hxxps://soporte-bpd[.]com/Personas/Paginas

Resubmissions

13-10-2021 13:45

211013-q2mmpaeafl 1

12-10-2021 18:39

211012-xa1hsscheq 10

12-10-2021 18:38

211012-w95q5adbb8 10

12-10-2021 18:33

211012-w7behadbb2 10

Analysis

max time kernel
671s
max time network
694s
platform
windows10_x64
resource
win10-en-20210920
submitted
13-10-2021 13:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://soporte-bpd.com/Personas/Paginas
Sample

211013-q2mmpaeafl

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies Internet Explorer settings 1 TTPs 53 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEiexplore.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url6 = 0000000000000000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "340949333"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url2 = 0000000000000000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz!	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 3	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TypedURLs\url4 = "https://signin.ebay.com/ws/ebayisapi.dll"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30ae633a8ac0d701	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TypedURLsTime	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url5 = 0000000000000000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TypedURLs\url2 = "https://www.facebook.com/"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00c1763a8ac0d701	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TypedURLs\url1 = "http://soporte-bpd.com/Personas/Paginas"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TypedURLs\url3 = "https://login.aliexpress.com/"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "340932738"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TypedURLs\url5 = "https://login.live.com/"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007dce5df328d2b3428465887ea00eec2d000000000200000000001066000000010000200000008ae947b367fb65d92b47d30e7a84ae3d764a903d57d429975bbd7347dabf8511000000000e8000000002000020000000b0198797bb7e54ca32f59bcd0c57cf6da49c8862e78f85f501fc73cadeff3f24200000004a08e60ccb239959377cd5c60194024484dba05df42f8e365d4fb8e51f6c1ccc40000000a210cca04cffd7f82aae8d27c8a6488e244c875d29ae1ca1bfe99327c1efd7e954e21943240cf98b782b75850abffe7b16d2d11ea58d3e3b933a61a0f3d578ae	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007dce5df328d2b3428465887ea00eec2d00000000020000000000106600000001000020000000a7d54dad702b969f9c43edb4a4e021a586a8e6a1e1583eaf947e5ee20f8e0512000000000e80000000020000200000002a278967e687e267f37723692a99c690e82b83094c3d182f25900da0e9a0e4e320000000f91e575260d378fd189c8913597f3b3afe641635f141e4cdffa7e22da9c9c63240000000bcb99d3be9ab90c21fec27c748b34a5c664fa7de2e03e3ffccc8c1f6629869eb0f234f6f38fcfd7f514a00f8aa74b0646ddf0746b3a049556435cec665fe63d9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "340981324"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 906046038bc0d701	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\FileVersion = "2016061511"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url4 = 0000000000000000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TypedURLs\url6 = "https://twitter.com/"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007dce5df328d2b3428465887ea00eec2d000000000200000000001066000000010000200000004aaa13538fcf6383f643f4d263d91a7195064f87bf330a6595c48cc32a716fa8000000000e80000000020000200000007cef1be6aac945fd31afbbb52fcb83a4c3f2726b8a6d57754b7a06e1eb060a6620000000f827b4c26db63f189fc05e54cba7b5126d5cb935e633422442443772f0737c3f4000000019735e92e091316ee4c729e67b4abdad9a286a56acc89264e96fd9ed2e73588d6bf9a0f7d6e7826ad156a702fed5eeca5060bdfd6ee300f6f884b57e02475a28	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6F707BAB-2E87-11EC-AF2E-4208BF05CDF7} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TypedURLs	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url1 = 573991028bc0d701	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url3 = 0000000000000000	iexplore.exe

Modifies registry class 2 IoCs

Processes:

firefox.exefirefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

iexplore.exe

pid process

2016 iexplore.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process
Token: SeDebugPrivilege	972	firefox.exe
Token: SeDebugPrivilege	972	firefox.exe
Token: SeDebugPrivilege	972	firefox.exe
Token: SeDebugPrivilege	972	firefox.exe
Token: SeDebugPrivilege	3696	firefox.exe
Token: SeDebugPrivilege	3696	firefox.exe
Token: SeDebugPrivilege	3696	firefox.exe
Token: SeDebugPrivilege	3696	firefox.exe
Token: SeDebugPrivilege	3696	firefox.exe

Suspicious use of FindShellTrayWindow 9 IoCs

Processes:

iexplore.exefirefox.exefirefox.exe

pid process

2016 iexplore.exe
972 firefox.exe
972 firefox.exe
972 firefox.exe
972 firefox.exe
972 firefox.exe
2016 iexplore.exe
3696 firefox.exe
3696 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

972 firefox.exe
972 firefox.exe
972 firefox.exe

pid	process
972	firefox.exe
972	firefox.exe
972	firefox.exe

Suspicious use of SetWindowsHookEx 11 IoCs

Processes:

iexplore.exeIEXPLORE.EXEfirefox.exefirefox.exe

pid	process
2016	iexplore.exe
2016	iexplore.exe
588	IEXPLORE.EXE
588	IEXPLORE.EXE
588	IEXPLORE.EXE
588	IEXPLORE.EXE
972	firefox.exe
588	IEXPLORE.EXE
588	IEXPLORE.EXE
2016	iexplore.exe
3696	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

iexplore.exefirefox.exefirefox.exe

description	pid	process	target process
PID 2016 wrote to memory of 588	2016	iexplore.exe	IEXPLORE.EXE
PID 2016 wrote to memory of 588	2016	iexplore.exe	IEXPLORE.EXE
PID 2016 wrote to memory of 588	2016	iexplore.exe	IEXPLORE.EXE
PID 1460 wrote to memory of 972	1460	firefox.exe	firefox.exe
PID 1460 wrote to memory of 972	1460	firefox.exe	firefox.exe
PID 1460 wrote to memory of 972	1460	firefox.exe	firefox.exe
PID 1460 wrote to memory of 972	1460	firefox.exe	firefox.exe
PID 1460 wrote to memory of 972	1460	firefox.exe	firefox.exe
PID 1460 wrote to memory of 972	1460	firefox.exe	firefox.exe
PID 1460 wrote to memory of 972	1460	firefox.exe	firefox.exe
PID 1460 wrote to memory of 972	1460	firefox.exe	firefox.exe
PID 1460 wrote to memory of 972	1460	firefox.exe	firefox.exe
PID 972 wrote to memory of 1004	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 1004	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3656	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3484	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3484	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3484	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3484	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3484	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3484	972	firefox.exe	firefox.exe
PID 972 wrote to memory of 3484	972	firefox.exe	firefox.exe

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://soporte-bpd.com/Personas/Paginas
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2016

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2016 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:588

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1460

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:972

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="972.0.1512988458\103702309" -parentBuildID 20200403170909 -prefsHandle 1528 -prefMapHandle 1520 -prefsLen 1 -prefMapSize 219808 -appdir "C:\Program Files\Mozilla Firefox\browser" - 972 "\\.\pipe\gecko-crash-server-pipe.972" 1604 gpu
3⤵
PID:1004

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="972.3.1355901781\301594396" -childID 1 -isForBrowser -prefsHandle 2240 -prefMapHandle 2220 -prefsLen 122 -prefMapSize 219808 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 972 "\\.\pipe\gecko-crash-server-pipe.972" 2204 tab
3⤵
PID:3656

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="972.13.991684553\1097088271" -childID 2 -isForBrowser -prefsHandle 3428 -prefMapHandle 3424 -prefsLen 6979 -prefMapSize 219808 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 972 "\\.\pipe\gecko-crash-server-pipe.972" 3372 tab
3⤵
PID:3484

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="972.20.484737958\2028557917" -childID 3 -isForBrowser -prefsHandle 4108 -prefMapHandle 4620 -prefsLen 7907 -prefMapSize 219808 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 972 "\\.\pipe\gecko-crash-server-pipe.972" 4628 tab
3⤵
PID:2704

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2168

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:3696

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3696.0.2146430691\1771428163" -parentBuildID 20200403170909 -prefsHandle 1488 -prefMapHandle 1480 -prefsLen 1 -prefMapSize 221077 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3696 "\\.\pipe\gecko-crash-server-pipe.3696" 1564 gpu
3⤵
PID:1532

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3696.3.1079152601\1000029768" -childID 1 -isForBrowser -prefsHandle 2228 -prefMapHandle 2236 -prefsLen 448 -prefMapSize 221077 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3696 "\\.\pipe\gecko-crash-server-pipe.3696" 2184 tab
3⤵
PID:2060

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3696.13.1000348306\2102175597" -childID 2 -isForBrowser -prefsHandle 3532 -prefMapHandle 3528 -prefsLen 6679 -prefMapSize 221077 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3696 "\\.\pipe\gecko-crash-server-pipe.3696" 3540 tab
3⤵
PID:3076

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3696.20.737777723\1559532001" -childID 3 -isForBrowser -prefsHandle 4344 -prefMapHandle 3792 -prefsLen 7572 -prefMapSize 221077 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3696 "\\.\pipe\gecko-crash-server-pipe.3696" 4348 tab
3⤵
PID:2508

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\1MMEDS0L.cookie
MD5
c27b892834d9335952e4e813d4d56e35

SHA1
142f619b998b73ef95f2ade18e4462789240a06f

SHA256
6e8928f7ef42511456d0186f596d14a803e2e201b21f31229fa27d14d6f6c90e

SHA512
832eb3f873dc1068863cada3a76efc1da2563cc5394f2ed6fe7cee3388309ba799706c9265167918b2a68bc3aaee78ba4a14495a944d8a4b08173232dee813d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\TBXJ1ZI8.cookie
MD5
47b3102954799231d626efa1dfbb66ea

SHA1
2a40f68ac540db68c3b3d8e8bc8ce5ec195a1771

SHA256
98d9b93d9356bc12b9b061baf5bd47ae840b89f9ecc20d4faa6a32a560e358ec

SHA512
3e9ec83266d059ec0b6081f9cebda2f017c5f511d4bb64312274726e03eddddebe7c28820fd47593b352b28323e748edf280096b0fc11edacb9f299b8fd0105d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\cache2\entries\065C8755F5A96B58C96987EA37D919E81D239D30
MD5
f23bc22067c1cc57397683564e818ab0

SHA1
a649955ddacf6d65c2c9311ee4f16535671b66c9

SHA256
eab65455a6a2a1ebfe417b3fb4df346b58fb0504aa1de1f317daeaffab85d7e4

SHA512
2f0df8ddf0598bf522d691b05f1ffc4bfcf97ae7f659a8e9c2c92970743ffde3e13c780f3e057648f27adf245952c162c548461fd1b7cb5ac6e46712edf1199a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\cache2\entries\1BBC7759CBC162CA4A6DD44B4D4454193297867E
MD5
f26fba4bcdd53bc504ef7332c2a32f37

SHA1
dc3ff2eecddb1a27e7f8ffd626e5bce0a09d332a

SHA256
de7045a9fce8783f316ff785ef5ca5f32fb306ebd85261d241bfe44a8b3fdf5e

SHA512
c7eed0b277735a6a15942f817045cf32ea870ea4b3c135aea6287160b3e998b3c4bff88a78ff5f5f644cc911c0ffa43f3ca2ae0a5f4f05957af4105085cd522e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495
MD5
7522ab6694242247b57a482c67c7ad68

SHA1
dfd4be379bf475bbbc2fa8bd477ec613f819d6e6

SHA256
fecbf6313c3827dfd9c117ad26ac7cb1c0fadfe4e2a562e799a4be05b8d77180

SHA512
0394312b7c15e83ad56dfcad413e014d447bc09c0d8b418a00365260630e84bc726dd2111a4c660e8058f3a20a3cbe8304fa8fa38cd2bc46879d2ed32723ff55

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\cache2\entries\58076067EBEB56951E5BA3FCA84F5F2CE2203F7A
MD5
a7bfb959a95168b481e046cb0aad005a

SHA1
a09b1a133f69b40ab94c7d025cc0eb91460ce432

SHA256
abc2a411657ce9a5191ac5228938785139f4965ff14c54e87965e1ca66d1667a

SHA512
5d92b4e0a1963245536b337bdb69a6090a5e66cea150d1ad1b1186bf820fa3c88a0d548acecce7a16e956c8f0f03661493a6a350bdec8115d651becc526d0109

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\cache2\entries\6D4934FE31BFAF4563C9C133D9CEB4B986FB5CA0
MD5
6f81ba5120261e8e63a437a298709887

SHA1
1d02772130c170f0d15efb50cd3fc15c9bd2a272

SHA256
de3fdc86cef97bdd6b211361da6d52b638e980da1b5d20aa9cabd233cb49fcea

SHA512
12f17891144171d07c72755892d09eee9ef8c0a0bd99ac317bd6be40bbac9835ce7f7bfec1cc68061ce12730fa46064d298390682b49b537dfd55fca7f48e2e8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\cache2\entries\785808DC38AB6F3022421C0744745D3F05A81612
MD5
d495d755a9dbf75d55189c52213da33c

SHA1
4d984dce7e33d5495d9c4b28f36ed744d8a46c59

SHA256
3f1a095e1c671ac28809d43021a73ae65df915fc3c4928da9653b059d6e52101

SHA512
2d799d0a9dd2a9932351b082c01054e0e2ca58c288a897b95e86c7f5a1e132c267d94fb95431f5c2c39cb1e5e68580c221a9c9a012020fec0bdb7381d35c36a5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\cache2\entries\BC7AC4D8ECA8BDAD737F220D1E84EBA6E0F750A9
MD5
87a97fbcfb45b9356103889fdce8d43a

SHA1
45e14259a3f64403ac9540db54eafbb3c1f5d01c

SHA256
ac68f8fbe49ca3c9be93f624adc51fe2986167fee259bd74498a0795e316ea5c

SHA512
8b753d0e7ec642a626a04dd49e13c63c9f762e14ff493ad07dbfa3bb002d05afc5c89f81dd3e931e5884664b8aaa953adc8ca579c792047873a756e3a0cc687d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\cache2\entries\CDF359E63200C01C1961DA51E2DC1A04CDBFB351
MD5
847706f62b5897133749872459f966ae

SHA1
5cbb6ff947fe09bebf3d3071581125b24f1c0dbe

SHA256
fc6530cb07c536fa213bdd3ed6b5bc6367b7f5fa60a8df45d6970e9bdb07d931

SHA512
50caa683f401ca5a85bb32d638bcafa66398a13611dd2cc225977a150acffe43b11a70da0b31eccb8f0d94c20240be6d51ec249072cfff8e0e514ab7d77ef25f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\cache2\entries\ED07F042F4253F704BFC7070ADB92A3EDC4588A0
MD5
9f18cdbafa1bea5674d67764ba85366c

SHA1
e0d09b18a0a5897caa710187bcab5382af9ef76b

SHA256
1950ec7235c280a06974b7340c4cb22ce1adb834c25eab7b9d45dfebbe44f31c

SHA512
e4916f84eec80f0887cf44a1eb63eec75404fbf2fecfe5dfad4b0821d985d0b30bd9b55d1799a8085eae9cf89492288258c4a9bd67e5f7c07088d26cba23562b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\safebrowsing\ads-track-digest256.vlpset
MD5
6c3605de4e50f585c2dad2819d138112

SHA1
4c647f39e09f9a3f16c982febbcca061ffa42652

SHA256
1983aa1c36d96d197aa522d6347f0ab6a62234294964f1d5889600c2ca6605d0

SHA512
b619f4fa7138b90ea92064fa9e614e978b014257a59a71738d2fd2382988d395c1d9d7aa362e90abe5acf82dbe786f860bdeff65684db16ab5b42ebd5f47fc44

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\safebrowsing\allow-flashallow-digest256.vlpset
MD5
de0d88480c24350c59e1e9a3583de0d1

SHA1
4e3c279344cb37deb5e893ab24770982de135789

SHA256
01ba9f0b913e04ed10bd7166796483dd4f72005f249d6ee68b12117be4b5d3c7

SHA512
f627c69598baa9bc60b036cea03fdadc8b4cc424ef8cdf93614275a336de05a60961f5e77553226c99c29ec2932272ae994327a4da77d75d2464f6722cb700aa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\safebrowsing\analytics-track-digest256.vlpset
MD5
254d7cb246cfda6c6e31ccec67f83330

SHA1
2be4c763f0ffc3116a3d954f025193bb98364330

SHA256
67fa50e00ee464f3f43f6320b24c6bc75a1f457d817c3781e5674efa31853546

SHA512
1026f63af0ead7e9d350c1054721bf73f83edba7a513463566ab58603a28aad5a562435ec54326468502b7b29881b5fe29c1e6f163d3f74dc0f29089b683a324

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\safebrowsing\base-cryptomining-track-digest256.vlpset
MD5
f45cb33dfea35013b6d5951f464a7841

SHA1
21c9d73636871aafe063797059078fe2373d1233

SHA256
498ab828f2dff25b45deed474bebdbcfadac63a1cbba2e393162ab54bbc9f2e1

SHA512
88ff2955d709d53fe248b88beb3f6bc31a485c17c80c5ddb8ea91abf46b0a43bcaf7f357ea4ac09dfb1d7988f8b7b1034ded15c2861d9de01719c131cf72a27c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\safebrowsing\base-fingerprinting-track-digest256.vlpset
MD5
db9610215ba796d0e1c85e57abae4b81

SHA1
fadd1349a4b17d9fd7829bb0f71dae57824b8b9c

SHA256
b0da64ac180f22f5bcd5184056d0b4a7d6810f6d6b02a1f68f52c71b4941a753

SHA512
a727e1f258e2c40c325e9bcdc6102fc3ffe13aeb39171f62e4f881a76e945447fdd822c04821fef59e24e2e3dcf9abe72a4e9368b8d6858730086bbd0c390bdf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\safebrowsing\block-flash-digest256.vlpset
MD5
130b9ac2beec5ada274561105d81ae36

SHA1
85a4785b34bb151da41bc0dfed380cceb7a29983

SHA256
7d99fec08182a5b95d18d1569edaa2c60c2aafbd15a56d8882f22f3b395e6460

SHA512
cbf32630bfe48fe6dd0e815f2e9752ca75c066bdfb5f12941f3278883b0530f1736b2d179801afc7ab4680be6ca9976c6e2e3705147d95503ef32cf730194631

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\safebrowsing\block-flashsubdoc-digest256.vlpset
MD5
40165280ff1345b5241ec2a9d1da2af0

SHA1
c49f9172a6bba2dc4e91fa97defd161d9e87773e

SHA256
f80bdd5341d8b1ee946e344e258ef2d35c3c0bb6b13eb7b3e6a77467dfa8b97f

SHA512
b5ec96e5f786de54976de804491aaf01bd79dd48d81ec81e1a9d32157881b0e7690d3608ee18e60e4381291a1c179999f40e0b98f9483519084da268b4904c8e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\safebrowsing\content-track-digest256.vlpset
MD5
9f355ca06a2c5eed2b13ab75dd4ca3d3

SHA1
16a014268d85c8b1cd476da2cfcf7aef79d5218c

SHA256
039695d5ea6e79797e1b2acb4aa95bcbbe3f4c53970abf28c68aef2b13f1a95e

SHA512
ace6b46c28c25ce5d87162566a882cf99b4a2512ac5fd9f0168ff9936d316af8652e775ebce8b1fc8b95d33844425da3a4832348115ead078d7b78a0b369b78f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\safebrowsing\except-flash-digest256.vlpset
MD5
c2994d388f8780c87d35c352d9582985

SHA1
b4e9ecdf3ecce53f072b7ce9e695ffcc17ea9f76

SHA256
7ed09f7d2bd632f70077a4ae4f2bd2f3fb654b03cd72652f51678b0c7d027f25

SHA512
60edd83f6e0ff782ab251579e0f3c113d3d5fff7ba7f3a8900cd4fd6bc7271921445e94b53073129db9529f0210750615318348307db650fd11ffaedaeb7bd15

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\safebrowsing\except-flashallow-digest256.vlpset
MD5
7194b6bff691a056852a51e2e06ce8fe

SHA1
0adb901d9e202ee31ce6a8131ff15e5ecca834f7

SHA256
cbe2dc6abfe25bead60f4dfaf419fc0f441ff8a8dd4a2febf5553be1cbd90c49

SHA512
b0d8240050a25b2ab754e8f260361298d0017e3a938e965a34b6db072380cb6167c4fa5e0c2293b46b1135207ce9242ce1441b77af8b07a3212a49000e8bbd36

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\safebrowsing\except-flashsubdoc-digest256.vlpset
MD5
0c0d67875bd75a0227c02dd8529ba01a

SHA1
2b12efb5e31bdac680b6283e2585eeea096fe73c

SHA256
614be0169ec36e67223eb9645a98da66dbfde5dfbb89bb064f428aaeabdd9d97

SHA512
8fb01246c4b7b4a2cf0379f931e0cd3ea5a32781078efdc4c4a5ac3bc496697957f6d15a0b6daaf562e48bd1b1ffbafe0583c59962689b030c4c5543cf8e2ce5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\safebrowsing\google-trackwhite-digest256.vlpset
MD5
e54e5b84194eee15e64d2a03f1136bb7

SHA1
308413c74a49af1a575bc6f64fea33f9ad2f220d

SHA256
07707b589be3dba3bb0bdac67760a2b180ea3531e9d7976b73e4c1d8df9dbb1e

SHA512
f3bae1816db808c69871bd1a059236bf57982e90da5706adcc3359a200f1ec2c529be516be629fbdb5e7da8c3ea80000815d99c8c2c347440cacd9237bddd3b7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\safebrowsing\google4\goog-badbinurl-proto.vlpset
MD5
d60ce6d272103285c9531bdec0737c61

SHA1
ee7f11f8bc0cbeb84d3107e95e2cce5fd5b63e02

SHA256
a69ee67ad84fb9e0a90179c7bac08c725311cb33f8cc51095b83908522256ddc

SHA512
d8866b8dae1d79a74ec74a03ad05826f3ab18cce501d72380bb20525ddbe9a0aaee6d99113a5b116df76c77cd364a3358a65a0c9c527d6c0e3e6163d04491f56

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\safebrowsing\google4\goog-downloadwhite-proto.vlpset
MD5
b0272f5cf9f56f11c856155dc5f40be1

SHA1
e824cd22b162fce2892fcf2b9e9215d8e94ad4da

SHA256
74ab81a1929a8806d559a13140947f076caba52bf882364c416ef4d8e9b155f4

SHA512
3c50fbad8e60e35661826efa9f111364656bff4d4d9a7df3cdaca565ba7d899337064cf1d3c7eaac759e8178180dde402d6305c56fe3d0efa9cc171611592da2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\safebrowsing\google4\goog-malware-proto.vlpset
MD5
304396f843af2a1be390b016b3e79c76

SHA1
103ce46d9efd93da1daa430be11dc8a84cbbc460

SHA256
604dcc1866e7067e76fdb8b5ec9eeb2e7d1b5702bd47dca5a9b238be45d21f07

SHA512
39485e0f28faa47e57e82fefe06fedd5622a69d6c860befe7c7a19ff8fa635c0a8bc152577f27ca8b5d61fb63f57ce430cca172f6687010be0de63efcae4dc29

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\safebrowsing\google4\goog-phish-proto.vlpset
MD5
d81c56d9f4dcc5200604928c02e467e4

SHA1
bb7f0e7a758ae91081c9510634c634aa74725057

SHA256
a210ab3aa7eb9f3514b9a9c3ee0b1c2f2f09c9216fb5f55128b588cd44c6fd5b

SHA512
21ff748f57f7ef6ae311696b934a5dee5566757a14c02a95bb48f82fc28a7a09a4142032f0339b28012e6919ef4c24bc320883a5feb540ac90d6ea303c25d5e1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\safebrowsing\google4\goog-unwanted-proto.vlpset
MD5
06bc886658644e937951674c1a6bfe49

SHA1
09eb4ac8bf95b5da0caf9e4dea846b257136cc43

SHA256
6e9c97192c6636396e7f63f04fafffff79c9d605ea3e493cdc65629a096dd02b

SHA512
73b03d6e776d649d176de99abf4ea4782a97203bc93c44978cc87c9a011b31283d9e70fe46f16641cc051f6def38edec4d5b18536312161874d93f800494a9c9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\safebrowsing\mozplugin-block-digest256.vlpset
MD5
fcc9c2c9b611a3264b68ebe180eb4248

SHA1
50d1a83ce69bb20d0d98f0ce80fc8dca44e054c7

SHA256
6ecd378a537eefe350b45cfa353741383f407d99d776bf23155a7825dc5dd2bc

SHA512
5a5be2ca3dfb29cab5e9bfbafaf173105e4cc1a79da6cf663ca0f8f7bf109a5b42a4ce5665150a97cadc22865860e0e6f8c708d83e5aa01d6211a7664e10d249

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\safebrowsing\mozstd-trackwhite-digest256.vlpset
MD5
dbd7544bf04db52719348298521f4ed4

SHA1
ab838a83ae023aadba87bcae62093e874393a0e6

SHA256
f87c0e78f812bf39363b1974ed20175e907cd6114173db31e1c7243f4d515dfd

SHA512
0ef0ba0a594bb019133a133b9edb73901e804c845a66d427686f32a48c9d1ba665623d3fcd10018c2415202fd3f722aa23420598ce892444b4574c108ce4d6e4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\safebrowsing\social-track-digest256.vlpset
MD5
399e146c7c24fb3a69525f748f6742ab

SHA1
5a19c6f96244a65ec44af582956a9085407768a0

SHA256
11bddd57f215cf440ef5e41385a618123658be38b03097b547a9ac5220db425e

SHA512
3d280f40d78b0ef1b76fb8210f1d59edc5412208058d7f9448e14ff11c4e717505735c161979e2f84c4ccbcf4c4fa13ff3e8200b27ee2bb96e8d1180fca62e5e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\safebrowsing\social-tracking-protection-facebook-digest256.vlpset
MD5
c6e5d0e5cc6cabbb446b625d9a14f3ef

SHA1
2d46657ed7ddb6f4c295b90aea7c477f2560d4f4

SHA256
de974099351ab8e3b4945d3fae34a2d8bf43407921800719256cf29139f516e7

SHA512
6e30e2adc27654d3052fbdaa8c4bf6d2ea41687bea67cc80c412c0d07a6174211e633a1aace5629444ba9ab0289af9f56651b5ab9061bcbb820b04debe175098

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\safebrowsing\social-tracking-protection-linkedin-digest256.vlpset
MD5
e28d310df430e7b6d95d9c912fa94e2f

SHA1
6c54ae3b421f47b73260751c44584d4b1effbb16

SHA256
0f6bd075711185f73238b0cd030f84a6fa9ddc17d341a669aadd07b806a86626

SHA512
1dc3c42fd79042eb9d17746a6f5c3e46d3bcbf36bda2143b380a02519771c39870cef4e8031e29191505c125c52a73e20c8167e1c26c3458fd9b7c89f231f0ce

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\safebrowsing\social-tracking-protection-twitter-digest256.vlpset
MD5
dafe2c58eba7740af1a2bad64cef0f54

SHA1
f10d56c4c9d035744f46ed60690d7eab35952c27

SHA256
16093715575f4b5990d69d92459156f5843134a22135ff93185fbf109d64423d

SHA512
5e6e65b2e357e6dabb163496135b0269f4e6f19f230e2f5f51f17c18b3462280f83e48d621747aeb88eca016906acc9d6c05664b3f5d20ac6d90ba0aca41ba4c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\startupCache\scriptCache-child.bin
MD5
db52d580e1893ff6c4cfa4096197e5fc

SHA1
bf049ed2c7784876cea9149609b7dd52ff18ca58

SHA256
32eb7fac8d54ab306261e705add2334dc8a597f543f2bbb096c5630e2154515f

SHA512
96589be91b98c14cc11b7dcaf0be8d422fe915e52f8d4bcb28c1568010fc054940ea595550cd8097842314d8b74de34c9b2a9a749483ed90a79245d77e46faa4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\startupCache\startupCache.8.little
MD5
9c4c35fba6e09d5c74686435ebb82715

SHA1
a7a0ba2d2649a209035475e5c5a31807a28359df

SHA256
0370c9d31a2147d9ba70ccf26b57bef65704f853909d2243235c0ccbdbd91a37

SHA512
19fa99f3e41bbdae1adc8d109b7209076d8ec66b63bf839afa95253d03503c427787d4e136ebb509956ca355a2e6989ae1a4948a0348bccf143f5b0d2e1d6713

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\startupCache\urlCache.bin
MD5
0c3c3ffea290ad01ed0bb914410eb503

SHA1
2c60089e85029bf4e6298a73c020e5f9b4ef33c2

SHA256
9991aa026ebb5a5d6873b041a81eeeb06e3917775ea5292165f3888e737ec4ce

SHA512
3ebd3d23b74ac8b877c283534d4564d2269e1a9c227277f72a5c58735f3300fd3eee6888ffc53d4346714d23d269e31f83e090f5634efdb128ddb206c8e968b7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\UC9N7V~1.DEF\cert9.db
MD5
12550c821e895d15b7200286f3aa2420

SHA1
05036d427c111fac0cb0babdb7157bb29956d0b1

SHA256
942f37e9d474f585216b980f87e651dd0229b556cb88f9a0a2aec66c81e75509

SHA512
a928cd8df30269216672ecc8e577d6997671043bb9ccc9458cf7d1d98d080d977e7812f570d88035631bb5cadbacbc8f960416d4351a993b4e0d8d7aee0c33f5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\SiteSecurityServiceState.txt
MD5
19aa8c1d8b32cd2fb9cd3239d4d538fb

SHA1
b23489b9be4251b44edca24c44789c138f9738f9

SHA256
a92f2f11e12f08dfe11afba9d36527f28e4c8fd479dc3d6035036984b18032e1

SHA512
5396253102de0e7f1527b88923275dc2c577e84971b70751f69d8ba5445d2ba0ff4af277bc3d150e1b77ab85d4265962b9edd9eca57aa694efd5757eff3b22e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\addonStartup.json.lz4
MD5
bc4bd0071af0574fe57b6756f0b26071

SHA1
dfc6af6b87b58391f67679a24c28495503f9e75d

SHA256
2f0cb964330decccb1375985d126d6cd2fec171e344cdd6e21026fa9459d8ad3

SHA512
9cd3f9140a3beca18114253556281c48e0a2401d8e7bb01b518a0615caf6a1f4a8cece627c00caaf9cb3f7cf3a57a224ec5233682b5b3f8e933619b85488551d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\broadcast-listeners.json
MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\cookies.sqlite
MD5
63d9bb6fe83f1fa1d108651302608c34

SHA1
7b66e679989ed0c13b6de93b5b77b5286698fd43

SHA256
a7e0214c32bd70e75f8137ff21efeaeb1e80583cc707a14f7e5e9df31df396bd

SHA512
a8fd4a0262d3dbf7563016649aba4f24672f6b2119df893abfc7abae06933ed22be4e166c85e22c1ec29c095400e65895f3cea3a5432bbc5a7dd811f3d0d72e7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.info
MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\gmp-widevinecdm\4.10.1582.2\manifest.json
MD5
69236425227c0bd3e5c21034285822e8

SHA1
2dd63dd2c47e00a536fade01d3a7cea26c2305ec

SHA256
e328dfab8c729a9398506cc3e29fcc0342f72298d54f476f33c9b352e84c10b7

SHA512
738b0bbbfa01b2fe8b987026860c22f3593d19d605a76683161cc5c18237440344dce0c16ba07b80953ab03885f06efa2d96a334461ee7acda76506df6a22ae9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\permissions.sqlite
MD5
e0fcea6611e03e81176bf812d0c567a8

SHA1
5a5f1ce707d54e181eb7803845bfd88ee31c557b

SHA256
7276a5e5150c12ab4d3f2d2fb77dfe2839f82a1333f754f951ad54af0c98c89a

SHA512
01d28a5691a12b9f42c60a2997ba8d70724ce7a29f9539af86f00874cdb495f24983f5e188235de48347ad3f61b28ffdd31c5cd9341b684df09b18561b2d4749

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\places.sqlite
MD5
d39fd36805c56a02877c9dd6394b057e

SHA1
bfe8c5b2acacbc5c63f313b4e567dea9774a7ff4

SHA256
12b91aa97bb11f083056adc6524969d373022c67eba541ec16813f059f8d15ce

SHA512
34dcb736886aff0c1548b953c5501f890f50c73b0896a760102b10fc8be0633924eace5c4ac32f5bcc43f6c47cf885b3a9dea3a469c0e2c18e61835cb0ced119

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\prefs.js
MD5
6aeff723b15713208306e98e000696c9

SHA1
83dbdb7133b3415829e48b6ab589efbb2a12945b

SHA256
e50727a1619a0a3e1012f2b6870d3f52468994dd310d3b3e43510b2025ccdcc0

SHA512
810fc2333611fdd99852f64eab53863bbe5417432041a471a7c1c4a80c34ba534fd14f685474597e7b7be60513857cb10bf3cd68353734059acc603049550852

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\search.json.mozlz4
MD5
dfc7040ebff4c20d38893837b4de65a3

SHA1
97c5c32bc2d99860996f4c44758f0b16efb04a7d

SHA256
c68d36949acce48ae03ceec0a78c524d52f6e372ab7edea8a21aeb0392deca10

SHA512
8df5ff451713f6856669748ef56dec75b9f30b239c73eca9305ad03b9452d44caf719d1a10f73b256987060403e6415bf426be8beecb7ae3a6e0f14de34bb9cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\sessionCheckpoints.json
MD5
6b77a9f779399e95d1cee931a2c8f8ff

SHA1
826efd4feb0d50fcce5696111af7c811b81adcd9

SHA256
3a0285c8233ef0324b269f7291094e19fd9b77259f9419861ad796f7e9c979f3

SHA512
ef537c75fab8e86483ac03cc0d2feaf41575e35f54b95669a26bf6dfbf58021dc9a5bbe54d9537b55da3fbb0e0262adf6c5efd4394faaec81a31604533afec4f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\sessionstore.jsonlz4
MD5
79ee4e33af9af22f030636cdda9f277c

SHA1
d83c3dfa4dec3b699600d242aee6f8bb0d5893e3

SHA256
6b74796c1472f92b9b6238f156d71cd6749e89f71a3799d4f18b4ac5081da900

SHA512
b6a2a480d49166b802005b431970f0b0790c3b6d985d8b962f31f3505382c7e488159eebb0cd590b8d0494a4d6bacd97294e997882fcd89794e54a13eba63340

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
MD5
087e136842cd7803b8c263cc1d53d740

SHA1
0a1c83ebc4670252904055d61d9933d0d5b2233e

SHA256
ba081b4ce9d60b78c7b77e000c11482345af078178d245118bd3c8f36d10dc1a

SHA512
be7711546aab21a5d71372d4054f119a697cc09c245c50b260c1377e36d60123adf32646f90c4819b82713fecb1cd43f1d04b3edde8e7dd5a518a9cae0503b70

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
MD5
e6007e0337dbcb6dd8d0fa34dc862f56

SHA1
a097c52c4546a18245920f012c7ddf1fe68e8969

SHA256
ff22bec4619285e6b54b3378c1dda2e8cecde6b75698ae8aa88b492ac7bbac79

SHA512
bf54e4dc1a3b3c6b226f918e82f22da9f40cb0251547d86c9e5698eba6c6d0128f1777c7cdffa640e26faf0350b9abbc91e08fa3e6f61a783b8b518fb26031e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uc9n7vlb.default-release\xulstore.json
MD5
6daa2089b562777ab9c9f7b1b97240c7

SHA1
d63192bff51da71d44226016af0111452beeafab

SHA256
93e25b4c79f209a4b646d879de681c679233963b3399fcee6cfae5319744ff88

SHA512
b7b548461171d06d52991e7471cd86caee718724695fabbc95f65e31dedddef1ecbf6bd3bb668ee8964e8f7d9ab199cfc92e97291b1684d6bf023d71650fa957

Download Submit
memory/588-140-0x0000000000000000-mapping.dmp

Download
memory/2016-150-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-179-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-165-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-164-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-115-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-166-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-168-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-169-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-173-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-163-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-157-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-156-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-155-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-151-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-175-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-149-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-147-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-178-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-145-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-144-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-142-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-167-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-141-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-138-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-137-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-136-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-135-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-133-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-132-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-131-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-129-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-127-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-128-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-125-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-124-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-123-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-122-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-121-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-120-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-119-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-117-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download
memory/2016-116-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp

Filesize
428KB

Download