876ff3da5db62af059c852b3462a57c8ff59699cdb6af2b45393cd05af96a307

Resubmissions

17/05/2024, 08:11

240517-j3db3sgh5y 5

17/05/2024, 08:07

17/05/2024, 07:43

17/05/2024, 07:34

17/05/2024, 07:32

Analysis

max time kernel
599s
max time network
592s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 08:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

#TY4757#.jpg
Size

2.5MB
MD5

23e1954badc5a902e591b90bf92a2e4e
SHA1

94ce446714bef14fc6a49372a6e5d5d8d6c17922
SHA256

876ff3da5db62af059c852b3462a57c8ff59699cdb6af2b45393cd05af96a307
SHA512

7aa6684935b629b8161a75a92ce7e35d694d68bc39bba54d75130b2c8782e353d8312e94cdc8aae83f1ac5a2e44b1e37f94b3eba680a66b993c18307be9c4e01
SSDEEP

49152:qgXmw36jj1A9pVY7QxrPW3toFS7CsDTnnPCe37xS:qBw36jBA9pq7QxuGFS7CQbn6US

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133604076489100665"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Streams.zip:Zone.Identifier	firefox.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
1160	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
4948	powershell.exe
4948	powershell.exe
4948	powershell.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4948	powershell.exe
Token: SeDebugPrivilege	1716	firefox.exe
Token: SeDebugPrivilege	1716	firefox.exe
Token: SeDebugPrivilege	1716	firefox.exe
Token: SeDebugPrivilege	1716	firefox.exe
Token: SeDebugPrivilege	1716	firefox.exe
Token: SeDebugPrivilege	1716	firefox.exe
Token: SeTcbPrivilege	4580	svchost.exe
Token: SeRestorePrivilege	4580	svchost.exe
Token: SeBackupPrivilege	5924	streams.exe
Token: SeBackupPrivilege	688	streams.exe
Token: SeDebugPrivilege	1716	firefox.exe
Token: SeBackupPrivilege	5864	streams64.exe
Token: SeBackupPrivilege	2808	streams64.exe
Token: SeBackupPrivilege	6092	streams.exe
Token: SeDebugPrivilege	1716	firefox.exe
Token: SeShutdownPrivilege	5676	chrome.exe
Token: SeCreatePagefilePrivilege	5676	chrome.exe
Token: SeShutdownPrivilege	5676	chrome.exe
Token: SeCreatePagefilePrivilege	5676	chrome.exe
Token: SeShutdownPrivilege	5676	chrome.exe
Token: SeCreatePagefilePrivilege	5676	chrome.exe
Token: SeShutdownPrivilege	5676	chrome.exe
Token: SeCreatePagefilePrivilege	5676	chrome.exe
Token: SeShutdownPrivilege	5676	chrome.exe
Token: SeCreatePagefilePrivilege	5676	chrome.exe
Token: SeShutdownPrivilege	5676	chrome.exe
Token: SeCreatePagefilePrivilege	5676	chrome.exe
Token: SeShutdownPrivilege	5676	chrome.exe
Token: SeCreatePagefilePrivilege	5676	chrome.exe
Token: SeShutdownPrivilege	5676	chrome.exe
Token: SeCreatePagefilePrivilege	5676	chrome.exe
Token: SeShutdownPrivilege	5676	chrome.exe
Token: SeCreatePagefilePrivilege	5676	chrome.exe
Token: SeShutdownPrivilege	5676	chrome.exe
Token: SeCreatePagefilePrivilege	5676	chrome.exe
Token: SeShutdownPrivilege	5676	chrome.exe
Token: SeCreatePagefilePrivilege	5676	chrome.exe
Token: SeShutdownPrivilege	5676	chrome.exe
Token: SeCreatePagefilePrivilege	5676	chrome.exe
Token: SeShutdownPrivilege	5676	chrome.exe
Token: SeCreatePagefilePrivilege	5676	chrome.exe
Token: SeShutdownPrivilege	5676	chrome.exe
Token: SeCreatePagefilePrivilege	5676	chrome.exe
Token: SeShutdownPrivilege	5676	chrome.exe
Token: SeCreatePagefilePrivilege	5676	chrome.exe
Token: SeShutdownPrivilege	5676	chrome.exe
Token: SeCreatePagefilePrivilege	5676	chrome.exe
Token: SeShutdownPrivilege	5676	chrome.exe
Token: SeCreatePagefilePrivilege	5676	chrome.exe
Token: SeShutdownPrivilege	5676	chrome.exe
Token: SeCreatePagefilePrivilege	5676	chrome.exe
Token: SeShutdownPrivilege	5676	chrome.exe
Token: SeCreatePagefilePrivilege	5676	chrome.exe
Token: SeShutdownPrivilege	5676	chrome.exe
Token: SeCreatePagefilePrivilege	5676	chrome.exe
Token: SeShutdownPrivilege	5676	chrome.exe
Token: SeCreatePagefilePrivilege	5676	chrome.exe
Token: SeShutdownPrivilege	5676	chrome.exe
Token: SeCreatePagefilePrivilege	5676	chrome.exe
Token: SeShutdownPrivilege	5676	chrome.exe
Token: SeCreatePagefilePrivilege	5676	chrome.exe
Token: SeShutdownPrivilege	5676	chrome.exe
Token: SeCreatePagefilePrivilege	5676	chrome.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe
5676	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe
1716	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3592 wrote to memory of 1716	3592	firefox.exe	120
PID 3592 wrote to memory of 1716	3592	firefox.exe	120
PID 3592 wrote to memory of 1716	3592	firefox.exe	120
PID 3592 wrote to memory of 1716	3592	firefox.exe	120
PID 3592 wrote to memory of 1716	3592	firefox.exe	120
PID 3592 wrote to memory of 1716	3592	firefox.exe	120
PID 3592 wrote to memory of 1716	3592	firefox.exe	120
PID 3592 wrote to memory of 1716	3592	firefox.exe	120
PID 3592 wrote to memory of 1716	3592	firefox.exe	120
PID 3592 wrote to memory of 1716	3592	firefox.exe	120
PID 3592 wrote to memory of 1716	3592	firefox.exe	120
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 2616	1716	firefox.exe	121
PID 1716 wrote to memory of 924	1716	firefox.exe	122
PID 1716 wrote to memory of 924	1716	firefox.exe	122
PID 1716 wrote to memory of 924	1716	firefox.exe	122
PID 1716 wrote to memory of 924	1716	firefox.exe	122
PID 1716 wrote to memory of 924	1716	firefox.exe	122
PID 1716 wrote to memory of 924	1716	firefox.exe	122
PID 1716 wrote to memory of 924	1716	firefox.exe	122
PID 1716 wrote to memory of 924	1716	firefox.exe	122
PID 1716 wrote to memory of 924	1716	firefox.exe	122
PID 1716 wrote to memory of 924	1716	firefox.exe	122

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\#TY4757#.jpg
1⤵
PID:2752

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4948
- C:\Users\Admin\Downloads\Streams\streams.exe
  "C:\Users\Admin\Downloads\Streams\streams.exe" .\#TY4757#.jpg
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:5924
- C:\Users\Admin\Downloads\Streams\streams.exe
  "C:\Users\Admin\Downloads\Streams\streams.exe" .\#TY4757#.jpg
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:688
- C:\Users\Admin\Downloads\Streams\streams64.exe
  "C:\Users\Admin\Downloads\Streams\streams64.exe" .\#TY4757#.jpg
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:5864
- C:\Users\Admin\Downloads\Streams\streams64.exe
  "C:\Users\Admin\Downloads\Streams\streams64.exe" .\#TY4757#.jpg
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2808
- C:\Users\Admin\Downloads\Streams\streams.exe
  "C:\Users\Admin\Downloads\Streams\streams.exe" .\#TY4757#.jpg
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:6092
- C:\Users\Admin\Downloads\Streams\streams.exe
  "C:\Users\Admin\Downloads\Streams\streams.exe" -h
  2⤵
  PID:3600

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:4336

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3592
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1716
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.0.733999539\1984414336" -parentBuildID 20230214051806 -prefsHandle 1788 -prefMapHandle 1692 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccad49af-c103-479f-a8cb-b3eb9fb19609} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 1868 25d8ae0ce58 gpu
    3⤵
    PID:2616
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.1.1495830252\2025401299" -parentBuildID 20230214051806 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0bbab0eb-9ef0-4200-972f-98aef619983e} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 2436 25d8b26aa58 socket
    3⤵
    PID:924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.2.1855469147\498085522" -childID 1 -isForBrowser -prefsHandle 2868 -prefMapHandle 2884 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1200 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50212820-44e7-4695-878e-c1f1c858ef39} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 3080 25d8d80b558 tab
    3⤵
    PID:384
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.3.708359526\1642505744" -childID 2 -isForBrowser -prefsHandle 4184 -prefMapHandle 4144 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1200 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97ad2fc4-fd9f-414e-bc1f-141cd575c224} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 4196 25d8fd52c58 tab
    3⤵
    PID:4448
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.4.1066807891\1708124183" -childID 3 -isForBrowser -prefsHandle 4984 -prefMapHandle 4232 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1200 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d507138-6b34-4e6a-87bc-196c9d11a859} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 5004 25d9215e358 tab
    3⤵
    PID:3904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.5.1187562475\1063164809" -childID 4 -isForBrowser -prefsHandle 5124 -prefMapHandle 4396 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1200 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {026c0145-bb1a-4923-9d56-d504e77de947} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 5164 25d9215d158 tab
    3⤵
    PID:4372
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.6.1913938601\258204678" -childID 5 -isForBrowser -prefsHandle 5336 -prefMapHandle 5340 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1200 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {98043681-199e-4d2e-a64b-13de3fe533f6} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 5328 25d9215cb58 tab
    3⤵
    PID:4320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.7.1622270148\374567699" -childID 6 -isForBrowser -prefsHandle 3736 -prefMapHandle 5924 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1200 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d99976dc-9fdf-472f-8ce7-4ab112ecad23} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 4484 25d8ff0a258 tab
    3⤵
    PID:5252
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.8.273973747\1924490681" -childID 7 -isForBrowser -prefsHandle 6020 -prefMapHandle 6028 -prefsLen 28041 -prefMapSize 235121 -jsInitHandle 1200 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f1c8e31-2de6-4f8b-9eb0-74b04448c8b9} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 4484 25d91a09658 tab
    3⤵
    PID:5140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.9.1011984083\1520589584" -childID 8 -isForBrowser -prefsHandle 6440 -prefMapHandle 6392 -prefsLen 28217 -prefMapSize 235121 -jsInitHandle 1200 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73794669-2eb5-4c93-8f7a-6c2e6f894582} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 6460 25d930d3e58 tab
    3⤵
    PID:5756

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4252

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Streams\Eula.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:1160

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4580
- C:\Windows\system32\dashost.exe
  dashost.exe {09834234-41bd-4374-92d499d60d9cec68}
  2⤵
  PID:5760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffff013ab58,0x7ffff013ab68,0x7ffff013ab78
  2⤵
  PID:5664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1992,i,13542172593263262551,15103496659099483417,131072 /prefetch:2
  2⤵
  PID:1772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=1992,i,13542172593263262551,15103496659099483417,131072 /prefetch:8
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2284 --field-trial-handle=1992,i,13542172593263262551,15103496659099483417,131072 /prefetch:8
  2⤵
  PID:5540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3108 --field-trial-handle=1992,i,13542172593263262551,15103496659099483417,131072 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=1992,i,13542172593263262551,15103496659099483417,131072 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4312 --field-trial-handle=1992,i,13542172593263262551,15103496659099483417,131072 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4468 --field-trial-handle=1992,i,13542172593263262551,15103496659099483417,131072 /prefetch:8
  2⤵
  PID:6072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4612 --field-trial-handle=1992,i,13542172593263262551,15103496659099483417,131072 /prefetch:8
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4624 --field-trial-handle=1992,i,13542172593263262551,15103496659099483417,131072 /prefetch:8
  2⤵
  PID:6096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4656 --field-trial-handle=1992,i,13542172593263262551,15103496659099483417,131072 /prefetch:8
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4468 --field-trial-handle=1992,i,13542172593263262551,15103496659099483417,131072 /prefetch:8
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4736 --field-trial-handle=1992,i,13542172593263262551,15103496659099483417,131072 /prefetch:8
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1992,i,13542172593263262551,15103496659099483417,131072 /prefetch:8
  2⤵
  PID:5648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1992,i,13542172593263262551,15103496659099483417,131072 /prefetch:8
  2⤵
  PID:5012

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\14948378-2f66-4125-b3d8-75bf6d96a980.tmp

Filesize
281KB

MD5
5c9950239e000cb53d1d8831998c5fdc

SHA1
9fd01f814618d1bb70f2d00496e7ee390ac0b544

SHA256
9afe8456cbcebc6d3396b294a7e150559d6c883b2ccfe2da4c0918cbe815f2df

SHA512
59784bae82a80ca8dd83eb36fd0d3baf975896203ca455989a35ec6f0e7d7200a716092fc5f52c20b3026afd3448900731d2cfdd4785c1144b5240cc4b7839da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f8a9268af78cce28df37f0d1cc7434f0

SHA1
0e83be924208191c23a856e4a349e6218cbbd9dd

SHA256
4a971278c48e86f34677ec15a494a340f582b6aa81068fd37856e5396bbf78c9

SHA512
e482da41d72145dcc9fc18c42980993c96ccda2c34c54ba860d806d41d10b0fd55592fec5baa875d7a59aef21e9934e9070fc8de66b710a847eebb3badb1410e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
5a33e2ad573d4c9317c5342216c7d3f4

SHA1
2312e290c9c43056a19fe295d2e37c1c2fc6cd0b

SHA256
a47e90fbf9273eab00c3f55044a1674d3f339960a86c8b8c4d5686ba52d5371b

SHA512
7b696b16e9da50cd8f114348131f3b3ef8da899ba7575dea0deef1ddde65bcb60ce4d4b9279ec71d1d9af087f599e6d3e35235cddce453a47ac3a0cb8ab4d772

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
210dcf2366655ce813f1c6f14aa516e5

SHA1
45e2f629f7c3e2143b65ef0d80a54dea247c6f4a

SHA256
0363968a7929b12ceb47f8a766bf996cc763b9b8fef61105965c12b8f4b58ebc

SHA512
45a2434b0d27a4e9a462df268738ff528a612acdae5b745e901d868e18c98940393d4c666aedc2c04f74ffab889244ff6bcd106b47bbd5a8397433d8bdffe693

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
a26556ab0e605ac1c47f724647425721

SHA1
91edfd062055ad59626d0025a4f3b640b18e34b1

SHA256
f3a75dab6fa66ed5f378aa1e1e60e0916eb7e7fe4b271c7f4c6d9ca4ed5332b6

SHA512
1bea4cc8a91ee0def27334de5cb31c9c8470c75c611d56dd7044e63013d85a145744546e35e86b74011943d3fa53c0973646881cc181297b600b59fbfdc13568

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
0938ce9b2e52a5fd2dcaebd493a93f34

SHA1
18a3eedc1fb6507522eb6dd8e18d30afc4096392

SHA256
d81d34a5bb87bf377b7cc4776477c1032d16a341b4030f24f8e66a7195cf353e

SHA512
59a2eb90080171762bdb2013f2d8cceb8c22b221d48c84fba18f6b5f694204ad238fd0dd82b7b990034568d8dff1a348d6be590ac32506a82a6e254aede8dd3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
261KB

MD5
31d6ebfc2f88fed6f18f1ae90347ff06

SHA1
f1e3051e6c2dfb497063c397139315d7be490704

SHA256
825da14dffafe1cddb6d3e8b10f69ae36ac4ceea335da8de2d84d7f08c94f9bf

SHA512
91e2f8b84a4ef884ebbcb63c4f0be846489c130394973cd816fee870ae49f007a9696f68411b104a290eb91901d0c5515e8c75d82afc9831e662b11046264c3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
d4db57416acbfb74df37ea79fff52eaa

SHA1
8e7757af174ae6aa7b524234e20b333f334b7436

SHA256
bc1bc2433953007c6e4eb8e600e19b73ac6d852e2e76fe71e7780388b5b0c662

SHA512
1fed0f8e6a4d69d8cc13758f1e9c0d3a802760ffcbb7d24378e7293c9e5ce592b640320a7fd4ce4651f62512f01878ec9665602df4a81f23a180629d05853df8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5fcd9a.TMP

Filesize
89KB

MD5
3ab4a312c6da1882443fea110f274768

SHA1
8275a491813950339981a7e7053ea8d1dcb2505c

SHA256
0dca77718cb16913ba3bf70d143bad8a556c9247919c67cf84a97220321afe7e

SHA512
43cfdbc1caa1fe0587bef0e451944627a68aee0dc8516ff38b3535f00571db2ecf162d3160ebb59c3e37269503f458bfa38d6204fff27698da607929abece208

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\activity-stream.discovery_stream.json.tmp

Filesize
26KB

MD5
6b845757eb9710cfe343d866f6daa88a

SHA1
39c6922202ee86db08d5b6264aeb4b3be180888c

SHA256
43ca0d75dfd155a1ea336d7e38eccd5b491f880eaca95ce3dc655dad3f61a506

SHA512
98dead1fec899058fc48853e4c535f357bee2cf3f533b90ed12f7cf834643730baf8c8e16994407bf56a8d610331617cccf8153a3691c7d9ec98347393f1f14b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\doomed\30843

Filesize
9KB

MD5
c79c57ed43ba6b9aca73f1a139742bca

SHA1
620401ea29ee39fdc23c640fbc53b7102ca5d6ee

SHA256
acd3b98cb03384bc25acd8ec5cf50e16c281be484bb8ac11899848635aa0af64

SHA512
db88f17e7f814c680918e380f7258aaf931f291e66e1eb200876060d8a8fcb44f64c5b2c2e80adb4a4843959fdb463bdfe2d6b25dac5d7c672c28440fe3f1aa4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\entries\F4EFE37A30D0F14C6AC03FF7949A51CBC2EBC649

Filesize
13KB

MD5
5c8d3e85200d93db4407d68613d4faeb

SHA1
d7b0068179f64ea649a840e02a8a7ab6c76bae58

SHA256
fbdc095c6208a7396cc6732634a15183343d2410d6556566cb776a94d76c5b51

SHA512
33fad2c7ff3d7ffd2edfe553396ea123790b7d68907dbca6ca871896ce24e45faa700b8b9dda70e9553a14cbb2b6b456913b862d7507672609f7a1d756a053bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2buxwtzj.fip.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
13KB

MD5
96dd1d6d01e0ea1e72f116b0e97197aa

SHA1
5a3618821f5eeaa8e89c334a8c9a609fb63f49c7

SHA256
e81c90b86bddaf2d3bb76c8c8c8cbb559c80f581765af802ed0ecba01c9489ef

SHA512
ddae6c0387a81706bd983979a0f39cd603be1cba99a3dfe4a8e670f4f9094d10ecfbfe2f7d86bd6d30e53061487ae2361634a98caa6a14212a12e5dbe32a3424

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
63b1bb87284efe954e1c3ae390e7ee44

SHA1
75b297779e1e2a8009276dd8df4507eb57e4e179

SHA256
b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a

SHA512
f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs-1.js

Filesize
6KB

MD5
061fab5582f7ad605733dafb6f2579cc

SHA1
dbe95c545e3da34786b97f7e8f94abaf8fa677ec

SHA256
ae3d083696e66055700a931fcc60e67d8464d68b67ced4e2dd3d0d3a60dcb53c

SHA512
ee441d5265fc0db5c0c52fc06fa79c28e3c0debc029e16905ffeae93449b0233352bdabc08b3d18e93e16639d5ebca6e9255a1e90c777b7632ebc54db910090a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs-1.js

Filesize
7KB

MD5
b5fd534dae24ecec90eab391246687fc

SHA1
a6cf6a87404ba1c7f9c896a5f0a06dc9d8fc853b

SHA256
cace66539f861eb14f9fe5ddac6cb6293373bd1a24243311d9146645014af5b1

SHA512
bf2b1271132664ec4b9a07b9a6ad25191b28e7abcd81ec2af30f45d5675077cbb290a98b5a809de76b654642896c677f87afdbba1ff8e1eca69ca462b7cbd28a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs.js

Filesize
7KB

MD5
4c71f6e0ace80f7448c68b1671ee6b71

SHA1
423b6ceeb00e9dc06e51a0ebc0f54c1a0f3bf4c3

SHA256
41c5d9e28388dffe0fbcb0247a66389165d4ff1679dfeacaab29f1eb8a72946c

SHA512
be2edc4a256d6df9e928428c651e29ecb9c2559d451cbc7f6a6aedfa9a1aadef795f326127fe1c05b35764d4b6273bffbcab8acd2e28c5a18768efb67378e0fe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs.js

Filesize
9KB

MD5
618a142fe8a4aa1de4e383da9f1b0553

SHA1
71e7ce8b9ca50e3f8e0c19376679a2804fa60cb6

SHA256
b7adbea125af16145142d6e086419a16f4ed374e9193b3cdc5ceba84a6a81ab3

SHA512
33538e7d7d8435293f0de34b86976f7e16bf151e5be57eb2163092d0183b8b1b2cdea052714d126447501c1ce60df0ef953566e2fb9095d3a08143fa43bdc7aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs.js

Filesize
7KB

MD5
d3d4238de51daf679fc6a26eede0dfd0

SHA1
774f271886b1187ce3f53e5534e1fb19679d00ea

SHA256
746b3a92657f47f5b7dd34d8624b068ecca5fae2970b9c05a58e9e04dbaacfae

SHA512
5609a9c8c12d1f6e5df8be30d221515e975025126fcdec7ab71150c46e4829f452b0647c7a37b22013c5c3692ba2e1887f2a8b88145c881d3d61395a1c43e4d4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs.js

Filesize
7KB

MD5
390472066a71ad1e680fc73ea5c4cc4e

SHA1
521103ba853ebfdc65d672157afda07f5c5b5be4

SHA256
ae08264ee6a5976848d07579ba2a6d0127b217bf7b2619ba05e54f40a318d9f7

SHA512
d2a5409c78934e663e8fb12dfeb8d8fe987ed2196d1864f7feab679deec26727ed3f61dea59b276d1b561ff111d87bc487d11f98d583bb1e003093597c65b682

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
305d28da2b96b50d662358c348e9c63a

SHA1
8e2964bb9e1c6881b00da07c02b010aab3c5660e

SHA256
8fe4376d33efee6486269ed7a9e369901dc2ab1cdc6158815ab863fba96d6d5d

SHA512
e653de37fb76a2aa255bf76530d41e024a542469be5abd9082d888a3b078b8fa99244a9d42a98e3ef02e08a05244f5ec528a90405b173b29a2023379af12d35e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
a0c1613a0a9086225530aec390e931e9

SHA1
8ff0e2425fe0e5cbdae0c5e901611a5463402643

SHA256
4d98d8051b61936cb84b8bfc909d13a290fccabcd6d22a4f3dee72c89b0c02b6

SHA512
727826ae9b894e9b478b129f61138d4e36a986b8df6d6d62c06bcb1f717578048dabfbca1c0883a7aed9b97fccb1fcf9ab283cd4122f6b3ac6363473bec68451

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
fdd5e81cc85ce35c5705afdb65e0bc1e

SHA1
d2fb11f17862935715a94d3f2c2c5c616982afe1

SHA256
28fcb36a546c999beee788d4ca0acfdc72aa718fa7c302c9daca1d0f1c188763

SHA512
10f43316cd5bc11338685f8f123fdfaeabdd5b0ca91cd14a388773ced1056b322ca2d12bcece487d20cb7ef73094b0e69e2acb7e5e0107b41b93feaa6100015d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
76fc9b34c2d6e2cca4cffe4e524e1257

SHA1
0c5eb95a80753c2b1324b250fba46b126067a83d

SHA256
5d0b9cfbf365c5ad338549eedd81c203eec7b272360a56b9cdf9e282e1db0550

SHA512
db2b999a489764156334cf39b423203c775f9e9950793725674ec545ae8a6a780a426a410b654e4ec60f2c8381671800723474ee28b0305010e6fd7980e8a1ff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
0b6d368f2085dc1995f14df47463f8e7

SHA1
89a8134fce79343e1dd30461720ca6dc902c2834

SHA256
8b1f274d82959af2a4e694a1a67c875fc921cc4884dc5a870c8b8ae599c4b083

SHA512
170d850e615698067081af281fdf05bdfae568238a007ca7480029a6bc038c207897787a9c1b2de05ee18b6add06e9209bb67d04765bde0ff9f0798060c55fa2

Download Submit
C:\Users\Admin\Downloads\Streams.ED-rNsPk.zip.part

Filesize
64KB

MD5
c272dfc9c97e1097263f55ed9e6c5282

SHA1
bc1192ab34e86fbef775f6444d52b80ef2eb8861

SHA256
9338b9646137876147d3277e2f5abff8eefb31765bed525bcc6dfcbc10ef321b

SHA512
872a9d5c04b975180a27571256719fcefdb823d63f2c9c6769e0fa8f01798f3c81319bb00fd98f6dd53a124b17e3ed517d1b4bc0918f5a881b68e97b4ae5a863

Download Submit
memory/4948-26-0x00007FFFED7F0000-0x00007FFFEE2B1000-memory.dmp

Filesize
10.8MB

Download
memory/4948-20-0x00007FFFED7F0000-0x00007FFFEE2B1000-memory.dmp

Filesize
10.8MB

Download
memory/4948-2-0x00007FFFED7F3000-0x00007FFFED7F5000-memory.dmp

Filesize
8KB

Download
memory/4948-24-0x00000209DAAA0000-0x00000209DAABE000-memory.dmp

Filesize
120KB

Download
memory/4948-23-0x00007FFFED7F0000-0x00007FFFEE2B1000-memory.dmp

Filesize
10.8MB

Download
memory/4948-22-0x00007FFFED7F0000-0x00007FFFEE2B1000-memory.dmp

Filesize
10.8MB

Download
memory/4948-21-0x00007FFFED7F0000-0x00007FFFEE2B1000-memory.dmp

Filesize
10.8MB

Download
memory/4948-27-0x00007FFFED7F0000-0x00007FFFEE2B1000-memory.dmp

Filesize
10.8MB

Download
memory/4948-19-0x00007FFFED7F3000-0x00007FFFED7F5000-memory.dmp

Filesize
8KB

Download
memory/4948-16-0x00000209DAAE0000-0x00000209DAB56000-memory.dmp

Filesize
472KB

Download
memory/4948-15-0x00007FFFED7F0000-0x00007FFFEE2B1000-memory.dmp

Filesize
10.8MB

Download
memory/4948-14-0x00000209DAA10000-0x00000209DAA54000-memory.dmp

Filesize
272KB

Download
memory/4948-13-0x00007FFFED7F0000-0x00007FFFEE2B1000-memory.dmp

Filesize
10.8MB

Download
memory/4948-12-0x00000209DA4C0000-0x00000209DA4E2000-memory.dmp

Filesize
136KB

Download