kutaki | hxxps://kairosinfo[.]in/stampduty

Analysis

max time kernel
300s
max time network
301s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22-08-2024 12:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://kairosinfo.in/stampduty

Score

10^/10

kutaki discovery keylogger stealer

Malware Config

Extracted

Family

kutaki

http://treysbeatend.com/laptop/squared.php

Signatures

Kutaki
Information stealer and keylogger that hides inside legitimate Visual Basic applications.
stealer keylogger kutaki

Drops startup file 4 IoCs

Processes:

rock.batrock.bat

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tsjjmpfk.exe	rock.bat
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tsjjmpfk.exe	rock.bat
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tsjjmpfk.exe	rock.bat
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tsjjmpfk.exe	rock.bat

Executes dropped EXE 2 IoCs

Processes:

tsjjmpfk.exetsjjmpfk.exe

pid process

4420 tsjjmpfk.exe
4612 tsjjmpfk.exe

pid	process
4420	tsjjmpfk.exe
4612	tsjjmpfk.exe

Drops file in System32 directory 2 IoCs

Processes:

chrome.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

rock.batcmd.exetaskkill.exetsjjmpfk.exerock.batcmd.exetsjjmpfk.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rock.bat
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tsjjmpfk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rock.bat
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tsjjmpfk.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

5564 taskkill.exe

pid	process
5564	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133688022310359920"	chrome.exe

Modifies registry class 49 IoCs

Processes:

firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "3"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	firefox.exe

NTFS ADS 1 IoCs

Processes:

firefox.exe

description ioc process

File created C:\Users\Admin\Downloads\Stamp Duty.zip:Zone.Identifier firefox.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

4544 chrome.exe
4544 chrome.exe
2996 chrome.exe
2996 chrome.exe
2996 chrome.exe
2996 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exe

pid process

4544 chrome.exe
4544 chrome.exe
4544 chrome.exe
4544 chrome.exe
4544 chrome.exe
4544 chrome.exe
4544 chrome.exe
4544 chrome.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\Stamp Duty.zip:Zone.Identifier	firefox.exe

pid	process
4544	chrome.exe
4544	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe

pid	process
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

firefox.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	3480	firefox.exe
Token: SeDebugPrivilege	3480	firefox.exe
Token: SeDebugPrivilege	3480	firefox.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe

Suspicious use of FindShellTrayWindow 54 IoCs

Processes:

firefox.exechrome.exe

pid	process
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe

Suspicious use of SendNotifyMessage 44 IoCs

Processes:

firefox.exechrome.exe

pid	process
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe

Suspicious use of SetWindowsHookEx 17 IoCs

Processes:

firefox.exerock.battsjjmpfk.exerock.battsjjmpfk.exe

pid	process
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
5880	rock.bat
5880	rock.bat
5880	rock.bat
4420	tsjjmpfk.exe
4420	tsjjmpfk.exe
4420	tsjjmpfk.exe
5656	rock.bat
5656	rock.bat
5656	rock.bat
4612	tsjjmpfk.exe
4612	tsjjmpfk.exe
4612	tsjjmpfk.exe
3480	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 1256 wrote to memory of 3480	1256	firefox.exe	firefox.exe
PID 1256 wrote to memory of 3480	1256	firefox.exe	firefox.exe
PID 1256 wrote to memory of 3480	1256	firefox.exe	firefox.exe
PID 1256 wrote to memory of 3480	1256	firefox.exe	firefox.exe
PID 1256 wrote to memory of 3480	1256	firefox.exe	firefox.exe
PID 1256 wrote to memory of 3480	1256	firefox.exe	firefox.exe
PID 1256 wrote to memory of 3480	1256	firefox.exe	firefox.exe
PID 1256 wrote to memory of 3480	1256	firefox.exe	firefox.exe
PID 1256 wrote to memory of 3480	1256	firefox.exe	firefox.exe
PID 1256 wrote to memory of 3480	1256	firefox.exe	firefox.exe
PID 1256 wrote to memory of 3480	1256	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 3632	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 2576	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 2576	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 2576	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 2576	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 2576	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 2576	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 2576	3480	firefox.exe	firefox.exe
PID 3480 wrote to memory of 2576	3480	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://kairosinfo.in/stampduty"
1⤵
- Suspicious use of WriteProcessMemory
PID:1256
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://kairosinfo.in/stampduty
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1920 -prefsLen 23602 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {352c9976-83b4-4b54-b1b9-0605b39adef6} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" gpu
    3⤵
    PID:3632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2436 -parentBuildID 20240401114208 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 24522 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6782cc5-bb4e-48e8-87e7-b943f12c6087} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" socket
    3⤵
    PID:2576
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3308 -childID 1 -isForBrowser -prefsHandle 3328 -prefMapHandle 2972 -prefsLen 22590 -prefMapSize 244628 -jsInitHandle 996 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27e905c6-6bda-4828-9983-5a5667d350c4} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" tab
    3⤵
    PID:4332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3840 -childID 2 -isForBrowser -prefsHandle 3864 -prefMapHandle 2776 -prefsLen 29012 -prefMapSize 244628 -jsInitHandle 996 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {404ca8e2-6aa7-484b-85e1-f4a36b754411} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" tab
    3⤵
    PID:4732
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4752 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4744 -prefMapHandle 4740 -prefsLen 29012 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0bec102-e79a-4d95-b4a0-5d3bf133e88b} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" utility
    3⤵
    - Checks processor information in registry
    PID:4152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5352 -childID 3 -isForBrowser -prefsHandle 5392 -prefMapHandle 5388 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 996 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0805d6b0-5d34-4b3b-8e91-d81cb616fcc9} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" tab
    3⤵
    PID:3524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5508 -childID 4 -isForBrowser -prefsHandle 5588 -prefMapHandle 5584 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 996 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {876218e2-2d51-4524-b14f-b023dbc89297} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" tab
    3⤵
    PID:3592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5728 -childID 5 -isForBrowser -prefsHandle 5492 -prefMapHandle 5496 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 996 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {deb3e5d9-b3b4-4434-b00b-04efdedc1dc5} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" tab
    3⤵
    PID:5096
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5004 -childID 6 -isForBrowser -prefsHandle 4252 -prefMapHandle 5868 -prefsLen 30572 -prefMapSize 244628 -jsInitHandle 996 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {43a5b155-f256-4a94-a485-0d26eebeb991} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" tab
    3⤵
    PID:5880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6648 -childID 7 -isForBrowser -prefsHandle 4260 -prefMapHandle 4252 -prefsLen 28038 -prefMapSize 244628 -jsInitHandle 996 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d77c661d-b431-47d1-9a6b-6df7cd8d45fd} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" tab
    3⤵
    PID:6004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5888 -childID 8 -isForBrowser -prefsHandle 5472 -prefMapHandle 5468 -prefsLen 28038 -prefMapSize 244628 -jsInitHandle 996 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e92aa1e6-dc98-4c91-8bdb-e130f1a886fe} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" tab
    3⤵
    PID:1436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5312 -childID 9 -isForBrowser -prefsHandle 5428 -prefMapHandle 6648 -prefsLen 28038 -prefMapSize 244628 -jsInitHandle 996 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5543767-4d0d-4fd0-9d4e-40a8ecb9ca0a} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" tab
    3⤵
    PID:5564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7020 -childID 10 -isForBrowser -prefsHandle 7028 -prefMapHandle 7040 -prefsLen 28038 -prefMapSize 244628 -jsInitHandle 996 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2c7257f-058e-412c-9863-f4323e601ba3} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" tab
    3⤵
    PID:6080
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7392 -childID 11 -isForBrowser -prefsHandle 7360 -prefMapHandle 7400 -prefsLen 28038 -prefMapSize 244628 -jsInitHandle 996 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {93f5a176-e48e-4a3d-8073-ee70449ad07c} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" tab
    3⤵
    PID:1804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffba32ecc40,0x7ffba32ecc4c,0x7ffba32ecc58
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,12777634617719838338,11752652590050772162,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:5152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2092,i,12777634617719838338,11752652590050772162,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2080 /prefetch:3
  2⤵
  PID:5164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2304,i,12777634617719838338,11752652590050772162,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2428 /prefetch:8
  2⤵
  PID:5220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3204,i,12777634617719838338,11752652590050772162,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3428,i,12777634617719838338,11752652590050772162,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3752,i,12777634617719838338,11752652590050772162,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3696 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4476,i,12777634617719838338,11752652590050772162,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  PID:5764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4948,i,12777634617719838338,11752652590050772162,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5116 /prefetch:8
  2⤵
  PID:5900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5148,i,12777634617719838338,11752652590050772162,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4088,i,12777634617719838338,11752652590050772162,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3220,i,12777634617719838338,11752652590050772162,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3560 /prefetch:8
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3560,i,12777634617719838338,11752652590050772162,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5344,i,12777634617719838338,11752652590050772162,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3344,i,12777634617719838338,11752652590050772162,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5184,i,12777634617719838338,11752652590050772162,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2996

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5532

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5844

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5548

C:\Users\Admin\AppData\Local\Temp\Temp1_Stamp Duty.zip\rock.bat
"C:\Users\Admin\AppData\Local\Temp\Temp1_Stamp Duty.zip\rock.bat"
1⤵
- Drops startup file
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5880
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5976
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tsjjmpfk.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tsjjmpfk.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4420

C:\Users\Admin\AppData\Local\Temp\Temp1_Stamp Duty.zip\rock.bat
"C:\Users\Admin\AppData\Local\Temp\Temp1_Stamp Duty.zip\rock.bat"
1⤵
- Drops startup file
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5656
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2404
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /im tsjjmpfk.exe /f
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  PID:5564
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tsjjmpfk.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tsjjmpfk.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8d2010a9-cec3-4771-b88d-7b79785a406d.tmp

Filesize
10KB

MD5
053b1d730570f2a7afaf1f9f56a88218

SHA1
8ff409b71c88dc51db9a5f37924136c6e9e077d0

SHA256
56b44adf423a92f5d736d88a6fd329d85f466cf4002b89219b640a8e7dff9dff

SHA512
a61e9deddcc5c92f6105a9d0378f18937808a2fa16c820e6b418dd175fd48cafc25783c5b12a034699f4e08dd0af08c4aeb8e453b361f62d70fcda62cf3cc8f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
012b09a1879c6dd3060dd99d4c1307b2

SHA1
8baf71cd84a994f147fe4d8af21f4d0c2e3fb9d2

SHA256
aecfd68afb6d7b273a87b452c7897c3ad31e562f6434e14920321da5bbce95d3

SHA512
2ccc8fc394a41ecfa0af7f5a55262df1fa2a163600a12b5648d5fb064bb3d82decb0e22fb7993b339f0dd2aa5177269c7559dcba2925fe9f093d4ac5eeb87c07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
212KB

MD5
2257803a7e34c3abd90ec6d41fd76a5a

SHA1
f7a32e6635d8513f74bd225f55d867ea56ae4803

SHA256
af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174

SHA512
e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
f43bbfcf7b490168eca1e514fcc38f9b

SHA1
c68618e747052cf670a87996ef4feada4ac224fd

SHA256
e5410ef13a8ca25cb44e00a235996a62d86845747ad14910e99535bfe63d0b83

SHA512
e9c28047fb901496c7183c2e093005708487fa5e5f566f2f9919587096c40a133efac1b1a19121cebd13e200bff923cde22dc84916bef486b2ed427eabe18b2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5a5ccf758f689cab6799dd760e5826f1

SHA1
6d43635a84bb6901ae9a12d7bd93621d9bb3a7af

SHA256
f0340602b876391f35666579f477a69ef310e77e9f6390dd8be0d2fe754a5404

SHA512
e670bbfbb1f7676232dc510c8b3e68616f68a6de756c80ef875a0d8bc670ebf8ca2af8e63acff1efeab4630b3879bf33b7669912f26c04ba6b6c774b0eef6ab2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4b5144ff20731bffda603b037d55eac1

SHA1
9c6398cd4091407e5fcaf2d127cc67310f26735d

SHA256
a9800732e4c52a2129d8ffc7ba7bbd4a2b8a56090d98c4d10cd8882e46a37cc8

SHA512
2db11068cb931dab4ce57c48aed7dda6f550814bf00186ae023dff7079b572118e55a63eab17daee3833a970e9e17c63cf783f7e49e03d0b8035f5bbc8266566

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
dfd67bdee43dc0c71458209c57b0f895

SHA1
7ed58265ac1c84411d46b5a0462a8d1ded3afb43

SHA256
52d6fa03f12b709722dd80b7da606df8149754682558d77e6ed7098d4bb86212

SHA512
c8e97ef73996120b1646ca06e11c9f8516cb9b699f2e1f3fc20c3a19db4cd30a765415dadbc50822f9ad7c7cb8101e3188e5fa7cb21fa7af7101c0a009736d7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
a15ba9073a87a807a6d3b1074d935256

SHA1
a317d3f568688ef282bf723ae0fc30afb21701c8

SHA256
e463443d2973f366d1100242e4abc0b94562ac7e38ecdb11da0730a964fa8d8b

SHA512
a96e9ec4530c28df83ec41e683cfb98ab2e27116ff00cfbc8272ffb6afa1c61397bba88ccb6b9f4802fd9394deb0f069db2aaa03d639be998727133735ac1e16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
e0f0f2862587f23ece061525dd081df3

SHA1
314556b99d9baf016b4e79f4d2a5ef78c37bdf02

SHA256
65cb3ee28c2469100725acb9fc88434d4b78f78fb62467614c034fab738b50fe

SHA512
b91f01aa5c4262dbdc779f8fe64f0eea29c8bc037df9312f5720502aed8ac889cc84805efb1780a65de4d726d4e9a7100585a3d0870de4488fdaa9e9a6175e41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
9c643a4745be9ae632cfa7d5cf93873c

SHA1
ee27fa4f4f0866c585507ecad393169638f5dc69

SHA256
10a766160ab03d5dfe640d7f6dfce3dfb735b9b0f7f8b898cd00a89c7a677def

SHA512
1bdf537e355da1b088f781db80d2858cebc19d61914c2415f06ed7846138fdf57c22b6c0bcb2451584d5344bed34f02b7a8610d215e3537c88905205aa0398cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d6972c153f7025ae33900f24ea4dfd33

SHA1
c79608a4e3265a09126177a34e51efd13510ced0

SHA256
890cb27659e9e9a57c3ef75a36bd70bc5659ebb6b30b02e4b941bcb2409c08d2

SHA512
25a9a8f719d45a368f99d85512381811e62d208f99122342ec9568c16a9bfe8ba17b38179cd1aae25b5e2f6d584aa2ab57ce3b9d9033d0f81d4b29f57ef6163d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0e70e9492e328b93d4267ebd23c6ef9f

SHA1
eb2f2da832684c0c1f1abdc6669b016e80b4c9b5

SHA256
3d70b95fc1883e3f45607792f9da2b237a74085a797118e178b16816deba0475

SHA512
e0085317412adec0fe9033334994062cd69f363085e4906afcf25668ed68863043380dd070bdcb58b545798717baaa9cbb3a78e2066d7932be12e471ae2bd8a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
718301a7ff42025f079edb12f9af45b4

SHA1
0bd6a2459144a02bdffd0052a75761f5516ad830

SHA256
38112283f3e55051d036fc4bf704580d421728bf4c8b5d92142f29c41a871853

SHA512
e9ff5c04874623f8e6743103a2347430edb296fbed88e5a58d099efa9e05636a27cc6cf7f78795d8f7db2f888b0ffd12c287657b96d57282156ea3820df7e3b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d2680acf317fd2b26933df3f56f98478

SHA1
82d577320a7fced42567ef2d19452f75053cb284

SHA256
ce28bd75466774a057441f07651268f0234a36ef6824686280eecab45fdb946a

SHA512
93577d877c98527bff80d45d83751d30000a9fdbcee93c368094965ceef4450e8e21acd5bc249b582512604cb9f00c451f731a26e89baa800db0b8c3300230cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
80d3edffeb24985c30d05a3eb49f87f7

SHA1
d8ef532f39376337024f2c6df900a47179460f6f

SHA256
95e66e5acb31580b0bec54a155e77dad745189b20fe71be529e4002781e85398

SHA512
a61a4c715b85650ff7475d3e31ab770f21ee407bf70d62978d615fcadd9ce9f07f1da24c11151a0f31da61f983190ef457626cf8286cd25c3079417648cf0072

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
848d76b41a4614911b827d25765c37a8

SHA1
455712f84e2dc728dbab3cb27303cabfbd696238

SHA256
b93865c90c0ec1cb665f19a7c7d45bef11a75792d3ff7c3bfa5ee14df94aacc8

SHA512
208c2c965c196bfa43fe3e03923903b1252d1b8f9bfc7f8374445e854e5f62f89b2a3ef8f6107ab0b1ae014eef4fd66a4d65abf85c987898970d4f09e0a6177d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5f8f295318650ac6c67a9aed343961d0

SHA1
5c810a33efe59adf4ad146ebf5e1acdb7098ba0f

SHA256
baf3f38ddb75b6e0ec6bc56268bc60218090be898ba8a4c411ca51a5ae43a8df

SHA512
7fae37c9ea263cd5585eb8e46eb0a9d84239139edcb56c938cd1215cc71616f54aebc3e6e8b22d33972b13231375803a98f221a0fef53d354914a6314b4f2f2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
68843bf8f4f4340998dc47a3900e0dac

SHA1
5fa87fac65f80137c91bef426f57855fab4fc3bd

SHA256
365fb66d14abfbfc7ac531a9c0918120b166435cdb9a55ca9003efe3e86abcb1

SHA512
faae2b9acc4488ba7470839878f56735867d3a703f38dd5a378db3f4b8beb1eb87c88a7f119e43caad6fbc315f2dc01f18538f19d81777fcaca83c1821ba0fc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
44db190458ee9bb02b8240ba4e6c8e63

SHA1
4ee1fc29a6c457b2face583cec3b0333bbbd35c4

SHA256
bf57ed6dd9644f1f83b653dd09453134db4d84000e3842819f487c6a85014498

SHA512
42dbcca6ee356af9316bd85418a76204dcf78c26fbc459ffd72e9bba21201c7271721919b3483baa96517c941c4798558d3d1bccf273536c192135df2b71903c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
301e9148efd04a2e7c0ed85e3c28bea2

SHA1
e1e448dda1160683a7d90f877d3c2352b819cb17

SHA256
91ff72abc8d90b3a134a501ba758cb7f527591044f728c3ec86994d4bfe16112

SHA512
4c9b9726a3659cf18177ae3fa25d3db925e0b2e30adec6e65dabd0c459076d9ab43f99e5f3b6fd35f5ca67ec8f4500aa4f38f38901a4ae7665bb19969877a267

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6aa8286115fc1eaafbd03bc2c450d60c

SHA1
f3c2c0728d1621fcaa2d562e082a30b7d5aa5715

SHA256
91a6d74f00b54ff48dccabc4c23ebc6e9ab900da60db916f1cf049c96f66739e

SHA512
31d0a4b7441f2a364a62584bed7374cbf61dc4cb820e8a888c0aea0b28775a625206f2f94469874aa9b0441c2ca932d1d06e1c65a6bc3689f7bc5eb9991dde1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f319a551937d01de588ca591d4362f1d

SHA1
f20f82f3157490e8d8164046dd200b7ca3a1d40b

SHA256
4638ade17e77ba6ddb3685cf2e97ed612e6b20058fc3713bbc7b440f5a589030

SHA512
5049fcb6533b894e95d31d6096197d004c372e1d11051f8162d193f4747877ed724bf232ea04ec2f075c761f7df3b050eb9b320007651e3ed2e62e9866426fe8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a661296b3fdec5445982d7590f215bd1

SHA1
f24ab86709aae7a0cbab3dad51f03fcbd38d265f

SHA256
7845a7dbcd6f4b3f0eba4b52fa910e7886cd3976639c2cc69fb2e2ece19cbcf2

SHA512
243dd714e38fc3f3939c851754880b56b76bb755b946718780b459d20d851b1eacd74b3835bb6e5fe7336586ae26eb808e717259c5e229dc88c6def808c14378

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
81b2983aec6f341d4ae9577d61cce861

SHA1
293584659165f79694209f80b968ddf0422bc30f

SHA256
d18e64276b50532813b8728b71114172f62c2a38fdf2dbcc6a33811f409200a4

SHA512
5f673ccd9fb87249423393786ac961caa1d069f263ed5daa314c4c16de55c86de1344f3803aa460dd9dc65161e10f133cb66f7ebd7a2c177ff47737500ee6ee6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
93c3e9fe8026b43aa20ba85e6d27798f

SHA1
b497fc68e0631292b74fc849656136ed4348bb6c

SHA256
ebee3479bcf73c55c3cd0e603eb0a560f4fa5b678569f4e65710c42228ac691f

SHA512
33677ed75ba1760cb80ad2be4b5e57d40ad9d1420ebe0fca56433bc1df142fb81fedcf5283258842a49168522d4b2228930b18b7fe6299f8d0d037c755c071e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cf0dedf3941dd55a9dba9c4a8d7f6b11

SHA1
b5da7421b71a95dd1bb2b016dca39eae80dc891c

SHA256
205d9649ca93912ec8a714d99325543bc4a480679da6ad7b96c3bef34612620d

SHA512
d3840f73e255d62aa6b9c112cbee2e69f99991d2cfecff4944e9aa301240f4e2af0f574f45fef658600d8a9cebb72702684fd683ef89661b6ea252e6e3bb1789

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
08a4c1e63961b1a6c0237b686464cd98

SHA1
712772e62702fb218c797b317277554158e0f93b

SHA256
bc511569f70406e8997978a44ec2f636e679c3fd8301aad7f31d50d30e9f8ce7

SHA512
5d4678edd5ea24507f91040bec64994e194ec7bfce68b132b9318d3f42c822b7bc030363588fa11abf916147b214f9376e74c288496859c7950ec32d47a2d37a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8ef48dd41f46ca4f08374c100d3416ee

SHA1
5c1e81eabc4014b33098c2b36a773184d46e81d1

SHA256
c6076959990db1371c9715089566ac45ea5a3ab8290f785ae3a8802a2b3b92da

SHA512
0e0ceef30e98238328509b633d8774d864ef5ad71dc520d97c30c7a20ca029e9442dfc7af28948a92f468977f81977b2c41d66a5b9c28c6acefe91172ff993ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
c602edeb73f55c550f69d52b05164115

SHA1
553d7d1e3bd331397a615e07f7331d78d3518f69

SHA256
7e0149da2c6e91c8915ecb10f5709aa2418b97ffd8f9d9d9f31fcd7a3804ebe7

SHA512
cacf14dcf60f90f7753a157ff5b376dd06e263596fd08dfccfc57bf589c93823babc9bc0afc9e7496a434f9fa66bc27063d088828961a863c1d8706e5f18bafe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
8fdcda752f3da8d7ad6852c4bbfa81fc

SHA1
e16a4cc1b4e64f84c668b7d7c9caaa593a86c069

SHA256
359a93c10b6f296d804b7c9dbabfc45c8354ca782fe899d18381843ca1f803c1

SHA512
c23a48766fc94d935c9107e9e5e6cd565073f97709771d568b6c0b2c5547f3df7949c9b696b453c3ccf6c4e8d4e26e6b7b16a212f8ec2014cde5b85f228e4b7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
9d1cb7dc41bef8a1cadbdd84d8fe31f2

SHA1
d2f6603ef29fd0fa91b14ad12aa1bf8a463f0591

SHA256
2cdf3d04f7aceda97a0e3b16473ce211d6d998b1d8998aef27937f2db9bf5a82

SHA512
37895dfb71e47c7fd775d9f8e602be72e115514da6a82e74334b5b7f921a633291cf8ef2a6cb7808afd524980c44602dbc4c13cb890e07d2800650e67ae7b87d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
96094b84194e230973ffb414129824ef

SHA1
da4c65df8031bf6340d2257e04870af05b42004a

SHA256
a1961e7391d12e44f06d6e45d0b1b63334ca3adad41c79e26f4f3e65c07daa9a

SHA512
9d513e59065c885bd45995d60f7b32f04513b51638d5b142b04a6809fcb8f823fe9d423bd60f1e8526ec77fda93d81e5c79e1e956bdc93e1f9e933ca62c58043

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\activity-stream.discovery_stream.json

Filesize
36KB

MD5
77ea1774a0e914e8dc7b6ec5694c1411

SHA1
cc3d3296bba413a150a7779be69eb93893c9bfc4

SHA256
cab8a90bf127a33bcee4d6c5c01a7f6904527abf61b70cd1028e517cf01caa8c

SHA512
3ab5137ad4e1e4931c0d1582842e316a45089323aadba8773eb068ff804e112d97972e3efeb97f4556145c50c4d0de23b5431dc132f179079ad37c1de41584b7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\cache2\entries\83E3BDEEE2656890431C3484D2DFAC5D44936E89

Filesize
32KB

MD5
9e5d93fe4f9b0c1b1d275264b902809b

SHA1
4f7e60dfc618fdda5df5ae5dce2cb11aa1a8d26a

SHA256
e51564182497c8e6cb1854ae5c4cf5b2e61db979b24de097c8234ef9b6731593

SHA512
90b6e6ef8782c74bda4d8f6708e9eb2795f79cb3314897964738dde349c0f1b74fbc59c90ec46fd7b348f99030c3808a18067d7c5f69258e685b7134bc484a58

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
9KB

MD5
45f27ffb6c4fb0302d4b4243d0906683

SHA1
0ef6d9a10905f6d3f7b9a428558f576abd4f5b58

SHA256
23a4fc5edd83107efbd94a077f1e09c9f50e821a55c40ee76dc007a9104fca45

SHA512
d68ab47466295c3396dfc92153feadcd5250fd1ebee9eb531509f760e681afdaa8d0387c4c4e04f855099f9c0136c92ba34297859ca51c7d9bbdecfa78667213

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
17KB

MD5
a6c0192a8d93859c6cd984992258f494

SHA1
701da708d2227cbc809b5c8969eec5569d2bb296

SHA256
1bd1aff955f5ec5a2967e0a95c803e665df777be90f92249a58171096484c190

SHA512
1753dfd7a66e8694023ecd5d5d7def960822c93b2370460cc97fc0833d7ce6e6f55287c3c5ff870a21cf6c2721b17a00d1d19a2ab8a2be977351edad3cd2d27b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tsjjmpfk.exe

Filesize
752KB

MD5
9cfd040eabbca8e45f3e2865659d369b

SHA1
0bf290ff9efb1b1e09d0f9aa71bd63f2e0448fa9

SHA256
d24ceb07dd603a2dca820e9dd1fbb6e1b4318990cb7df9a172da3beb556688a7

SHA512
77090b8f5dee277b1aeaee3e861af2b37fcb9e43c0c2af7255edb828b8c13ed260eac9aab2012a48f872a4cb8ba0974dbc5dab88adff158dc4190af64a28fdab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\AlternateServices.bin

Filesize
8KB

MD5
5f365564bedac15ea199b9d450fd64b8

SHA1
f46b2952e0e5ddba2d7f4441d398f9e4faca9913

SHA256
5a66c510b96db50e99b63f11197d0fb205bd64bb6762de6480da97b25e610c26

SHA512
2b7d3fcf99a89cbf88e38081bd24ff986e3f4d196b840d5dd6cdbe2ec506b96df127c96086c9e5628705123f7c2d186dcef64ad95793bdfdee7ff0fcdc00171c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
d8d6dbf58d7fc3f149d11f6b57f7254a

SHA1
7a3bcc6626b0e28a6173f2fe76f213c18d896ede

SHA256
c0e52f9f79c17d6c2aa9f99318664d9be6e309bbfa5bd34cc6febf1dadcdf305

SHA512
590efef78fe97db00affaa63bf7f4e2b16a42a5baa183892f57c070a3fa3be3b501a6f5bbf901d6bada9075853b1ab7d97fbe30e4ceb3b1c4bb55b3370f65e9b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
52a4730082fc0483e73a913887fe874a

SHA1
0c4771654be842e111fe8bb2cc595b07dea56a31

SHA256
d3a06f68e5be40a058532fe6d302a42362cb411d0b83e9c80cb92ef345bbc9c0

SHA512
ee374901a98c7172fc9e3a62ddd353491adbb8306a24c088ed3eca09b782e6a50bcda582d7bdbb7473521818d94aaf67d1492e62538d189d61102362d0c6f978

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
8d268e02d0286866e7d247f64bc24a4a

SHA1
f59d2cd22e57957b1049a4e4987d757ce83c1db6

SHA256
edb2d5403b361bde5102f9e8cc341df27d97a4ce7cc01bf190cfc0f5b42ef1c6

SHA512
add8a2c95815994e07002159d45b0aff5dadc69afcd8a88b6e983d9deb62e189869927bc10ef0f5cacd85b0ada40810b27b56dc8882d170697953362aaffea83

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\db\data.safe.tmp

Filesize
74KB

MD5
c4671b738ec5e8814d8aeb8543567b87

SHA1
62d1b796c3260d7b985cca7a7ccc5638e6866b1a

SHA256
7950ff1f82fa6bc67d972c53bb30370e853bc0a5514731fb40e78c558e8d208a

SHA512
da7584291b2e97854b5366abec12a6d8257e9c05e93f06488f8525221bf3cf7ad1626e4e9eba13e673058e5fdcbfe27ec13c7bd7867a4c02a77df1b403907e52

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\db\data.safe.tmp

Filesize
74KB

MD5
3dfdb2c8aa7e8daa2f515450fbf0ce7e

SHA1
e7e34486cabec3dbb60b13446941575486ee3a19

SHA256
7cd9b2114f59f1c8379fbb1e49ba0b23406e298560c49974985c0b89fc6a25f0

SHA512
0cd0d779387bdb4c2939b4fe0301ceb0336e2f01c284d41ab906973e8b622653e2e22f0e6875fd3542a28738e0371da5ebbd9f7efb7a6c0d7b71c941c389f932

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\pending_pings\0f0e58db-b493-4759-a89b-47df98175182

Filesize
982B

MD5
0710cd13a81dbd7dafce71b8ce632fcf

SHA1
34a12dc0158efcd292897fb35698117d628b2909

SHA256
34b45d47af94e01340d96ea0d288f5aaf36ae3417baf52ebf116c571d0b41569

SHA512
e3fc30ee971fb1d581eb50a833d7a3d88fe587d76dd5374a7a2e387179c082f2327eeac19cc69c9a9405faf3d37a2ab6e04a8b94fec6999a6bfa1f6be228a85a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\pending_pings\57364c2a-b564-4ac5-9ba4-eef76f2f0a18

Filesize
671B

MD5
8e4d69ca15e068a152c9cb511f6ed20d

SHA1
86fd93cd07a2a4823e81287c2d9e1db9fc0efa8c

SHA256
0a5d31f93122cc080d20236872d94ca3ce60bdc49212e813d2d80788d9a521ff

SHA512
0631c71c567955030eb41425df0344596870125b5fd058a03262dcdd30b00b4e189e9ed560f7855f04f88fe80a558ae2a9a69de3d66870ab7557572d95ccaca8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\pending_pings\7496a4e6-1caa-4817-a915-c73c4a996cde

Filesize
2KB

MD5
0a2c6fde5247ab6fb7ddba0f9621cbf1

SHA1
3f19a8c7d3f283bf858a955769ca009c8a8a761b

SHA256
89353b7c8ac71dc79f3c191c3138e73f692c67dbb7d88cb4bad53c2483a240a6

SHA512
896da6af80f45be6b8d4c0b3cd58198cb756df886495f879c11c7176e5a1c9ac229bc6eb65bc720f8d826b34cba30aae87a43806514132a1135533ee832d84d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\pending_pings\891d3c27-68c1-4fb9-b31b-9719f40c5f13

Filesize
27KB

MD5
2df07672ef6e31dce957b22e9cd599bd

SHA1
9b5e44cc96a8e7b003c465029213cb651d3fcbd0

SHA256
70915c1c1766d577c647b8acbff8ff758f6fd423c4870683b136c796b506aa2f

SHA512
e1543eb62dfdeb8161a8430fa9e4d55caefebf94c6ddacc3867cfd9ece9ed4fa27c480e78d43a439f27672e55bb86c42fb51c97acb5389a37d6b524eaa8944d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\pending_pings\a18fe2aa-a03b-4578-9b3a-aa69c3fb615c

Filesize
846B

MD5
c168013795da4e2e7a26e210e3bd2d06

SHA1
2ef268a1b52287db62aae1c6fbbbd177666f9547

SHA256
96edcc7b885720f5e33dc64c4a967e1d5f3b5b8606478d6bc578c9a5e7f5546c

SHA512
1816ae3b94f63473ad9db24cc294c1ec5b8a23a9b985f5d1ab55644c8be45bf1a5287054fab9687ed1a5e14c5eff4bdb2935457eb9df4fb90e0a980e89690d9d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\prefs-1.js

Filesize
11KB

MD5
b953e7defec153ba650464c99c01b896

SHA1
cbe7058ccc1df35fc04fd7a3f4dc69b95687ef0f

SHA256
6a11391317bb80881dfd39e05f05ff2f74749356ca3df18acbdcab4d809c81ae

SHA512
fe432a8efa48319d743937f7da332494b7ef219c56e00f413f5dacff74d8351ab3f67e9397bc958047986f018fa182dddde5d95bc391d62ebad8b3d985d6549e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\prefs-1.js

Filesize
11KB

MD5
35dce344a7104e2b48ea00ca16aa3388

SHA1
760a8f9bbb5dc72001b447f2ae89a8d8bda00fc6

SHA256
887a9b7590984eed5699b4b5a7346e4ef6492088baa5fa2e2938fd0b6d77adb0

SHA512
f2c9d2d9380ad177d38f8ece9d983a9fcb6014984ba282b7256af146f7ac4a3723c6afdbddf19743811bce160cb46e80d6a9cab8bcb0a05536879e935d4cf22c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\prefs-1.js

Filesize
11KB

MD5
2843913f9b05ea414a0d877bebf94fde

SHA1
740ddc05487ac2ce2537e96056ac0a43eb98ea77

SHA256
1f371883a41faba06c06e898235e8d423c8236ab79e395d90ecbdcca584dbf72

SHA512
6a7424a9289119804488703b0373f53192c06dafa3c4818e3a5ee575e1cfe32f98cae33d36ea1bb4fbf3901815ed98a54d4bb5ce8c93a813b3339e4c898531ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
20137fcff6a2388b5ef42bcf8ddc7da8

SHA1
3ffa37ea89d9b2c16aceabb00d505fa40624dfdd

SHA256
256c7308311ae79e067e183bbca916a90ce63c8a77a1f851ee995ae1a6755f88

SHA512
d8af35a1646868906591da82f19d6d00a361e6e4ff7203716cd2a404f534d8e85c8bcb66c15ae240683f503a25d979523546c88787ec32ef62289dca749ce7c4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
39deb1b3511cdb6df5fefb4caa759464

SHA1
56d5f63e75e571d3e3c2cc02e223539423021731

SHA256
a98983c0931467e196853b402ca9c281068e43689160a9427d73ad7b0f468287

SHA512
c0cc65d9f724ab512e5454a0bb88758749aa6eedcc835191f6bd2c58017d06fac6f5a1e5b3476e218dace87107e9a6a9a307b36ab57d026382b76a5e40bb299a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
2db78d0a5a00bda332432fe923c0369d

SHA1
011d3d5eda518e8e4d2b273ee71d9697f84cff84

SHA256
0057bb5d7b386320534944d37de252fb110f531eaf789ff37fbfd34afc5386ab

SHA512
c470605c1dce940c1f48312832477a05810fa11c9f59c08353b821eee12594155803727f8e591a9357e37ec3d74f52dc992461132ef8fd41adcec5a8d280c854

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
59b0201253a3ccbfcc28727a63530d1b

SHA1
a600aa2e5bed4bc3d4c5595f13608fd92366ba13

SHA256
6bcc84d0bf510e2256e2068bf52a19da008fabdebb6d7a4678a22cb3f94f143d

SHA512
edc89df5ef9980151f444d2d58244593247fa378820f5746cb3fac59aaae71eb0836abc055a4825d95fe56786a2eb328e8e182fda304631dea22202e52b89b2d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
c5782b7699ad94c8efe6b8e521cd06c5

SHA1
a9244db21708aed1e2e9557c49c8e43db8921052

SHA256
f7779d0a1b2efaef942a11fe0a822f80f35e429b75079547ad7238727ec9219b

SHA512
f2e301234cf0799c648532b90ff22a1ff2f83f012934aa4c03c76bc1a37d35fcb9360611c5f12811d8f4f4e2f5718fe56c68298326020c619393e1be6f911202

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
ba082e992247dfdcc00f79ce7fc29a6f

SHA1
7503dfd4e7f210b0a7b2692122c2d8e313f97ff5

SHA256
d1515054774c4d666e1c3783ea2f5aeedba3ab727d05fe18c940793c5432900b

SHA512
599ab0da90dbd54af827b73c1c7e16f6b64f7322bb052564bc83c1919d49c63c69968ad323ace5d593415ad16ccd3edc3d41da3067cd065cb10c6b36f04cc9e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
8d933899cca5a9520d1c0d04c36d043e

SHA1
2dc693cea969bd1feb3b45de2eaff67df686b301

SHA256
635ba703b1146d4e545cafb28dc5d9579ecdd0e84264937f3e32bd7a606ea694

SHA512
599d2d937548b15af0816de13819ed9f75e265c941ea9910a154a20c03ca91f7bc367b03d1b0b6c6d65f6979373780efb685bb73eab8f7ba78838c9a0d1fa274

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
5dbe6b3a564ea05a06efe67f1768682f

SHA1
4316931c6996ba78bbbbfb4472ae035dc7a7ccc5

SHA256
01d0281fc9b845619825c2255f0d790fc2457e3fdebd2af8278ce9f2dd167034

SHA512
d5780cb7d2d5a8f50603bf6590795dadf482475ee97aac6f4ba7069f6e54db0688971be3793ee7a794fde5a2c3b99b7d45ac41d98bcc65eca8a5f62f60636cde

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
77708d9fcdae81aa73fbf69116d77ec5

SHA1
a9308326786ad057f671b2c4719fc2559a61a4ce

SHA256
eae6f0d2a021be29dc4b3b72ea19b030f13d7cbddad1a3e9a5ae6c87d800db50

SHA512
66e8cd4b4b70c159df36edb9cfc001f1cd0c8ee4616b1ea1b8d1dd52e90ea2efb23a4739854907ffe4c1b15211b7dc4c9b7438a781142a2db6e5e4c72b47102c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
5b9bce0f551c31a58bb92c0d58319b0c

SHA1
3387723aede778326c4a3cbf6659dfa4cf22e4fa

SHA256
a281b146484a7be78a400c787e3f280f14c13626e0b5e5380333bd481472fbfe

SHA512
fd59c0fa740c95031a7577dda85f41d5c377ec0ab1852d0dbf7503440b3c7007aa4eb0283132c49729b03bf55d505d08b34ba1b21165af0720d1d9760e4aa93c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\storage\default\https+++www.virustotal.com\cache\morgue\62\{b8d87ad1-8f2c-4e7d-8e0c-ada92f46493e}.final

Filesize
49KB

MD5
6bd20534cba56fc49efe48407524fae5

SHA1
0fa9bdea7ef064873554e021c8bebbc749410bee

SHA256
e531fb1ee3d9d162f40e5867b530bb50594240168f3a96fea3fd16f367a9b19d

SHA512
8da996d51806cb61ffb858745ed328ae54f6c8db416472e4e17f2e65496d6df94a397a3080a303ce8e1050b620b4d701d0015e1fb56340a2108100b41d5490df

Download Submit
C:\Users\Admin\Downloads\Stamp Duty.8-jHVvX2.zip.part

Filesize
380KB

MD5
e3befe531bf0a2d9dcc78703fbae7ead

SHA1
0073a7522c8375d33f932ca510734e35a61ecc6a

SHA256
40523b317c640766240570f4a91ebff2ed4939b0288a9102dc2e4cea0576c29f

SHA512
76477af4bcedb5c1c05d2c6776fc4d2ce6c290b2f0e933857d43478cf9ae017d9e8979bef7456cc3c2ad0fcfc5c8470dc12dc02a83d2c39eda1c598de124afaa

Download Submit
\??\pipe\crashpad_4544_LZZILAUXDDNLHEAC

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit