daf6d726c7a37a9535052ff46c306b33bf16583c8ccd049fb166fb92770e6f11ff37d9c65794bffd5f2c206fae7352f49fa7ab0d69bde3a1f5536f4b67d37e9e9a88b31ee7a4d258de81288a78299cdd7e4ac398ff7a9f24c585f78abc3838cf3e06863f6dccaf93e1d30b95c04c56c65952240000000dfb260a0a7d140a51c5ce1f8f304e2a8137183a0021a51c9a69729fb4e38016a024c66debb6c22d91d71d20e9e7fefb40d091e2056d50cde95593fe96e0520f1	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_Classes\Local Settings	rundll32.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\INVOICE-VBDSJ09HSJA.svg:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\INVOICE-TBSACOPMSKAS.zip:Zone.Identifier	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3692	rundll32.exe
4332	rundll32.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	1844	firefox.exe
Token: SeDebugPrivilege	1844	firefox.exe
Token: SeDebugPrivilege	1844	firefox.exe
Token: SeDebugPrivilege	1844	firefox.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
1844	firefox.exe
1844	firefox.exe
1844	firefox.exe
1844	firefox.exe
2824	iexplore.exe
3544	msdt.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1844	firefox.exe
1844	firefox.exe
1844	firefox.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
1844	firefox.exe
1844	firefox.exe
1844	firefox.exe
2824	iexplore.exe
2824	iexplore.exe
2304	IEXPLORE.EXE
2304	IEXPLORE.EXE
1844	firefox.exe
1844	firefox.exe
1844	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 1844	1976	firefox.exe	28
PID 1976 wrote to memory of 1844	1976	firefox.exe	28
PID 1976 wrote to memory of 1844	1976	firefox.exe	28
PID 1976 wrote to memory of 1844	1976	firefox.exe	28
PID 1976 wrote to memory of 1844	1976	firefox.exe	28
PID 1976 wrote to memory of 1844	1976	firefox.exe	28
PID 1976 wrote to memory of 1844	1976	firefox.exe	28
PID 1976 wrote to memory of 1844	1976	firefox.exe	28
PID 1976 wrote to memory of 1844	1976	firefox.exe	28
PID 1976 wrote to memory of 1844	1976	firefox.exe	28
PID 1976 wrote to memory of 1844	1976	firefox.exe	28
PID 1976 wrote to memory of 1844	1976	firefox.exe	28
PID 1844 wrote to memory of 2588	1844	firefox.exe	29
PID 1844 wrote to memory of 2588	1844	firefox.exe	29
PID 1844 wrote to memory of 2588	1844	firefox.exe	29
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 2636	1844	firefox.exe	30
PID 1844 wrote to memory of 1372	1844	firefox.exe	31
PID 1844 wrote to memory of 1372	1844	firefox.exe	31
PID 1844 wrote to memory of 1372	1844	firefox.exe	31
PID 1844 wrote to memory of 1372	1844	firefox.exe	31
PID 1844 wrote to memory of 1372	1844	firefox.exe	31

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.sendspace.com/pro/dl/x1wf1p"
1⤵
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.sendspace.com/pro/dl/x1wf1p
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1844.0.64622433\416299337" -parentBuildID 20221007134813 -prefsHandle 1216 -prefMapHandle 1208 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ac8e41e-0db2-41f5-8c0e-be1b34c76c02} 1844 "\\.\pipe\gecko-crash-server-pipe.1844" 1296 45e0558 gpu
    3⤵
    PID:2588
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1844.1.206412679\1121223135" -parentBuildID 20221007134813 -prefsHandle 1468 -prefMapHandle 1464 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b17afbe-ddbe-4343-b973-8793366772fc} 1844 "\\.\pipe\gecko-crash-server-pipe.1844" 1496 d72558 socket
    3⤵
    PID:2636
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1844.2.638630028\603382340" -childID 1 -isForBrowser -prefsHandle 2096 -prefMapHandle 2092 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 800 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cf83613-2676-4df4-906b-b62ba529af7a} 1844 "\\.\pipe\gecko-crash-server-pipe.1844" 2108 19fe0c58 tab
    3⤵
    PID:1372
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1844.3.6951643\1371649858" -childID 2 -isForBrowser -prefsHandle 2752 -prefMapHandle 2748 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 800 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {54c2c5fc-559b-4404-9131-0eb7b785f8a2} 1844 "\\.\pipe\gecko-crash-server-pipe.1844" 2764 1ca46058 tab
    3⤵
    PID:2108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1844.4.2091457779\2046377997" -childID 3 -isForBrowser -prefsHandle 3656 -prefMapHandle 3652 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 800 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3b3ea5f-204b-4bf8-b71d-89e35729d7fb} 1844 "\\.\pipe\gecko-crash-server-pipe.1844" 3668 2077fe58 tab
    3⤵
    PID:1324
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1844.5.604937820\322215539" -childID 4 -isForBrowser -prefsHandle 3772 -prefMapHandle 3776 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 800 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {695e66dd-83fe-42ce-83ba-bb5ff6a3b148} 1844 "\\.\pipe\gecko-crash-server-pipe.1844" 3760 2078b158 tab
    3⤵
    PID:1792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1844.6.1917057763\841363419" -childID 5 -isForBrowser -prefsHandle 3936 -prefMapHandle 3940 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 800 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9cbbb0a6-13b0-4d5b-a904-6220809aab8b} 1844 "\\.\pipe\gecko-crash-server-pipe.1844" 3924 2078c058 tab
    3⤵
    PID:1684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1844.7.1537315173\447526440" -childID 6 -isForBrowser -prefsHandle 4300 -prefMapHandle 3176 -prefsLen 29804 -prefMapSize 233444 -jsInitHandle 800 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e205c6f2-a2f2-4b81-b1a4-68a5c8c1defe} 1844 "\\.\pipe\gecko-crash-server-pipe.1844" 4332 d2ea58 tab
    3⤵
    PID:1700

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\INVOICE-VBDSJ09HSJA.svg
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2824
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2824 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2304

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2792

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\INVOICE-VBDSJ09HSJA.svg"
1⤵
PID:2208
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\INVOICE-VBDSJ09HSJA.svg
  2⤵
  - Checks processor information in registry
  PID:2224

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" ndfapi.dll,NdfRunDllDiagnoseWithAnswerFile NetworkDiagnosticsSharing C:\Users\Admin\AppData\Local\Temp\NDF32A4.tmp
1⤵
PID:3384
- C:\Windows\system32\msdt.exe
  -skip TRUE -path C:\Windows\diagnostics\system\networking -af C:\Users\Admin\AppData\Local\Temp\NDF32A4.tmp -ep NetworkDiagnosticsSharing
  2⤵
  - Suspicious use of FindShellTrayWindow
  PID:3544
- - C:\Windows\System32\control.exe
    "C:\Windows\System32\control.exe" /name Microsoft.Troubleshooting /page "resultPage?keywords=+;NetworkDiagnostics"
    3⤵
    PID:1892

C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
1⤵
PID:4480

C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
1⤵
PID:5004

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:3864

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" werconcpl.dll, LaunchErcApp -queuereporting
1⤵
PID:3272

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Downloads\INVOICE-TBSACOPMSKAS\INVOICE-TBSACOPMSKAS.url
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:3692
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\INVOICE-TBSACOPMSKAS\INVOICE-TBSACOPMSKAS.url
  2⤵
  PID:1520

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\Downloads\INVOICE-TBSACOPMSKAS\INVOICE-TBSACOPMSKAS.url
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:4332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
03e599b0a00fb3d8d9caabf6a752dfe0

SHA1
c9426dbeec8e3d88405c1ed68077aea414216d5c

SHA256
89c9f5cb87562d17746a31bc710d55ea4506ff56de126fd3a693429bec5eb2d1

SHA512
eea8f4837e7d894811993ed3c2035b60615640a79157cfd2b71e74030884c6bd79eb5d8e28f68e84f55cf0a731e240fcba332d6dec4c538bcc87e073df10f153

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32737444bf1a322580d5d7ea02618920

SHA1
74eec5e0bf438eb935d703c7f72f87e9c3de1ea1

SHA256
9cf1e9bd5e91ba4bda7ff1238854c73bf78af7a801b18dbc563ab18442f3ab13

SHA512
f35a9c5173967505e07e9a82a0d3329d560e0a1417c9d75fc423cb61597280b9f4464ad131c5b6eba4df845e0a86bdac22f52280dfda2b6785269234af2105ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e0c21225d4486352510b2dd87b850fcc

SHA1
6368809df4b93e1c21aacc3049c7b1a71a7c3e02

SHA256
8d129f5c3b428aa514f9a0922b50c7b263b6c691f5e0f66f2c083615031c1c92

SHA512
15aeec809fb84a9a1571122c544f4f2b919c75c636f97e0c6c220156520e21c7bbce7c99f18e08cef9e9ef2358bd92871271f7b1e173092000d74aa75798c024

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b3fd4f25fa4b75b2fdbd8a7befcaea13

SHA1
896ff61b0ff16c1493c08f6671cf7329073d52cf

SHA256
07705eb413d677529d6ba882fb9dbfc2c548fc6c692fdf6c830a8942b84bf6b8

SHA512
4949304cf0ca4e54b467550f494248a3bd30a5daacb15eb908a16535b51a62f970018a6d7637e90fb6f28f0044e7fe144a2d954d69a63e9b618694d243ae5fc2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7e7916f3fba7864f54a50ca17850aa78

SHA1
5da336fc3943f05a6ca351eafc3ee131bad79ad6

SHA256
86fd14d4b38065a69bf1187d5fd1bc76d1ade83493b950cf476de8c6ee56856b

SHA512
523802a1ec9d5ec9457defd16909495f0097373eef6a1e0dd7f8141b3d74bfa5c41ad7db30eaee14057c660c893031d6e2ba205d95e684aa53d7bdf3870377cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c6bda52b799d61f0199baa7bf6f809f4

SHA1
2231a5d21cd4ea6012951894187a0d61f116a41e

SHA256
4da059c79dcc3b4701fef64c85bde43809aeee1fadbdb7b9a3ab5f34697b582e

SHA512
01e6ec7401430b50d640d1ade07557f6940f372aa585d0a1e86939958bc38318b0cd91f40b9e144d7a0b89ad454fe28f725c458b9a8373ad25b37e84ddbbe44e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c8d76ea957dc6ab7fdd88a3178b1f4bb

SHA1
da46e5c64e914ef77d742a0624059a62066aa3ad

SHA256
9e18ac283dabf7e9bccaf5d8bc28d98d6ebadd92b04d18f9ee597f612c0e271c

SHA512
7669b64ced1e7d65609c4abc6a6e0643017dec118d157bc9d07bcec557f35dd4735a79c3e423c30ec8a541364599cf922355bc53ddd4c0081d1943f0438881e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
63eab9064244d8f2daffe32caa1b4297

SHA1
1bb150d6c843681f23dbd5e8606ba95044069235

SHA256
efd509d5a905654bc00a5cf6cc92c85ce86cdc3e213f6b01cee4c725b46c9d8b

SHA512
882b25608c697d241e29baceb015e508bd273b98ae86aa1862887d68828580fac544fc72636fd8c79ccb82f4998c210035fcfd21dd9ecdede435d4d9e33d5afc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
963a67335e271ee39661ade319b2a60d

SHA1
7fb0a0eda47195de8585b415d899e784b460887b

SHA256
bc696f4cafaffab967b650c4d69d25d2867682b37c4ec5aca0e06368dcc7be37

SHA512
5b42e4d8c7fe8fc258cf1de8da3714f67089b1fd994ed3a3bcfd56662403b3a4c562cd237a6ec366622ca2e9400e497ca23ef5b63e88b582b68d49b8268c7b45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6bb686692b8b16d5de44e28fa8af79bf

SHA1
1a234c059581ac1177b9feae19d1b7e60367ce5b

SHA256
5f51934647fcafd3bf9ace9a7c7f1549a332d56a02b128670e848b411f38ad0b

SHA512
8c6904a5ce9f2e01f23187f5495410a1251fab2d4b966d2bc798b9b92ba25a8419714db196af2dfcc8426a784ba3c0b4020cab88083be2b668c04b1553495d43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4496b082162f3602c606a7a037038808

SHA1
0b842fea3117d60541469ad1ab17c5877a07baac

SHA256
c77b0f2f7d9120c58bdd7c11811b485101d2ab39defe3063b106835821c0e343

SHA512
0bf1d05a830a91fe6941aac62b99461ab8519612695d9b220d7f611d8c24912c384b437f2a1b6784a085a755114e753e236f0439da0c58c3d8d0dbf98d9a43eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2648c94f7f64af3d6498494976bdf1f

SHA1
396b760611ec4359ea29847f7345690f15e4f4b0

SHA256
085cc66d417ec0a547ab44eaa78d4abaf0a0117f2e905a9e1436192b8f260eea

SHA512
78e392ab01da0beec1ae153f7efa2b0c5673ca8f2cf4a3be9c645dc5cc15baa23c0c7122cce4ba5b49aad7f458a0e943b26c6153c2f4781c02ca7babf7d2ba3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a6625e6fe389b4fba71618fbeae6738

SHA1
b4079f10350cf2fedae929f311d824425b6d5c2b

SHA256
b35d1eb45f8e31c8dd46d6df999fea48e8cd4108358e2466af27b13451cece15

SHA512
75e82b14d0706efaf835c64eaeefc1ebbe171cb617a4f11e1f7b7b8b3825a0ceea2de0e72b7840a2e9682c021f32e878c5e959d99804c10b66326c32aac0ee86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cce7e09735639209c951bca5c57c792c

SHA1
a08205aaf95a880a3ea96f8d3c281f04f1c2040a

SHA256
e89a16b51586815e13df78551d63a3b8b929b93c2c2766e162085107bf2fea07

SHA512
e308145c083410c3a967bac529b7f37b27fd753b16a45e2b5ceb696a06890ccd91398b423a7fcd227324ef4a0b3bda3f68d1848d0f74c314cb5361ad86730832

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024050906.000\NetworkDiagnostics.0.debugreport.xml

Filesize
65KB

MD5
8e1ce560956f6edd86724b6767a0cce2

SHA1
1c67dcd29018e79b661a167a65c9955f49d30960

SHA256
d9d54f807dad65941e0d3aaf80a598fe293f921fd36fc4b4f386671f8ab711c9

SHA512
d538413b53adf3a52500608100354c20b1111b0ddc5f63c3b98e725a8fb992144afc6a22c301a55f6de3e233efba387eca5618a1acc4a18520f8e16e4a894baf

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024050906.000\NetworkDiagnostics.1.debugreport.xml

Filesize
6KB

MD5
d48ebdb703a1757926b027452f1b7001

SHA1
58e8d3b2160b63e4a5880060391b6f5bf7bbb6a6

SHA256
f7b326d9e50d0b4353502b9933905aabcec211bb0e45da94a47b18511d675634

SHA512
07969c845265c042231eff451dc731b011fe7b1fb54089fe4d700300f516988abea38e92a9e07a4ef5d5a3461139a00131fd1f58a67844f55a9782ee651e0ca0

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024050906.000\ResultReport.xml

Filesize
35KB

MD5
19009047df28e72248fc42c23669a8b0

SHA1
343c61d34353f8e969c8f2269ba6a0070a897465

SHA256
f05a7c1a69f97675d3125ab65f767dff39589a8c9fcf4cbae5dec2ee88d62721

SHA512
cf6c44a219ac414475024ae261277c7378e3eb3f46dc175e2cfbf6867dc2958df93792a228d208c4e3649796c8d2eaf127e12bb3c5808e60d41e44fba71938fb

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024050906.000\results.xml

Filesize
253B

MD5
840b413cbf5e57a93deecff7e76cf260

SHA1
cdcb54b73ea2acbfaa16e9355b347c2548411026

SHA256
de5825ee63dd98ca86f86652ff81ac75380b3ac4d880ab44d8984b8bf531ffae

SHA512
2130c9f55a3b28492c698def50cf92d805ccee1334c95ca8f9f776f6ceeee91884e751fac42510088a262dd82de01dcd6aaac5186db4a97a221bd8289a72c3a1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ox017b3g.default-release\activity-stream.discovery_stream.json.tmp

Filesize
23KB

MD5
06f37fedeb115b9f3a199dd616b309f3

SHA1
d41426246c52936bf1309cb8b39fdb6f748a797b

SHA256
8d5fba90e7f4dd9cdc728169104d5d3ce72c2af8faf52672ab927ba0da395fe9

SHA512
1ca9d24c786793303292ace9630fce0f584bac3755f226f4f3ab1a0774e2881fe6c2027d80db08f07a63e64b5df2da5059eb32f795ae7470191ba71503e3a88f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ox017b3g.default-release\activity-stream.discovery_stream.json.tmp

Filesize
23KB

MD5
bc046cb1c02af5faf2aa9374147205cb

SHA1
636530021823e5c2292dad536978054781127238

SHA256
9a5e338cf70c9bb1a64bfa7ea49c745791012bf48d90c16752c0279ae5dae6de

SHA512
26feca1b68ecc0fa6d75bc216a80f295223fc9ac318a7ea3552dffd90314081902b30db55ec01baf52d99dc838c6aa8b984bfcdc32244ba157733c33b15f67ee

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ox017b3g.default-release\cache2\entries\CC9AFF3BE02AD27708D587AE49B3DC68644172BA

Filesize
13KB

MD5
251ba1ed5824bd853cba6d5b201b86c3

SHA1
c5ff77735d59e45665562d091272034fdfd13ae7

SHA256
a2786480f5314d7e2ca49a1b348a698af81f364f4afba8ff9413d2d0308e068a

SHA512
ec04d55f5a2dc34144753b085e6ca03a046118f25334270f94b559ae8e91be2eb77e4c3efc665d9e4f69b71c590c48f44af8ff665786794d4754926de7b376b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab698F.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\PLA36D6.tmp

Filesize
195B

MD5
4010ea5ed02478f3c372378d7520d8f8

SHA1
6f6d963892a545903c720f797f52983db46d164a

SHA256
c6e68b1f8921cd49ba68e29680bd468a78e6030fc1a6dbc5e06b8dd839155a51

SHA512
4aa2094d5a0ec60056bfca9929cbf9b7b93871ebe9b4e459ac3f0260605cf7d685efb6ffad49acd8ddc09be626a93d57c995e6db0d1fbe10b4cc0baf1906c770

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar69A2.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
9KB

MD5
83d16776b9e8ba9597b18997dbb3f1c0

SHA1
a5eb46452936b3c659ace97c7a1730e07804dd65

SHA256
6c9ca866f0e5b2b08bcdcf9edffa24430b9635969800063bd446ff6565e83fb8

SHA512
0cf6dc5c82cc2ea6356bfe4f40e0ddb009816afb5a9a0c9bc5adaa8597e73070b46c38b7d1401bf5b55051408ff3e775d9ddd310138cf16c0219d0cb8179bf37

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ox017b3g.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
b7b7891b77db0153b6fc6b31c010c7fc

SHA1
6d4ed317e05baddb1fd032a728268aed4452c25f

SHA256
91da4b08a74bfa33192732ffad7581c8de37efcd302238696b4eb2aff22fe13d

SHA512
373a9e97f5cb4a1d7bd36e519f2bfa7209fc8ed68d3c9a7411b87692c4d7db8c10eb895f5cc79a730701fc18b411323f84e9cc56872b33fae7c070da012d580f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ox017b3g.default-release\datareporting\glean\pending_pings\b36d4732-8071-46f8-8670-19ac2eb0835b

Filesize
10KB

MD5
6b8a23882409db707667ad052f1ecfd3

SHA1
5cbc3f5c72109547bf3a858e3bbd110f72120b9c

SHA256
56db0b444d2bc017bd0aa6c8505fe385662d5a292dd496f382656599565f3fde

SHA512
a0c1fa9bb5feceeb4269f1a51dfcdcb1a2c11c849623b7ddc15b7d662826e9de7a7e3c9a5d487e34532f39ae7327959551f115188062b2e09f0d7d3f7faf6481

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ox017b3g.default-release\datareporting\glean\pending_pings\de44d005-65e0-4fae-8d55-92830cf60e82

Filesize
745B

MD5
07613fa99abd0266b2ff3e16a6da1d31

SHA1
a0a9186d40856f5b1df660cc98826b7c24797344

SHA256
06ebd4ca05238f4220ce9d1ef4c88cdf895530d1d0a0ae92adbddf6d4d713e77

SHA512
85ef3f9ad381bd45181d2961dcf5dd7ae8fd1747b18f20ec8f47742d682eb3461855b98cf9ee9f9f6f5b75e5b7673370a956efd321b78e2c215d6746b3b36b76

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ox017b3g.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ox017b3g.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ox017b3g.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ox017b3g.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ox017b3g.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ox017b3g.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ox017b3g.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ox017b3g.default-release\prefs-1.js

Filesize
7KB

MD5
94fda3a82f72acbe55c306e1bfd5da50

SHA1
130ae76010621385f71702678849e6dc5c78f670

SHA256
660af3f47aa06232eeb015475363ffa784c607d15a05cf00ac8cb6e5649267a6

SHA512
c52e0b684c03b097583798dda8bee76947b3047af68ba34d85144c62aa2f1fd5b23e725e3c10737e9d5dbf15b7b2e8f0ff4a68a514b637946d65ec843fd05574

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ox017b3g.default-release\prefs-1.js

Filesize
9KB

MD5
24b2710f93550475fa9a5b8a56329d31

SHA1
2fdefdf881bb3a206230204a406eb34a0261b864

SHA256
0f49c723693a3cf33c2bf33f4c93e82a90e31c8a4562be0236a5d271de3048d0

SHA512
ec65b397faf6c9c261b0edbb7707975340c7152cb3e71aa73a08211004dfc42fe1401fd0c672e3540e866ee03320a5a07356f178193e76e08a161d0aefc319ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ox017b3g.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
52cd1fdb20e188c5134389f1931c1c9c

SHA1
c375f9338f9b691ba1917f920b5d862c29eba3b9

SHA256
346987111b6baae4967667a12ee268e57737d34b2f32c012f9f01d35dfc96a0f

SHA512
c0ca915c60716c134089a1041edbe6678599d4ff8f203864c3752638b74c760faa811f4a939a9f5518c487481d2c65df3ff3e86d340116eac02bfa95e2bcaf2c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ox017b3g.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
389d3e230394309b36fb8e65a21afab7

SHA1
ca2d0ee84eb1df1688bbf50ec1f5c785d8d1eb12

SHA256
791b28c75099bd6e86fea0b64a8d34144c511209acbf641f249cae39ab42a110

SHA512
5f4c37b11ad7b5cbf4e036987f3de3e02429c6198c51a924fee1b75d8c331bf0905ac54068ed065303d14324902132b5c2daef3902bc2ad193b2fe2b5468832c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ox017b3g.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
b84e19376cfbeb3858e69092bb557e34

SHA1
ef64974f4cc58cab3e13cbcbd2a46f003ef444f6

SHA256
3f72ec0bee09270386bf29ce48eeafdcd59806d43a9223dbd518bbaac4204d76

SHA512
822d8bd44126d5c06e2da038aca22b432146860fb65e42b2cbc894b6f6856e7be1fed8a8e77808052db5755f4a109e3017eaa37269ddd803c00474b0ff13f225

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ox017b3g.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
b09b1dd881ea795cd1b9c717ecdfced9

SHA1
5f7a26dc597cadace97520d4626364973b3521b2

SHA256
0fd19f0b1924a6bcf0ad3d1574aeb3612df8ceab192c49ce73de7a871139d170

SHA512
29ccd2b719043407364dcf35f0be211ac3347b3bf0ac6238e36a889f3b55030cfd8a740901e0e305104b967e721587d56db89c923986148237567001b20f14ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ox017b3g.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
7.6MB

MD5
3b9ed751e882d561be24cdda19a594df

SHA1
d1dd3fa7bebffc566e7413f5da911634ab9bc7cb

SHA256
279bb1d9bad85d4f6fe1c6189512d61740ac9fc8c9da54d6261239addb717db7

SHA512
245a55e538958715b03db0aecfbf731390f363710c9dc63c8971fe3d5d63426aa08f5c581bc5ab9460195eca4bfa4d1c3e165e64661ae98d2c444643bcef3d93

Download Submit
C:\Users\Admin\Downloads\cDhphwmG.svg.part

Filesize
1KB

MD5
c17bd6c58592d3b13f76acb6970c80e1

SHA1
051d65f29593c51312cc817218b48bead50652db

SHA256
98582e229fcb702fe2593db6acdb0e9481efcf8fab541ccf96ecb034b58a540d

SHA512
2953063f58b0930b282ab8beedbca1332a68481d6701a56b79cc914aaac4d035f675649aa7c5eb527568e7415328f2f8e076f2b3cf1ce651e026d5635178388a

Download Submit
C:\Users\Admin\Downloads\gU0mO1Vv.zip.part

Filesize
278B

MD5
b99e578155a742b900cf0d7890fb8850

SHA1
c49d5cb9b1cb718b305b5cdfcd1436a65a07221a

SHA256
16f4b5ef8402b9eb8b0d074d5251930eba897b9e2bd50c187509dbabb6124903

SHA512
7d2cf4f0970928aed92f9decba5b6a0b0f938122cd29bb20e05f32562d5838ac825b10928a0a802bc8cfe49c724e5712dc5337d4b6172fef036a00344a2f8d29

Download Submit
C:\Windows\TEMP\SDIAG_132da557-8c5c-48ac-abaa-ff71b5b0c3e1\NetworkDiagnosticsTroubleshoot.ps1

Filesize
23KB

MD5
1d192ce36953dbb7dc7ee0d04c57ad8d

SHA1
7008e759cb47bf74a4ea4cd911de158ef00ace84

SHA256
935a231924ae5d4a017b0c99d4a5f3904ef280cea4b3f727d365283e26e8a756

SHA512
e864ac74e9425a6c7f1be2bbc87df9423408e16429cb61fa1de8875356226293aa07558b2fafdd5d0597254474204f5ba181f4e96c2bc754f1f414748f80a129

Download Submit
C:\Windows\TEMP\SDIAG_132da557-8c5c-48ac-abaa-ff71b5b0c3e1\StartDPSService.ps1

Filesize
567B

MD5
a660422059d953c6d681b53a6977100e

SHA1
0c95dd05514d062354c0eecc9ae8d437123305bb

SHA256
d19677234127c38a52aec23686775a8eb3f4e3a406f4a11804d97602d6c31813

SHA512
26f8cf9ac95ff649ecc2ed349bc6c7c3a04b188594d5c3289af8f2768ab59672bc95ffefcc83ed3ffa44edd0afeb16a4c2490e633a89fce7965843674d94b523

Download Submit
C:\Windows\TEMP\SDIAG_132da557-8c5c-48ac-abaa-ff71b5b0c3e1\UtilityFunctions.ps1

Filesize
52KB

MD5
2f7c3db0c268cf1cf506fe6e8aecb8a0

SHA1
fb35af6b329d60b0ec92e24230eafc8e12b0a9f9

SHA256
886a625f71e0c35e5722423ed3aa0f5bff8d120356578ab81a64de2ab73d47f3

SHA512
322f2b1404a59ee86c492b58d56b8a6ed6ebc9b844a8c38b7bb0b0675234a3d5cfc9f1d08c38c218070e60ce949aa5322de7a2f87f952e8e653d0ca34ff0de45

Download Submit
C:\Windows\TEMP\SDIAG_132da557-8c5c-48ac-abaa-ff71b5b0c3e1\UtilitySetConstants.ps1

Filesize
2KB

MD5
0c75ae5e75c3e181d13768909c8240ba

SHA1
288403fc4bedaacebccf4f74d3073f082ef70eb9

SHA256
de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f

SHA512
8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b

Download Submit
C:\Windows\TEMP\SDIAG_132da557-8c5c-48ac-abaa-ff71b5b0c3e1\en-US\LocalizationData.psd1

Filesize
5KB

MD5
dc9be0fdf9a4e01693cfb7d8a0d49054

SHA1
74730fd9c9bd4537fd9a353fe4eafce9fcc105e6

SHA256
944186cd57d6adc23a9c28fc271ed92dd56efd6f3bb7c9826f7208ea1a1db440

SHA512
92ad96fa6b221882a481b36ff2b7114539eb65be46ee9e3139e45b72da80aac49174155483cba6254b10fff31f0119f07cbc529b1b69c45234c7bb61766aad66

Download Submit
C:\Windows\Temp\SDIAG_132da557-8c5c-48ac-abaa-ff71b5b0c3e1\DiagPackage.dll

Filesize
478KB

MD5
4dae3266ab0bdb38766836008bf2c408

SHA1
1748737e777752491b2a147b7e5360eda4276364

SHA256
d2ff079b3f9a577f22856d1be0217376f140fcf156e3adf27ebe6149c9fd225a

SHA512
91fb8abd1832d785cd5a20da42c5143cd87a8ef49196c06cfb57a7a8de607f39543e8a36be9207842a992769b1c3c55d557519e59063f1f263b499f01887b01b

Download Submit
C:\Windows\Temp\SDIAG_132da557-8c5c-48ac-abaa-ff71b5b0c3e1\en-US\DiagPackage.dll.mui

Filesize
13KB

MD5
1ccc67c44ae56a3b45cc256374e75ee1

SHA1
bbfc04c4b0220ae38fa3f3e2ea52b7370436ed1f

SHA256
030191d10ffb98cecd3f09ebdc606c768aaf566872f718303592fff06ba51367

SHA512
b67241f4ad582e50a32f0ecf53c11796aef9e5b125c4be02511e310b85bdfa3796579bbf3f0c8fe5f106a5591ec85e66d89e062b792ea38ca29cb3b03802f6c6

Download Submit
C:\Windows\Temp\SDIAG_ae34c563-7897-46a9-87d3-875b27208cff\DiagPackage.diagpkg

Filesize
152KB

MD5
c9fb87fa3460fae6d5d599236cfd77e2

SHA1
a5bf8241156e8a9d6f34d70d467a9b5055e087e7

SHA256
cde728c08a4e50a02fcff35c90ee2b3b33ab24c8b858f180b6a67bfa94def35f

SHA512
f4f0cb1b1c823dcd91f6cfe8d473c41343ebf7ed0e43690eecc290e37cee10c20a03612440f1169eef08cc8059aaa23580aa76dd86c1704c4569e8139f9781b3

Download Submit
C:\Windows\Temp\SDIAG_ae34c563-7897-46a9-87d3-875b27208cff\result\ResultReport.xml

Filesize
34KB

MD5
a91d5e702288ad23c9e3ac899f686535

SHA1
41369e73477074ae7d499496f27e1873ad5c2d5e

SHA256
3b10165378fbfe30b8a658d59feb18bf7343294ad272022d37e0d4733ffbc42b

SHA512
60760fd591a2c4030c20511aabe8508aa286d496829d505ae69cca3feb8e52f253058afce82efd67eb8262bea941bb4693c9db4be75dea34b41c77f90d272685

Download Submit
C:\Windows\Temp\SDIAG_ae34c563-7897-46a9-87d3-875b27208cff\result\results.xsl

Filesize
47KB

MD5
310e1da2344ba6ca96666fb639840ea9

SHA1
e8694edf9ee68782aa1de05470b884cc1a0e1ded

SHA256
67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c

SHA512
62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244

Download Submit
memory/3544-3386-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download