40f0a61db3e8d3a9214d8cdb4985e90321d7117508c16f569a57e72e42ce4b96

Resubmissions

28-01-2025 10:14

250128-l96nbavraw 10

28-01-2025 10:12

250128-l8jgdsvrgn 3

28-01-2025 10:09

250128-l6zetsvrdn 4

Analysis

max time kernel
152s
max time network
156s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
28-01-2025 10:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

270KB
MD5

330f0941aa62e18b70c9b4360bf343d9
SHA1

eb22e6147fbb2b92b36a8db2d06f5366c9bb4c0d
SHA256

40f0a61db3e8d3a9214d8cdb4985e90321d7117508c16f569a57e72e42ce4b96
SHA512

6cb71a976fc59dd2857227a255184c9b84ff95071b52d10fe89969833915f8e87631cc72e7c7f3599b9c7ee6dd86a0f0c574911efb04256f9da310f3b8b07c9b
SSDEEP

3072:BLIAkp2SvaEvZ+pIhnrlf5RA+Jej3SN9A5VIcwoAwtN+25/jg+y:BLIAk8KaEvZ8IhJ5RNESNyIJ4g+y

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mshta.exe

Checks processor information in registry 2 TTPs 9 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000625078c31de18648bd6c1665df71c7d9000000000200000000001066000000010000200000008e7f06171b825aaeb18e4049e29056cfdd086020356ec7b07207d9bef0a29dbe000000000e80000000020000200000006fbc6161908f4c5e8157b0a4d0061bad950b50289307552c95a19806fb7765679000000010e815c40f7c768662aea5fcd34d0621a1ba6669d66be245e668fff0cdc4d3ca74a8a79eb89a38ba0e95db38c6fa6e157932339a5a04eeaf09b9ae2ab3dbd8cc621c45d45649ae08e28d4eaf24d7c421ae220c0587345a65c9a99bcac9d8c38e5411b8607dc5adda0687955bcd6fc06fc8c6bc5c5d983fa617a264cbf3bcb750a161af49ca2d14ce6b4056df476b39cc40000000a5065dec9116a764c0c5d1d3bdca7e4f3990ed9425221b219f72d3940fea79b441fbb89464701ec3fe0e24d5862ab09011cde46fef210015d5e297e4eb3c3572	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60dd472d6d71db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{56BA3711-DD60-11EF-9D85-5E63E904F626} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "444220999"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000625078c31de18648bd6c1665df71c7d900000000020000000000106600000001000020000000e57b232d0089fe09d4fce503300629eacc6056c0544add2d07603e0a0276ca8e000000000e8000000002000020000000b5a55498fcfb5eb6fa1335162dd10f653f97ec73356f718d97ab5b222d10ff6e2000000035cf88f151d689ecd8c1875b3d588db68aa2dee484814ec44138577d111214c14000000058663ffdf9f23f6e891ab1920a7d3d9642abf37aa7222803e16b0275336aad44bfef76ac346866acf4c892c02b4643cfb24ebfb0e388ccb86be12e7c5bf1fca4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1788	chrome.exe
1788	chrome.exe

Suspicious use of AdjustPrivilegeToken 46 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeDebugPrivilege	380	firefox.exe
Token: SeDebugPrivilege	380	firefox.exe

Suspicious use of FindShellTrayWindow 40 IoCs

pid	Process
1872	iexplore.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
380	firefox.exe
380	firefox.exe
380	firefox.exe
380	firefox.exe

Suspicious use of SendNotifyMessage 35 IoCs

pid	Process
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
380	firefox.exe
380	firefox.exe
380	firefox.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1872	iexplore.exe
1872	iexplore.exe
2292	IEXPLORE.EXE
2292	IEXPLORE.EXE
2292	IEXPLORE.EXE
2292	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1872 wrote to memory of 2292	1872	iexplore.exe	30
PID 1872 wrote to memory of 2292	1872	iexplore.exe	30
PID 1872 wrote to memory of 2292	1872	iexplore.exe	30
PID 1872 wrote to memory of 2292	1872	iexplore.exe	30
PID 1788 wrote to memory of 2392	1788	chrome.exe	34
PID 1788 wrote to memory of 2392	1788	chrome.exe	34
PID 1788 wrote to memory of 2392	1788	chrome.exe	34
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1552	1788	chrome.exe	36
PID 1788 wrote to memory of 1516	1788	chrome.exe	37
PID 1788 wrote to memory of 1516	1788	chrome.exe	37
PID 1788 wrote to memory of 1516	1788	chrome.exe	37
PID 1788 wrote to memory of 2384	1788	chrome.exe	38
PID 1788 wrote to memory of 2384	1788	chrome.exe	38
PID 1788 wrote to memory of 2384	1788	chrome.exe	38
PID 1788 wrote to memory of 2384	1788	chrome.exe	38
PID 1788 wrote to memory of 2384	1788	chrome.exe	38
PID 1788 wrote to memory of 2384	1788	chrome.exe	38
PID 1788 wrote to memory of 2384	1788	chrome.exe	38
PID 1788 wrote to memory of 2384	1788	chrome.exe	38
PID 1788 wrote to memory of 2384	1788	chrome.exe	38
PID 1788 wrote to memory of 2384	1788	chrome.exe	38
PID 1788 wrote to memory of 2384	1788	chrome.exe	38
PID 1788 wrote to memory of 2384	1788	chrome.exe	38
PID 1788 wrote to memory of 2384	1788	chrome.exe	38
PID 1788 wrote to memory of 2384	1788	chrome.exe	38
PID 1788 wrote to memory of 2384	1788	chrome.exe	38

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1872
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1872 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6079758,0x7fef6079768,0x7fef6079778
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1180 --field-trial-handle=1384,i,11296564023468944111,15618989569950683005,131072 /prefetch:2
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1440 --field-trial-handle=1384,i,11296564023468944111,15618989569950683005,131072 /prefetch:8
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1384,i,11296564023468944111,15618989569950683005,131072 /prefetch:8
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2300 --field-trial-handle=1384,i,11296564023468944111,15618989569950683005,131072 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 --field-trial-handle=1384,i,11296564023468944111,15618989569950683005,131072 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1580 --field-trial-handle=1384,i,11296564023468944111,15618989569950683005,131072 /prefetch:2
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2232 --field-trial-handle=1384,i,11296564023468944111,15618989569950683005,131072 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3668 --field-trial-handle=1384,i,11296564023468944111,15618989569950683005,131072 /prefetch:8
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3728 --field-trial-handle=1384,i,11296564023468944111,15618989569950683005,131072 /prefetch:1
  2⤵
  PID:2088

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2752

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1920
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="380.0.1286629244\40641135" -parentBuildID 20221007134813 -prefsHandle 1240 -prefMapHandle 1232 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2b4f1db-9f62-40d9-aab6-4d8881342842} 380 "\\.\pipe\gecko-crash-server-pipe.380" 1300 11eb9b58 gpu
    3⤵
    PID:2000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="380.1.1305557909\570087142" -parentBuildID 20221007134813 -prefsHandle 1496 -prefMapHandle 1492 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e97b547-0fe2-4caa-8af5-31a1f76756dc} 380 "\\.\pipe\gecko-crash-server-pipe.380" 1508 d6f858 socket
    3⤵
    - Checks processor information in registry
    PID:572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="380.2.1113066476\1355506327" -childID 1 -isForBrowser -prefsHandle 2088 -prefMapHandle 2084 -prefsLen 20966 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d076d3d-90d8-42df-8499-f580d6a68fb4} 380 "\\.\pipe\gecko-crash-server-pipe.380" 2100 1a29ad58 tab
    3⤵
    PID:2744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="380.3.479722683\1764554337" -childID 2 -isForBrowser -prefsHandle 576 -prefMapHandle 1660 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {acd69a38-d156-47c1-a67a-79fba511a321} 380 "\\.\pipe\gecko-crash-server-pipe.380" 2392 d63858 tab
    3⤵
    PID:2060
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="380.4.268898271\868207092" -childID 3 -isForBrowser -prefsHandle 2936 -prefMapHandle 2932 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9cd7217-6bb5-404f-8d8e-ec69547b8f74} 380 "\\.\pipe\gecko-crash-server-pipe.380" 2948 1bfc9558 tab
    3⤵
    PID:672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="380.5.1823233505\1016388252" -childID 4 -isForBrowser -prefsHandle 3836 -prefMapHandle 3628 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {37e94d56-2e34-4416-a80b-401fec44fbf2} 380 "\\.\pipe\gecko-crash-server-pipe.380" 3848 1fd2be58 tab
    3⤵
    PID:2628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="380.6.1987641482\857898810" -childID 5 -isForBrowser -prefsHandle 3764 -prefMapHandle 3820 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3671b761-03c9-441f-bd8a-57430e313f2c} 380 "\\.\pipe\gecko-crash-server-pipe.380" 3952 1fd2e558 tab
    3⤵
    PID:2148
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="380.7.51326191\1377296360" -childID 6 -isForBrowser -prefsHandle 4132 -prefMapHandle 4136 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {82267509-0623-4e6b-b566-890c5db1c08e} 380 "\\.\pipe\gecko-crash-server-pipe.380" 4120 1fd2ee58 tab
    3⤵
    PID:1968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="380.8.187691879\2029417567" -childID 7 -isForBrowser -prefsHandle 4500 -prefMapHandle 4496 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fb8472a-ff85-4cb3-b48e-94b0ed4c725c} 380 "\\.\pipe\gecko-crash-server-pipe.380" 4512 223c8058 tab
    3⤵
    PID:3136

C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\SendAdd.hta"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
PID:2952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
28a0c506cbf13a00459c8484b08e38bb

SHA1
96ad95c051f39e1ae08c62b05e128d826f3bab71

SHA256
3177f8d538ece4de6dff7479b019ef4c05b18ae4ff8210b3c3f8969479ac9226

SHA512
f3d1410a8d528a0a0713ef4d7237b237d27f29728124e4d4383d4c1257bb368b120baa9a4b21f95929a7148a7603cac3527de08216b99abc2a9f9e37b82cb7ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6DA548C7E5915679F87E910D6581DEF1_AFD0C460FA6EFBA0BD0D581BE830FD1F

Filesize
472B

MD5
61d5ea1e63097957d540d27b3f673079

SHA1
56d45bf348dbd11b459fe7e059407b4c7d5e6245

SHA256
6616b4228b31e3b37e421a4bc3b2e4fbf01da953c6c8aba0d4fa1d2dc21aea7a

SHA512
9b9015b01e1c03af773513b3f706c2f38309dbfc111911b920696bfbad20294f7230ff205b59e5c805dededf8dc7589ee44e5dfb89a0ee871c95ac395f1cc4f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
1218d5cf6abc28fd0dc97b4e99eba518

SHA1
ce54e81e8cdc33261479818e1f2d143fe4a853dc

SHA256
c71716806830e2fc3003d61e68251ff97703481518b1b5ff4c18432cb0d51cf0

SHA512
c31468ca7be14e4477b3ed1f219697abb26ebf53a4a752adec2d1f24cff2f1bc86c06bbbed369595915f90297735401dde43499d3731b4e3c16728fccb96922c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
2fef3ba38f99c6ff3988f38daf44627c

SHA1
ca17f8118c124823f56dd8ace3b14539e72b4211

SHA256
c04b563a59100d84ec4fe14558f101259cd017ca4ca7616d606afaa5eb1ff75a

SHA512
fb3623a4af0d3a1eed1ea40f27c241c125b004d97e25b422a3682bcb3daac52e4b412633ca55eff021adc016100fff2a9fa6a1886dc2ad6db3c88ff279a12c0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
6a396252df641bb2f88cd80fe7ea57b8

SHA1
199819b291d64665af47726928c0c2bdbf2c3882

SHA256
9f2b977fdcb26154ca359722b5caa019542fdf1902bed13d19c56765cd1b3c14

SHA512
0f46b80cecd202e0a37b947014a42b3ba98a795f9a59232df6120768eb369ce0864d9936360a8fe0994d5937cf0c5902bb597d4fd333a83c60c1d84c596ae487

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
048f1ac62123c37e053ccc3d2af6104c

SHA1
cc3c95f8fff1f9f23284688707a31d00336d0825

SHA256
fae537e2f8e69cc54b20e8a4fc94b9567edea302b2009b96505468654864fc1b

SHA512
9fc593b960c555e37fbf7cb25b9f976cd4876039d8012fa335ece4ab46ef3289fb7dfff247b63e3f2f824c9e6b497e9d91e91ee300a5c95918b0b79ac5741209

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6DA548C7E5915679F87E910D6581DEF1_AFD0C460FA6EFBA0BD0D581BE830FD1F

Filesize
398B

MD5
7573fa61c229d27a7ff618e8f21fb352

SHA1
ac69dcbea00482aa46e34786c8a1cf3750d14511

SHA256
e63dcc384974dddd57e8c64ae293e2a29c1b14ebececeeb6108b3ec678e43467

SHA512
ee624062d2c703fa3f56a73584fa5c773b11dab59037957444a05b9d27b7d84e9a9aa657a53af59240c351c316f9131c0993695243340f33c3ea797edfbc96b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5f50f4a1be92615e04b410e4f9081937

SHA1
2719aec79c81d4fa1942e35e6beb019a2382a528

SHA256
22fad70838d1b08fe0c597934a3a8644fd4e21fb6b0ece3408f6bc423bdcc48b

SHA512
86638616e5d2bca0b02352665f6ebde523e328d01531f8ea06b5bf301839e104532a255f375902ac6cb8bd97f746bdcebfcd21d664fc72a4e6717dff2e9781ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72c4699ce01d434cc74fb89c4d7252c3

SHA1
25b705b2d159f3a08830c44c039b8fdd3bca94e2

SHA256
2432a32cb153694117a67c44a3ce515a4f2ff7f61e2705962a911d3f342b741e

SHA512
f140f5481fbdf4e3b6488d42d3a16033ed02d64cee9618c9d81838339eee216c1d6d46ff964f94ef9620991509e7b6ba016c6897f849a2cef20b5c7d9ee704a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba0a5a6989ec038b06f1ca34873b3a22

SHA1
f0afa4e141495c1e3ee90b71b44b3452103e1d7d

SHA256
daf28c82d66329e31abd74ff11191d0c87de24e900c1be41f01215a6e63b280e

SHA512
0ab140f4e67a63e2a1095acc2ba73357046a99888e6a8e31760d6070928bb0e57790ffebf9cfe6856042d47697c8568d097e48388835e20d570a39370e0edb11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3bf2ff1e9da22f9dc07543fd95df223f

SHA1
2989d7050fc004420faf705878a31db52794e059

SHA256
007314267e3ae2b4d0a10521a58eda7f10a3f8f18db252e903318320323c8018

SHA512
2c6a30e31d1439a067ed87fefba27d92113d517e26f1578fec777fa209d25579e2fa7e1f976885f021a7ee3531480603e54144917ffb8308086e77faf2035c48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7b4b1889ea60a24be8d63d934b6750ae

SHA1
4261da19e5ab5bfdb2fccfc8f656c2f5beadb85b

SHA256
e01b96e00643cd0d22c50de44053c2a7c364ce9f905af2871cc2b5f224d58a7e

SHA512
18362a17c6c77d38970be754facb9c5ace919cf97184ccc569aadcc48f2dc140d517534f59b123f2eeb75b466fca64dc39c0fef152aea274942a1b27aaadec89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
367e845caf1a2b5f1bdccd61c50acfdd

SHA1
70f8fa8e1a714a8aa759adc29db0933fa14d1594

SHA256
0a035933bac9023a250434524f5b7cd028c4cc43130e8bbf3632fb978a602ee0

SHA512
d632d423fd908099940691c2df527c794819f22dac77193b4663059df1967835377324ddc0d484a8cf013cceae1d1fb839752532d8823860a338501ea371ae71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d908571a29b62ee7555dad42bd1bd09f

SHA1
fc4c6b3f21a5654689474a0309648072f173e93c

SHA256
82fe54400c0b97ac8ab223ab4cbce6bfb5a8b1beac5096d65c97063916e6706e

SHA512
738a99171d16b4eb4dccc05fa6941c3bebc2a7cc935100b3d32c08b741ba3f34821303fb56d3173cdc4bf9919d4797293d8027755e7a4164a4707bc99cdf41e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1b81e6aaad3891436311659a92edba39

SHA1
05a6237534bcf301cb07ffbe8e6591c76ef68dff

SHA256
d49fba97c3fcb10df79d42036204c2dd4cd7daf533d0cbb48aacd0e844c09b84

SHA512
879c0d06ecbae99f79df5a3ed77c8f84b2e4ec558137929edcc87450bc53237200bcc0a18242c6cea2e2d10ce27986d5470bb94946f7e77b56eb80908d9884a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
43deb1443e026f772874deec47c28321

SHA1
38bc6aa97eb24bae82378ca4f052a52d256e7ce3

SHA256
66e90e07e353dd3b2ea78fadaa1e6d03e70910f4f1bd133c28cfea886e9c924f

SHA512
680b1222ed3b747b0fb25e2ac96a673d5c4a997deeb1b0cd14e6956030768f49f659cad13b80ed0f34f4fac99e02f10a097a7c9908cb7a6ea245d0c246183e1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
39a1c6d55f2b312b068f383acf9524fb

SHA1
973e5e48bda0076b428cb9f070cc5d2a1e1d9759

SHA256
96f0aa4869079ece41988e6954a98fe3d0ce24053e1ab0ec80fb48dc3618c7e9

SHA512
f33a43ea91da014d79ed9de1f7f5c6817666289b20a176d9b5e86e72a57c120dbc78c37fe290e4fbcfaa5a3ff3c0e30d35bd415b4f1cdbeafc3628299c0136ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2b27bd2f2161d3d5ce06fa189507abd1

SHA1
ce45e421fddacf4b53815dd56002754306e179ce

SHA256
6572060ad8de2e0d79624de2efd8291a532b1ed94b9fb5b3bcfe90121516b297

SHA512
795ae71dce2974c9b571d8edf39eb82e7a1346249c678c8cc6fd17fca02b65d96f7dfaef1aec124b010f89eb708974f3c04cc65278c49aafb148f38c77f5a1ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
79e8704a8370ef8d9d8d398610b8a859

SHA1
efb1252cc2a9be3aa8553992e4b2f6da013f1517

SHA256
5c072e1e48b38a220618dcd66f6e2fc46da1aeab44331f21a1d70d7aa7ab9720

SHA512
1ad8122a8768a24f0e12187785e49871c279747850dfa3dc9a7ec6a76f9e31e99a871aaf4798d19911adc758dbd6d72af22d071a6fa5e2510af389f2b0db5e3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8494801af21ae9b9e26b8c00337060e2

SHA1
f859d8d95dfe135244ce1292f36cc6a2c53d39f7

SHA256
d8c93fdb13b796cee47fbfeb081ddf8116b1b8ada1c9735bc88f404771913bbd

SHA512
b79ad1132583d6909d34f3dd94b77cee3947ee0d897a8d58fbe6fa3843b24b11caacfaaea82f9757421d9ce80c8f94f0c5a709ba13b3b67acb9c53f21eccd9f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6818f53a951ddd771adfd407228b7ad1

SHA1
458e51648178b8d636a32dcaa96e4fd7c0680817

SHA256
8be4bccbe2bd4e0938afe9c047508a657ec04acc8c57583cd8d28557a238f7d1

SHA512
47efe2b1bddd96e6375e2014292e8d7c33e69bb58054576e0a3086c94b36755f2122086e581ccdb48707b74257bf1fb762d08ff38414776a411b5a8c92c3c0fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
942be65b49b5d550a4ac9f787d40c90f

SHA1
83219a5364453c741e442acb6a21c9a8e5b1b7fd

SHA256
99a85b04398cdb03a1eb6af78665ce2c6fc2aff548bece6bca6b30601c80433f

SHA512
8509f03ec85752e149b805e009c5449a1fdc43cd2421c99e85e7f9b0d47f3d02dd329ff3eb9912de58ff7ddd5f6ac6c9177a7c5c4fdb884f8c8b76268c724cd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b19824ec457e04907e0d7cf408237b0b

SHA1
de07683552f85687fdfe078356fdf9d9a03c4613

SHA256
c2f733b61aadbb6491533ef30dcbb18d82e415a68f895420347a2b572d591f1a

SHA512
c9d5849265327de528497b6acf62b66a2da38776d199099046b732d350aa8e2fb39189a3ea3d08a6a5eabb252b24d7b85981e9e4f6dacad05d6f3ae451a75596

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
256b647804b1525a4cf50894d47a127e

SHA1
dbfc9c6c3c9151baf3591ed8c2371f0dbdd58090

SHA256
946aaca5c90975b4f622ddcd3c68a004746ddfe3ba9494b4dcf1eb49b755ca74

SHA512
2372de74a827d898fc1ebef23811aa8912485e18d3f30808c87dd047e7ba4b716825f8c873330f3fbdd96af190235cc955411de174eb826396f4881ac923c457

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
691e704aefbc18c0aa0e5e9a141e8de2

SHA1
263146b2ca8a2160dd09112451b0c2f307db6bb7

SHA256
75f1de2e2de46fd90378e76d82c440e73725a1b6fcf1866e2d50122d5e179246

SHA512
14333432cdc50be22a3038e4ba4a4c13d2527b17db0198ebac5379ed4f1ffd6edd8d68989a936a7d2a5dcb927218d2732feee67555a6e926898cff500bb2214a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
19b80a8fd88469891df7b1deca51e767

SHA1
a310e36f9ca6f1d3bd9a4327acf22cafca03227e

SHA256
8c13dc0d84c1f79b494376673b1a869944e8c0812524fa2b25ca255511db246f

SHA512
2d07475bf091a7ca4495af2321f15938646231b50715bfe07cd9db0c4b32ea4a8d4f7d7e396a589bff5bd9bf037ee6de1ce9fa67b0e6fed2c4871e86623c78a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7855918ec7f502da81bd882505acc720

SHA1
76009749595003bdb068159753da54d0e80f21a3

SHA256
4c56005d6ed46dddf0388b6b0dface4217c41fcfcb27c876e7b4045bd6c7fc7d

SHA512
ed2bda93d93aeb9098c2e1f031e286038a21e1883ea1f5e0c5c45b559518fa06f6755b33eed6e711f0944d3138197a7eccca1a208481d498f453259791953e6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b9940f3be56d7762aa915ea39338c9f1

SHA1
5d5c3476963f5450e56df251a2ca604d9241cf38

SHA256
69dee9fdc83a37d0e8473d95acb542ca0a672ce57c9b7342d9916cf70f154824

SHA512
20aae0a8a532ed7ebbe506d4e96ce7310a362a4a62f4181f1e84ca973a3fadb70e82159a3c424df0a79948508530c3b3b1faa43f366e7a32a66b04d921a59bd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
d0f917716c990384f0f9d6544a8706e7

SHA1
fea3676e35cf754e2c9e3baf83343c6f70e34ace

SHA256
95b06ffa4f9a6bbb25771ca9a4db17e9c576313758908961d7a36760b81b639c

SHA512
4935c1da1f47990d6c84a68fda336e74b9aacea09bdeb83427fa005bbf5baf0a567ab6d67817aaf8f93f3919a480009fb0c319d91b4f84a784b7fd5376ebcd73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\9c49985e-32ec-4860-93e1-2f3949a99906.tmp

Filesize
356KB

MD5
6df8dc9d5376948d0caa8716aa547dd0

SHA1
e6003b953477003efefba369c28abd8dfad80b7d

SHA256
3efaeeab3188ff77d303bee8814efa4f3e3da9ed5c415160fda30b77c3850dd8

SHA512
c826ca83cdaa9168f8d71b53dbb3585fa2436b583a58386625470ebb5a040cd9973b67dd0ac9b78518f531252fd26279fd9a2ed68f4ab8b03238edf81146488d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
214KB

MD5
ba958dfa97ba4abe328dce19c50cd19c

SHA1
122405a9536dd824adcc446c3f0f3a971c94f1b1

SHA256
3124365e9e20791892ee21f47763d3df116763da0270796ca42fd63ecc23c607

SHA512
aad22e93babe3255a7e78d9a9e24c1cda167d449e5383bb740125445e7c7ddd8df53a0e53705f4262a49a307dc54ceb40c66bab61bec206fbe59918110af70bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d30ac22c7e1e5108f6b1f63727ddc4e6

SHA1
77433ae21aac26e0afdd951b7402a39bafdf10bf

SHA256
ae7404d7a2b6838c1e69d022963714253fa68ac8ed3a41172553d9ebe9822895

SHA512
23a3e66119b373f6e42e0897edfbd3319b81be9471b7fc7534b9e63eb632f20a1a656c7ff9b2ced0087476d1ed9e7edad99650742923bce2002d2856f0276777

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
356KB

MD5
4047160bde68f6e0da00f8651d29fa49

SHA1
a1063df74b6c9255e04f7a7c89101fb3d3b91396

SHA256
398cac0a8f2217d6367b9e730beb10b1b0d29e8172a1090322581f1a72f5806d

SHA512
790edd0ac761c80854f1e5eb9ff67e38ff27a47fd81f07be575a96b2c1319c53e450b5667e9d02ec796b7c689a0de2cc066a0a906005d4236f83177da56c7dfb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\z3l10m6w.default-release\activity-stream.discovery_stream.json.tmp

Filesize
30KB

MD5
1961a5541f5de32c7e306e379cb0f399

SHA1
d7744f1a9232dba0bc95d507aa8b70a4bbfe30e5

SHA256
8e7798205109edbebbd9d39810b35d9690d1648b55e833def7e9a8dbf67cae1f

SHA512
286cf4dc388cf886b60c3a1f27938bc064dfcff1867cd9948cceac1f97e8b628c037ffdec87718e0e5d0aaf8a29b285304cdf640bcaa1475f061ea490ba7bcab

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\z3l10m6w.default-release\cache2\entries\210094FE2194727DAA201FD79E1905AAFC315528

Filesize
49KB

MD5
8ff8c5949e59981779501bb5b8aa6fd7

SHA1
0869acf2f5320a37efbe633c589210254a50c0d8

SHA256
137631e15f2037186afedf3f0ba506f00a9564b8fea4d0b88bc0dd0156679e69

SHA512
36ec0ff42b58c382460fc372a7a5afb16a36e884f4f1bb55e9882aff3f20e04908a0d4a2192723c673447147b9d2b5cadd44ce96ae99d703068ae49c15257dc3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\z3l10m6w.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE035.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE034.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z3l10m6w.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
702f3f88a367fec79c5c1c096b6711fc

SHA1
9310777250502ace45159c0f66f693b76a5d8867

SHA256
9a037a72b5bab549f773bbc90f8e0033f0e4bb8c5973928e4872ed15e631c636

SHA512
851a42af4e454f1d2e9ce59b2d870304b395fdcd4f22f76922e36fb96697e30247ac00cd3351d92d45b6bddbbbf60c30d14879b48146dd6f332e490c710337bc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z3l10m6w.default-release\datareporting\glean\pending_pings\780ecf4a-4ab2-42a0-98ec-97fad4e23726

Filesize
11KB

MD5
651b2c249b7f4cae90c175075dd9de1a

SHA1
7315f19b6625d86b470639be6bcbcc0896200228

SHA256
24da1ab804b47e18043525b1429050547037b465b4f5f8cbd04ac20821031c61

SHA512
61e13db39b646441de006b41a008a97d610e7e06abf2f0669dc3d2ad898b1d788fbf05ca18c4253517690d19def59d820dc2ab2e72690f3ddb1aa98e2b9999a2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z3l10m6w.default-release\datareporting\glean\pending_pings\c0290717-983a-41aa-9140-15e1d91fc0d4

Filesize
745B

MD5
1c3b4d33f28a0c5742014b48dcc8c680

SHA1
8b8f563f40da9f95540d30440d936cce34166636

SHA256
b046779cc66da058c71862d6ac292196e718eb02da646c7c279d6355862a3250

SHA512
cc9579467da4c5e81da9f024d43544c26247c97ade2b218b80fecedf77f775e38cbde93579d92c4b4e8de795c96d06e744973fd8203a7afcdc783133a25a74d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z3l10m6w.default-release\prefs-1.js

Filesize
6KB

MD5
538d1c98cd9123c2260c9715b7431485

SHA1
4544653a9fd2810f51c0a91f345e87ca119499ff

SHA256
13039eaed8449aa4a006f84ba3162b0f2e4759f1c5c7b5b9d8ab280cc1a59900

SHA512
5b43cfa05893d7d798a0b69f161c1b8dcf810501ceceb0eb8b56707b8882f7a7336820b0153b992518b3d8b44fd72cc790d088478898e6fc57d4630a7534bb07

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z3l10m6w.default-release\prefs.js

Filesize
6KB

MD5
a9cc6aadf3d6cc66fc5de5b510bbb791

SHA1
62dcfcab7e81f1d23deec3fae5de57b0515e348f

SHA256
dd71db26d4f899841b0e081e206af5e9ea0ffccae6ea7fe34c373540c0cffe88

SHA512
542807f62fe6fc77713e8f3574b48c9dce54850b34fc18fa7db45a45f3d3137ea1284631fcfab2454361ceb4b8ed76fe40b56144df83ebca413c639912b55da5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z3l10m6w.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
d477ff2b4444d0b4975c57ab582d7b94

SHA1
22169ffc4af006854d67fa7e556d54ac3633981c

SHA256
510c11188363796448fe35bca483e06d66c87107aa8edec8127af88a2d7dc3b6

SHA512
401e8fd92156dc33e8e27b8f6d849e0d40b9742a6da50f52cf64ab5fd30848192c384e2c6954250dcf2ae834be230ba5380fa84921c55e142220250a840dc482

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z3l10m6w.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
3333421ad10f95abbae08e7a85d98687

SHA1
1b4650bca9d588a3e8de8d2d9bf5386810123cf3

SHA256
d1a6725b66f9f8d220df225a44b8e84961adab18867226ab2b4d88e892277c6a

SHA512
00735eb336235ccecf96fe883879852b98855fb67329f6490fad54dc3d68efa1f3d10f354ccb10273d09cbcc59305f23c83f913021c7ee6e987357c7d8cfd41c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z3l10m6w.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
d95ac76fb7f0c6ddc1979e8609d31fbe

SHA1
5a36131fbe475fed140146266fa7b0e5b0643747

SHA256
e20fabd13c5dc389779294bbeeae60c5ea11b5997090d74236f5d934c8e053cf

SHA512
a9ce9fe45052bce2129ee4c310c5e617c708ffb327b720cd21185a6e33b150101c22948f15cc2ac7a3e106a253b5d7f7ffd0b5786f2b6053913e7b4ccb85b7cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z3l10m6w.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
32e9406017adb0d7e417ff68699a2553

SHA1
f8f6ff54004fcbb919a750d23b07486fdae2313d

SHA256
0802ff6fa57283929f0a0f9f32fbc18dd7bf2730ac5ab6e2123aa2f22ac4b56b

SHA512
8c48d61e184937ad535f1f1456ef5ac27a7d4ddd5f4d6fcd285528ca4e1d6f1805a7226fddf02eb5f559649ed1f2f1009b28423aa977511d80979b391e135f15

Download Submit