Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    151s
  • max time network
    152s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240709-en
  • resource tags

    arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    14/07/2024, 16:25

General

Malware Config

Extracted

Family

redline

Botnet

5664290451

C2

https://pastebin.com/raw/NgsUAPya

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  • RedLine payload 1 IoCs
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

  • Executes dropped EXE 7 IoCs
  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 12 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 16 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://gg.gg/178wsh
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4880
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf14ccc40,0x7ffaf14ccc4c,0x7ffaf14ccc58
      2⤵
        PID:1332
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1808,i,13482704974593437381,4366646458284681645,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1804 /prefetch:2
        2⤵
          PID:4988
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2044,i,13482704974593437381,4366646458284681645,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2100 /prefetch:3
          2⤵
            PID:3800
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2156,i,13482704974593437381,4366646458284681645,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2548 /prefetch:8
            2⤵
              PID:2288
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3000,i,13482704974593437381,4366646458284681645,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3028 /prefetch:1
              2⤵
                PID:1324
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3012,i,13482704974593437381,4366646458284681645,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3256 /prefetch:1
                2⤵
                  PID:2720
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3544,i,13482704974593437381,4366646458284681645,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4372 /prefetch:1
                  2⤵
                    PID:2916
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4272,i,13482704974593437381,4366646458284681645,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3448 /prefetch:1
                    2⤵
                      PID:2168
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4704,i,13482704974593437381,4366646458284681645,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4724 /prefetch:1
                      2⤵
                        PID:4884
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4720,i,13482704974593437381,4366646458284681645,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4860 /prefetch:1
                        2⤵
                          PID:1544
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5012,i,13482704974593437381,4366646458284681645,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4708 /prefetch:1
                          2⤵
                            PID:4796
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5220,i,13482704974593437381,4366646458284681645,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5152 /prefetch:1
                            2⤵
                              PID:2128
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5456,i,13482704974593437381,4366646458284681645,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5500 /prefetch:1
                              2⤵
                                PID:2744
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5896,i,13482704974593437381,4366646458284681645,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5856 /prefetch:1
                                2⤵
                                  PID:1780
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=6052,i,13482704974593437381,4366646458284681645,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6024 /prefetch:1
                                  2⤵
                                    PID:4860
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5556,i,13482704974593437381,4366646458284681645,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6004 /prefetch:8
                                    2⤵
                                      PID:2896
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=6356,i,13482704974593437381,4366646458284681645,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6344 /prefetch:1
                                      2⤵
                                        PID:5000
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5096,i,13482704974593437381,4366646458284681645,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3380 /prefetch:1
                                        2⤵
                                          PID:2224
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5528,i,13482704974593437381,4366646458284681645,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6244 /prefetch:1
                                          2⤵
                                            PID:3268
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6668,i,13482704974593437381,4366646458284681645,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6692 /prefetch:1
                                            2⤵
                                              PID:2008
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6192,i,13482704974593437381,4366646458284681645,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6212 /prefetch:8
                                              2⤵
                                                PID:4700
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5116,i,13482704974593437381,4366646458284681645,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6596 /prefetch:8
                                                2⤵
                                                • NTFS ADS
                                                PID:3548
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6348,i,13482704974593437381,4366646458284681645,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3380 /prefetch:8
                                                2⤵
                                                  PID:3680
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6212,i,13482704974593437381,4366646458284681645,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5460 /prefetch:1
                                                  2⤵
                                                    PID:5016
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6596,i,13482704974593437381,4366646458284681645,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5716 /prefetch:8
                                                    2⤵
                                                      PID:2860
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4636,i,13482704974593437381,4366646458284681645,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5488 /prefetch:8
                                                      2⤵
                                                      • NTFS ADS
                                                      PID:5216
                                                    • C:\Users\Admin\Downloads\7z2407-x64.exe
                                                      "C:\Users\Admin\Downloads\7z2407-x64.exe"
                                                      2⤵
                                                      • Executes dropped EXE
                                                      • Drops file in Program Files directory
                                                      • Modifies registry class
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:5696
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6264,i,13482704974593437381,4366646458284681645,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5392 /prefetch:8
                                                      2⤵
                                                      • Drops file in System32 directory
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:6180
                                                  • C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
                                                    "C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
                                                    1⤵
                                                      PID:4836
                                                    • C:\Windows\system32\svchost.exe
                                                      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                      1⤵
                                                        PID:1540
                                                      • C:\Windows\System32\rundll32.exe
                                                        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                        1⤵
                                                          PID:5836
                                                        • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
                                                          "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
                                                          1⤵
                                                          • Modifies registry class
                                                          • Suspicious use of SetWindowsHookEx
                                                          PID:5940
                                                        • C:\Windows\system32\OpenWith.exe
                                                          C:\Windows\system32\OpenWith.exe -Embedding
                                                          1⤵
                                                          • Modifies registry class
                                                          • Suspicious behavior: GetForegroundWindowSpam
                                                          • Suspicious use of SetWindowsHookEx
                                                          PID:2648
                                                          • C:\Program Files\7-Zip\7z.exe
                                                            "C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Desktop\NORD VPN.rar"
                                                            2⤵
                                                            • Executes dropped EXE
                                                            PID:6076
                                                        • C:\Program Files\7-Zip\7z.exe
                                                          "C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Desktop\NORD VPN.rar"
                                                          1⤵
                                                          • Executes dropped EXE
                                                          PID:6112
                                                        • C:\Program Files\7-Zip\7z.exe
                                                          "C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Desktop\NORD VPN.rar"
                                                          1⤵
                                                          • Executes dropped EXE
                                                          PID:5288
                                                        • C:\Program Files\7-Zip\7z.exe
                                                          "C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Desktop\NORD VPN.rar"
                                                          1⤵
                                                          • Executes dropped EXE
                                                          PID:4336
                                                        • C:\Windows\system32\OpenWith.exe
                                                          C:\Windows\system32\OpenWith.exe -Embedding
                                                          1⤵
                                                          • Suspicious behavior: GetForegroundWindowSpam
                                                          • Suspicious use of SetWindowsHookEx
                                                          PID:5132
                                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Desktop\NORD VPN.rar"
                                                            2⤵
                                                              PID:5452
                                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Desktop\NORD VPN.rar"
                                                                3⤵
                                                                • Checks processor information in registry
                                                                • Modifies registry class
                                                                PID:240
                                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1944 -parentBuildID 20240401114208 -prefsHandle 1872 -prefMapHandle 1864 -prefsLen 25751 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {527ed709-ef1b-45ef-acb9-e1e642b037bd} 240 "\\.\pipe\gecko-crash-server-pipe.240" gpu
                                                                  4⤵
                                                                    PID:5772
                                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2384 -parentBuildID 20240401114208 -prefsHandle 2284 -prefMapHandle 2300 -prefsLen 26671 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3722bdf6-deb7-4a7e-8e4b-b2bffb87c836} 240 "\\.\pipe\gecko-crash-server-pipe.240" socket
                                                                    4⤵
                                                                    • Checks processor information in registry
                                                                    PID:1596
                                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3320 -childID 1 -isForBrowser -prefsHandle 3000 -prefMapHandle 3336 -prefsLen 26812 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aea7b6ff-87c2-4972-a019-11399d189972} 240 "\\.\pipe\gecko-crash-server-pipe.240" tab
                                                                    4⤵
                                                                      PID:6120
                                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3584 -childID 2 -isForBrowser -prefsHandle 3588 -prefMapHandle 3456 -prefsLen 31161 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a3bdddd-bd5d-468b-a15c-263be0b57169} 240 "\\.\pipe\gecko-crash-server-pipe.240" tab
                                                                      4⤵
                                                                        PID:4480
                                                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4408 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4416 -prefMapHandle 1696 -prefsLen 31161 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de7ffb49-bd33-4b26-bc71-3fa6c6c99e36} 240 "\\.\pipe\gecko-crash-server-pipe.240" utility
                                                                        4⤵
                                                                        • Checks processor information in registry
                                                                        PID:6368
                                                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5676 -childID 3 -isForBrowser -prefsHandle 5668 -prefMapHandle 5652 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27cca80c-f730-4b3c-a758-f1b4c61b5f90} 240 "\\.\pipe\gecko-crash-server-pipe.240" tab
                                                                        4⤵
                                                                          PID:7032
                                                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5804 -childID 4 -isForBrowser -prefsHandle 5812 -prefMapHandle 5816 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5494ced6-e988-450b-8818-39b04ca830c6} 240 "\\.\pipe\gecko-crash-server-pipe.240" tab
                                                                          4⤵
                                                                            PID:7044
                                                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6020 -childID 5 -isForBrowser -prefsHandle 6096 -prefMapHandle 6092 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9e3dfc2-ad4c-4587-8f87-c4c078ac8e20} 240 "\\.\pipe\gecko-crash-server-pipe.240" tab
                                                                            4⤵
                                                                              PID:7056
                                                                      • C:\Program Files\7-Zip\7zG.exe
                                                                        "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap7543:74:7zEvent19196
                                                                        1⤵
                                                                        • Executes dropped EXE
                                                                        • Loads dropped DLL
                                                                        PID:3984
                                                                      • C:\Windows\system32\NOTEPAD.EXE
                                                                        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\NORD VPN\readme.txt
                                                                        1⤵
                                                                          PID:5424
                                                                        • C:\Users\Admin\Desktop\NORD VPN\Setup.exe
                                                                          "C:\Users\Admin\Desktop\NORD VPN\Setup.exe"
                                                                          1⤵
                                                                          • Executes dropped EXE
                                                                          • Loads dropped DLL
                                                                          • Suspicious use of SetThreadContext
                                                                          PID:6592
                                                                          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                                                                            2⤵
                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                            PID:5272
                                                                        • C:\Windows\system32\svchost.exe
                                                                          C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
                                                                          1⤵
                                                                            PID:2960

                                                                          Network

                                                                          MITRE ATT&CK Enterprise v15

                                                                          Replay Monitor

                                                                          Loading Replay Monitor...

                                                                          Downloads

                                                                          • C:\Program Files\7-Zip\7-zip.dll

                                                                            Filesize

                                                                            99KB

                                                                            MD5

                                                                            8af282b10fd825dc83d827c1d8d23b53

                                                                            SHA1

                                                                            17c08d9ad0fb1537c7e6cb125ec0acbc72f2b355

                                                                            SHA256

                                                                            1c0012c9785c3283556ac33a70f77a1bc6914d79218a5c4903b1c174aaa558ca

                                                                            SHA512

                                                                            cb6811df9597796302d33c5c138b576651a1e1f660717dd79602db669692c18844b87c68f2126d5f56ff584eee3c8710206265465583de9ec9da42a6ed2477f8

                                                                          • C:\Program Files\7-Zip\7z.dll

                                                                            Filesize

                                                                            1.8MB

                                                                            MD5

                                                                            0009bd5e13766d11a23289734b383cbe

                                                                            SHA1

                                                                            913784502be52ce33078d75b97a1c1396414cf44

                                                                            SHA256

                                                                            3691adcefc6da67eedd02a1b1fc7a21894afd83ecf1b6216d303ed55a5f8d129

                                                                            SHA512

                                                                            d92cd55fcef5b15975c741f645f9c3cc53ae7cd5dffd5d5745adecf098b9957e8ed379e50f3d0855d54598e950b2dbf79094da70d94dfd7fc40bda7163a09b2b

                                                                          • C:\Program Files\7-Zip\7z.exe

                                                                            Filesize

                                                                            548KB

                                                                            MD5

                                                                            1d1b0349f970c8de7fae7a94520e21f7

                                                                            SHA1

                                                                            8787ce498c9f1628665dd17004676a9cc5e8f99a

                                                                            SHA256

                                                                            f63a2d492d7a20e7ae6ace725da0320b05a6250794c9b449e1bc48d3f63cef56

                                                                            SHA512

                                                                            2ff084ca8b7bd05e156fcce6faaffd861ee09e09821e8f3325093a0aec46d54481d18d61d84b35fc2c760d93aeda70648201c740fb429f6f75dbd6708774f0f2

                                                                          • C:\Program Files\7-Zip\7zFM.exe

                                                                            Filesize

                                                                            960KB

                                                                            MD5

                                                                            79e8ca28aef2f3b1f1484430702b24e1

                                                                            SHA1

                                                                            76087153a547ce3f03f5b9de217c9b4b11d12f22

                                                                            SHA256

                                                                            5bc65256b92316f7792e27b0111e208aa6c27628a79a1dec238a4ad1cc9530f7

                                                                            SHA512

                                                                            b8426b44260a3adcbeaa38c5647e09a891a952774ecd3e6a1b971aef0e4c00d0f2a2def9965ee75be6c6494c3b4e3a84ce28572e376d6c82db0b53ccbbdb1438

                                                                          • C:\Program Files\7-Zip\7zG.exe

                                                                            Filesize

                                                                            691KB

                                                                            MD5

                                                                            ef0279a7884b9dd13a8a2b6e6f105419

                                                                            SHA1

                                                                            755af3328261b37426bc495c6c64bba0c18870b2

                                                                            SHA256

                                                                            0cee5cb3da5dc517d2283d0d5dae69e9be68f1d8d64eca65c81daef9b0b8c69b

                                                                            SHA512

                                                                            9376a91b8fb3f03d5a777461b1644049eccac4d77b44334d3fe292debed16b4d40601ebe9accb29b386f37eb3ccc2415b92e5cc1735bcce600618734112d6d0e

                                                                          • C:\Program Files\7-Zip\Uninstall.exe

                                                                            Filesize

                                                                            14KB

                                                                            MD5

                                                                            1ae18a5934322b0b23da7c5678e2dbec

                                                                            SHA1

                                                                            a1ae84c861f338e8f8c2a7c0102d8b0ef9aa6da1

                                                                            SHA256

                                                                            e5db8a72bd2901a877c67b3acba60f386b9d6e8d3e485372f7180fb76652b93a

                                                                            SHA512

                                                                            01e660e2dc2ec9d4d64c4f981804f252f77bee400eb21a43077681a2fc51bc564fd5749ea8f25a4b3da0500bbf33dd3cd27ebbe3cab96e333dbd6b57966fc151

                                                                          • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

                                                                            Filesize

                                                                            64KB

                                                                            MD5

                                                                            b5ad5caaaee00cb8cf445427975ae66c

                                                                            SHA1

                                                                            dcde6527290a326e048f9c3a85280d3fa71e1e22

                                                                            SHA256

                                                                            b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

                                                                            SHA512

                                                                            92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

                                                                          • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

                                                                            Filesize

                                                                            4B

                                                                            MD5

                                                                            f49655f856acb8884cc0ace29216f511

                                                                            SHA1

                                                                            cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

                                                                            SHA256

                                                                            7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

                                                                            SHA512

                                                                            599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

                                                                          • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

                                                                            Filesize

                                                                            1008B

                                                                            MD5

                                                                            d222b77a61527f2c177b0869e7babc24

                                                                            SHA1

                                                                            3f23acb984307a4aeba41ebbb70439c97ad1f268

                                                                            SHA256

                                                                            80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

                                                                            SHA512

                                                                            d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                                            Filesize

                                                                            40B

                                                                            MD5

                                                                            815b3cdf06ede867d92ace546aa126f5

                                                                            SHA1

                                                                            399421f8ba7b64c9db92449ce13464b472cb56ad

                                                                            SHA256

                                                                            f116d4d39f557729d3b43806d030ecc4ab833a204ae297b72896ce80aa051f56

                                                                            SHA512

                                                                            5ea150c43f3d948ae07ace9575d3a15f907132ce8ba80a39412b7203c91fc262a8fe5a56345f0dd6faa2c1b541d4d3be0d7e26f95fcd995faac8beb49df6e72a

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

                                                                            Filesize

                                                                            211KB

                                                                            MD5

                                                                            151fb811968eaf8efb840908b89dc9d4

                                                                            SHA1

                                                                            7ec811009fd9b0e6d92d12d78b002275f2f1bee1

                                                                            SHA256

                                                                            043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

                                                                            SHA512

                                                                            83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                            Filesize

                                                                            3KB

                                                                            MD5

                                                                            bfc56423686bd0bd873edd72a28a7a4b

                                                                            SHA1

                                                                            42ae58413b513d36658f8e83ad4b0ae11d57da0c

                                                                            SHA256

                                                                            500e105fcae968ead68b0032833e7750746ff8e935be5dfacdb3c8386a6d26a8

                                                                            SHA512

                                                                            d5159703843a8fc61e623ce14a29025485a677b0b4913f82de1428ce44db3e50ebad4419c1b3cdb9ee4dfb25044443874e0cd0cf390016731949ee068814a3dd

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                            Filesize

                                                                            19KB

                                                                            MD5

                                                                            61dad71dbc2cb6519e95d9bd7a628157

                                                                            SHA1

                                                                            02871a68750f20d6e4227ae43c3322c95a364646

                                                                            SHA256

                                                                            09ed166d9745188e39b7cafa20455213a09214a548e455c28b596e6b3661d96c

                                                                            SHA512

                                                                            e0bf0e95437b3755ae6cc2cf5b6e4f61a9c744c615a606fa75ee1c2cf6cc308505d977709f588b6ee3c002ee2904021a636431b4972ade3dad12dddaecb9a515

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                            Filesize

                                                                            2B

                                                                            MD5

                                                                            d751713988987e9331980363e24189ce

                                                                            SHA1

                                                                            97d170e1550eee4afc0af065b78cda302a97674c

                                                                            SHA256

                                                                            4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                            SHA512

                                                                            b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                            Filesize

                                                                            2KB

                                                                            MD5

                                                                            83e7d9f80a452915262655e56ed82932

                                                                            SHA1

                                                                            42f7f25ce75e40a84efe15bb9ceeb94cb0bc3c99

                                                                            SHA256

                                                                            90440f0876ead2752bab0978258e5dd84bbb032d4d3adad56575cdde1fb1df8e

                                                                            SHA512

                                                                            a069a2cd38e64c0818d918b08127d94d150284d65cf3a4507c1980eacdc3a68bcc9c503db5ad6dc6751173586af95833b98f536546e2264ecd000bf7e5ae89eb

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                            Filesize

                                                                            2KB

                                                                            MD5

                                                                            37bf79c88f5adc4518e71ab26d8842a4

                                                                            SHA1

                                                                            0187629e13a36f5a144d08c41b18fd79ae7fb93b

                                                                            SHA256

                                                                            580f27714379beb37b35c52b7854a6343659c639a27e04830ffc03421e298edb

                                                                            SHA512

                                                                            058229eddc7718294bf25980cb00e1f92d44d9446c42af324c0f2446664eda5f077af226741908141fed42d4aedca28dbf932e0994650c944c183c4803f75a65

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                            Filesize

                                                                            2KB

                                                                            MD5

                                                                            6da6b28d70af8a5a7850ceda61de58ae

                                                                            SHA1

                                                                            85d9eecabf69fb6ba47ff4abd85fe000b352cbda

                                                                            SHA256

                                                                            525d3d15e81db07cfe09f37a7bf3cef70e316ff10e82523b569dcc2c989e312e

                                                                            SHA512

                                                                            9a342ac9c5df53f35c7335bef2fb5fee72ec63a0da3288fd95c0ae4c3cd5e18082f3bb40deac9029bab806310dd8b71d2856e5044c3b00f327eda7a4fdcf1f43

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                            Filesize

                                                                            9KB

                                                                            MD5

                                                                            455ca8fe15fd0d978076707063673f57

                                                                            SHA1

                                                                            956432274df3ea09e2e1778cc716ebf83f1b31c0

                                                                            SHA256

                                                                            b93add348f956bf7b22b79145c3f06ea6fac6e7113715c7d27e3fcdb53edc0f1

                                                                            SHA512

                                                                            56aefdd5c19aad0fab25e44382f12c866be4afaa45424f78c35e17a3d4b583121be119c12a68e657e1b03c4e9dccbaf8a80d2ae3669187acd650a55ecae25094

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                            Filesize

                                                                            10KB

                                                                            MD5

                                                                            2df7e0c9d56908d237d7645288d30e8d

                                                                            SHA1

                                                                            4f71666da77584dd7330e09a2954e6643a6b0f70

                                                                            SHA256

                                                                            8d42ed27e62d7775499423888f47972b9e42857b726155ea3d1d00430a63e6d6

                                                                            SHA512

                                                                            108838af5aa83b89c7a9305466498352e4e183440ce0494b00a9ece0d9851eb2569886d6a89652913aa9e2af991a95601aea6d4780d33c3b441d83a04cc125ca

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                            Filesize

                                                                            11KB

                                                                            MD5

                                                                            fc253720e705d487b5afd6222babbdab

                                                                            SHA1

                                                                            234460dc8a0a976af3b6b18fc10bc8f313e162af

                                                                            SHA256

                                                                            e5bb1b56096e3c999112732fb1e79113c90c8a4afceef7571fadfdee4fa5dd5a

                                                                            SHA512

                                                                            9724d966bdc845eb8a3f34168b653d559dee8d3ea73750662ebbc425623a45af31a4b2d54421af5d735b47761c932b9177f2fd82b13e26f15597273f9f0142a6

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                            Filesize

                                                                            11KB

                                                                            MD5

                                                                            a9697473d90826f66bd2e65cceee7910

                                                                            SHA1

                                                                            97ea166e2925d0956c8e224c9bf0a07b215fd2de

                                                                            SHA256

                                                                            67f33b8988e31dfe640a2cbf7884b163e4e86122c5743c470c28fe35c8fbaa1a

                                                                            SHA512

                                                                            7091e0b8f1b5365c22830958a90dcf6e48274b31f480d8b62af1bc82d08cc88483d035b9b0b0cf4f8f48273837390c2d383ffbf60641b7f85245ae74237c7c81

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                            Filesize

                                                                            11KB

                                                                            MD5

                                                                            1d026dcdea5d116a0f68797f70b9e1db

                                                                            SHA1

                                                                            c66439be8d54076586790a5107e8d98b4fc615f9

                                                                            SHA256

                                                                            a75b7ac8f4c5706ad132685e69f67d9f1486c6f81249be1a638ebb97ee58c6c4

                                                                            SHA512

                                                                            8c89c9b11351c56110f923c82a775fd193cec9c21e44bbc50697b14fb9f06324c55f035d0d4b701bed385faf0836b68d44ae5783f4310b4c4bafbf87ec18aecc

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                            Filesize

                                                                            11KB

                                                                            MD5

                                                                            4e49a1489daff5274160bbd3003a77aa

                                                                            SHA1

                                                                            5e8f90deab9e222965299179db98b1a522df566a

                                                                            SHA256

                                                                            47a2eefd96737492244f91f19a4bb75207480ada09e056827d87e597217e1acf

                                                                            SHA512

                                                                            92e1d521c352847212d8fe6d6c1aab3743c1bbfbe811b10c0acea86bb1817e82cb2d6e7fc7cad4503f1351b3e9ec1f64e81a36fb20f4be46bbd23a3c8d57b1f8

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                            Filesize

                                                                            10KB

                                                                            MD5

                                                                            d6117ab2bfedcb4089cc11857b4aae13

                                                                            SHA1

                                                                            eb87394e0ba333a3b6a0a11441664a15fe6b173e

                                                                            SHA256

                                                                            e9ed8e957c6c04baa4a6b6792d48f0ec319552f4258136ec5b93f6956739752f

                                                                            SHA512

                                                                            1189085524b649e11ad965fc0c5c7a33ac92fa59a2b0f259f07df7607641315e9d6931fc5507646b646c94d55fac7cdfdb1e6868f756e738bd8106714c7a8410

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                            Filesize

                                                                            11KB

                                                                            MD5

                                                                            ec2de54be5b00e69ac7c48dd67b1cab8

                                                                            SHA1

                                                                            a8084b1e2eea85ea1f6f856ad66ae6ed361d778e

                                                                            SHA256

                                                                            2dab34602c7a58e44691f742e6659be9a5676a835aeceb70d12c95267e49473e

                                                                            SHA512

                                                                            26b7be41a98baf832b70c4830bfa1323e39b50296dba6958e10fd76602ad8623ec38e34599530c7edf9bbc341a1eb27ba737e53fc1d9fbbce51196c3df654741

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                            Filesize

                                                                            9KB

                                                                            MD5

                                                                            4cb0f93498200cbf8ed2da26f9abdfb0

                                                                            SHA1

                                                                            0dd438e88749f8baa3295d3aa98ea4fe861e1dc5

                                                                            SHA256

                                                                            ca9bd2cf89bd1364ebb280de478b1a388db713a1d981ddafcb96314916dc7fde

                                                                            SHA512

                                                                            ea14e9192731889bba2ee318067ee90cfca9a5723972b2877948f3ac2605b38561bd25ba3646713eafc9c8db4864be7609e1d9fc13c9040ba39be5770a474128

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                            Filesize

                                                                            11KB

                                                                            MD5

                                                                            a7daa19283c63aefe51ca3cea0584457

                                                                            SHA1

                                                                            3bde4dd45abca2d74bdd7bf5c636a6482b5d601e

                                                                            SHA256

                                                                            c853adbd34bcb90a494d416c2dbefe58b4a966326546638500a5102df7392fc7

                                                                            SHA512

                                                                            14fb514a923108dcb0bb403b74217949903f54785e9b03446a68b433015142e9c0955288e4ae2c09cd2523b19333699da430546ab129c072fb096027ba5eca70

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                            Filesize

                                                                            92KB

                                                                            MD5

                                                                            446b1956fac2d63e94566337dd203425

                                                                            SHA1

                                                                            20508a9ac094cb10f03a81fcd75f54b0970032df

                                                                            SHA256

                                                                            3a55b2112dc962fe7fadab9c1cf8ff28797decc4c99c23b21ddb912a1c525dcb

                                                                            SHA512

                                                                            2852a3ada7e280020b369100c1ee8c4470a3da12a94d42a560f2171eab3e88892e8486a7214c3afbebc1006bf8eb2a12121a2f3e764b25f9a87826b737f6e511

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                            Filesize

                                                                            92KB

                                                                            MD5

                                                                            273fd963aa812dd8fe9f29b642704de8

                                                                            SHA1

                                                                            a68abf2e59d6e0a1f8ee2bc70fa0c4bc9e4e1853

                                                                            SHA256

                                                                            ec6caeb57cb4d9617fd16000a58e407b96363219a3b26cac7105040ce4a56b7b

                                                                            SHA512

                                                                            da88a4e016a7815eb5ae544cc204a4308f6fb950125e5d436fb818e21c872470084796fd6f6ea2ae9dbd482683de62b8e75fb838cf19c01eeb8bc33bed2aa8f4

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                            Filesize

                                                                            92KB

                                                                            MD5

                                                                            eb7d507806a2589ff4f36c524605a177

                                                                            SHA1

                                                                            5851e21e2fed539dc5b0ecfa652243ff2ba1fb1b

                                                                            SHA256

                                                                            528388063fd7acedea8cc75e9ba4ea46db0508f10f743de824d78191473ead70

                                                                            SHA512

                                                                            d456984dc5dbba02e6e11594e4c96cf99660242e97300abfae41f1af78d57ed99485f7f1d882c6c29bfb91ec1278d8f078d5d48af373217c1f07c61aa72aac32

                                                                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9orreff.default-release\activity-stream.discovery_stream.json.tmp

                                                                            Filesize

                                                                            18KB

                                                                            MD5

                                                                            37f5b0f2814d56e44b22efeeeeeadbad

                                                                            SHA1

                                                                            e8c9dc4c2e12e09ced594ae4d36cfc740eb470c5

                                                                            SHA256

                                                                            01b78957d5618b41c4216d22775b42cba9d73baec76c256947ac29810321dada

                                                                            SHA512

                                                                            48373b97c259f45fd1a11fcde85fc4e5208e2942189b725898e0959688eba64d5d2971310bff4ab0cc377c4d7c78c19778542ef7fb81d3602b0fa1566846f275

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

                                                                            Filesize

                                                                            10KB

                                                                            MD5

                                                                            c7e6c4fe75def133faaad5143dd9866b

                                                                            SHA1

                                                                            16c306f0f07a1eb20a184a055e7d00dae5c1be2e

                                                                            SHA256

                                                                            93a3517d19755945a0e9a7f896bb4df74f0872ab515779b5919f8a06eb5732ed

                                                                            SHA512

                                                                            3f32f7d849fd6d5e064a4f67733f1d8cba9ede77e515e175283682055a4e2f9bce65dd5ef82239266c1dc58aa708905f677fa557f3261d20c5de55b64a9182e9

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\AlternateServices.bin

                                                                            Filesize

                                                                            6KB

                                                                            MD5

                                                                            13ba40b5fdfbba2906c6ce7b3ec21975

                                                                            SHA1

                                                                            c5063a7e0eca78c436c450ed20a90e7ef916949a

                                                                            SHA256

                                                                            aae557b63d07ce954ba2495de5126163bebbf6733d8c057333a41252ceb313d2

                                                                            SHA512

                                                                            88f7b01fa6e9bbde897a12244c0923431f31a420ec9f4bbace6e72afa12e5ae21631bb5ae9d3117d744915fc739ab845374f4172bf142cb8d10fa3fd0734ffee

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\datareporting\glean\db\data.safe.tmp

                                                                            Filesize

                                                                            6KB

                                                                            MD5

                                                                            06376b271dfc4ad97118931ac9aab620

                                                                            SHA1

                                                                            2109da9b2a2c491b0f4de920b8f6a1f86bed96de

                                                                            SHA256

                                                                            7e95c053313026ea16da560252a216925170f8a98ff26ff9ae041b7faf493c55

                                                                            SHA512

                                                                            2a2801a7eb2ed8779418570d1ed9e6ba534734823943bb47c27ce434341e0e367a3ea3da81121d4608024dbdd24900ba1cdeab25f8a9c05eea9c8d7f28250c79

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\datareporting\glean\db\data.safe.tmp

                                                                            Filesize

                                                                            5KB

                                                                            MD5

                                                                            fa335c223fb7eb1279906a1b8696e9dd

                                                                            SHA1

                                                                            36d691f66b81b0947ce9a5817e6c4072fe929660

                                                                            SHA256

                                                                            82434587c6b7a0e22f99dc62d87c33615eb07943fc25d94a221cd21dd1803ef3

                                                                            SHA512

                                                                            b361ba3e01b34482598352ab96e52a1170bf09e604a750b79b54038d2f0e628c1edaef41cfe73ac55892aa39d3f263723789f40842db01709693256318abf604

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\datareporting\glean\db\data.safe.tmp

                                                                            Filesize

                                                                            5KB

                                                                            MD5

                                                                            33e2453782b59ec11a64d9d8227c2d39

                                                                            SHA1

                                                                            b79d52c95acdf0404cc8a34da34098d395ed3134

                                                                            SHA256

                                                                            1d5466715ca77359d8e8b7f966fa0be887be05640a494e65861419f606284369

                                                                            SHA512

                                                                            ca0ddb9517b9850feb2927557c84d13a5dd1c643f08bfa824e96ac26be1c67de2646d5e498adf11f429d9f954d3f182691f74b61992d9b962fc1778c81b67a59

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\datareporting\glean\pending_pings\3d2dcb30-582c-43a7-8ea3-845fbc34e93a

                                                                            Filesize

                                                                            982B

                                                                            MD5

                                                                            3ad58a0262cf92984e8786b8c3298029

                                                                            SHA1

                                                                            09b95fb176f268a5f4360dfee32867318247bead

                                                                            SHA256

                                                                            6fcb009b0787cf3e7eaaf82cfd44f036b25b5c5c06a191ef68b99f261f816da2

                                                                            SHA512

                                                                            c03399c1c712ec208c7e28056a81afdce72636ef27ce59f12aa7d5339fdedb9f4ff1eb812d97a21e925425845e4c1b55d5d8660bdb38579059927385fbb1cda3

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\datareporting\glean\pending_pings\d364423e-32f6-4693-b5a1-bbc0aaf29867

                                                                            Filesize

                                                                            26KB

                                                                            MD5

                                                                            00193646ffba465e39fa5cfd63d9f7a0

                                                                            SHA1

                                                                            84fea7514497fc286e4b7fd7b0abdf11870d5f88

                                                                            SHA256

                                                                            7db7efe06a0552d37411d47bcf7d248c4c7cb7eb7408bc1a19939877fa0ddce9

                                                                            SHA512

                                                                            da4200aa5d316593b4b369c04d8ab321a466067bb4b234e70b80f8e7ec4162ab0c020b7ab9d0e93de631199ae5e1506811788c941bd70301b7dbec28a5330eb8

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\datareporting\glean\pending_pings\f5527d06-9d14-4e5b-8aa3-e1f66ea65d94

                                                                            Filesize

                                                                            671B

                                                                            MD5

                                                                            e44e8663ccfc5c44e23a4db5e344ab6b

                                                                            SHA1

                                                                            37da31293e80dcb3eef68a1068123e52192a3d2f

                                                                            SHA256

                                                                            a7f8c0e4bcc522f125260fdf9267148422ac8fa1621f8009c98ca40b27f517f7

                                                                            SHA512

                                                                            8f0de2f467ea00c7f3e059e3f6a79e281fbe435ad2188c173ebf59fcb20d2ca7c9ee5809bd0f7708faf5aea73fc1f859a34568ac49d47854c02671ea742fa54c

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\prefs.js

                                                                            Filesize

                                                                            8KB

                                                                            MD5

                                                                            5bc2bef7a29c052bf1d2217c7dd41bc4

                                                                            SHA1

                                                                            d8d98c3a8fd8c8f0dde228d0d6801c0b9dc67184

                                                                            SHA256

                                                                            0e98021ffd0ceed82df8531d28e3d049349d37b92739e95e01eb8a4fef83dfa1

                                                                            SHA512

                                                                            0fc58bd45344ade26e78c90e840faf5024b7b5e679e5d4983c691a696a07950d83de44365ab58cb8a0a46c01ca6acad23eb5f4d68f830e184a726808bf6a3978

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\prefs.js

                                                                            Filesize

                                                                            11KB

                                                                            MD5

                                                                            39c57d01e43b5200d0c0650818378b67

                                                                            SHA1

                                                                            6fdf9e5a37646415cf06da394f80758f6c2023b2

                                                                            SHA256

                                                                            1172a5471157597f0e549ab0cdd35651c03b3412e16cf517225645691c995061

                                                                            SHA512

                                                                            d9f85919a3d1ce3b867932db8a1bcae57a9efff927a566c535b704e05192337a6e1d555b0dfbb6dcebd5f92e2f0761609513ac84aa9c69fb9f224c4f27fa0303

                                                                          • C:\Users\Admin\AppData\Roaming\d3d9.dll

                                                                            Filesize

                                                                            205KB

                                                                            MD5

                                                                            f9518ffe8440bb06e5cefa90d928aed8

                                                                            SHA1

                                                                            364b74d3f1f4d967a95e066c695209e6deb0d1b2

                                                                            SHA256

                                                                            dda11b2d41246c39473f2266df03399d9fd9c68be8f84a601a5ba3cf4b51d305

                                                                            SHA512

                                                                            5e15d08887d223f3c6acc1711a7030306438d297402c79848a3588d40bb88b816cf5a735be043dcff328219ac3d3c4141364ffa7b790201e97f3fdf7f24bcd79

                                                                          • C:\Users\Admin\Desktop\NORD VPN.rar

                                                                            Filesize

                                                                            13.9MB

                                                                            MD5

                                                                            6d8ae7925b692b380e168c9a351ea9c7

                                                                            SHA1

                                                                            b3363c66302051d5e4937ab6e066e8c145e27e2a

                                                                            SHA256

                                                                            3da905f4227a1701abf3889ca2cf7644d9638812e0670ab186db568533b0171b

                                                                            SHA512

                                                                            1553eb74066d9a3b8aee8f4f6dc18b40761ea8a38a8866139e8d588c3a9b7c96e521cf30f1bbed88f9f61cc415e35d5c9b8003d7f14f95c2e4dd18bef1dcea8f

                                                                          • C:\Users\Admin\Desktop\NORD VPN\Setup.exe

                                                                            Filesize

                                                                            777KB

                                                                            MD5

                                                                            609dc8041c85d08ca88532beda64010b

                                                                            SHA1

                                                                            a3f016ce71a6e39529f3e270f70baa4aa5a4d66a

                                                                            SHA256

                                                                            5eddb42cd21a88637770326bea9ae489ea4b1e3076adf38e1f1021a2deacf194

                                                                            SHA512

                                                                            e8ba403f37d5f3b59e8f6ee54665c9c7dc6c1732cfe0c5c18d4c5049b760a4bac58b10a2f4dc84ba7e40f04548222cd72eb390df7356af9152dbcb0960adb984

                                                                          • C:\Users\Admin\Desktop\NORD VPN\readme.txt

                                                                            Filesize

                                                                            253B

                                                                            MD5

                                                                            8e4d39f6f4173b229f9db7e331cc4dae

                                                                            SHA1

                                                                            95ddd04f1e6722f5c8c42fa9075ab385014ff8df

                                                                            SHA256

                                                                            71c0b861f754e31bab441f88c52e361622ea13ad202ba1442726d0297fd03017

                                                                            SHA512

                                                                            0b0a918cd1ca385f4210e66a702e36e6b68165555fbb127d5400d008e446c82a7048e626fa968a49b8c176550f67b4f042bd3de57c317758ba43a8af91f19434

                                                                          • C:\Users\Admin\Downloads\NORD VPN.rar:Zone.Identifier

                                                                            Filesize

                                                                            26B

                                                                            MD5

                                                                            fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                            SHA1

                                                                            d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                            SHA256

                                                                            eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                            SHA512

                                                                            aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                          • C:\Users\Admin\Downloads\Unconfirmed 589010.crdownload

                                                                            Filesize

                                                                            1.5MB

                                                                            MD5

                                                                            f1320bd826092e99fcec85cc96a29791

                                                                            SHA1

                                                                            c0fa3b83cf9f9ec5e584fbca4a0afa9a9faa13ed

                                                                            SHA256

                                                                            ad12cec3a3957ff73a689e0d65a05b6328c80fd76336a1b1a6285335f8dab1ba

                                                                            SHA512

                                                                            c6ba7770de0302dd90b04393a47dd7d80a0de26fab0bc11e147bf356e3e54ec69ba78e3df05f4f8718ba08ccaefbd6ea0409857973af3b6b57d271762685823a

                                                                          • memory/5272-1201-0x0000000004C80000-0x0000000004CE6000-memory.dmp

                                                                            Filesize

                                                                            408KB

                                                                          • memory/5272-1199-0x0000000000700000-0x0000000000722000-memory.dmp

                                                                            Filesize

                                                                            136KB

                                                                          • memory/5272-1202-0x00000000057D0000-0x0000000005DE8000-memory.dmp

                                                                            Filesize

                                                                            6.1MB

                                                                          • memory/5272-1203-0x00000000051F0000-0x0000000005202000-memory.dmp

                                                                            Filesize

                                                                            72KB

                                                                          • memory/5272-1204-0x0000000005320000-0x000000000542A000-memory.dmp

                                                                            Filesize

                                                                            1.0MB

                                                                          • memory/6592-1193-0x0000000003500000-0x0000000003506000-memory.dmp

                                                                            Filesize

                                                                            24KB

                                                                          • memory/6592-1192-0x0000000000FC0000-0x000000000108C000-memory.dmp

                                                                            Filesize

                                                                            816KB