a40d947d6a1d92c2789968ce0d2e6eb1734e248e2d30828c61a41f4ac840e8a0

Analysis

max time kernel
159s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
13-05-2023 04:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a7b7147fea63d77368c73cef205eb75d16ef209a246b05698358a28fd16e502.elf
Size

2.0MB
MD5

3f9a28e8c057e7ea7ccf15a4db81f362
SHA1

10d6d3c957facf06098771bf409b9593eea58c75
SHA256

6a7b7147fea63d77368c73cef205eb75d16ef209a246b05698358a28fd16e502
SHA512

58a71aeac247d206f023ee29aff81026881e41d3fbd268f7513e3bcd951701a68502361dd717befa79a094eb9fc0caaa9f8770ba83f5c94a8acb9ae0986ee386
SSDEEP

49152:k5Wy/20shMXR8uUz9cBbLc/6LCM01iNFFB9wO:k5Wy//sO8uDq6

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 59 IoCs

Processes:

firefox.exeOpenWith.execmd.exe

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	cmd.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

firefox.exe

pid	Process
3956	firefox.exe

Suspicious use of AdjustPrivilegeToken 25 IoCs

Processes:

firefox.exe

description	pid	Process
Token: SeDebugPrivilege	3956	firefox.exe
Token: SeDebugPrivilege	3956	firefox.exe
Token: SeDebugPrivilege	3956	firefox.exe
Token: SeDebugPrivilege	3956	firefox.exe
Token: SeDebugPrivilege	3956	firefox.exe
Token: SeDebugPrivilege	3956	firefox.exe
Token: SeDebugPrivilege	3956	firefox.exe
Token: SeDebugPrivilege	3956	firefox.exe
Token: SeDebugPrivilege	3956	firefox.exe
Token: SeDebugPrivilege	3956	firefox.exe
Token: SeDebugPrivilege	3956	firefox.exe
Token: SeDebugPrivilege	3956	firefox.exe
Token: SeDebugPrivilege	3956	firefox.exe
Token: SeDebugPrivilege	3956	firefox.exe
Token: SeDebugPrivilege	3956	firefox.exe
Token: SeDebugPrivilege	3956	firefox.exe
Token: SeDebugPrivilege	3956	firefox.exe
Token: SeDebugPrivilege	3956	firefox.exe
Token: SeDebugPrivilege	3956	firefox.exe
Token: SeDebugPrivilege	3956	firefox.exe
Token: SeDebugPrivilege	3956	firefox.exe
Token: SeDebugPrivilege	3956	firefox.exe
Token: SeDebugPrivilege	3956	firefox.exe
Token: SeDebugPrivilege	3956	firefox.exe
Token: SeDebugPrivilege	3956	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid	Process
3956	firefox.exe
3956	firefox.exe
3956	firefox.exe
3956	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid	Process
3956	firefox.exe
3956	firefox.exe
3956	firefox.exe

Suspicious use of SetWindowsHookEx 28 IoCs

Processes:

OpenWith.exefirefox.exe

pid	Process
2076	OpenWith.exe
2076	OpenWith.exe
2076	OpenWith.exe
2076	OpenWith.exe
2076	OpenWith.exe
2076	OpenWith.exe
2076	OpenWith.exe
2076	OpenWith.exe
2076	OpenWith.exe
2076	OpenWith.exe
2076	OpenWith.exe
2076	OpenWith.exe
2076	OpenWith.exe
2076	OpenWith.exe
2076	OpenWith.exe
3956	firefox.exe
3956	firefox.exe
3956	firefox.exe
3956	firefox.exe
3956	firefox.exe
3956	firefox.exe
3956	firefox.exe
3956	firefox.exe
3956	firefox.exe
3956	firefox.exe
3956	firefox.exe
3956	firefox.exe
3956	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

OpenWith.exefirefox.exefirefox.exe

description	pid	Process	procid_target
PID 2076 wrote to memory of 2232	2076	OpenWith.exe	92
PID 2076 wrote to memory of 2232	2076	OpenWith.exe	92
PID 2232 wrote to memory of 3956	2232	firefox.exe	95
PID 2232 wrote to memory of 3956	2232	firefox.exe	95
PID 2232 wrote to memory of 3956	2232	firefox.exe	95
PID 2232 wrote to memory of 3956	2232	firefox.exe	95
PID 2232 wrote to memory of 3956	2232	firefox.exe	95
PID 2232 wrote to memory of 3956	2232	firefox.exe	95
PID 2232 wrote to memory of 3956	2232	firefox.exe	95
PID 2232 wrote to memory of 3956	2232	firefox.exe	95
PID 2232 wrote to memory of 3956	2232	firefox.exe	95
PID 2232 wrote to memory of 3956	2232	firefox.exe	95
PID 2232 wrote to memory of 3956	2232	firefox.exe	95
PID 3956 wrote to memory of 1284	3956	firefox.exe	96
PID 3956 wrote to memory of 1284	3956	firefox.exe	96
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 2236	3956	firefox.exe	97
PID 3956 wrote to memory of 1148	3956	firefox.exe	99

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\6a7b7147fea63d77368c73cef205eb75d16ef209a246b05698358a28fd16e502.elf
1⤵
- Modifies registry class
PID:1128

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\6a7b7147fea63d77368c73cef205eb75d16ef209a246b05698358a28fd16e502.elf"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\6a7b7147fea63d77368c73cef205eb75d16ef209a246b05698358a28fd16e502.elf
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3956
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.0.1901702188\122195364" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {46684a29-bde5-48f7-8d8e-7b0f71b176e0} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 1916 1de6a917758 gpu
      4⤵
      PID:1284
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.1.1682920787\652376600" -parentBuildID 20221007134813 -prefsHandle 2328 -prefMapHandle 2324 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae4dae58-a951-4013-a40f-ea2f3ff00d9c} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 2340 1de5c976858 socket
      4⤵
      PID:2236
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.2.143799209\1712176742" -childID 1 -isForBrowser -prefsHandle 2836 -prefMapHandle 3088 -prefsLen 21789 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {186278e0-9205-4560-a262-bbe30766e532} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 3024 1de6d541d58 tab
      4⤵
      PID:1148
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.3.1987101318\1508845367" -childID 2 -isForBrowser -prefsHandle 3824 -prefMapHandle 3820 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a05c84dc-8c84-4e79-b2bf-3cf090d5f74e} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 3836 1de6e868158 tab
      4⤵
      PID:4812
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.4.1901121040\471220625" -childID 3 -isForBrowser -prefsHandle 4320 -prefMapHandle 4808 -prefsLen 26753 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {652cfefc-e36d-497d-944e-785b4d8390f5} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 4820 1de7019a458 tab
      4⤵
      PID:3132
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.6.269132464\2130403963" -childID 5 -isForBrowser -prefsHandle 5208 -prefMapHandle 5212 -prefsLen 26753 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {344b2986-d97d-4077-96dc-e9f632a3e27b} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 5196 1de70837a58 tab
      4⤵
      PID:3032
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.5.1087314040\294354473" -childID 4 -isForBrowser -prefsHandle 4964 -prefMapHandle 4968 -prefsLen 26753 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e3d19ab-31fa-4385-86c5-3738b1372e70} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 5044 1de701f8958 tab
      4⤵
      PID:1052
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.7.380396309\832596087" -childID 6 -isForBrowser -prefsHandle 2992 -prefMapHandle 2740 -prefsLen 29055 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {110fe7cf-ae32-47d7-bd73-5d48873535ba} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 4504 1de72d9e458 tab
      4⤵
      PID:3000

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
28KB

MD5
6b7e5c8463f11baddfe09f99f783726a

SHA1
e753750d217b66e19747913c292532ebbb3a7290

SHA256
9f5b17984de3d537de35120ecf0461405f351d4de59de377c2b90e4955699533

SHA512
09c30d05cfc3cfbdcabdb4d74d053b0968ed8cc44de85677256c2825ceb0c06a1288608a26cb07163c54c498ea3bf6f1e8e06f2d44f47d989111e9a4259b9e7b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\activity-stream.discovery_stream.json.tmp

Filesize
142KB

MD5
0e2edf0ad853c4a3d18a9d6595c90b63

SHA1
36751e50326f4161e9f6429ac73eb1e0a4969c27

SHA256
2eaf05f7db8f8fbf70af58228fd819dfba5ec3c5973b66c36dec59741a796ae8

SHA512
b1d0406ca9848d8c9f40ac0a78116ed368669e48c9a4cd169462c098d5b91e9328accd6c3faa50b60a9502e932e852338b9f14b0a653fe47c41ca8f2f10d7240

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\10591

Filesize
8KB

MD5
d7b3ba93c09bb61faa552ff9f4ebae22

SHA1
392e53e007aaef1531965e4fc6b4dd558dd64d5e

SHA256
b4f3a960f09838412a40fe9a06194c6fcffb176358e556aa08ea82fae2618ad9

SHA512
484e1d148346d4cb619521520e8ef9d0192796b4cb182c9e5f03448fc5bf1762451f75e39f910bfe547033fe2f45889ed56b8088b5f184403dbd03e20561ae4b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\10902

Filesize
8KB

MD5
724c9c51ba102e28cb143156b55d0be4

SHA1
fadfec070bb4a86f096d5b07d429fb6c742457f6

SHA256
0ab4ab8a88900f8778b333a4fdbef8112950d0cd98b95b092d09ce7c6bbf42a4

SHA512
8ed5a452957bbbf6420e8e2f55b711934495a74a948f8851ca10e996f55e47d84461bf5898d22b4e9ff153c6773cb49fbe95aae106db65394637456b2b066cb1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\11273

Filesize
8KB

MD5
f029b7aac626bb11128081a882a5de76

SHA1
52ee020415a5226a4354d4810c14a841f3496519

SHA256
a1f84c55ae075c3c645b3c39a9c59c577adbe6b0e248b9cb557f2a2d72477377

SHA512
1cd72bd0bdaef714a131d6f71dc308ee26638a3aab50603caeef59a8cdd8cf47bd916a83292ca03009ee656c12782ab927d40543559efdf472e0426d4f37feee

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\11575

Filesize
8KB

MD5
48878c72f3b65e5fb45b4f7174f36bf4

SHA1
ab95fd8631d255ca1e87815e8280517e7ee613e8

SHA256
25591682d5f1345efda0ad32ba05dd8f0c38140700eddea1e0cc56a1ec8bbb03

SHA512
7b94eed3ddb4aeed6edaee6c02d9f1b7b675297656956dab17ec8e0935d53e1f6aec8394501b2ddc39aa6a14c76562fe2a1839d42a8d966617be7d5ba064a303

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\1217

Filesize
9KB

MD5
82b13ab319ee2c9f3801105118c5c9cf

SHA1
b2bdecf7f4f202968c03483a4eae45199547a22c

SHA256
d2baded094f6bacd1423fb7c7758f08a20dbb25ed71f0f9d5a1de6e73c1f220e

SHA512
5280312a99e2a8e4d5a4a530dc71f78498bbc12eef8c0f1a37b53ded4220a14ffd96f4961ccdcf94da6b9f1b03acf8e4ab8fa14cbe579f8803f2a88bf9e0322b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\13394

Filesize
8KB

MD5
e89a8f8e05240ac51f7830c808d43fc1

SHA1
3581b1c466e769298e6d6450fe9cd495afa38d31

SHA256
3612e80710eba40088494e157813de9b8e1c7904ee6ba67c730556ed3a72c5f1

SHA512
108427a497f31fc5b7e63a0a97dc0e620b81ed1cf00ace778260eff71a477f9e1ef8f87fc5a22248188058efdafb0ced1c45b1f802f56d470d04bfa7d3076cf7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\15877

Filesize
8KB

MD5
2217032a385800c2ee87906c41497b3b

SHA1
deed6f7a2125fbf5228c56aef59892c685479834

SHA256
adfc4e3bccb1b1832701c397de00da45b210ec088309a4aaab248b444574dd38

SHA512
7001ec5b393f12960d0bc5c08b57efdf5f5e5d6537930e44d5f37cac898e2ba71f6f09670d0450c7a61a3161ced353c61275b9156357989de03ebcefb922b86e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\16121

Filesize
9KB

MD5
0f40783fc4918a5ff21f437916993a60

SHA1
2d4111e77773d6c5cab0533118fd56fcc1841e2c

SHA256
5a59d4c6fbf703fe751bc5861ca160878674e6e27ffaaa2817df5512c2bd70f2

SHA512
fe4dc6c077b1cd8db0784af75102fccfd10224b4abec9fc32f83f054cbd3fe6033806f7d59fe234e34873c9e7766aa6ab6fa3d9010298a9a26572d849849c094

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\19019

Filesize
64KB

MD5
b05d97aa8f9354f6f980acecd88147e5

SHA1
ef20255d2eee4c99ea4773a9f699423e523bc79b

SHA256
894c3d6deee42eee7879b020daa088db4ee422d3d3f5a81d5b0730063a73697f

SHA512
2436dce47e6595addf24be3e74f140774a64dc88a269083b735bb559797c13eca3c76959172629439ccdc598237612bb561f4c41b834b00e58bae642fa0dc500

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\20497

Filesize
8KB

MD5
848ea7fb92530d3f7fe59ee951358fb5

SHA1
854421bf887a724a2e129c1498ca3ce1949e8a77

SHA256
a8ba55a53a80bf06532de0b99e153c7afa3bfa198371bc33eccf039f18088735

SHA512
d0674458d53961983fd756d0313c2c840802e1528414ee56f3d09cb3991638a1566384af85a904b9e0de3bdc522f9309a27b65f75be1deeb96afe0f40b6e9712

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\20811

Filesize
8KB

MD5
7d34b599a9a54c9201957a217c0708c6

SHA1
8137632a9de085391017e76aa3338be332f39f3a

SHA256
426c4ef8767290eefacce4f1f15fe1522014624d48b6b6685153bae4934be624

SHA512
2632117412a94121c4e02358c72b028e061bb0dcd6cefb0ccf658b603b6cba3d45badc04098fa5aba0267c4d561f7803eb51bc390cf37340c4c54c28f0e85ba3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\22408

Filesize
8KB

MD5
cd724d134970cc7ec59fd011b5db6384

SHA1
b855a9fbd1fa13c14d534d10eea15a9d22dabf64

SHA256
0d14b34289cda085c35597680daa0f971dd616148f7c167649965676adce82bd

SHA512
dfefc770f106ed68bcdd1c65f05981e912d0cd9d0629d9609c8acc23ba501cc0447f179b0be6aa00b91071a9746715450d93db60534c62884782b21249ba5653

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\24301

Filesize
8KB

MD5
be432db915326db29f87fefbff92e05a

SHA1
82439dc3eb41dd3c925f135acd6897c9bad40833

SHA256
deb2bc545bfc0a1a4a955a56d0dbbdc20210152d727fc947bbd3993ee93d7fef

SHA512
eb7042acd6c4ebc8142e1b7ec55fb45af4ae613e5171b9c1c994d7e27955ae882d11aa20b3af8575ffd4575a7bd52636a0f3c5c4439b2eb6cf7d755361de3753

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\24537

Filesize
8KB

MD5
8f6b38259a191cd48dcbf9071ca1ca38

SHA1
90b06dc98e1d6b52cb00312813e575175314b4cc

SHA256
bf5cab6cb78eb92fd6a89df114eb109b57519203896b9da386857245740c7098

SHA512
90cad75bb2395831fa1a4cae7e571d5bce59eed27a2d3935ca63ea7dfa700381c3ef08ddc2757443186018a3fae6566d8ae6f501535f42a50ccaf238460498b9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\25259

Filesize
9KB

MD5
8e085971d8f39fc6f22d582515a645fc

SHA1
a9cd59068502f87cfd9c308619c266245583792f

SHA256
ed6a9b19cca7ae8dfb0bb6e1bd754d81f6c98e10d42e512205ed86be2aa63bbf

SHA512
06a487592eb48f3eec1483dc7abde02e627755eb843507f28ef2c6a4c815c7c73399c2e89f3c1b929caab1678d82ca5cc8b1e02febad11f4c3e5cfc1c28cafd9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\25596

Filesize
8KB

MD5
7413e62c2ab66ce2ddd15b7ea08ba5ca

SHA1
e26900792d58caf4be1736f531e5b9149012fdae

SHA256
59544ec780455b972f2ea937aa153a4e0f3bbdc1e6936d15d3c5e54a699de182

SHA512
467d118b9c01bd0dbefcd0a1d46e438160522ef8cf00f7f4af1e63b1d280700c9ee0c4b8743bc7cbf66eac249196304f47c257143cd03fa8d9c1f27d16ea177e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\25674

Filesize
9KB

MD5
de4f020b60f62b90146b62857e628d15

SHA1
6231f0b0341e210b72cbe69ba716f9b81dc4236a

SHA256
d39662a43f44ecb9b3b8a4927baa7b60d80e486d9072c531a4d31f6061fca84a

SHA512
59a6a8592587e827a2ee94326efee2a6f4df193ba8279ee7c0680e4db71b49c7f87148671a3bf319232a09f6f339465b1dbc886188f8a4870fe9dc42c2c05699

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\25786

Filesize
8KB

MD5
a7acda2edb9ce210b5227cfeb84608b8

SHA1
52458be810953714f0b2b6074afedf31e4000d35

SHA256
71b0685fa9acf913f7c15624aa9acaea6172c16aad212d0520f24b990a00a193

SHA512
e5f23a92cf7c81211f63f38e1c6f5d6269cea212ba4d969a1810fc26c138cdcf9af961ee884c4674f0738fe60b52e74552d5d926e83f1d65c01b3d092d3c61c0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\27791

Filesize
8KB

MD5
142d7dcc896ba11683b1eecbe2c25e2f

SHA1
ec8715a9cf015ac74d635f25fef7ac57d5ca8f6f

SHA256
e08f8c0c2a3cdf75e6d5ee16f00466f2cf4483f8ec19a2e5ae3579e8cf19ab5d

SHA512
60cd049ff58be32ea43c193bc552c4649021fba30dc92ebc0ebba25c1aebc7d4a1f4dae872a54d9a8d3885fa9b50273febed1986b2ddc00237c5befda8867ed7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\2814

Filesize
8KB

MD5
7f4bb40a3dfe9fb9d3287661868eccd2

SHA1
12d3471b38d907abfdeaa2ce049eecfbccfecbb8

SHA256
8f62284930d828eb5c86268db2b8b952ec08dbc699f58535c61aca16c32c1a12

SHA512
e4ea308055d203a14821d1805ea9712a4c7c38aaac34959b616bad6b739d88894b5c6afa643ba1a5573ceebad441aa389ea2a8b56ca45c06f89dc5bb99862562

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\28862

Filesize
8KB

MD5
0ddbf3f53e0e4a1635a5bb08a14d77fc

SHA1
a45886868cac0d2d63e61a37042b183ba5eefe21

SHA256
4058009f7733d3419ac805ffeede1a7cf37242699068f93f803bbc2bc1e6a75d

SHA512
5c998f4e16abfe1516de86fb2726e1c86f28e738e9d236faf119410649860b698af409098f8f32e0c50ce9cc1aa2192717e76e1b1480955aec2990be07437030

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\30921

Filesize
11KB

MD5
47df867fe8ed14bdb6e06bf37c688297

SHA1
c89e8b7badd37eb3ce2fe3120742e427928ae0c8

SHA256
4771ccf22f07735fca7d6b7e6d8b098ea5c07af194e2d70ae447c56de2c3cde5

SHA512
a5bcea475a745deb3edf70af704a2123df60f9fdbd577db06caec55f7ee610c8f5dbc60cf2fcc1f49cf2d1616d6cf48bb7562126ee8d389df981032b661d196b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\32414

Filesize
8KB

MD5
c2a5d16cdeefb0a57474e85ba288fb6e

SHA1
6e809dcf6c6af11971d5e668f985d0cf2e7089d5

SHA256
8586432e802afb7125bdff305d591032a571c49399b3656f5c76ecbe017fe9da

SHA512
74728ec67f6170fc5ef39b773376f022d9de8ed769b69ee31b2750b4a13b16d0f61805a18a844d1135142ca3d989dde81bf2d6f9b114f594e5cd981dd4db7c4e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\5171

Filesize
32KB

MD5
2c5bef7594a9794dd1343376f857cbb6

SHA1
01324bc035f1b9b664ae5836452b4f5415f7fffb

SHA256
76f1216491ae67361298ad975fcb68a577c9808a90a406739d0089fdaeb6f9aa

SHA512
df152427ae5ed0e4380d35c611ad67b0e34efb9ae4ad25d076c336b76452d1b39a2d2bee21e3d6ee216938995b4643e8321fbb4b73202a728d56bef78443d0d3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\6089

Filesize
8KB

MD5
2f6589519592b5e5ec3dd84f81abc22c

SHA1
e8e8b3782834f990d170b270c92c216e9f66518b

SHA256
a7e2775039f6dd9d6372b5cd5be03e93b0fbc0e5b1c57653c3950fdeea162f53

SHA512
0c89425f85bc8c6efd5399e8a293c52d9c1a5de1551ded801b68d26a7dc0b515092675df2c8004829149f5f4bd36f4e7523c322adf565c6008546b4f0aea2336

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\7438

Filesize
8KB

MD5
feca2a1e57bd5bb06b96c46ee004f67a

SHA1
b86330e3d05fa7321f7d06fc04d83dd56a15b988

SHA256
d2c2398197ee0f6289e63ac37cca33837cb44b970adc13fbc71b342da76ec121

SHA512
154e51cca0113a1badbc64651784b5324ea5ef9a7c4c9f118e32204702ea18f4e0edabedb7fa7b8937c1b79bb9f415d9dba738be531e330b9066bc59e8bd5bf3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\8011

Filesize
8KB

MD5
379de2aae4af47df99eebbb0a987d143

SHA1
73d80df14e13efc5ff4d67703e9c801643e105b8

SHA256
a179c75da1e84eaa0c2b5500005c22f188a689f3c627ce0c9e4dbb957d0420ab

SHA512
ad31dc5287f846e20e53de3a02f09db7fc76b1ef71d83b84d063c1e25a5e40063719b7b2704f962e965f3c232403ede7919a3019d6b48c2a3ae1d41bcb9bd66d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\8460

Filesize
8KB

MD5
b625629a49821e3914d28b6125675a80

SHA1
de7fdfc859d5428b3fa49d669e3b8387f41bfe92

SHA256
4492171711c473c7be6a5da7d5b091dd085c756c19513e3bde9c0a7b639dec49

SHA512
6a63e6ffb08e7faa914c0921478da128f23e30350553ce2d60055adea1cf13ca3f8e669e17c6062da02009e042837de807f155727a901a79ca310117e1059fec

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\8781

Filesize
8KB

MD5
40a9147751b941cd21f806deac80bdc9

SHA1
b5e4f075cbbb7153a166b9b8ea230fbc3f84181c

SHA256
2750db734ffccd2077a88f2d30d563f5a44bea4ccb9e280aa50052e8cce06449

SHA512
0ab231a0cb0c457a2386176a30af3c6f76bc3bb8dda5aa30cad3a22fb82d21602431389a8bf02debf5091383398e3bbe7388a405b6a96a63d86eb7697a006deb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\9268

Filesize
8KB

MD5
b15e707b439bf3f7f84f133207190c95

SHA1
f54f698e19a954ad9da4ac40fd2eaad7863d872b

SHA256
2da681e80e157ef22b950589a1699ecfba35fbe7138b182f2fa43fcb6aa7c3b1

SHA512
35795abbfec3c5654e7eec0437ebc2a71fd3df58171a95146393020b75a29aad968d792f045d784a5ca2adac6391e8c1bec78e20b3f0d59ab56d60b597e38a96

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\9346

Filesize
8KB

MD5
649bbfc5e953e3e1a993fef63a6b89aa

SHA1
d51f4d6602dd8a9cc382442f0e60140682b69f8e

SHA256
039c7cc1f0584f36635740d8987578600d67e1d1bd53d699e85de91d915cdc73

SHA512
9fb9bff65faa42c7bcda64d73b353db4bb8a36a62347e7228934049c20663fee189b98a55cfda7497165ccfc6b6638a60b01a5d1d2f0391bd67693fe3866a52d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\250EE2BC03AFF526F1A1C3DB212A79DE3EB60D5E

Filesize
14KB

MD5
b5f625f7d5879017c6d03c5c87c16fe4

SHA1
23a2d2dac56bcfb0902b55adfd0ed855b8781a9c

SHA256
d5207a335b12bb9d511cabb1ddfd9de2ed5bcb5e2b638d8474281db1ed9eb231

SHA512
43bff62ec11139f66ae0866bcf82237f9e0838b3c87e9c518e7baf07c373ed29bc3c29a972a8d4c50d89b0fac61e7e84c31ef4065c3077022d37be61d5cd7c66

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\thumbnails\6c84335a2888e54e438a2c76e640d17b.png

Filesize
10KB

MD5
bb74f4d2650bd512aff26203795c1f29

SHA1
9a783bd059f9eb08150a4fc22c40635ad3817b08

SHA256
5165d58502b761800d58a4ee30b82c778c2498ca1100612c9a9f23f069ec21b3

SHA512
1f68380038b1afd376db1d816d9c15aa3ac1bcdca2679732591f46c98340a125c6c4911b720cc5d08184f2f032261ce3b54966fe1f26f76368a269c1cb2b20eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
7KB

MD5
415dd4105aaf2b813a315fe48a316330

SHA1
89ce8a5dbd7a4eee36b38eaed05b53ae1d0f2b46

SHA256
a66a01bc5bed0e81fbd11b7f8b4feebb3b2f954e06c8584bbc2cbac7794ecc86

SHA512
05fcc55be8f23336cecc67d6148b0b25b3b7d22b560b101804369fee2839c1aa5450e4576bfc4665f8b1f3db93664d25bdcf08254a6959c3f9cc8a9d52417641

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
6KB

MD5
74e0127ebf0e8194b5beed8bb68484b1

SHA1
b2f6797a2e610aa925075f14f9c1ecb03ed61951

SHA256
91a34c43c56cdc2d40744fbaa86dc22bc0f9c4eb77aafec44010cd42e0c723ca

SHA512
7f10b2f5fcd3e3df9102c6e40754fe61daa153d8a9b8e2c38fc63606d145f48b810f46f61b362df21a7a911f31ad079c8c9acca2a63920aafb78b6e7b543c694

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
6KB

MD5
16b226427e49e27ade9cf6fa073c946b

SHA1
137f1bd64e03b973adf3c990d180697b0a221315

SHA256
7ef29973bc2cfa3c1e73f043aa6d04d550c2f36f334e5268cbf98be206217d27

SHA512
f3b47313c8c11838deb2a7a2a0303a72ee9380355d8982932f25d1249794639c0f0fb141ec2f769f457c268f3e99a3b95f2f0a79346389d429a4d4aab07a2ca6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
7KB

MD5
02b8d98345c40efcb9b0decfbbd8d495

SHA1
2a2156f9921fb81e94299b58c943d64bf0a82822

SHA256
9f674129679dcb5dabf3dcf0efc0dfc84acb3521cf9cc27a18b27fa81043212f

SHA512
380de5a210e69516715551fa5ca701b06f24f792af9b48b410ba90afa00506552c6dc0465b589589553ad91a26a912287ef29ac401e3640800a5493c59d79885

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
6KB

MD5
3c5d40ce73034644b6b6954e02860059

SHA1
17f85a300a99d01c6690205244e864289cdea6ee

SHA256
a0da87452df439100d4e6ecd29b0916034bef49f0651078ebbffc0665cf38d7f

SHA512
2fb09ad9d3a4212fe674bc4a281f5aea98bc2e3bbca1527c50a3b47f8fc70d9f46ab664f6b6351efb39ddfd5e7190ade9cda3ff4097122e5dcb003c95ce5013c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
7KB

MD5
beab5873383840f1a2c12aff4f8e49c3

SHA1
fa8fb9da6de4b669028590cde827cc0bf38fb78f

SHA256
1c27e7aed6fb6324b63d4db45443a7f2e6d7e14d558e1c84b281bf004c1c95e2

SHA512
9283cb393db5a67cb3445dfdeb1fcbf1f7577b154c3370a96251beb4f5cf6fa1b885e951810b81c5d935b03386e3ae574bf016a21007bea6427117ada0774d5c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
10KB

MD5
7560f2cb7d857af28d10727da86f4f20

SHA1
4fdf7e74d79d8f1560ee7648d830c8a54448580d

SHA256
a4318f925a750152e074118613188d8c3dd7f17b3aaf90ac7b6a49da8c3d19f6

SHA512
910bff46ef920fdf37021378435ff44d3db9cb1c790febe0a5762d156187472f5504bbf33f0b1357715da27224020290d7abb6617feff588535411741725e3d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs.js

Filesize
6KB

MD5
207077fed406e49d74fa19116d2712aa

SHA1
3ce60cb9b4fbd6b00a9ae26c599b9fdbe2b6c5ee

SHA256
b02701ad3c4478f891a550eac65f0a8c183999aa22a1dd171bd698b990124c58

SHA512
0c6398230b3eb103a0ce280f127515d998a6c9ea8908b8b248b132782f8166141ba8e1faabc7ace4b80e9c925bc5d7885f0fba8c16cb2e7798055727dc66190e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
89937a7f83641d49fee457171b707988

SHA1
3a2d186119333587cbd4f097895ad264645acfb2

SHA256
b3f721fe224b31b6df57d7ba236f88ce36e9feb7d97c664f94efcc6c6564d36d

SHA512
7795ba3ab1a95618cc524be2183dd94da7930d7e4e1b0c9312b8b111880195073fa2be43f8a91af21d8601115329a7b2b389cee834ce1e170905734bead0e2be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
5f7bc22f677124146b16f0d96216ea4c

SHA1
22ab7a6045e17af6a5c922d56f77b161b7f9f6a3

SHA256
58de6424ee080f55b08bcccef80c50b1411b47d3c3c7eda58e16a55b0c54dff8

SHA512
b8531690d6032820ffb41d230ccaffffddb7b189dad97ee4767efdff17c19ebaf09b2373dbb3182cdc6b82259e57413a7a537e88ea8cd8973136b75a256dac46

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
e74c1794e203bd509e916d8885b008e0

SHA1
535865c4fc437054c85664418feac5340f7e24c7

SHA256
5496505eccb0ff97b07f8282cd4acd0538111f72dca9b3f3743c489f37457731

SHA512
0bf659adad0044469c45fe14f02d6e456fb59efcf08f8994a4b5599b25ae82c82bcdf0c377f270f2e1deefb3ae4b35288efbdb5ade770d9fad176f341b12cbf1

Download Submit
C:\Users\Admin\Downloads\9qcbGjdZ.elf.part

Filesize
2.0MB

MD5
3f9a28e8c057e7ea7ccf15a4db81f362

SHA1
10d6d3c957facf06098771bf409b9593eea58c75

SHA256
6a7b7147fea63d77368c73cef205eb75d16ef209a246b05698358a28fd16e502

SHA512
58a71aeac247d206f023ee29aff81026881e41d3fbd268f7513e3bcd951701a68502361dd717befa79a094eb9fc0caaa9f8770ba83f5c94a8acb9ae0986ee386

Download Submit