hxxps://sf-helper[.]net/dist/2023-06-08/SF-Helper[.]exe?vid=300&_=1689779079073&uid=af1c3268e6084f7b"

Analysis

max time kernel
150s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-08-2024 15:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sf-helper.net/dist/2023-06-08/SF-Helper.exe?vid=300&_=1689779079073&uid=af1c3268e6084f7b"

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation	AppHelper.exe

Executes dropped EXE 2 IoCs

pid	Process
772	SF-Helper-[_300_].exe
4936	AppHelper.exe

Loads dropped DLL 14 IoCs

pid	Process
772	SF-Helper-[_300_].exe
772	SF-Helper-[_300_].exe
772	SF-Helper-[_300_].exe
772	SF-Helper-[_300_].exe
772	SF-Helper-[_300_].exe
772	SF-Helper-[_300_].exe
772	SF-Helper-[_300_].exe
772	SF-Helper-[_300_].exe
772	SF-Helper-[_300_].exe
772	SF-Helper-[_300_].exe
772	SF-Helper-[_300_].exe
772	SF-Helper-[_300_].exe
772	SF-Helper-[_300_].exe
772	SF-Helper-[_300_].exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SF-Helper-[_300_].exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AppHelper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 4f7e970612e5da01	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Software\Microsoft\Internet Explorer\RepId	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31123278"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\RepId\PublicId = "{02CC5F84-CE27-4EBD-9368-751F636D94E9}"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "861294655"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31123278"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "861294655"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{5E5D2051-5341-11EF-9A03-DA2E3A28CA1B} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429637547"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133673462109412356"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
916	chrome.exe
916	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	916	chrome.exe
Token: SeCreatePagefilePrivilege	916	chrome.exe
Token: SeShutdownPrivilege	916	chrome.exe
Token: SeCreatePagefilePrivilege	916	chrome.exe
Token: SeShutdownPrivilege	916	chrome.exe
Token: SeCreatePagefilePrivilege	916	chrome.exe
Token: SeShutdownPrivilege	916	chrome.exe
Token: SeCreatePagefilePrivilege	916	chrome.exe
Token: SeShutdownPrivilege	916	chrome.exe
Token: SeCreatePagefilePrivilege	916	chrome.exe
Token: SeShutdownPrivilege	916	chrome.exe
Token: SeCreatePagefilePrivilege	916	chrome.exe
Token: SeShutdownPrivilege	916	chrome.exe
Token: SeCreatePagefilePrivilege	916	chrome.exe
Token: SeShutdownPrivilege	916	chrome.exe
Token: SeCreatePagefilePrivilege	916	chrome.exe
Token: SeShutdownPrivilege	916	chrome.exe
Token: SeCreatePagefilePrivilege	916	chrome.exe
Token: SeShutdownPrivilege	916	chrome.exe
Token: SeCreatePagefilePrivilege	916	chrome.exe
Token: SeShutdownPrivilege	916	chrome.exe
Token: SeCreatePagefilePrivilege	916	chrome.exe
Token: SeShutdownPrivilege	916	chrome.exe
Token: SeCreatePagefilePrivilege	916	chrome.exe
Token: SeShutdownPrivilege	916	chrome.exe
Token: SeCreatePagefilePrivilege	916	chrome.exe
Token: SeShutdownPrivilege	916	chrome.exe
Token: SeCreatePagefilePrivilege	916	chrome.exe
Token: SeShutdownPrivilege	916	chrome.exe
Token: SeCreatePagefilePrivilege	916	chrome.exe
Token: SeShutdownPrivilege	916	chrome.exe
Token: SeCreatePagefilePrivilege	916	chrome.exe
Token: SeShutdownPrivilege	916	chrome.exe
Token: SeCreatePagefilePrivilege	916	chrome.exe
Token: SeShutdownPrivilege	916	chrome.exe
Token: SeCreatePagefilePrivilege	916	chrome.exe
Token: SeShutdownPrivilege	916	chrome.exe
Token: SeCreatePagefilePrivilege	916	chrome.exe
Token: SeShutdownPrivilege	916	chrome.exe
Token: SeCreatePagefilePrivilege	916	chrome.exe
Token: SeShutdownPrivilege	916	chrome.exe
Token: SeCreatePagefilePrivilege	916	chrome.exe
Token: SeShutdownPrivilege	916	chrome.exe
Token: SeCreatePagefilePrivilege	916	chrome.exe
Token: SeShutdownPrivilege	916	chrome.exe
Token: SeCreatePagefilePrivilege	916	chrome.exe
Token: SeShutdownPrivilege	916	chrome.exe
Token: SeCreatePagefilePrivilege	916	chrome.exe
Token: SeShutdownPrivilege	916	chrome.exe
Token: SeCreatePagefilePrivilege	916	chrome.exe
Token: SeShutdownPrivilege	916	chrome.exe
Token: SeCreatePagefilePrivilege	916	chrome.exe
Token: SeShutdownPrivilege	916	chrome.exe
Token: SeCreatePagefilePrivilege	916	chrome.exe
Token: SeShutdownPrivilege	916	chrome.exe
Token: SeCreatePagefilePrivilege	916	chrome.exe
Token: SeShutdownPrivilege	916	chrome.exe
Token: SeCreatePagefilePrivilege	916	chrome.exe
Token: SeShutdownPrivilege	916	chrome.exe
Token: SeCreatePagefilePrivilege	916	chrome.exe
Token: SeShutdownPrivilege	916	chrome.exe
Token: SeCreatePagefilePrivilege	916	chrome.exe
Token: SeShutdownPrivilege	916	chrome.exe
Token: SeCreatePagefilePrivilege	916	chrome.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
3196	iexplore.exe
3196	iexplore.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe
916	chrome.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3196	iexplore.exe
3196	iexplore.exe
3460	IEXPLORE.EXE
3460	IEXPLORE.EXE
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe
4936	AppHelper.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3196 wrote to memory of 3460	3196	iexplore.exe	83
PID 3196 wrote to memory of 3460	3196	iexplore.exe	83
PID 3196 wrote to memory of 3460	3196	iexplore.exe	83
PID 3196 wrote to memory of 772	3196	iexplore.exe	88
PID 3196 wrote to memory of 772	3196	iexplore.exe	88
PID 3196 wrote to memory of 772	3196	iexplore.exe	88
PID 772 wrote to memory of 4936	772	SF-Helper-[_300_].exe	92
PID 772 wrote to memory of 4936	772	SF-Helper-[_300_].exe	92
PID 772 wrote to memory of 4936	772	SF-Helper-[_300_].exe	92
PID 4936 wrote to memory of 916	4936	AppHelper.exe	94
PID 4936 wrote to memory of 916	4936	AppHelper.exe	94
PID 916 wrote to memory of 832	916	chrome.exe	95
PID 916 wrote to memory of 832	916	chrome.exe	95
PID 916 wrote to memory of 2876	916	chrome.exe	96
PID 916 wrote to memory of 2876	916	chrome.exe	96
PID 916 wrote to memory of 2876	916	chrome.exe	96
PID 916 wrote to memory of 2876	916	chrome.exe	96
PID 916 wrote to memory of 2876	916	chrome.exe	96
PID 916 wrote to memory of 2876	916	chrome.exe	96
PID 916 wrote to memory of 2876	916	chrome.exe	96
PID 916 wrote to memory of 2876	916	chrome.exe	96
PID 916 wrote to memory of 2876	916	chrome.exe	96
PID 916 wrote to memory of 2876	916	chrome.exe	96
PID 916 wrote to memory of 2876	916	chrome.exe	96
PID 916 wrote to memory of 2876	916	chrome.exe	96
PID 916 wrote to memory of 2876	916	chrome.exe	96
PID 916 wrote to memory of 2876	916	chrome.exe	96
PID 916 wrote to memory of 2876	916	chrome.exe	96
PID 916 wrote to memory of 2876	916	chrome.exe	96
PID 916 wrote to memory of 2876	916	chrome.exe	96
PID 916 wrote to memory of 2876	916	chrome.exe	96
PID 916 wrote to memory of 2876	916	chrome.exe	96
PID 916 wrote to memory of 2876	916	chrome.exe	96
PID 916 wrote to memory of 2876	916	chrome.exe	96
PID 916 wrote to memory of 2876	916	chrome.exe	96
PID 916 wrote to memory of 2876	916	chrome.exe	96
PID 916 wrote to memory of 2876	916	chrome.exe	96
PID 916 wrote to memory of 2876	916	chrome.exe	96
PID 916 wrote to memory of 2876	916	chrome.exe	96
PID 916 wrote to memory of 2876	916	chrome.exe	96
PID 916 wrote to memory of 2876	916	chrome.exe	96
PID 916 wrote to memory of 2876	916	chrome.exe	96
PID 916 wrote to memory of 2876	916	chrome.exe	96
PID 916 wrote to memory of 4384	916	chrome.exe	97
PID 916 wrote to memory of 4384	916	chrome.exe	97
PID 916 wrote to memory of 2008	916	chrome.exe	98
PID 916 wrote to memory of 2008	916	chrome.exe	98
PID 916 wrote to memory of 2008	916	chrome.exe	98
PID 916 wrote to memory of 2008	916	chrome.exe	98
PID 916 wrote to memory of 2008	916	chrome.exe	98
PID 916 wrote to memory of 2008	916	chrome.exe	98
PID 916 wrote to memory of 2008	916	chrome.exe	98
PID 916 wrote to memory of 2008	916	chrome.exe	98
PID 916 wrote to memory of 2008	916	chrome.exe	98
PID 916 wrote to memory of 2008	916	chrome.exe	98
PID 916 wrote to memory of 2008	916	chrome.exe	98
PID 916 wrote to memory of 2008	916	chrome.exe	98
PID 916 wrote to memory of 2008	916	chrome.exe	98
PID 916 wrote to memory of 2008	916	chrome.exe	98
PID 916 wrote to memory of 2008	916	chrome.exe	98
PID 916 wrote to memory of 2008	916	chrome.exe	98
PID 916 wrote to memory of 2008	916	chrome.exe	98
PID 916 wrote to memory of 2008	916	chrome.exe	98
PID 916 wrote to memory of 2008	916	chrome.exe	98

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://sf-helper.net/dist/2023-06-08/SF-Helper.exe?vid=300&_=1689779079073&uid=af1c3268e6084f7b"
1⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3196
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3196 CREDAT:17410 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3460
- C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BOIFDBOU\SF-Helper-[_300_].exe
  "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BOIFDBOU\SF-Helper-[_300_].exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:772
- - C:\Users\Admin\AppData\Local\Programs\AppHelper\Bin\AppHelper.exe
    "C:\Users\Admin\AppData\Local\Programs\AppHelper\Bin\AppHelper.exe" install sf_helper_chrome
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4936
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --force-renderer-accessibility --start-maximized https://savefrom.net/userjs-for-google-chrome.php
      4⤵
      Enumerates system info in registry
      Modifies data under HKEY_USERS
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:916
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x11c,0x120,0x124,0xf4,0x128,0x7ffa3fcdcc40,0x7ffa3fcdcc4c,0x7ffa3fcdcc58
        5⤵
        
        PID:832
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2000,i,11747613121465569249,11553135740027848088,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1996 /prefetch:2
        5⤵
        
        PID:2876
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1864,i,11747613121465569249,11553135740027848088,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2064 /prefetch:3
        5⤵
        
        PID:4384
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2284,i,11747613121465569249,11553135740027848088,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2468 /prefetch:8
        5⤵
        
        PID:2008
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,11747613121465569249,11553135740027848088,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1
        5⤵
        
        PID:228
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,11747613121465569249,11553135740027848088,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3220 /prefetch:1
        5⤵
        
        PID:1472
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3676,i,11747613121465569249,11553135740027848088,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:8
        5⤵
        
        PID:1180
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5012,i,11747613121465569249,11553135740027848088,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4932 /prefetch:8
        5⤵
        
        PID:2488
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5076,i,11747613121465569249,11553135740027848088,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4960 /prefetch:8
        5⤵
        
        PID:2076
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5244,i,11747613121465569249,11553135740027848088,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4828 /prefetch:1
        5⤵
        
        PID:4788
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4796,i,11747613121465569249,11553135740027848088,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5216 /prefetch:1
        5⤵
        
        PID:1744
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5352,i,11747613121465569249,11553135740027848088,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4676 /prefetch:2
        5⤵
        
        PID:4652
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5496,i,11747613121465569249,11553135740027848088,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5536 /prefetch:1
        5⤵
        
        PID:4904
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5632,i,11747613121465569249,11553135740027848088,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4468 /prefetch:8
        5⤵
        
        PID:4868
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4808,i,11747613121465569249,11553135740027848088,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5224 /prefetch:8
        5⤵
        
        PID:2452
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3216,i,11747613121465569249,11553135740027848088,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5372 /prefetch:1
        5⤵
        
        PID:4280
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5200,i,11747613121465569249,11553135740027848088,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4932 /prefetch:8
        5⤵
        
        PID:3084
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3184,i,11747613121465569249,11553135740027848088,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5024 /prefetch:8
        5⤵
        
        PID:3380

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1504

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x3dc
1⤵
PID:508

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
1KB

MD5
7fb5fa1534dcf77f2125b2403b30a0ee

SHA1
365d96812a69ac0a4611ea4b70a3f306576cc3ea

SHA256
33a39e9ec2133230533a686ec43760026e014a3828c703707acbc150fe40fd6f

SHA512
a9279fd60505a1bfeef6fb07834cad0fd5be02fd405573fc1a5f59b991e9f88f5e81c32fe910f69bdc6585e71f02559895149eaf49c25b8ff955459fd60c0d2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

Filesize
436B

MD5
971c514f84bba0785f80aa1c23edfd79

SHA1
732acea710a87530c6b08ecdf32a110d254a54c8

SHA256
f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895

SHA512
43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
174B

MD5
d9bc8baab3a26b20ed5fb801fd6d28d7

SHA1
8e4d6696c3e86435a412ee9d9766640faf8e0aaa

SHA256
991ba7d0a655adaf38c874684468912c77fcd43daaaff0ec5c965e1bceca40b5

SHA512
f63edcd322a0b2d47ddc545a713f4cb22051d3f46664165fd2e201467fe4fa8a3c2c4462275b9c6c1b4d7a3896a670f94355c84d4abbe8b75a44abc7c448a625

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

Filesize
170B

MD5
22f15c0dd748d878fa68ed213068ac0f

SHA1
92d8bd5111b00e9c2ef24451ba3b5371da2c20b4

SHA256
e07de0e1274e410d639124cd5c5dcfeb17c13f3fa3021ef7c9e5d08c3dbd8e32

SHA512
33bb0ebd00fd68eb9c312e6c81b698dd78d81fd51ac81121cb405e23bbf2a590c2834eb89ec44ac3b7373425aa9a8ba74dfca5c65724770760700a58cb353b77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
1024KB

MD5
c49c871d41cf2e35d4791a01c7b52f5c

SHA1
67b41e80c1138abe6b956da10ced3ed1c907790d

SHA256
791aa1ac3475287c948f5264ef886d39d04b2ccc38c16dc6e6274d216926ce60

SHA512
ef8050a0daf370fc5558391a62087cd6c7476758b17258466ad551aa2479ebe5793fe16ec7164b8fcc6a112e31ce5ba5ad6440b4100a4f19bfd1a15dfeba7015

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
c74273e6153794c8672eb3d9f0c4a9da

SHA1
7ff78e25bfbb70094e5a779edc4973ef07dfa5c7

SHA256
d81168122a5f70a3288b05062c0c745bed0f44113ca250fa43cffbac186a1ff0

SHA512
d3d5241544cfdb0156537e14f903c4248ffcf2a535fdacf3985c94eddf9117cae9afb8250c1b5757c7a07e5d8936dc0a13da5c1d701ec3b1dd97667160f6a4e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
5f619597ee995d3c04192167c279b228

SHA1
00bafe6b0819ea754e0d7f6a014554b0257ab8ac

SHA256
74a99ce81d816af464c21f07dc27ffb7e4967b0605de7c4b3739b11e2a711a5e

SHA512
febeabcb40275e3b3e0d0bbf5a86a55c352aa0a5fb96c89d7fa7216fea71748dbf9500a19cbdcd61a18405772996d9466441b1daab703eecc8c80bdc776abd2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3137f046b74b7f48437d4070a93008bd

SHA1
56fd2aa548633eaab4942d5c0270167b4a3fa9d1

SHA256
d20c2e06a51291e9483a20167051dc0d058a21ed893c620761c472179cd4560c

SHA512
261103a32a79e18de41f7b936de9435bd6d48af9449344324a9b5ea87ff877c01069d8f727746a41b5c61b8d3b7372b9394e364a9662a3681871f3a59f9bfa70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
06651dd211585ca1dd5e47c3ef9cc712

SHA1
61be3cd039b4fbbcb8519c44c40781e63d914509

SHA256
ed2a42d171b3e9d7098365453c1eac70c868218a5372d192d8d0aa547a88e1a4

SHA512
e3a2ea350678e4d0fbe87526bb373d88c9d1165a5e705a56822586b32971b217afc46f71148c6309c6b3d5f75c1c4deee7901ed28a9b01b7e187734c16124f47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
506156777853a35b5e609c0a440a6058

SHA1
324725ec82fd8f94baebc04755a627bcc5e3455e

SHA256
bce250607c6b66c0fb7a59eea2b2f1a02a58c38fb385c51766b4c6fbe7679639

SHA512
e25540af66d7d8fb65cab4efc2b5d4c9b2385b4689b531d78cd0e015bdfce382a55e8a15c279a119cbfdbf65135ab040a484ec76191fc71a983e40d5bd794f49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
649cdc791bca4581fce93218cb8f6918

SHA1
68126996ecef71bd5276622e828147f54e4452e5

SHA256
a2c954c7cb9435fcf3a1c23fbe31b340de9ac178aa126b1fcf3d7db59d189207

SHA512
be33f50043dcb399acb23d2d51024aef6560bc11173c8faf11893d91dbbd42daf0dbe070395902361d29c774634ad1045d2dc8bc1eefef36fcab1772ee3a428c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
928490298dccc3fe598f0c53eb262d7b

SHA1
478003c91e47ac4d7ad834a1f080047e42868f59

SHA256
a6d0c83769518f630ee656677b2a88628dd3c748c62a636ac5c862b6c0bdca93

SHA512
b4cd1f2112464dae603019db73b28682a48e6625d0a310ce60d7c500e01d2f4f9ec3f973f81ef1d5331faa76a8de04a2b1f273afc4bbb18a3a067a022446ed7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ea978ef6a1755265b1b9590252032f43

SHA1
844ca4c00328288c534b13155ccb3fb819c45452

SHA256
70bc92c3eba373329f2d1ae76a343106655414dec815d645a6d2b0a06ac17c47

SHA512
6fb3ea483dccb2fe59782d4f8be60521c4e802af367e4f7ba7ad01b3c7a508c4c313252f9c2088d129c5d25451bf5f12f1c8eef2a29885a2b62bbf98653fbe3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4adb19d1acbd6297b0c6ad9139ea2e76

SHA1
24b3fdb11985b5e2db3fa493268c97e87bf99dea

SHA256
b89987ea2008795e0e5260d1f11008600a372251b6e75d40e96ba80e63265cfc

SHA512
7f42aa0b9dd7bcce9a725011c750a66eb516ac5d540c066275c9cec716826febe5bfacd4d13674c74fbf8991bde16681a67e607d815c1875dcdf7c276d0940f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0752b1801acd190af2d45c5977840d11

SHA1
15177ae10f26e67c33a4cc1588792eb5f3ee7c76

SHA256
cbe74b94af0873951bed8ce6964f031129d4f11fb44833dfa2caa180f72b92e9

SHA512
3ff6f1defbedaa5aef4445047ac475b6d7963ba304a5741172153336987815c798d5bec6ffc3ef330da67569f2aa9291166c11ca9aee22ef6b1e754fcc865638

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3dc1685be6f652074c11f098126c00de

SHA1
0b1eab7818d1ca0e8d5a654d46e24c50f4661a2d

SHA256
eddd3d4b870c7c726178e297eb56790d837fd2b6cf3c373952b0e194556d38df

SHA512
c759d3b0fff0d665c38b3b3f3dc8ace7cdefc6849af3a84f8792b1d9b023ff8d729402faa39ef34682808095f8c43ed9bbbf5c52da5c8104a072da378fa387c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e1e4699b1fddf649474328b862c62905

SHA1
c0e51f5d1de14a03646cb0285dbf4a85d4fbf6e5

SHA256
a42f55fbfdd5a6e4175c530e174fdfeae0d1243ec4542170021bb388876dd7dd

SHA512
3777a8a5664f1efc3b83bd04c00dd60fd6c68e9325ec68d6920c7a0fcc55f7701004e75a0c6997ddb71620c2864f7fcf3e6f86e286716253da625770922a3165

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
1b615d3af45b9b0d65da20cdbed7675b

SHA1
c2c07c2f1720602eb65df15c19ad58dd865f66ab

SHA256
a99d4a56b1f3adbfd154c55a62cb6870514581851e627877a49dad2246409ad7

SHA512
e1bb64b89b1a8ba78905ecb0d6f4b33da9fdb9cc8470e4f756652b079e9727afcd74fb8831b50a86aa690526d68fda65d6738de0121866fef797d1ae2f696a79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
ce5d4b42bc10e0787cfeba68b9309fa7

SHA1
d93714925c5aa6ea9c108f32544e41a6c2d03522

SHA256
e3605af9463ee50e45402eba87a7392d4e00776ce735fd66c3fbed26a7b80e73

SHA512
508ae8fc13a21c2fba6c7dcfc3dbc6d5f921bc8b1462f0961f3995cf696d8ca24af5565c236573e6f721fc5913f3daf674f138a858440aa3c694a8b30be4106a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FGWUB7UN\SF-Helper-[_300_][1].exe

Filesize
293KB

MD5
cb7540975a2d1643707fa30760b36c7b

SHA1
5ae5cd61058dd0979e2c898bda1b07d26d041f3f

SHA256
9c44660a837beaed12beb9cb626ee2886910adefe044f269240a1e2db1ee6dbf

SHA512
730d22fcf5228f7c03eb757d786e7bceebf362f63bec6d2a1c3307675bca87af580bbd0b0002f7a1cdc559928137d5e58512d90a29023b8aeb22cac2ba1d8717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FGWUB7UN\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Programs\AppHelper\Bin\AppHelper.exe

Filesize
603KB

MD5
06e0d1a3df4601bfb421db2ef1c74f4f

SHA1
0616e3aa53d65f3c06f9d6c493d2727871aeaba1

SHA256
58aaf9d991c3143ea7b34c57e4d0e7af2af2e0a841df23c4d960d29577c9399d

SHA512
5fc1a40b9c67ca7e618ea520d0445d8fc9256a6a29438b0b662e3cade364fa7568002aaa7e73428fef47f849dce73c88d0d70184b934803d52ea98c726188c06

Download Submit
C:\Users\Admin\AppData\Local\Programs\AppHelper\Tools\sf-helper-default\sf-helper-default-installer.log

Filesize
4KB

MD5
3b064e1f807e72ef66524b6082f07d0f

SHA1
e4c37f7be6310856e59810e02b1372011350b27a

SHA256
8d99350fedf3052cf2764f83c12d639597dd321f33df1fbf0b786237dc867c2f

SHA512
a6e560ac02b116663727051e9ad051c7796cc0f4c027d9f96cb869b97b6785121395809f63f3dcfe5a2e347e6be1e7c53b8a87bca5c4b16f5ae32ae31eac504f

Download Submit
C:\Users\Admin\AppData\Local\Programs\AppHelper\Tools\sf-helper-default\sf-helper-default-installer.log

Filesize
610B

MD5
5476100b9f3672c406fb60ace0c1de8f

SHA1
33ebb60fd36188368c1b162b2c5bad835fa8c6b5

SHA256
c74ece6d5f444368571016d901af584b63870b911a60d03dfac112ac32b56bb4

SHA512
76cd220382e75a73280faf983350040269cabfe36e7440f40c99b337ad5855e8df2de3c9dee86c9fa4b9947a109b4fd6f28d8d340c8ac0a0284888d5873ed845

Download Submit
C:\Users\Admin\AppData\Local\Programs\AppHelper\Tools\sf-helper-default\sf-helper-default-uninstaller.ini

Filesize
273B

MD5
deeed5305afa0105c7571987509e48de

SHA1
cbb41d6450d5a9e0f76b874e7d8e31ec2387d86a

SHA256
55e894b886d9b542b46bb19136039800c7b85d753435cc9aae5e1b40f8273cfe

SHA512
a6be44eeabe042bb46057af0a1207c1abb52f4753142417972a69ebe66cbe2709faae50db261126f68b9fe89468e0b94d7b87dac15c7a0631ca705250702a201

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk1128.tmp

Filesize
35B

MD5
28d6814f309ea289f847c69cf91194c6

SHA1
0f4e929dd5bb2564f7ab9c76338e04e292a42ace

SHA256
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

SHA512
1d68b92e8d822fe82dc7563edd7b37f3418a02a89f1a9f0454cca664c2fc2565235e0d85540ff9be0b20175be3f5b7b4eae1175067465d5cca13486aab4c582c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnE782.tmp\INetC.dll

Filesize
25KB

MD5
40d7eca32b2f4d29db98715dd45bfac5

SHA1
124df3f617f562e46095776454e1c0c7bb791cc7

SHA256
85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9

SHA512
5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnE782.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnE782.tmp\nsExec.dll

Filesize
7KB

MD5
675c4948e1efc929edcabfe67148eddd

SHA1
f5bdd2c4329ed2732ecfe3423c3cc482606eb28e

SHA256
1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906

SHA512
61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683

Download Submit