hxxps://bazaar[.]abuse[.]ch/

Resubmissions

07-04-2023 15:30

230407-sxfdxshe95 6

07-04-2023 14:43

230407-r3rhpshd76 10

Analysis

max time kernel
210s
max time network
211s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
07-04-2023 15:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bazaar.abuse.ch/

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2884447041"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31025526"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c884d0db6b01394f84d012a5eedc1d2d000000000200000000001066000000010000200000007724b262a071138b067dc94543f49b52aa6014d79d545b9d9d04f1e2bb81582e000000000e800000000200002000000057d5381125e6b7e0f91d7007c59c984e0e9f0c55b28a1803766b2d4160b010ac20000000797e0b89375e616c51ecceb4ce4f1209b60b07ee0b565fbb1386651ce7d6d82d40000000f5111dd71dc2ca7ab3bc46e3070b68f84f3827040331fa4e4fa9023ed8cd509eab1576716e2e4c71fc4227da07a2383f16d15829b44a35fd991d49d055dc88c1	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{D6B24D89-D569-11ED-B7D7-D660CAC54930} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2884447041"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "387653582"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2893543982"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 605595ae7669d901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50d4a3ae7669d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c884d0db6b01394f84d012a5eedc1d2d000000000200000000001066000000010000200000007794ab6eb20d50880cd4595fd4623c7a953ea4707187281841ce51d3d15c394b000000000e800000000200002000000066df458ff3d724ec0a69d7c5f52ee7b6cd8dfba1eed7e7c91fbee29340214cef20000000f02b5f143ed22d44b41407331440f2e1c1fc6dcee1eab3ec16ee2a754d621b3240000000fda5ae591b205c5aa8a995945d57f4552608398feb74b0684868fd38833ed3b70dcc282d1cd05ebc0642cf499fa898d80c36c4c56f4690f44e648a5fdd2557b1	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31025526"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31025526"	iexplore.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	3472	firefox.exe
Token: SeDebugPrivilege	3472	firefox.exe
Token: 33	2988	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2988	AUDIODG.EXE
Token: SeDebugPrivilege	3472	firefox.exe
Token: SeDebugPrivilege	3472	firefox.exe
Token: SeDebugPrivilege	3472	firefox.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
1112	iexplore.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe

Suspicious use of SetWindowsHookEx 37 IoCs

pid	Process
1112	iexplore.exe
1112	iexplore.exe
2224	IEXPLORE.EXE
2224	IEXPLORE.EXE
2224	IEXPLORE.EXE
2224	IEXPLORE.EXE
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe
3472	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1112 wrote to memory of 2224	1112	iexplore.exe	86
PID 1112 wrote to memory of 2224	1112	iexplore.exe	86
PID 1112 wrote to memory of 2224	1112	iexplore.exe	86
PID 1336 wrote to memory of 3472	1336	firefox.exe	89
PID 1336 wrote to memory of 3472	1336	firefox.exe	89
PID 1336 wrote to memory of 3472	1336	firefox.exe	89
PID 1336 wrote to memory of 3472	1336	firefox.exe	89
PID 1336 wrote to memory of 3472	1336	firefox.exe	89
PID 1336 wrote to memory of 3472	1336	firefox.exe	89
PID 1336 wrote to memory of 3472	1336	firefox.exe	89
PID 1336 wrote to memory of 3472	1336	firefox.exe	89
PID 1336 wrote to memory of 3472	1336	firefox.exe	89
PID 1336 wrote to memory of 3472	1336	firefox.exe	89
PID 1336 wrote to memory of 3472	1336	firefox.exe	89
PID 3472 wrote to memory of 1388	3472	firefox.exe	90
PID 3472 wrote to memory of 1388	3472	firefox.exe	90
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91
PID 3472 wrote to memory of 2684	3472	firefox.exe	91

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://bazaar.abuse.ch/
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1112
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1112 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2224

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1336
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3472
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.0.1952247014\1338319372" -parentBuildID 20221007134813 -prefsHandle 1820 -prefMapHandle 1812 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec0cc7aa-8a1d-46c2-81fb-a5fc89c5e937} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 1900 144a63a6158 gpu
    3⤵
    PID:1388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.1.760919991\2042553902" -parentBuildID 20221007134813 -prefsHandle 2288 -prefMapHandle 2284 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc488c73-2d01-4372-936d-601b2bc7b472} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 2300 14498371f58 socket
    3⤵
    PID:2684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.2.2034339995\1692120597" -childID 1 -isForBrowser -prefsHandle 3036 -prefMapHandle 3136 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {123f301e-e236-4295-a544-9f9c36642cf2} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 2916 144a538e458 tab
    3⤵
    PID:2860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.3.747071797\862928840" -childID 2 -isForBrowser -prefsHandle 1468 -prefMapHandle 1464 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5560b129-45d9-4c30-a575-c0a702884c2d} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 3528 14498371058 tab
    3⤵
    PID:2868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.4.1217919487\1646156593" -childID 3 -isForBrowser -prefsHandle 4200 -prefMapHandle 4196 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0cc29845-09db-4c85-8632-26ff1dede123} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 4212 144aa1b4558 tab
    3⤵
    PID:2740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.5.750494664\733138487" -childID 4 -isForBrowser -prefsHandle 4948 -prefMapHandle 4956 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ffac67a-b27a-471f-99f5-cbd4fd2f071f} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 4932 1449832de58 tab
    3⤵
    PID:1336
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.7.1184502894\264429410" -childID 6 -isForBrowser -prefsHandle 5284 -prefMapHandle 5288 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {014ee992-df4d-4272-829d-feae62cb33f4} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 5276 144ab553e58 tab
    3⤵
    PID:4356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.6.683149345\1988877225" -childID 5 -isForBrowser -prefsHandle 5088 -prefMapHandle 5092 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c922935-18fd-47ce-88df-e8b2be56c3a7} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 4916 144ab396758 tab
    3⤵
    PID:1692
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.8.1194316773\1809063726" -childID 7 -isForBrowser -prefsHandle 5732 -prefMapHandle 5744 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58d0f075-9870-4b63-ab5e-d2df0a25d9a9} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 5724 144a9b4da58 tab
    3⤵
    PID:5580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.9.1359755393\1387275209" -childID 8 -isForBrowser -prefsHandle 6060 -prefMapHandle 3524 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca9daa90-9aaf-469e-bf63-12999ea497bc} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 5948 144a9b3ef58 tab
    3⤵
    PID:5136
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.10.440379830\655941854" -childID 9 -isForBrowser -prefsHandle 6212 -prefMapHandle 6216 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a3da3b9-63cd-4906-9cdf-b43d298e47ba} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 6204 144ad74d258 tab
    3⤵
    PID:5144
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.11.1440148510\1307596514" -childID 10 -isForBrowser -prefsHandle 4792 -prefMapHandle 4784 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1510bb7d-157f-4a3c-9442-d14561b89c63} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 3532 144a9b97a58 tab
    3⤵
    PID:5352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.12.592192114\1906377644" -childID 11 -isForBrowser -prefsHandle 6524 -prefMapHandle 2796 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9913fe1-452a-4f95-9987-07731ad0e8be} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 6244 144acd46e58 tab
    3⤵
    PID:6028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.13.1203238277\828638768" -childID 12 -isForBrowser -prefsHandle 4784 -prefMapHandle 4792 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82b0565a-84b5-4d28-b0e7-4e6e87a082a1} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 6476 144acd45058 tab
    3⤵
    PID:2216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.14.1747696879\1618462074" -childID 13 -isForBrowser -prefsHandle 5204 -prefMapHandle 5220 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22ba640b-2552-4f36-b00b-d249234bedc9} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 5192 144ab7ab458 tab
    3⤵
    PID:5764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.15.749220788\114146741" -childID 14 -isForBrowser -prefsHandle 6088 -prefMapHandle 5220 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ac8a332-3643-461a-9c22-48319dd8db1b} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 5192 144abadc058 tab
    3⤵
    PID:3840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.16.1221723873\2059252646" -childID 15 -isForBrowser -prefsHandle 4400 -prefMapHandle 6248 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {46a8fa34-0235-48bd-8882-946afa933cef} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 3500 144ae7cab58 tab
    3⤵
    PID:5804
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.17.299423176\1274212634" -childID 16 -isForBrowser -prefsHandle 6460 -prefMapHandle 6516 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ee5684b-8913-4366-82fe-5c51f2cce1b3} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 3640 144a9b3d758 tab
    3⤵
    PID:2856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.18.1415192274\22236528" -childID 17 -isForBrowser -prefsHandle 4360 -prefMapHandle 6300 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {74d5f21f-0a05-48f5-b1a7-08083f99bacf} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 6296 144a9b99258 tab
    3⤵
    PID:628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.19.1562314887\511532723" -childID 18 -isForBrowser -prefsHandle 3636 -prefMapHandle 6384 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f819bbe5-81ae-4a90-88c9-7a4e30d24a31} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 6392 144ad7e3858 tab
    3⤵
    PID:5624
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.20.90446595\2090704365" -childID 19 -isForBrowser -prefsHandle 6168 -prefMapHandle 6164 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5466d7cd-1f10-41e9-876a-3bdeb27d7f0b} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 6184 1449832de58 tab
    3⤵
    PID:6016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.21.253227721\1379646095" -childID 20 -isForBrowser -prefsHandle 6088 -prefMapHandle 6176 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad6363a4-c806-4437-919c-920904b74812} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 6884 144a9b4ef58 tab
    3⤵
    PID:5660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.22.813392910\217896903" -childID 21 -isForBrowser -prefsHandle 7036 -prefMapHandle 7040 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49f41af0-0a08-4785-b2d4-e2c831cb0390} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 5748 144a9b3e658 tab
    3⤵
    PID:1216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.23.697338387\1210115520" -childID 22 -isForBrowser -prefsHandle 5988 -prefMapHandle 5812 -prefsLen 27340 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9188278d-188b-41fd-8f52-f96756e27b05} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 6092 144a9b3e358 tab
    3⤵
    PID:2760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.24.1670642952\1000885569" -childID 23 -isForBrowser -prefsHandle 1432 -prefMapHandle 1356 -prefsLen 27340 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4211616e-ce6a-48d4-b6a2-6e944d98273f} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 5852 1449835d058 tab
    3⤵
    PID:808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.25.191083533\300650889" -childID 24 -isForBrowser -prefsHandle 1332 -prefMapHandle 6928 -prefsLen 27340 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12cfd153-b284-46a5-a207-0ad348bdfe27} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 6624 144a9bed758 tab
    3⤵
    PID:4456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.26.1621044571\1925930788" -childID 25 -isForBrowser -prefsHandle 6972 -prefMapHandle 5080 -prefsLen 27340 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70a4bf79-7a8a-47ff-b4a8-a01c95a19e41} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 6948 144ab398858 tab
    3⤵
    PID:5732
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.27.1821848557\1146491124" -childID 26 -isForBrowser -prefsHandle 2332 -prefMapHandle 6808 -prefsLen 27340 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e2b3c28-f2d6-4471-8b80-bec9253abca2} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 6196 144acd3c858 tab
    3⤵
    PID:3884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.28.664109558\1217203553" -childID 27 -isForBrowser -prefsHandle 10680 -prefMapHandle 10676 -prefsLen 27340 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7f23264-6176-47d5-8233-71e6040cbecd} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 10696 144ad775058 tab
    3⤵
    PID:1700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.29.1440148953\1611388660" -childID 28 -isForBrowser -prefsHandle 6212 -prefMapHandle 7076 -prefsLen 27340 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38930126-8a78-4553-b9c4-fe8b536b61da} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 7072 144a4fd1058 tab
    3⤵
    PID:2188

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x40c 0x30c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2988

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
ad32aa47616da408c11598c338c55c28

SHA1
fa8d673203cd0f60297e8d79d3c0e8fbdd7bf5f7

SHA256
df8c7c79de024eda85d6154d61dd305c6a7ff5c9736c32e5ebee9a8aecff3cf2

SHA512
f01c954f1c42edf6c74e9f71bfa2baf4cc79d1ce9bce50425667f565734dc79632436821de49e3cf40e4551733a1332b54d0110b9a930de8926c94b244148353

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
cd2cf9e55cb00fe927cd220e071b5e8e

SHA1
5a02db4b600a6727770786e5e63201f410cce605

SHA256
bd360e0ae9a40d3f241d7f0bfd4d29e0de1af170815deb3cc90aa496606cff6e

SHA512
836714bafaa3e3f7f4abc9c7394c7d120836368d1a8a711481744dde27af0072fda2824759a5b82eaa43db4102652e1e3f5e09144628bd221550df9fb0557848

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9afmek3\imagestore.dat

Filesize
636B

MD5
2d825e4c4c06fc56abc4f606797b3570

SHA1
ebb47a0b748a2441b5ffd1ccfdd9a20c1ee26933

SHA256
0672c60e13a76d98c95cf7d72fe657fdb26f8f50e15a2ef3568bcfdde72fcd4a

SHA512
77b09fb65feee503e68072221371ee2f0b11a0bca5df89f7e9b78c28911d5ffd810e41ac7b880b7c6cc5ca6e247b065e8cb9b74a69268e9331875bf92513d031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DKFP9JBL\favicon[1].ico

Filesize
520B

MD5
e1c76d0b0ea7335e0e0106e5ac1125f5

SHA1
e45003897b26137bd1e9ba88a237f5c5669eb92a

SHA256
e4805c69184ae414aa88a6c478abee36e27b7e72e045365d81e6c44246808ec8

SHA512
15bf7c9e0a1d7ee6897b5e024f043eb07f75af1d9010e7bf1209d0440c2edc5fd1c4fd16c5e340c9a767ad2dd729e5a931d7979d163d83f0b59ea2541d83e013

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G1ORIWBN\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\activity-stream.discovery_stream.json.tmp

Filesize
139KB

MD5
4769d2619a226768584676b367f312aa

SHA1
6ce55976ace175e52a94a24c4bbdc677761649e8

SHA256
072903537565e103bba852331e7de21ec3b0d5145014a1d28b2f8c8076d0ed44

SHA512
e6a74a6f958d29e2f381967813222e17e90c8aaa40868ffd82ebd2e6ae6980af94bcd4890621a8220941161192749007e20f7eca27e542da5e47795492fcb066

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\14313

Filesize
41KB

MD5
0b755408759800c0efc5b5d559e85ec5

SHA1
9cce64b4a50b3fa1205bfb5b2b724263cd0b3d85

SHA256
c72275eb895727ec30d1f2a6bec802d9135f5bfc7b167d8ee0b4da7d03b27922

SHA512
7ed496a7291329acb5baea5c0b821e2b2f190c47bb2bc06962ee2550ee5094f4e4e23a50b3029dc5721fc50712a27a0c6207c2670817054880792eaa580fa358

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\16546

Filesize
15KB

MD5
b1e06ae7e0b1616a92d606fcfc282ddf

SHA1
b4372f51eed3bdc3fe885d91af57c6cf5fc502d1

SHA256
28aafb646361a06dab53052c98045397ffed6c8f0951e47669a1ed36765c5235

SHA512
f717cd867b81cbe39f9a38784acef770c9e7289c39bff839c7a7f3cff05d1569dfc368d50df0976cfbbb8b9e741fe55fa86b1587dc6caf51b37778d2d74a6006

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\18771

Filesize
15KB

MD5
411591cd8fcedf9151eb3d4da9a1a980

SHA1
cf2404d96269e4a807f8f91ada0a86fb0912accf

SHA256
1192c53904bab271fd4df6ebd6c6eecf543dabafb5df6df465702c11df3607d4

SHA512
977ac11ba72cba1f207db76cff0b2e2f29cc1b0fe58f6708eb682a30a896dc9dc4b8abaf5ce142b72329375e65837d56733c3474ed51b90f2155c6cc244cb53b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\22261

Filesize
15KB

MD5
c3081ef29fcece225281d012fa956555

SHA1
e47b29d1c833aa8a3102698a13ccdca7a588b1eb

SHA256
151a09379d45b214a7e884bfc54a8c6ff4025cceef9b4ec7d8f4e7b280bae9e5

SHA512
75b1787da0c380f0c12ad171d04f70513cc858557ff23e4dd1c1c102eb534fdae4c6ae76462daa03fe8ecc17084ef910a04a6ddadf5c198979d5324c9ae3a97a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\22644

Filesize
14KB

MD5
61d3c0587ed5a0b3202af43fb4bf246c

SHA1
5ceffd9014361e491488d54fd2715b2b90740963

SHA256
b9911413235c818e1dd2c6311a01194f0295e06e4d79f35efed09c5cbc025d32

SHA512
11abde1cda0bc7f3cdd8e14b83e8a7a1407098cb966539bd11ad13abc10251cdf724d72b7d13fb3d26514c11992e70ee2c37e73b298a2d259e224aac7c2d0406

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\22868

Filesize
14KB

MD5
838791bbe7414662ebbc8524cc4d0e76

SHA1
cc877ad12d4eda1cec868c1df1df5c820f1b4b09

SHA256
dd6095e574492eba95fb2b19cd002956a2083ec3d645d6db50bd398bda37914b

SHA512
cb4c459dbd5ca40176a185c1537374756a6d54a109c66879499332d7735367bd4c20e8b130ff58dec2890343f87c373a7cfde2294fc6dbbc1c041c163c28da1a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\2293

Filesize
15KB

MD5
a22e75e02b597d8d236966b5113058ac

SHA1
5467a8b1ac25508528cfcc4510126af2fd35fa76

SHA256
99cbc39681d3ad411d22ef5621ccb9eaadb360d0ad0e1a2cd884ff5788af112c

SHA512
8603e0a909cd88bf670c7822cd78d3b94e7a050517d33dcf149571038a46f52ea5717ae09f87ee8d814a8baf94528f0f6cb9559eb108fb2c96ee484cab0c6fba

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\25461

Filesize
14KB

MD5
145ee96d80e65fef06fb1588ba7691a5

SHA1
b433f315380f5afdb773c6befb439604598e1d1e

SHA256
bd497d3d3a4fb425928f2cd3ab4ebc3bea93daf35ca6af4084c865823001a1d3

SHA512
111ca14d9d3f65176c29820840128e0352b602317fde832f4d00cceaaa4e57b3cd66ba943c96987df6e56491c852a1a5f3845c9d39301b8a4eb1112ac511a40c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\25639

Filesize
15KB

MD5
77b31982a9ff73b964fb97017d017255

SHA1
4ea76f7709d792248ce4f7f8cbf83a84c987c905

SHA256
f109a8be1d0ea0ec5121d24a6f3e3031ff29207b453839844a9847bcf66f90f2

SHA512
1b4c3014101e2e3ceaaf642c7c7810c13e6436a7f89f3bb6d3b0bc1851e226b8cf72b180a6312f5341f40bb22246cdb1169775bc52757af2d9561600842d4511

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\30169

Filesize
20KB

MD5
e0590e03798727a2cab845aec0d17f97

SHA1
c3445611eb1a6853f54f498171ba5746614206a1

SHA256
71e2ea653eea5db80635d6c111ab5a1c0eeb86b2419daf526ebef5fda584d7e6

SHA512
ec49cfa9b2b802b2ac776a423d92998db8f7cc035f935a0a0cae5993ab23b2d5e51b71458e012ed453d68e42d64539157e3922ad6d26bef95614ebbc7b43d8e1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\31493

Filesize
54KB

MD5
e741a087a3c0c3d98b649b5c5a147080

SHA1
b1fdd0753de125bcece83586901f52f0e81e2b66

SHA256
b1ba067eb84dbd09cdba560955e6ea02db68ff06343f03e65c65016d34e4a509

SHA512
0e18907d6bbc0bfe7a5d3281e039908fccc405ab6c7d978df0762ea28106d5df2fbf564d944da5a656689db752ad716bd4877f34ead239a7559d5efff534a8b6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\3259

Filesize
14KB

MD5
08fdc1b23163b81fd60ca88cd4f15f08

SHA1
d5042a9298044644921309e4648fafdc5fec4148

SHA256
02ddbb13e783594d623a6a4287723caf49f9d984bff9812916b98b5406805e1f

SHA512
0742e4dfd9b78283cbf2defa8d3a249822fc0f14d61e37f691ff240e4a7b6592056a80c49195c75914defc71fbeb8b8db6885cc79e506634ed27fdc3cad219f2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\7187

Filesize
68KB

MD5
435b5937a8b16be7ffe79c20afd57537

SHA1
4e1ea03601f4ab7bbca63ddf37744f0678054570

SHA256
6ff940391015f6d89142040e707c7c674f72c3c5e18b17407828020bf6180d56

SHA512
83b372dd22eb05ae63434c4311e745e524d45cd1e70429aad86079de583fa44ab685726e6a0a6340ba0122c4d45929d09e93dbbfaa8de1fec31f5881f57197ce

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\7859

Filesize
8KB

MD5
623cbe182f841078e79af27f0e7a59e1

SHA1
92e4b9a095dfbbf873a923f904eae4cc035b28b8

SHA256
fe693d1cf66f207db0979d78cebcad5773dad5eafc4e0fbd24b2d53fa1f1c0e3

SHA512
95042cbe5bb8906eea6f7250a7a2e788fc9654d360135fb467f383d2c103b7c14bf114a0929a11d77953964768e85f0e6141d6c41a8ad39ea43523bc8ce3e9e3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\9229

Filesize
14KB

MD5
ac3a92e074a85ec2ff8e3fa2357a52c7

SHA1
5295b69da851a44f6768cbf69c4c79d21856aebc

SHA256
a0a47361bdd196210e41cceb2d7a86d0262917cf4c6b04ef44ac4ce68c4fa7ea

SHA512
03275be409b08a46f8596ff8798787b1d47fad18e503613f00e7aff89990e47870ced56561f916c78cc83d65d1621d6b729f709c4851ed2968958c67f3ccd0e9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\9678

Filesize
14KB

MD5
9ea0594dba2592e34e18d447a543ace9

SHA1
3dd7df4d48757437679226064bc10226f0fa358d

SHA256
788f6f0b6334b9c5db6d25874b613349b04d81aec16344dfe42b55b39692c1eb

SHA512
f40a83ed5ad58bbaba1e40739acbd5273e72b25c76f9132fb26dd0c6cbdd1ae558329f4faf60cc65c05409d7be91178acf32cbef896e24077d11298f6177cc2c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\005F38451B2191B0DAAF9503189CBFC2A8EEFA6F

Filesize
152KB

MD5
fa920f0cfca47a4b30a1ee548637b415

SHA1
bce561b814b977748076a8e1b86f56fac1f52da5

SHA256
22d1c8af4806c58fb1656aaa3d2a276052cce580cbfdc757db5702156fb9243d

SHA512
eeb2d8a89d785120b36e08d58c7eb4f535e0e09bf4a636fc943a40023fd2a53e4d971296d12d4e285c935ef30871baea211d0ac18ec91b6bcbf0ea45b980ef7e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\150576808B492B788E14E1357E663A0C0E5B3D66

Filesize
402KB

MD5
67e68a3b81f03a634910c347e34a33f2

SHA1
4832b16b4d3b3f7b1a76b738a7c629450d904d5d

SHA256
0dcd44cfaa87458e4d473caffc80adcf1c90f797ba0f4c5d35f46b76bb411db7

SHA512
8254495b01fb750434e162f2cd10a2595b65642213995fe502433ee46d2999bb41debebd0e315cc4c6e44caaa97432af873af0a4322b7b555289bccf1f923976

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\37A3415C3CF8476BC3808906997D940DC6E0076F

Filesize
171KB

MD5
3b4a81ada38b78f881b862098b2b9fe6

SHA1
9758085c8d28ab1b16312aba47620ede5cbdfd6b

SHA256
97006d765e4667c03c228099b25ff9fbb60e3c7df411c62da1ad7ee199ee691d

SHA512
9abe06100b4bde7f5fc770e3b621911cdc8c62f107cbf30203900fbc1b5cba9940fcb36c577814d84783b83700dffe723cb231029dde6f256e34988d84c063f9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\598E074FCA4864E621FD008D8C3E63B61A4ECBF6

Filesize
29KB

MD5
f31f23e4f275b58d7d731c3d85f870b6

SHA1
393932101ff621d53092e3d9f2bfbe2191e68c8e

SHA256
75909dfcf86e3e3e4f97a7dba99cc6476d7204141cde6e5ba39397e1745edad8

SHA512
78bfc6e725202961af8ae9806554892a7e627fc345a0f871e9dfb881ad105cab24775bb49547753e49b96b1dc840bd0443d238106f09c99270b1de9ca843ff71

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\956B8BD5AB4E974F92AA2F21C324822810CD4784

Filesize
172KB

MD5
7c7d1e1684713171a0b2aaefdee4ffde

SHA1
9f803e498d73a320b05164683d8a4c2ca4cb0067

SHA256
ed458c1b1dd174e37b639dbd7c66f83b73439e851396e962758798b2803000c2

SHA512
0de2b98cbba36a582bd76565cde1633584ebc80dc5d2b7c35f32fada1ff59f4584fdc888d5b4bc2e9c980a328c6c0166e85d43926e4380e700f8cd9b3075e785

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\EBFC6BFC7E450C116A3A0054361D52CFE88CE4D9

Filesize
532KB

MD5
1e7081e29a4f9cd5aa5780d67a29f4fe

SHA1
e2d39296004195e482e4dadbd6cc192b23f47deb

SHA256
186f9db2d302f2fc822ead54fafaf19a088a14458efc6b63c5fb7a63ad52af9c

SHA512
4086fec65849bd45f2d4727955d2dd951b647093b925740faa70778a9f1710041f6fa87c0c33f735d8b308676f863bffaa8184446194af91fc7cc06864331eea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
6KB

MD5
e6d6224e6fd81ebee4fd5da0d0ea621d

SHA1
1a0309a056687ecf221e74efe3e3b5182cbefe60

SHA256
03bf6b3730add0a9039d03c55e829243734ee8611b7e66afb86580a6c33bfda3

SHA512
2be0f7d35b75ae9cf5bb5d4987ed459c71782645c76013a7e82e19fde3b8b70450f1d6548e8cf7d6e11d23dc6f7b3e15279e2f6a4e1a5306d57a782401f9cd54

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
6KB

MD5
b3a3e997a1ee1e1d11803d50a30b0b13

SHA1
3b0b868868a48f3ee7052ebf3c1823d5179229ce

SHA256
3f8305a738eb6140991a9e48bd6b0117951d18924a2ed86e17822e25264b56dc

SHA512
bbf288cb0ec6017d4435617d18eeb966bcf98caf777260ccb31b9436571710ae4f0229538d36d5ab1993e02a096b29c7c530c9e86fc5f6cae1a61ebe7b80ff7f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
7KB

MD5
a3d4009946ef1f24297e77c7aeb884c4

SHA1
9c46cbedaf4095c2cf07988d1bf41c7f7cc913df

SHA256
9ee492bb724e3f88a09234d9640ca45f5b1b85b80fb4a03b4548f35c9c7c6142

SHA512
4e4405104442a93506045639cc59b8ba0729cac6894ec97dffe11e44a563f8851d6b1bb2bcafc9ade86c80538bbb965dbf076d3e0c296acb028d9f4686a38b9b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
7KB

MD5
f7353b59fccbe973392cbe51a1c3e97f

SHA1
6c10a873cc7d9a2dcdc7da93ec4213b77fef0052

SHA256
1e4448beac156bd4ab2b588899059b5226e279dacb13f13f7365ec47a9abe9de

SHA512
dc789b91c5ea66854d4958c93fa3f1f91857402ba453892fa592d2ce990ffb26dd45beb16bcc85aa13715f3ccb356dc6ff928e065629fbc348844faa67ee57c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
6KB

MD5
4391ed95f0a9b03d47a682c7829a886b

SHA1
df888670a7b396cc3621f5e32ea63cddfa8690e4

SHA256
063bea38714084f58fd26fbbc1ad271392147325daa3628f833c4d7c6302cee7

SHA512
73195423bf75e05f9c635612ae4d4105a0c96ba9524efb698abf9c1e75ead34545dfdd0287cb7f4aa36a9755d291e95615e33be028df66eb8f93da68718d0b8c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs.js

Filesize
6KB

MD5
108b97b1ff7efbdb1aecce96d55ff2e5

SHA1
bb72b2e0c3d859fe5e821632307a32df331b55e1

SHA256
c5e19d4313b524fffc4859f4fac05ea3dcf408714a736dbd0bb7fcdf5131f80e

SHA512
e0f7678424e68957a1cb521786e9e4e54c179f9a263b04d0c6a96147cb1e242b58bda3e74e6f142dcd9b6dd313a0061c3050af334b149eab9a8040f923da84dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
6d80488c5dd6ea498504359376dcb232

SHA1
5f3840f3b9b4241cfa20e761bb6f7d92255ca9ff

SHA256
daf0edbfcee7392ce5f385f993e6568a6c1a3448d26421e64ecc2725782f579c

SHA512
c730f63ede1f63b84b7fd4d09715fd55483ce23b7efc198c23d439c4344cdba7c60f85840150b570758abac4a3a9f492856047212df64a98006c31b2cad13c4d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
18253d2fa901eab7a8a525caa0e249c1

SHA1
6822673b3783883512dd5d7146fe338a8d87e3e6

SHA256
0d8e60952d6e4277438ba915f8e13c4b8d0897bbefcecb24c5370ae45ddeb6de

SHA512
48ffb7690c354a0826c2b89dc5ebaa9f86fc91b381e9609d9effcc239ca080a4dcbb7d37f13fc82b17f76df8ee8c32f64f1402baabaf528c5aa436376c5bf916

Download Submit