xenorat | 2fd5c8c2bb74f4312124f99d3d2ebe1535cdd20cf4fff076b17ffd3691ec6fb5

Analysis

max time kernel
668s
max time network
653s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14-09-2024 18:16

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

asdasd.rar
Size

19KB
MD5

1139087d980aae5f99c9c328108c3315
SHA1

f3f124186f054b486b0175b45fadea07afd70064
SHA256

2fd5c8c2bb74f4312124f99d3d2ebe1535cdd20cf4fff076b17ffd3691ec6fb5
SHA512

2dbadab1f99974bb18511d0f7e0a16923f7a16334b02366236cdd9598f619f63998cdd26c74df762e0ac44373544f907a4b20e00b0ee5f3979844768b9c6af0a
SSDEEP

384:NwVCYFumHmGxZ2mT3eYbeYuprHHl2vnWYIHySo0LmMzJfVxIbCOm8nIy+2D/:NwVxumHmGH2M316YuZHlUnuv1LplfVx8

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

127.0.0.1

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
nothingset
port
4444
startup_name
nothingset

Signatures

Detect XenoRat Payload 2 IoCs

resource	yara_rule
behavioral1/files/0x0035000000022e70-328.dat	family_xenorat
behavioral1/memory/1716-330-0x00000000005F0000-0x0000000000602000-memory.dmp	family_xenorat

XenorRat
XenorRat is a remote access trojan written in C#.
trojan rat xenorat

Executes dropped EXE 2 IoCs

pid	Process
1716	skibidi van dijk.exe
5864	skibidi van dijk.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	skibidi van dijk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	skibidi van dijk.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133708117807717496"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	taskmgr.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	cmd.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4784	OpenWith.exe
5240	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5048	firefox.exe
Token: SeDebugPrivilege	5048	firefox.exe
Token: SeDebugPrivilege	5048	firefox.exe
Token: SeRestorePrivilege	4736	7zG.exe
Token: 35	4736	7zG.exe
Token: SeSecurityPrivilege	4736	7zG.exe
Token: SeSecurityPrivilege	4736	7zG.exe
Token: SeDebugPrivilege	5240	taskmgr.exe
Token: SeSystemProfilePrivilege	5240	taskmgr.exe
Token: SeCreateGlobalPrivilege	5240	taskmgr.exe
Token: 33	5240	taskmgr.exe
Token: SeIncBasePriorityPrivilege	5240	taskmgr.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
4736	7zG.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe
5240	taskmgr.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe
4784	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4784 wrote to memory of 4936	4784	OpenWith.exe	98
PID 4784 wrote to memory of 4936	4784	OpenWith.exe	98
PID 4936 wrote to memory of 5048	4936	firefox.exe	100
PID 4936 wrote to memory of 5048	4936	firefox.exe	100
PID 4936 wrote to memory of 5048	4936	firefox.exe	100
PID 4936 wrote to memory of 5048	4936	firefox.exe	100
PID 4936 wrote to memory of 5048	4936	firefox.exe	100
PID 4936 wrote to memory of 5048	4936	firefox.exe	100
PID 4936 wrote to memory of 5048	4936	firefox.exe	100
PID 4936 wrote to memory of 5048	4936	firefox.exe	100
PID 4936 wrote to memory of 5048	4936	firefox.exe	100
PID 4936 wrote to memory of 5048	4936	firefox.exe	100
PID 4936 wrote to memory of 5048	4936	firefox.exe	100
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 4292	5048	firefox.exe	101
PID 5048 wrote to memory of 740	5048	firefox.exe	103
PID 5048 wrote to memory of 740	5048	firefox.exe	103
PID 5048 wrote to memory of 740	5048	firefox.exe	103
PID 5048 wrote to memory of 740	5048	firefox.exe	103
PID 5048 wrote to memory of 740	5048	firefox.exe	103
PID 5048 wrote to memory of 740	5048	firefox.exe	103

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\asdasd.rar
1⤵
- Modifies registry class
PID:1376

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4784
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\asdasd.rar"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\asdasd.rar
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:5048
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2016 -parentBuildID 20240401114208 -prefsHandle 1944 -prefMapHandle 1936 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8fc6946-389e-45f9-9c40-ffc96fc2e906} 5048 "\\.\pipe\gecko-crash-server-pipe.5048" gpu
      4⤵
      PID:4292
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2436 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2420 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6012d6c-16d3-4cc9-9244-254328134e66} 5048 "\\.\pipe\gecko-crash-server-pipe.5048" socket
      4⤵
      Checks processor information in registry
      PID:740
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3336 -childID 1 -isForBrowser -prefsHandle 3340 -prefMapHandle 2780 -prefsLen 24741 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef3f33f4-2a69-4f76-83d8-cb1199291003} 5048 "\\.\pipe\gecko-crash-server-pipe.5048" tab
      4⤵
      PID:4656
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2948 -childID 2 -isForBrowser -prefsHandle 3632 -prefMapHandle 3628 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de2491e9-5abf-43fe-a37a-58503bc7c3ce} 5048 "\\.\pipe\gecko-crash-server-pipe.5048" tab
      4⤵
      PID:4076
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5032 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4968 -prefMapHandle 4904 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8456397-39f4-4cc0-ac55-d92b4b49caf6} 5048 "\\.\pipe\gecko-crash-server-pipe.5048" utility
      4⤵
      Checks processor information in registry
      PID:4000
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5388 -childID 3 -isForBrowser -prefsHandle 5332 -prefMapHandle 5352 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {90b32cf7-4e58-44a4-b323-f787cd68d4aa} 5048 "\\.\pipe\gecko-crash-server-pipe.5048" tab
      4⤵
      PID:5596
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5496 -childID 4 -isForBrowser -prefsHandle 5504 -prefMapHandle 5508 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89a525f2-e54f-4a26-818a-a4fa155772c7} 5048 "\\.\pipe\gecko-crash-server-pipe.5048" tab
      4⤵
      PID:5704
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5720 -childID 5 -isForBrowser -prefsHandle 5664 -prefMapHandle 5660 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f58e4c5-fcfc-463f-b36b-3a49f5ac15fd} 5048 "\\.\pipe\gecko-crash-server-pipe.5048" tab
      4⤵
      PID:5732

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1372

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\asdasd\" -ad -an -ai#7zMap3212:74:7zEvent31496
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4736

C:\Users\Admin\Downloads\asdasd\skibidi van dijk.exe
"C:\Users\Admin\Downloads\asdasd\skibidi van dijk.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1716

C:\Users\Admin\Downloads\asdasd\skibidi van dijk.exe
"C:\Users\Admin\Downloads\asdasd\skibidi van dijk.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5864

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5240

C:\Windows\System32\ntoskrnl.exe
"C:\Windows\System32\ntoskrnl.exe"
1⤵
PID:4716

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\New Text Document.cmd
1⤵
PID:6048

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\New Text Document.cmd" "
1⤵
PID:6076
- C:\Windows\system32\wininit.exe
  wininit
  2⤵
  PID:5596

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\New Text Document.cmd"
1⤵
PID:4500
- C:\Windows\system32\wininit.exe
  wininit
  2⤵
  PID:3284

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\New Text Document.cmd" "
1⤵
PID:3248
- C:\Windows\system32\wininit.exe
  wininit
  2⤵
  PID:4640

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\New Text Document.cmd" "
1⤵
PID:3784
- C:\Windows\system32\wininit.exe
  wininit
  2⤵
  PID:4308

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\New Text Document.cmd" "
1⤵
PID:3876
- C:\Windows\system32\wininit.exe
  wininit
  2⤵
  PID:1588

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\New Text Document.cmd
1⤵
PID:3240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
PID:644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff873f1cc40,0x7ff873f1cc4c,0x7ff873f1cc58
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1968,i,17232812605220276473,10871891497884046373,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:64
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2212,i,17232812605220276473,10871891497884046373,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,17232812605220276473,10871891497884046373,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2256 /prefetch:8
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3196,i,17232812605220276473,10871891497884046373,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3300,i,17232812605220276473,10871891497884046373,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:5688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4544,i,17232812605220276473,10871891497884046373,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2304 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4864,i,17232812605220276473,10871891497884046373,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:5764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4944,i,17232812605220276473,10871891497884046373,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4928,i,17232812605220276473,10871891497884046373,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4504 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3480,i,17232812605220276473,10871891497884046373,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3464 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3568,i,17232812605220276473,10871891497884046373,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5068,i,17232812605220276473,10871891497884046373,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:2976

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5356

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5220

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:5352

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\New Text Document.cmd"
1⤵
PID:4528
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell wininit
  2⤵
  PID:3048
- - C:\Windows\system32\wininit.exe
    "C:\Windows\system32\wininit.exe"
    3⤵
    PID:1484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
3a928009381a3465df39a59b1d4a2061

SHA1
6d9c42fc5cabe69d9156f22588a3b7822965b9d9

SHA256
adb3606290ea7fcfec5e9e8ad13eee37c682537932ffd5870631f989b3a7e8e4

SHA512
fe46b1d8c6c8e0b52d7d4aa1f4da2d47623890e37bd941aef046c16dee91b31c3d3b674b814887fe2eb56156d138554a829459fb98a333c605d2bf78b3eb01b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\03ae0658db22f33f_0

Filesize
289B

MD5
f5b0f48d1f81066bd660bc5afa57592a

SHA1
90e11a2e3713d2b8a41ba63394355d5296435ba3

SHA256
92f2b7361120401c3a5dd0d681dbb0d538ec813f4a9cff55d487704e07baa108

SHA512
7f4fc1c02e56f9cd1ab4c62f69a7e4f4f70316de844ba88e2c0c4919a0ba478877114660453e3443c541a22638b79eb12c1e8cb06dcdfcb1179ae3a3d3c1dacb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6e2a66657e9c6224_0

Filesize
19KB

MD5
884cdb03158a45c4a228a1aff0eded66

SHA1
4866177c4313091e948e4091c50a3754b0f68eed

SHA256
f1e1b9d196571534ba55d0bbbcd74e8bc2ce7435317601f41cead5b39cc55e65

SHA512
f2e6d73df4d3709217ade8457470d0d575eebf4576f6e285d7d8c055fd573d156adfbd4f15adcf5acea2956c148ed177d5ac1ada0482e79a25fe768567120b3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\edba0684d6e81a90_0

Filesize
280B

MD5
34a1c4d6e99a7b75aa57f0bf8639c73f

SHA1
c720d913a488bbc74a6c3d9e4f7dc5cd1dac9077

SHA256
00a906b2a138f5fdaf3c2e2445165787c8b25d5f70f2893080e1d06f471077ac

SHA512
8000623b963a59c4130e1df4d8f006d132a0d021fc26bc0a792d587e4f7a5c2eaa33c76039ccb4689f94c117c030721253658b7b7664a15ea1c42a8c39553739

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f1e238929875955b_0

Filesize
370KB

MD5
9db054883b0b119ffbadc2f251530694

SHA1
924c3f7e73310529cc2eac39012c915c5b28c8cb

SHA256
a224a5a5a7ce0ce74b1a927b6c819a51ff69e7417e000adda385fbdab20603d3

SHA512
577df65a3bb26dee04b7ad79ae713d151c798440d39222e2a2120aae848122e27f6b4a6b87b9c69ab8f14c27d8e3e36a845d18fd54019277bbcaaecd13ba81d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
eda560f7d670ceaeec22f3b830371d4d

SHA1
5b1130d54f6b053118e2311faa87da2dd7ce0602

SHA256
11abb46580e1dc7bc05c55642bece7edae9ed4fc3f0847f1fef5bca737c4f0b8

SHA512
1ea1b36d5e9dbd28c678271447563a3fd4fbcad55d56b32408faadb4d373f6f60107d60dfe754513e716096f36930a557f963e91c2ebd736f366667ab67f7ea8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
893f9bb7b913b58f053f2c7ec587efa5

SHA1
6c203ebb4360b78af0bd332e2c370ba1173b28d3

SHA256
ade8d6c10bd802a6be14467c273aa0e7dd7bb2b1b5c65982a3c19b7c9a4431eb

SHA512
a0623a0b49ffebb351d83950cdf3c810c5f6c78899a716ae4413bdd6cff94aed678d81c00e7de96e552a0e56b8cc0a9cf28f052da783a461bbd89413d0cd4ffe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
468a6057daa138b9eb5b0183500b463d

SHA1
7bc3d9bd2ac5508b61e343f924e8d0ac4882cf38

SHA256
ea69f0df7b4898aa7e77ff05df37e6666275581a16b40acecd6c138c5ad314fc

SHA512
dd2f187717e927334fc69de8a4502a45e6fd8a4438be1dbeb621f6dd20c70d0683c438181500a9854d574bf7834b8220a213e1a63e318725c3b0045a5e4a2f2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
b07355b0dcb334113f1daf1e37f2faee

SHA1
b19a812338a636e2012f963ea0bdf564310256d5

SHA256
415bb50d3cca69f6ee1c03acefe3c7221e82e7a36a8827b89d13198d1b12575d

SHA512
4597ecc12c0add65d215848dbff87a56ad77f6afc62bc3b38f95b1442f75b49b80ba0176d99f1c766d13aee0176641dba29854ac1db57ce34edc88f57ef3cc74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
154cda11dd0952ebe5e27667bbc4a79b

SHA1
64979db55a6c15508b9e7989a9b4cddcd93c05ad

SHA256
a530fe76184b9ecf9fa990f1f9047af8adb2cccc60db5005d498177532208e94

SHA512
5aaf81fbd2b55353e3d8fbdd57d650da7bec57478c8c60f8f1350007f132b1dd27cfcc835df4d4904f63e007776f5ac050ab7d31ed170ce079335639e2722071

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
60f7d00406e6c080e9e57795a918c0a1

SHA1
9a42ad20b54ca29af52e79666507cf04ff0ece0b

SHA256
2d0809bde638a5f412f89feba8f9d610165179408a77258cc5fafb538d5b246c

SHA512
473350faf6fd5e2e45a06e616655a5ec4f21591fdfed7917025bea60e32a1668ab04a20930c3fc5b394966a3d191d978438c9740f23aaa7f9bfc20b46e775318

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d4a880eb4fa1948ba73fb5bedde3b89b

SHA1
7b4e3883ef347ecd5d4bff1aac6ce5cb96ef9a60

SHA256
a34a64955f551767adcf7a5ec1076fe49bf5bce4aadcfb47a73d3f5124e06e72

SHA512
e1dfb40224243702ba993140fa52cf011005f373ffe2669bd04574e0964397bf01cac752ba79d555756ff4387d843527e4409e5e66741ea93cebb3510ac54376

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
31673933e73d6801715d8c125d3af5d0

SHA1
d052c08466afa8e6877441741cc3aa78005b97eb

SHA256
e490580e2d1080e98c2093395ae0b7de1f6063717f6408b28daca4c9c73c9e7b

SHA512
011e83eb49057a6220552a6b2db0ee084d900875d876c858412ec8fbce6adbbb267ce094ec796ae84123a7ba43ffc253236fb63490596cf9e9567e68d8243dfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b966a650f163a5a5b531bed758603f06

SHA1
b195921061860cfd34bd956a74ab3b8e35ac630d

SHA256
8076934698c5346e1e8ea0e5600ad5cf97808204d3db61d4a65c359fc55f53c0

SHA512
a29214b34e2b4f8fef5e29e5bcc88546ad51150cda0a85a6d50a3ad53d5e6d0f69369b0d7e7a2243cb05dbc295f61228a0c429652db43e8ea40cb3d244355461

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e0abbbc302676118d5c98ad47e77d91e

SHA1
91aa09513590c5c2e3d527c62ae409df1915a1c3

SHA256
3c254a48fd3dcefd69631cb9c8388ffcc6769745f4d30c6d04d07cbac9389d6e

SHA512
a4bcf89384628a8d23764b20e1d133b9d0f5b4f43802a88b8cc425c7bff6f8d175fe9dcd1db2c4284a21a626e118b1d691fc0731168bd82a74bed0e33fdaeef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
24494ab7ba7ee32663d5a865b57cef3c

SHA1
a96dd87d105bb0be6f8d30f9608903d47efba859

SHA256
d1b803a0c1a72a2b36dc9bf0108f7095334a0e4fc865ee8d1d70c7c22271855c

SHA512
838a116de7e714198da2b95955d1291fa5dc118f6d4fccc685eae12a8f92f26015e37a3aa6b63f50c91bc56c6019cf75f66cf366ca5229b568fb351d86c2e229

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
cafcdfff73046d07a704bd56290162a8

SHA1
2e128ac4bbb6950b8f60506803325a7ba8067e22

SHA256
0cb17d054a5ba920ee3e06e9a044680f1e342ce4a7a65ec0fd4d4f80109bb31c

SHA512
3f38f02334c369afa8a5ea5daa78c416029bf98d77e31f28588c0012f4f9d01e34f2a5cafcfc759fcea9a8f27c62c776151d7570ada9d7bcdf7552102631295d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6434910d7b92587ac790eb5422716efb

SHA1
878967fb5cf4d1ced2a224506b401cda912f4197

SHA256
3e6688fbfef4e3b821e82a2b44dd8e1ffa272ce04e4b312d5af733472eca0dfa

SHA512
c6b81fad22bd0cbe1dd1c4e35b88fe595127e7d31f331f875646fa45c116b380c681206af019cfbf2b6d3a0da5e2a2858076930ba0ef451c2db26f29ebfbcbd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c03c5a63f58a816b9ecd14e4f7f847e5

SHA1
a89383cbbbc204b3a726597680839521b3d9c999

SHA256
50c079e3f63b9810e37311dc00d15a95be7df202cc1df74962ead8e5f69d831c

SHA512
17cc01870f72f1d6edc5e8570510fd23c5a957c826be3c68c7a77083a805d2ed78d5bb9d61d3a615b1a3a7385e29254c97fdb22a281aa83e247980f8c56e88db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c9d12b800986b7c717b9f465e785cc47

SHA1
07d2487f6018cf6cc5f664f7c6693ae7f4b6c411

SHA256
bb5c615b0bad8e6b4de0d440f1733be4feb4aa0ab46c4c9efbf8d4ca4791fe1a

SHA512
062d3139d4f5ded87f164da80296d5fcbcbb98799658602f2133d317f82e825cce683d9b5fe5c20726b479ece420d97f0ab585ceb1c2e08cec14d69957935d9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cb911616a579c522150416bf62f510f7

SHA1
ea503d4ac1384a91947da6cf01dd43d907b9cab6

SHA256
5c1c79c41f21a331917cf8e396e3a546cae225effed788b11a982bd64c560e6a

SHA512
67515acd12b960ba2d6da594510e3d34d62d0640b2c96f18e7508ea9c62c4dbe0e4ec99b99c98cc2370459c41a5dbd4facc58a9ed565d8fba31f095b38d77d6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a54388c377c47a6b0d0ea32119510fbe

SHA1
52cc926252ab1a804309e07d659a87d1dfb421bc

SHA256
bb900847fddb5a9d801a0c55a6c3e210d48356f00e2f13178cf53cde10282d64

SHA512
ab00899315b1ce12904cd6d6e8932bc2690b9e8a4915a394c4f10e9d3b5b9d2031ae7f721842bddcba4e6bb6406fb0f850b254726d94e61fbab13d822cf38019

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6baac7e88e4473e65ad9c0aae6aad0ee

SHA1
5ea42897413aebd412a41644b9e2646e441b1134

SHA256
bdf972babf2a0a857555465f0cec218dfc17e0d6afce840cad3444d98bbd286b

SHA512
7effd12a992cd9c2de651bf212064f66df363bfac7ebaf0d148f11366e653c43e333aba3fbeed38b1c1f3aa16c68dc7a9becf80d744bf3feffd2fa9c852dc3db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
798de0ba1714db41102af903440a6b73

SHA1
169a82480908d927c6848707060eac6c7eb6eff1

SHA256
d5ed38392111d9a6e531f848125ad8bfe3896b10027a0a541e810c7d248bff80

SHA512
f71d925db69b61e2ca049eff6d4c0297ae3943d0ed08adb19f2b89cc3306ed15fdee3bffbcc2e35fade5c94e300d6c0dea0fcf0af78da16794c517b4115fe5f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3c1b5884eefd717ee109e2cdfbd3fd6d

SHA1
2c844cb8969ba9715276bc335b1c21bb5bda36ee

SHA256
c47d08ac7f4943e7ef0695114adb52fa49cb57a7146e7ce5686e9c63de77482f

SHA512
835804584d22a3e4732f723c27315e7ac22beadb0d3e9b800be65ed9d5306ad928e752436d21b7f1bf148c94f30581b3e223ea6f8f189a4ee93c1e6c7cfad980

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5dace0ac624ba112609266b3e574cd85

SHA1
cb109e979376c134d9802b9b5f88abc9e91526f6

SHA256
024415d1e3ebeb3aedb789f651509b395d13058ec2006bfffea57e7bb75c6ac4

SHA512
3d45304e33a0f2527a577b7737c10412c40d1a2ff9d7fb67819945c67b90e74898bda3aee2698ca1e2f787fc63601b53b239b1ac8be3c2943ee74600854da6a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
035084532acf15745f4614b6e165d444

SHA1
939b011c0547845d0260002fc354d4ea813cb5e0

SHA256
10f9a87fbc8ed15f3122b689b63bdc28c32a28dfa05393df52be2ab4eaba3348

SHA512
984241aa6543618ed23fe9bc00ff04654b2e71fcd4981af8f4507e30c8bc0b3b3d7d06fbf0d322afc79f497fa8c3b33737c91ff16bbaaddbca51d61ec10107b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8ad45b76e70a27e87e94da618922bad9

SHA1
b71638d257ca913b17d724e2cd7f6f838f98581e

SHA256
807ae83d508627b08e789870cc10cc46659d7cffc0114f6978396d6555b41a63

SHA512
2809e011fcc1c9aa544b8f3cc1745656c5471f70091970d543527997ddc540a7a58a4862bb15223264fcc2c6bad429908ea1596f6d923618a053b4765e0b49e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
42fa5a5b79fc143f8610d9f002ae349c

SHA1
ade5be8815c20b485b8a3a9322bcda0c403e8556

SHA256
21c0a7585549511e0b54b34a6bce7f194e18ecb90bef1b5ac66d4aa6a1b1b780

SHA512
1cbabfaa96ba57b2aba55739abb3eb8c3a02fec64cd3f0ba20f9a6f0ca388bb39895ca785bcbe608d3b853be7660bbb1a76be54843d80de22a33ab407bf409ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
57726928c35ff0b3afb4722216399ddb

SHA1
66fa5485a9e83fa6538593fa2114c0272a4de24e

SHA256
e87a58b52d11ce7add7ccfc03c0011ffa95985561133dea75e877cd0ef7fb8be

SHA512
0ffeb55990cd69bf2875a5cc3e260b45262ca833ff75f5823993c2a0feb01912e151e659ede9e3d7e848d6285eb0faf48dc346d19a8e2def414deaf828099189

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
48869f607f80295c0debaaf9fec8553b

SHA1
3e407a430bb91e24752a96ad01d3d56f40af9008

SHA256
bcb51b0bf5b60d063ed21b7153d84fc817ab17e8d33b210ee071706539fc6677

SHA512
3bac24888f503a171065c9b4229d333a5764b367f9c5fd287b9eee4a515efa1d1da78074fcb7154273c51d388adb409c948501cd34bc2a02fb61d1154b1798f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ba7b02def55ac8991f2eb035383748c4

SHA1
59dfeaa899bcf899c61b5163f90c473503be30d7

SHA256
83ebeb28d90850edaf4234027e38809b57513170097266e2e49f04458180e7d7

SHA512
e8a3b997d5c6721c67dd8eb14e4938963a19c7a785b21bd39acd15ad48274f92611a89921f32465bc25c42ad7539a7d819785839e518930f526679aeca0d501c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7354971a09f20411bdfa679fa543bae3

SHA1
b74440888f4b9c069dc68ff939f5cbf6aaea3688

SHA256
8e6c2dc2f9dc84908e1f54b50e5ea0bfe7a263863278e0e624f296847e0163bf

SHA512
f4e924ed6d2f05881c7a778b2cbb059eb981b82ebab5a0bbffb5a8f250f542d31d328479ad3cae0b828caf739c4be94248ee85df4fe25f2c471b37688de8cec9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9d0090dbde9d78b606a54ee4f681aa39

SHA1
c1bf86f345245359f11dfa9f3b302936a2005202

SHA256
842104298ed79b3276f108a4512d1f7eeb628cc3f9d5428fdc5288ac8b9e9553

SHA512
baac8d4f3ec438c62689ad6ed14244a5071dccabb462e6da0924f63819e87c60eb2d8471de64d3a48c4d8710b1747f799d183c87446592a46580d06d47490c4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5b8d5e9eb592759aa2fae6487fa61791

SHA1
4ec8104519feca7c9b8a0b9133263407f652b7b8

SHA256
723986a85fa4b93231ed79d8caf0ec7e89dfb3e49ae894536ad82d4cb0531ca6

SHA512
baaa3426181b3ef581d412e14bb63fc410f8d402027a29a1acdfc0063c2ffa6c994902cfcb4446dc6c33107339ed6fabf5301a84d94530b86af1837176342e05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
47ddb5cf85b36c13557a3a67430aaa01

SHA1
1c36d6aba7253abc7e41a74464813901566fd50f

SHA256
8d1c6a6cf2f36af603d5fb6af4d933daec6d9ed16085d6a31e4482bb3be22ca2

SHA512
0ba70ac2900495cf6371d182daad0d68e1975f8e03966ae9130df33df5120c2bf7657283f14cec7bddb54a6ba3c8f0d89640df8a35ba23067b1e07127eddf899

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9ecc6fa6ab23fbefde743bd231f638a4

SHA1
99007fb38bb792b6f46cca4c8551aa1c8b12781c

SHA256
dc9b4064f20846caff3be5395edeea6749ad8b7d49a2434bea44154ae2847ad0

SHA512
a23564ca6f1c98a669dff1a33fa3c9d1ac1d3f178824e016074fb1969e0710584e6877234194e4f47fcac94f1981092e9594f448ac4c0e3e28f14838ba1f7e36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
846fdf90469a536612236d3d98189d3c

SHA1
d3c36114cfd6e4db37f21a5b40994924f4ea1cff

SHA256
aabaf41d66b5b83e24bced1f3b573739815b2ed1122c215a63c5a275f592f2d4

SHA512
08ae2d2f31246793ad48a31b6a715f079ebcb4a754ce3bfdd5ec7dd60b12c5170563ca03c7e6c8d05fa940a708ec0d06a925884f10965cfed266338bce49652a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
207KB

MD5
139ffb0eb02c5596bad5360bf3b126aa

SHA1
2caafac9a052f4a5c008a7649484c2dca4d9c51d

SHA256
f9e9ebcbe753cc2726ea3b175d976586d1ac3c17b379e75ea2ebb141e530a411

SHA512
337bd24c6104499e0ca6ee30e857d2be600296db3fdc9e6dcce304d697f5aae30581bbad7c127931dc8b1497e93e8f269b5c67aa19168b04bdc792b96120f6fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
1871b35c66c8064c13622b2852e972da

SHA1
ec20449e6799de3edc1ec1ad488c4ed7f4bd7e2c

SHA256
2a602ca5d082ceb1fbda5791713a545dc3d4142892d992c2004e53b3c2bef1d1

SHA512
58024e1220ff09f28c5ac83f10d3a7ae77db106a6a1ce84016f670f6a3a00896c64eec5dd5679b608c45a523d45ad071f27f33b49cbed400c4dfecf5c799e059

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
691b43bca580d87a85a343f403f973d6

SHA1
fa8e3db4f2c90795b6f1d6f785aef4c0c43fb64c

SHA256
a38e655494ef9d4e6d8eeab9ee9fbd826af18280fbd68082d37ddd70cd9c6d27

SHA512
6cbaf1fcc5e46ace6289578b59a946982942643064158f7af82f55d5458ae501810ef079b5767ba2e79b3d6890a085e9d86d951fa8f737531e9365918db3c5e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
6782547f651fee8cde48995edc79323d

SHA1
4f2ed78fd2ee2f79bac2524d9b5ce7172599b0d7

SHA256
113c553e7d0a942100b6240da39ef88c264474b51587b663206ca96d36bbd2f0

SHA512
281e93c3e9b0af44306336a63b1974dff308d6954c77663ca59fb8cbbe2cd64f4ac9cd24c23d47040a5a8aa57d42bc696ced0b62c975bad014f7d3521083f003

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
2e7083c3b3e39ee5f380e83568306cac

SHA1
d3ce2bf45856a9e25c6c41aae060cdbb337a5548

SHA256
05a1554a0ccfffef3e95e7bb7933e910c3bc15f015e324d3b91fc24f4a8557fa

SHA512
8bce6c515cce63c2cdf0667e2721053fc367076ddc0ad77664863c5e72d4437cc99f01e8184928b4f93227b5b7d9edf8b682589e36463e825ecf0c222ab02564

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\activity-stream.discovery_stream.json

Filesize
35KB

MD5
3e3a2e5bb6201f3ae65c257835e68249

SHA1
72480f1c3ab01bafe1f6ed29ad05d68051ed5f14

SHA256
21d96c2e011a3bbdbf75dc095a50f7a2a08e356f5f892048ebb46724cd586842

SHA512
e4a8b1151457b5d96eda5a9f53312b3ffca9c2fafba496c11eeeb332ec5a66d0a002ca247f75adb0fd4437ac4feefe4676c4e19799c959f34f206b325d7c240c

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_5darjhwl.tol.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\AlternateServices.bin

Filesize
6KB

MD5
515fef6680d3bd10b5a7ee71568e02dd

SHA1
1fc8f6bd38c85066cb53434442da565ceaa88a0d

SHA256
3e92cc34309fd519937f073a33cfcf0d84c2815a221fa0deff9cc932997cd8ac

SHA512
a102d26fb01dfbd001a5904e1a08128d665651830e15cddd4e99e16ab840a9ab012de40267247fd3d6f4613f002383b0ef3c9a894c8c1cdbcba28bb3ed015081

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\AlternateServices.bin

Filesize
8KB

MD5
48319296f6787f8f1a843d4e8eec46ce

SHA1
91286059c079502f5d31d38219ba36642d1c99e7

SHA256
3611216a62ffdcdd7dabc1f9358225cb88fde2d02cd2a06813124265d40150ea

SHA512
3a7defb45fdfe7cfd4ca88424afb00f3fdc45b3d42162e42c3f68c9b35cbc175bffb844370aa192ac6b6865bf2239749b0b676eab6744bd7968e3edf2bbe252b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
17b4016daceef0a78c8089e2f755088a

SHA1
099f9a964b99d50ac9b2334be3f46671f4635f28

SHA256
07f5bfed4124a13dc16c5bd61cd7d43365a7a6b992ed86e1855c5e8bf93cc878

SHA512
6c91573d18ffc81325448545eb64baae61afed15d3e6b66904ff2b591bef9e22433044395483f6a54ac69e3b71aff1fd8a5eb2e2b9a52bdcd52e96e9b7d498e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
d0171b9074a04419620e1c5c44b29cb4

SHA1
4cc1b553fd67354900ace5214d7df5f302447e45

SHA256
04d6b54ffad76f8d4d62e7f22c1b7920d50f52a7b4910e4f1dc731d7b65f8d0b

SHA512
c3bd5ddebd58c6ca8d8ce4fd69caebb77f5fa2930e65ccd4381941d6f103bfd17c78c1bf03eb09517fcd60c8c731e6f7db602dc5d7d02bd3a44027abd6647f09

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\pending_pings\706b429c-3078-47ad-9b12-1e26ca48c140

Filesize
27KB

MD5
8855784bbe16d1bfcc67c36632027aff

SHA1
8a05edc45b8111adabd495fed37d4da569e85ea8

SHA256
648e98fa29c779a2dd6e916c6a5d4917dc40bb06bed9ad4692ba765230ed843b

SHA512
c25ed33dc8dacd1b10a00635886db26742dac39a9ca1fa0c5fae4632f557cc2b58a8ead8235e09a07a8f30c88f51918190c39378eb328da1ae6c478b304f80f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\pending_pings\88366b79-4897-4f87-9df8-f30bd3002c9e

Filesize
982B

MD5
aee53012b349410ec495be442d279b04

SHA1
fde57774c44ee3079d75c2787c2b2f867f236fdb

SHA256
3a65845fc2b054b7bd0b27398f6ad52e85dd907003da86a127959ae411f53d25

SHA512
e71fdcf5c5ba201b0e72d2fc253111500ad084c3ff4df5682325a9d7697054f9f0ee39ca8759e528729a24222e95c868827497a28b1f262689cdd9178808efcd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\pending_pings\d8ef0f78-ffc2-426b-b05c-5c99d03dc8d5

Filesize
671B

MD5
bef19ab554ef8358d68c5576fc1b1fed

SHA1
403062bf6e8517cbc0fb262d7eca5dceb1840989

SHA256
dce4f39bd4fada21d42005f9e838337d83d4979d6f6ca13ed83a8b43b3b3f95c

SHA512
5255cdbce234cbd2a7df548f7fd860b53f5f237c3a6b8f5530b006616b6d074a941d89114ab2a2f6eb45a092f9cbcb010f3a4ccfccd18b5f3326a54e54a3394c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\prefs-1.js

Filesize
12KB

MD5
ee3d18b68783b7b0ced805e09a7e6f98

SHA1
1c18a75a43b23b1db8bd5502c8f064fdd03d087c

SHA256
48aa2c1075ee8cecc3b0f3faddc8e192752233f2571c349ea6af81e8986ee661

SHA512
d9b951a638891325124e4473d8a5fb5f07c3051770936825680593000628bbc3a49818b9a5fed03be2a506fb0ca848cd0670c419c32a9045a40d3d6de984d061

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\prefs-1.js

Filesize
11KB

MD5
1e733c5031339dd1b11ead843d291a56

SHA1
a64989ff6cbddbc05f367bb826d18ffaa3f2dd5f

SHA256
a74082314a2710c96c476c264c72cb96cce30c0a0d3977cf54442968c900160c

SHA512
66393ed4d1b7e28bf3fa2a474e6557b94c139cea6b9203a06d0b2e4809f161459a926d776ef0ac3f20c4708a703951c39e5ae2982035711435729c6b25783cba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\prefs.js

Filesize
11KB

MD5
aa8c535b93c4623b8349e7e16b21337d

SHA1
50aa50b6622d4f22b5a73bda23da6c070a866699

SHA256
7a952523054034f4a0dc1e1a05efe0249aeb27f99a3c88222d152ad330cd13ac

SHA512
de5333a43f86b88e327245d66f3ba3607550d8209cfebea8804d2d7be6d4feea84e849bac53d71a1ed4f029dbec7730ba4b9fc9eec6aa9ac0be4713c8199e734

Download Submit
C:\Users\Admin\Desktop\New Text Document.cmd

Filesize
18B

MD5
aa5bba9668e6d26a4d6d7b4ebcabc28c

SHA1
8cc522a4ee44d01bddc0a37e2ca92339f0fe072f

SHA256
ca13f3f8b04fa75d1492d48260a74291f209b61011dcc85b9cc65dbf4f34363e

SHA512
3bec2197bb667b0880df09c9f6420d40d7096246bef4fecdf8dcba161afa5c7662499a20d95f8a8df9932b87b6a690eeda30c9cceca0d745cf7595f5eb6e8142

Download Submit
C:\Users\Admin\Desktop\New Text Document.cmd

Filesize
7B

MD5
a957a66ef5876ae6fb2984ba1025c721

SHA1
e21a57a6b2e93cc52892eac60fa5149564e896eb

SHA256
a874d111d07537b49f8801232dede4e859fcaf8f42cf633a16d3681563a29e53

SHA512
60b7b1fbcb268a4a7a7180f0cf7ecccb566083653c32cd487948a2f5155ee6a3b9033f629041b974280889d4e9296e25e6b1ad17cbda36b447fa0b87720d9e26

Download Submit
C:\Users\Admin\Downloads\NFi329Ze.rar.part

Filesize
19KB

MD5
1139087d980aae5f99c9c328108c3315

SHA1
f3f124186f054b486b0175b45fadea07afd70064

SHA256
2fd5c8c2bb74f4312124f99d3d2ebe1535cdd20cf4fff076b17ffd3691ec6fb5

SHA512
2dbadab1f99974bb18511d0f7e0a16923f7a16334b02366236cdd9598f619f63998cdd26c74df762e0ac44373544f907a4b20e00b0ee5f3979844768b9c6af0a

Download Submit
C:\Users\Admin\Downloads\asdasd\skibidi van dijk.exe

Filesize
45KB

MD5
42faf67435979c1245010683d8e916b5

SHA1
b93b780736398c6e4001c150276ccb24982ed67f

SHA256
eef18c81faeee1877aa9cd8d8aef18b643a434fd3da221cc724070ec863e5fcd

SHA512
ff0fd19b423da9c89a6729790f5f39bac4e2dd03d62ad8c8fcf9628afb7e57a58b0a4700ee8811ba6c6191390c7cf3816342852fb90fc583ba261fd4637fcd86

Download Submit
memory/1716-330-0x00000000005F0000-0x0000000000602000-memory.dmp

Filesize
72KB

Download
memory/3048-1086-0x00000207BA5C0000-0x00000207BA5E2000-memory.dmp

Filesize
136KB

Download
memory/5240-499-0x000001FE16A40000-0x000001FE16A41000-memory.dmp

Filesize
4KB

Download
memory/5240-500-0x000001FE16A40000-0x000001FE16A41000-memory.dmp

Filesize
4KB

Download
memory/5240-511-0x000001FE16A40000-0x000001FE16A41000-memory.dmp

Filesize
4KB

Download
memory/5240-510-0x000001FE16A40000-0x000001FE16A41000-memory.dmp

Filesize
4KB

Download
memory/5240-509-0x000001FE16A40000-0x000001FE16A41000-memory.dmp

Filesize
4KB

Download
memory/5240-505-0x000001FE16A40000-0x000001FE16A41000-memory.dmp

Filesize
4KB

Download
memory/5240-506-0x000001FE16A40000-0x000001FE16A41000-memory.dmp

Filesize
4KB

Download
memory/5240-507-0x000001FE16A40000-0x000001FE16A41000-memory.dmp

Filesize
4KB

Download
memory/5240-501-0x000001FE16A40000-0x000001FE16A41000-memory.dmp

Filesize
4KB

Download
memory/5240-508-0x000001FE16A40000-0x000001FE16A41000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

Errors

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads