hxxps://www[.]youtube[.]com/

Analysis

max time kernel
147s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
22-04-2023 08:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f02dd4040975d901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "40634114"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "40634114"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{2D6A6934-E0FC-11ED-ABF7-F6AC10968584} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000675316f82fdac74aa8f3bd7995064a9700000000020000000000106600000001000020000000c7bed67f457511b70fb8afc14bf17ae66ecc4bf5f6054f8602404f1ca82a36ea000000000e8000000002000020000000c768e8c33159230f9354472b0f7e62c5c3fd4ad2ef55ef9f51c601e9a186448f20000000a2f6ab5b1a31be634772cdb5a8c662b24968cd32f483c4559ee7518a0a3ac55f400000004cc8c8a65d5ae631b792d3e2a8e37e413b8d3d194c75b31a002e998cad6f269eeb1e50b3ccf1eb6c36bf7c4df62105d92eae7bec81e78abb1e7aecf3d958ecc4	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 201bc1040975d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31028489"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000675316f82fdac74aa8f3bd7995064a9700000000020000000000106600000001000020000000dd15c89ebc425b04afe2a9dedfb31bae0cbb982c4b36ddaf9e91ff3d84179114000000000e800000000200002000000062342b0aea47fc3db6538204b226203a04308f91fbf6f432dd8abaea869df5e520000000996509fcef1456db93362822850b26a6465521a206a38baa6a01179305772c0140000000666796b04b8a11d22b278ff950f41c8eb611a6a11e058f5404d84249eeea0765939228aef4e7c08f9c328651f1433d4b17f02fd19490416168703aa64b66ace3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31028489"	iexplore.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1648	mspaint.exe
1648	mspaint.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	3856	firefox.exe
Token: SeDebugPrivilege	3856	firefox.exe
Token: 33	5728	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5728	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
1036	iexplore.exe
3856	firefox.exe
3856	firefox.exe
3856	firefox.exe
3856	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
3856	firefox.exe
3856	firefox.exe
3856	firefox.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
1036	iexplore.exe
1036	iexplore.exe
1684	IEXPLORE.EXE
1684	IEXPLORE.EXE
1648	mspaint.exe
1648	mspaint.exe
1648	mspaint.exe
1648	mspaint.exe
3856	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1036 wrote to memory of 1684	1036	iexplore.exe	84
PID 1036 wrote to memory of 1684	1036	iexplore.exe	84
PID 1036 wrote to memory of 1684	1036	iexplore.exe	84
PID 4964 wrote to memory of 3856	4964	firefox.exe	98
PID 4964 wrote to memory of 3856	4964	firefox.exe	98
PID 4964 wrote to memory of 3856	4964	firefox.exe	98
PID 4964 wrote to memory of 3856	4964	firefox.exe	98
PID 4964 wrote to memory of 3856	4964	firefox.exe	98
PID 4964 wrote to memory of 3856	4964	firefox.exe	98
PID 4964 wrote to memory of 3856	4964	firefox.exe	98
PID 4964 wrote to memory of 3856	4964	firefox.exe	98
PID 4964 wrote to memory of 3856	4964	firefox.exe	98
PID 4964 wrote to memory of 3856	4964	firefox.exe	98
PID 4964 wrote to memory of 3856	4964	firefox.exe	98
PID 3856 wrote to memory of 4568	3856	firefox.exe	99
PID 3856 wrote to memory of 4568	3856	firefox.exe	99
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100
PID 3856 wrote to memory of 4336	3856	firefox.exe	100

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1036
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1036 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1684

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\SearchConfirm.bmp"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1648

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:1132

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4964
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.0.1766704968\942537218" -parentBuildID 20221007134813 -prefsHandle 1820 -prefMapHandle 1812 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdcb82ca-0016-4668-96a8-be72b398efad} 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 1900 1bcf37a5b58 gpu
    3⤵
    PID:4568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.1.1954590450\1971143995" -parentBuildID 20221007134813 -prefsHandle 2288 -prefMapHandle 2284 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f7601d4-55d0-4132-a5de-9bc4cf8c9342} 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 2300 1bce586fe58 socket
    3⤵
    - Checks processor information in registry
    PID:4336
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.2.1860799418\895471472" -childID 1 -isForBrowser -prefsHandle 3196 -prefMapHandle 3192 -prefsLen 21009 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9275a7c7-fa27-45d3-abab-8f0b7fc35de0} 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 3208 1bcf62f9258 tab
    3⤵
    PID:2396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.3.1480297140\354224780" -childID 2 -isForBrowser -prefsHandle 1212 -prefMapHandle 1440 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca9e205e-20a2-4bb5-a546-511d3ce99b0b} 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 1268 1bce585e558 tab
    3⤵
    PID:1976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.4.2116073768\1969932047" -childID 3 -isForBrowser -prefsHandle 3992 -prefMapHandle 4040 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4fccde6a-d1bb-4b96-a33e-bb25ae868ed3} 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 3980 1bcf761b258 tab
    3⤵
    PID:4748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.5.933481368\937585632" -childID 4 -isForBrowser -prefsHandle 4224 -prefMapHandle 4888 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3830713-5f46-48fd-bea9-0e3b232cdcb0} 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 5116 1bcf6a39f58 tab
    3⤵
    PID:1460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.7.602776028\1994080979" -childID 6 -isForBrowser -prefsHandle 5380 -prefMapHandle 5384 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b050243-1d3a-4754-941a-cf6745a65b77} 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 5368 1bcf8cdc058 tab
    3⤵
    PID:2632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.6.87157959\1441965412" -childID 5 -isForBrowser -prefsHandle 5188 -prefMapHandle 5192 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3793edb2-18ad-4c70-8a71-ff3daf4a3e11} 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 5180 1bcf89a0e58 tab
    3⤵
    PID:740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.8.1899846930\1719152624" -childID 7 -isForBrowser -prefsHandle 5824 -prefMapHandle 5820 -prefsLen 26913 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2badc13b-1c39-40b4-b916-0d864cdc9dc2} 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 5832 1bcfae4e058 tab
    3⤵
    PID:3888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.9.1935639186\2049849660" -childID 8 -isForBrowser -prefsHandle 4536 -prefMapHandle 5668 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1cf54588-1c14-4797-895e-13332ea95448} 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 5112 1bcf5ca2f58 tab
    3⤵
    PID:2312
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.10.974506891\46537856" -parentBuildID 20221007134813 -prefsHandle 2672 -prefMapHandle 4532 -prefsLen 26930 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1027724e-f2d2-44b0-bc9d-3b06d493d513} 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 5024 1bcf5090558 rdd
    3⤵
    PID:1568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.11.2136186449\1731203458" -childID 9 -isForBrowser -prefsHandle 9952 -prefMapHandle 9956 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83ec0305-bd02-405a-89a4-867de67bcb2d} 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 9944 1bcfa129658 tab
    3⤵
    PID:4816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.12.310497058\750715270" -childID 10 -isForBrowser -prefsHandle 9996 -prefMapHandle 10036 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {db48ced6-e3f6-483f-81b6-f04134e5b891} 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 10008 1bcfa129f58 tab
    3⤵
    PID:3092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.13.200789928\659507187" -childID 11 -isForBrowser -prefsHandle 9600 -prefMapHandle 7728 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdf76f8f-84bd-49cd-83ef-7a23e1393b45} 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 9608 1bcfa20a558 tab
    3⤵
    PID:4176
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.14.873199046\563879267" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5920 -prefMapHandle 5852 -prefsLen 26930 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {788dfbbd-9e95-4bb2-9ae8-b2429b8cb983} 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 5908 1bcfb116e58 utility
    3⤵
    PID:4544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.15.570164553\1290409251" -childID 12 -isForBrowser -prefsHandle 5908 -prefMapHandle 6032 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {39d4845d-87bc-4584-8f6f-ef80bbff4907} 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 5876 1bcfbfae058 tab
    3⤵
    PID:3112
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.16.593735891\1017463967" -childID 13 -isForBrowser -prefsHandle 7488 -prefMapHandle 7484 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7acf4bcc-43fb-4cee-ade6-ac7c809b0d7d} 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 7692 1bcfc3ac158 tab
    3⤵
    PID:3844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.17.630758049\784176442" -childID 14 -isForBrowser -prefsHandle 9764 -prefMapHandle 9768 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {083fad00-950d-442d-9a14-202df751a9b1} 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 9752 1bcfc3ae858 tab
    3⤵
    PID:1224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.18.2025394830\1784501366" -childID 15 -isForBrowser -prefsHandle 7508 -prefMapHandle 7692 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e85fa24b-e33b-4f1d-b9f4-37fa969eacb9} 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 7256 1bcfc474258 tab
    3⤵
    PID:540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.19.476139792\1968165908" -childID 16 -isForBrowser -prefsHandle 9132 -prefMapHandle 9128 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3d4eda1-4f3e-45cd-8199-90f0c5e16d7d} 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 9080 1bcfcf4af58 tab
    3⤵
    PID:5956

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x408 0x3fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5728

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\dcpq11e\imagestore.dat

Filesize
1KB

MD5
632a3efd75122eed43bf6a80eabf1ced

SHA1
5829fc7443f0b465c12b63010b7b65663fb0f466

SHA256
11584fa48247d3b669adf8c3260cec269eb378ff4de5f62c32c4f31d96897cb6

SHA512
69721276ae20202f8c3462ab43d99fb97dbd6c47f01e64033b9131b3553d4a7537fc88b91691bca318495629ff1d571108b6b284f4148e0fc0ecee38870fe9aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LZ0AI98S\favicon[1].ico

Filesize
1KB

MD5
f2a495d85735b9a0ac65deb19c129985

SHA1
f2e22853e5da3e1017d5e1e319eeefe4f622e8c8

SHA256
8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d

SHA512
6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\activity-stream.discovery_stream.json.tmp

Filesize
145KB

MD5
2304444739660223c738875efaaa437e

SHA1
e01f60a63cc7d537ff688836c60e5b9bde97b733

SHA256
8ba3c75196ba64cd59dcef3dde4eb34bdc246444ad4de862aa4279dc6898c556

SHA512
85fdb4c2c9a3eef80d76614194556c787691d6128459cf6674210a0094af28564f215f732ce3fba1a737410f429840e4cf1395fdfd4e6a2edb5736ccd5d416a5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\11605

Filesize
8KB

MD5
a8dcb24278de68eace505b5a03127097

SHA1
890a7b94b161917f24decd4699f8042c0b5c744a

SHA256
d4578d44d614c25707721695d527241ee476951963cb930e21e108dc2c343737

SHA512
e0d1af07c1fda262599a3fde6aebf0fa4224ec442a07fa344929575cc214c816466186402b6d611551164883e5d2e54279804441951766cd9d7bf80216765c96

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\1178

Filesize
8KB

MD5
d9c96efe79e5e9d9f41370b098cf4787

SHA1
d6e0edbbc787d1948eff4d3838683d3d768f7dcb

SHA256
661ac2515837dba4ca146da7b04867b96c40e9785d95302c6026e7b5fd9f993f

SHA512
973494750753275e483860b0240ba371200f14e2d7cb786dd974ac9fe63ff118719472f65e4463ecadd65db2e2f3f2553d2f7d66687575628aab671c82b28811

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\1216

Filesize
8KB

MD5
b1a831993a04bbed9851cf3999a3c43d

SHA1
066c9c5ef3f8d1274d5af53ea14a448f6461af89

SHA256
47c77a9ee53a43432b950d66b5e4e7dd745996c8bad83d3f8de7e14913fdbcfc

SHA512
9c08ccd0690f78c53f37d29bb61cc1e851d84cc270a9f88ddfee3987c2abde1801410770a3c3cd62866e8ba2296276f22fb42f566e283a3ee2f49785ed20c0ca

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\13921

Filesize
8KB

MD5
6466e0937f136da75945841c9d738b30

SHA1
bc46122194843a905b8fa13baf91322cb9770f56

SHA256
ad70b6fedc8205969a1f8be57699283d0cab84bf591a68862fb97e59cf61d404

SHA512
c24a90db1018c8e4912d29f408255e615e6b0b24f371f340923bbf4d31fe79eb6ced522684952a26a5b4f12b5eef65259a330059be02069a46dc03a8ce60601b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\1490

Filesize
8KB

MD5
15b5ae9c6d6936c54a768968ab906fb6

SHA1
c4aa82dfc6e97c554e4700c19d85e92e5e0278eb

SHA256
0a76c8f99406c4ff549296d81e5128553086bae9f83e187bca22a8f765382c5a

SHA512
08148f217f2ef8a8a09f8f64833ffea41a8ba9efcb85c72d7a604d80d3be9edd3c957ee7f3895ffc30bd83052faf21bcfc24d44a2a79ba806bd150977b0f05e8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\16162

Filesize
8KB

MD5
aa33527f3d278bc2504cbc6ccfa4c1c8

SHA1
c45b8c1eb67092d6f7f9ee7ec1be4abc4c7d1387

SHA256
1309d1f3b93ffd43d78922ceb70ce6e460dd9972bf5dda8bb2e72e15f56b91c1

SHA512
5d3cfb211e2f7b2b77ac74bb12068d1fa79831428fbed3773032d40974715309ee3b78f5c3b30b69d041c1e385c3f0c6c232e91575bd55a0d6c8a7393463d8ec

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\16852

Filesize
8KB

MD5
7aaf9a3d776a7322a891f7a0339a9c4f

SHA1
5c0287adfe2b0e55d2e3ec82c19a7daf27f6478f

SHA256
3d1ac249acf7eeb70c373f07a7b3d2af2f00e96ce6d30e0c32dd623bf417a275

SHA512
a7a8a4c49e29f37367f2963f6b0e6cb0d9c5556667dc36dd90f969d49052cbfefe57ae794e48b643c2c289faf4f74da8fa9f1386ea28d3b0f85872d38e505eba

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\21799

Filesize
8KB

MD5
392d63ca4de2726c4dfe7075c85670ca

SHA1
82ab279d99318f382bfadfd4767b39313767cbab

SHA256
d7a552813071a85914db29e8ab6759eecbce0b19f5a705af870277a164933908

SHA512
f1c2537a483bb3c3b4a38901a0f8852c641040236d37cb4e802b318514ff0c20eb63290ecb80c655b6d35686025886a3c6b1d42e3e06d369febac684e21ff593

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\26321

Filesize
8KB

MD5
a06a14649ad1e0d2ef0a170a72ed22e7

SHA1
947f94657d00b0c4ddb9d16d8fedb6949e2dc3bb

SHA256
6841ded266641304d0876f71b2af31ae4e891241186a675a7c85d6a820b656bb

SHA512
c2241a9f5881ca5935fbef05ba62e238b3fca10d7d3b90fed4b3824b5900d48985fa01e6a3e3ec3eb954f14264ef660f3458a0af7b233dfeafb86a70c147f648

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\26680

Filesize
8KB

MD5
76929d7571f967c0bbfeae58bdc867a2

SHA1
2785f6b588e70fbabf1867f7e21c956f465e058c

SHA256
8797ff434d8cd844161c0f2ad8c5240ca6e80e61344ea8f31677196d3b552339

SHA512
e44f9a27d7e5162f8023f25474ae80fe3057e13685025d6d1c77147abf33315f6bdefc8d29c1363de14eaa1dd3a8ddd346c0cca24868c5c60f4c6c23a4505df7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\27677

Filesize
8KB

MD5
8bf54d44f7876b6c355b13fe3096f9b7

SHA1
d330397f4e7599247b42662ef0fe9ed9d4531a22

SHA256
753cff42ddcaac651f5a3acd770b250a6a67dc53b88eb97bb2269dcd38fe94de

SHA512
9be4174ca3a18bfe622a387cfdbd2ced4420d2a8a522620fa144f7a7cb87414aafd1357dab28dd0c70b02a402630baadb394220d437305cf02aaa4ae34292faa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\28307

Filesize
8KB

MD5
e0a9e354aefa1fc1be0ffbb380086f1a

SHA1
891175dbc39e5de7056e327bebcf42fafc445a46

SHA256
44ffc27b2f4ab66938173874ea6ca7bb006bdbf4cd055b825f949827d83c156f

SHA512
7365cfe5ad4973b46368ae783b59400861a10c068b9d06f2c6b201e830ff84dfa8c716225a8011021eca83860577350497eff2abc64f2f51cca0d89b0bb20ae9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\29099

Filesize
8KB

MD5
4eb0cbc786e7e12f6da3d5d5fc85737a

SHA1
87b18484b7e2eb633adeb62fe65199ebfa1b0cc3

SHA256
80429c1a1aca41c95f64dae766829c7ed2150a6f66935a110f0b0fd46863352b

SHA512
ebf325d18f5126d6f59a8512cf2627a6c86a8c23acb92b482fba3da60a9216ea2d6cad28f1951bd77be983aaaa77bf7fc517e7f94b5aeb713c1bfbaa0c6896df

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\29555

Filesize
8KB

MD5
f260ec7ca9b56c25ff9110233ec7a248

SHA1
ee52796c30a7b55f7ebf7f9efad34409a8251d54

SHA256
144f436d867e94c5787c43f134ebd03f909d4324989be443ea0e0ea4b3290901

SHA512
ade0a10a0aa7fa114d37c53b8a54d991f6a13eed2e32f894715ee9b139fe94b6d5dd1887283e0f16248c4a2544fba23faca1d6fecd91c2cac91d184c0b2bc929

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\30089

Filesize
8KB

MD5
c6915072d15442d5e2792d941d4e44ba

SHA1
4c3b2b0af3f3c3bdaace530027c09cf181ae09b9

SHA256
0efbf8ace989076e7002131a71eee9712fa5507d5a18610536c1276853ec6534

SHA512
b6b0fdf345f01a4f82077693a6394fccb98b55fedb768cfea426d2b86fe5dcf2bbe54938e9efae3b279da1883ca229985a8e337cdcd1f106744fb24b73979c14

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\4420

Filesize
8KB

MD5
97bea1257043efbcf18fc17895880520

SHA1
82b76a86c1d93382a745c376926ecd5260fb2d1c

SHA256
a1393bb8e07273395bd774c83d7aaeece02a8b55456fca60c578de60f2276bbf

SHA512
1d3ae4b5d0509fa4cce2e224dafb84d891d9251ea095b00a2a94ab9130d547ac34af93afa43018739f981cb311270d36b12341b155c176110439ad3af0b8d89b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\7836

Filesize
8KB

MD5
86dcd93414b0799743c99df8dbf3ce8d

SHA1
0bccc2e8fc9ada0f7d38dee61173cf55ba24f756

SHA256
951f097e2a408efa931bbfc86b563ddc66c86b347f7dde3daf9004314eca20f8

SHA512
2ee7baf02a566a2340ef300ba03d8348b7789dbb694433caa0824212bd1600d1b9c3f3d25c81ded2a1dfe73430301bc55f237e687b846a62962cfafede38433f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\8255

Filesize
88KB

MD5
2a6727614cb088e593c7f917e13c1b49

SHA1
f9a98d067c61d7a4201bb08f811ae5b6129d2980

SHA256
848672cb4bb90e1ef0c414320a615bd56a9895bb86d1f71ba04f34b7abef4bb2

SHA512
2825dc78660f07cb98d10472719cbec1b0335d3c9355f11930f7134892da06286fcc25fba83d91e02ffbe4927754a8d74146b87fc74bcfe647bcfc6a55e8844a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\8763

Filesize
8KB

MD5
f59552bd15fe893a2d15164d0e58d388

SHA1
44fd4bf108809903819bdcd7ab1512a53e9e7495

SHA256
8ad8b1e3d949d8712d746730490f8e3518f56f7bc66352622d6fd51efea15331

SHA512
91ab84c3be3500fe6221b464f9c0723bff56b223ff0d040bc8863d32195f698564d782af248e13df256518d78598c91726edb90f11fb819759cfb5a0964c42e0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\9753

Filesize
8KB

MD5
6fb84f871bad239bb076b342464e075c

SHA1
b62f9d5cf8a79aa0a16866bc1f8b2c5cce4f22a4

SHA256
028e590de9f531c945953e36b1efa2d57fadac75a2569266a8f60fd2573f6edd

SHA512
08d2f354d84bd180d0f8e1b6da641e8cdda23d2c6147917cba685f936c28a1784619fe82ae6df7d31762f9863bb58d358fbecda676d57c6a260ceb6deaa757e1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\3C6F1C2D91B3D35256C9FBF4A6852A5C535C3940

Filesize
51KB

MD5
12b45c674c07c5e4d99f4c844bf252b1

SHA1
e8665f3502681905c608303a8028cdb9001dd08b

SHA256
0e5243bd0dfc4ea8e573d81c3ee5ed4822a89bced5cc62dd634b13adfc8b3bf7

SHA512
605ccba0b8697d55d044604b4aecf141d3613c6272ff4570ec648b4468274a3824f53701615c01234ef31ad9aa547cb7cf396d973dc378de6e59cd1101f65c13

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
6KB

MD5
ceff4dedccbfffccdc165c67d769d4b0

SHA1
a8d665ef443a773c4e79f277a8c3fccf6d091900

SHA256
9a1c03cdcc7e36a055c3eeede40de8bcea982cb52839a8ddba8d9800e2850257

SHA512
2f86dce26522629174ef5dc5100b959a81ab09e14a0823d7109cf621d4d9d4f05c86e951f5e5e4a30f9edfb6620bea5f21461c338e7a8e023c468e1854dacb03

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
7KB

MD5
6341bdc040094b35a7d2d522f4c51805

SHA1
5aa1a416cf44f838d04cf51b1d3d8ee597576bc6

SHA256
d617f9aad48f7024c26c70a92aad95ee5452725c045bbbe418e3121ca1edbcae

SHA512
1bd71a0d1df2b32c037a8d63827683533ac7f0dbad252384b4c9a80655e776fa39fec6052c2886ce2403e994e2c65611ef58a73a135437bfa21ce9f5ea63b1ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
6KB

MD5
8711d30458dbe9b30ca56152e7bfd257

SHA1
d645af5b9746f36b05dbe1d946fb9da06b2f7cb9

SHA256
52d7016c76ec6e5b296ef76b4357981e2326aba20c80dac7bbc7630e09fd1172

SHA512
2cd86895ee04158cff0bc42fb69412ba8fd3d0d2e53177202dd72858351f4b5608c23b99f15303b8e9d227c4d3eb382d23439620c5e30613eb4a3a2df1496253

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs.js

Filesize
6KB

MD5
207077fed406e49d74fa19116d2712aa

SHA1
3ce60cb9b4fbd6b00a9ae26c599b9fdbe2b6c5ee

SHA256
b02701ad3c4478f891a550eac65f0a8c183999aa22a1dd171bd698b990124c58

SHA512
0c6398230b3eb103a0ce280f127515d998a6c9ea8908b8b248b132782f8166141ba8e1faabc7ace4b80e9c925bc5d7885f0fba8c16cb2e7798055727dc66190e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
700fe59d2eb10b8cd28525fcc46bc0cc

SHA1
339badf0e1eba5332bff317d7cf8a41d5860390d

SHA256
4f5d849bdf4a5eeeb5da8836589e064e31c8e94129d4e55b1c69a6f98fb9f9ea

SHA512
3fa1b3fd4277d5900140e013b1035cb4c72065afcc6b6a8595b43101cfe7d09e75554a877e4a01bb80b0d7a58cdcfe553c4a9ef308c5695c5e77cb0ea99bada4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
d8077d8e4c827c7dd64c168c55a30418

SHA1
c3fd6dbeb989a84e58c016dde213d92b173a68b4

SHA256
850f3e5444cdbbcbaa5e95310c2c8c49a100151e4e155c93d11330398b10d109

SHA512
d1a6bbd3b0aa53ddfbc361b738f084276c3d6b735bdfe1d5acfb882d6472e6b2cb0079b19f835eec85d0322149c3c5398b20ad88cf5e0f55c480022e5ae4c42f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
15cfb09da4641219f32e09afac1c3539

SHA1
1ff33261a40b67ecfac9506b718d164c6d47cf21

SHA256
3ba1452061f143c55bb4121bc482bbf99f627f1b41f99cbfafce352136c806c0

SHA512
0ce5bbf4fd2d26dfea406fe0d997f7cf583b3b9c0f443b21f5163d4aaf1406967fe0b769f5d32395b03d09aee162439ee67a9d389a72cad7deb231d9be7a41b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore.jsonlz4

Filesize
17KB

MD5
1fd0bf9bbe3b8ab2e3c83ae5f2151536

SHA1
ac82731fabd7f996069558b7bf3211d73b74bfdf

SHA256
2aacd13d0cb7598cd96eafd5d7fcd719030cf57d44aa2757bfce806623a526fd

SHA512
358b35c5f352ede15b0b87fa6ed55be031a294c25a73ec54eeb88d8a28bd5a2ec2a4085782c14c91523d738ea1c57865a6c91c8afeb751f1d88c41e8d915f693

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\storage\default\https+++www.pornhub.org\cache\morgue\238\{7ba576db-f67d-44f4-a93d-79df3932f8ee}.final

Filesize
456B

MD5
4849126d62348e96de9f534891ee372c

SHA1
04208116ad7cb0edcb2c7c754042554104172d10

SHA256
92930e52c17a5e42a09f648d090ba0e48384fe2b6f4f6b3e3fc70bd8a0e6ac5d

SHA512
bd7769637a8707a21027e442faf6911019a2c731bff17fc11b9da0b74490162ea4eba2fca41942a7c114cc75ab1941f208c1fcc789bdc0a594b5ed269f6e6f25

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\storage\default\https+++www.pornhub.org\cache\morgue\44\{66bfce8c-b3f4-4216-a951-7a7fc92aea2c}.final

Filesize
1KB

MD5
932479fe19d996a5e8f139bf51085149

SHA1
da374dfebb658802ee62fc8ec320c3442fc93192

SHA256
c57de29d8406c0e2534d96c4c23199b127d8ee9bb86dce5230bf8157894b4f84

SHA512
ddbc216c01474d8ccc4f73fc78d228e68600b2bc148cdf3b7d12108b9fbdce3f2c91fdddce4841e669b1a2a609a8fae927e2a551efd11877e6513f7849edc05a

Download Submit