hxxp://tinyurl[.]com/IchBinNacket

Resubmissions

31/05/2023, 17:05

230531-vl71xagf7t 10

31/05/2023, 17:04

230531-vlnbhagc38 10

31/05/2023, 17:04

230531-vlghysgf7s 10

31/05/2023, 17:03

230531-vkw71sgc36 10

Analysis

max time kernel
263s
max time network
326s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2023, 17:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://tinyurl.com/IchBinNacket

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e041bc05f393d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "4251603244"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31036402"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31036402"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000077ec3ccd9661d549b87781e341031e7d0000000002000000000010660000000100002000000090fef0c17c07c5158d8dde3a3f696ef40ad35b1b0aec65431d73820f6a124f69000000000e80000000020000200000000d459b641de0853833d9fb054487f5deca4bf42377f90d9b282e249dfe6a87872000000031dca00725fae6561536d32e9e0d5d8f11f409d8c24420d463fca78e82af682740000000876351acf77a6ab39512e4e1a58fa65229ddee0c21a52b4ed5f914386c549910c003b7ed42dad430fd12e81f7ebd542b358930d83d7cc5a629f3557d4ecf8e8b	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4251603244"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31036402"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4262853815"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 403a9105f393d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000077ec3ccd9661d549b87781e341031e7d000000000200000000001066000000010000200000008f7a676f839b935fd0ac824077f2704fa1bc75536505142dffd54913529bbe16000000000e80000000020000200000007b0e1ed5e8e4ed772843c4b77db39dd608f5ac5e67327c66d66d58e85aae2460200000005dd435811ea7927d53feeaa0ac2472562221ec1fe31a67cd1e08c3f6e1cdf6964000000098b7b331b5f17b284c3d075593fb29613c50b29a5e5afd7943cee45385aa050fc06efaa7b1beac25231f9bca638886f13ef57128cfe09e1e6dca98c6d6956548	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{289946EA-FFE6-11ED-ABF7-62507EA95193} = "0"	iexplore.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	1808	firefox.exe
Token: SeDebugPrivilege	1808	firefox.exe
Token: SeDebugPrivilege	1808	firefox.exe
Token: SeDebugPrivilege	1808	firefox.exe
Token: SeDebugPrivilege	1808	firefox.exe
Token: 33	1792	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1792	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
3532	iexplore.exe
1808	firefox.exe
1808	firefox.exe
1808	firefox.exe
1808	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1808	firefox.exe
1808	firefox.exe
1808	firefox.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
3532	iexplore.exe
3532	iexplore.exe
1592	IEXPLORE.EXE
1592	IEXPLORE.EXE
1592	IEXPLORE.EXE
1592	IEXPLORE.EXE
1808	firefox.exe
1808	firefox.exe
1808	firefox.exe
1808	firefox.exe
1808	firefox.exe
1808	firefox.exe
1808	firefox.exe
1808	firefox.exe
1808	firefox.exe
1808	firefox.exe
1808	firefox.exe
1808	firefox.exe
1808	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3532 wrote to memory of 1592	3532	iexplore.exe	84
PID 3532 wrote to memory of 1592	3532	iexplore.exe	84
PID 3532 wrote to memory of 1592	3532	iexplore.exe	84
PID 3736 wrote to memory of 1808	3736	firefox.exe	95
PID 3736 wrote to memory of 1808	3736	firefox.exe	95
PID 3736 wrote to memory of 1808	3736	firefox.exe	95
PID 3736 wrote to memory of 1808	3736	firefox.exe	95
PID 3736 wrote to memory of 1808	3736	firefox.exe	95
PID 3736 wrote to memory of 1808	3736	firefox.exe	95
PID 3736 wrote to memory of 1808	3736	firefox.exe	95
PID 3736 wrote to memory of 1808	3736	firefox.exe	95
PID 3736 wrote to memory of 1808	3736	firefox.exe	95
PID 3736 wrote to memory of 1808	3736	firefox.exe	95
PID 3736 wrote to memory of 1808	3736	firefox.exe	95
PID 1808 wrote to memory of 2504	1808	firefox.exe	96
PID 1808 wrote to memory of 2504	1808	firefox.exe	96
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97
PID 1808 wrote to memory of 4100	1808	firefox.exe	97

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://tinyurl.com/IchBinNacket
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3532
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3532 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1592

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3736
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.0.1719861016\811383179" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c03d37c2-dcbf-4450-978d-f1e6f19df445} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 1916 1fccf316258 gpu
    3⤵
    PID:2504
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.1.2140854614\447586744" -parentBuildID 20221007134813 -prefsHandle 2312 -prefMapHandle 2308 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fbd576ab-de4d-4bb3-a7ca-9f232bdeddfc} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 2324 1fcc1372e58 socket
    3⤵
    - Checks processor information in registry
    PID:4100
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.2.1979707434\1239104266" -childID 1 -isForBrowser -prefsHandle 3276 -prefMapHandle 2820 -prefsLen 21009 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af453c7c-933a-49b1-9fba-a34b02810ca9} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 3316 1fcd1ff5e58 tab
    3⤵
    PID:3232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.3.1144717757\255510646" -childID 2 -isForBrowser -prefsHandle 2472 -prefMapHandle 2468 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {84d2319e-c330-4a9b-a83f-b795cd34e5d8} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 1064 1fcc136ab58 tab
    3⤵
    PID:2004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.4.1457542242\1195137009" -childID 3 -isForBrowser -prefsHandle 4112 -prefMapHandle 4108 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5bdcc1e7-495c-4a4f-a3d3-a7b802f10953} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 4124 1fcd314d258 tab
    3⤵
    PID:2448
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.7.549164801\1595192295" -childID 6 -isForBrowser -prefsHandle 5304 -prefMapHandle 5308 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d63179ee-579d-40b8-8515-268404f6877e} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 5296 1fcd48fa858 tab
    3⤵
    PID:4912
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.6.33380681\334947015" -childID 5 -isForBrowser -prefsHandle 5104 -prefMapHandle 5108 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {04fd8d73-7f5a-4b9a-8cba-2a3464311bd7} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 4972 1fcd48f8d58 tab
    3⤵
    PID:1568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.5.1113585733\177489285" -childID 4 -isForBrowser -prefsHandle 4956 -prefMapHandle 2860 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c905a7f6-2abb-425b-b383-20f58bc25ef9} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 4980 1fcd48e9158 tab
    3⤵
    PID:2280
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.8.941754746\71765314" -childID 7 -isForBrowser -prefsHandle 5824 -prefMapHandle 5780 -prefsLen 26832 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6f306d3-fa07-4dd6-a597-ea6ac5b537ce} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 5676 1fcd55e0558 tab
    3⤵
    PID:3792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.9.1699342907\93870175" -childID 8 -isForBrowser -prefsHandle 5064 -prefMapHandle 5060 -prefsLen 30298 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e58220fe-e0c5-4800-85e1-cec969d04bd6} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 5556 1fcd61e6758 tab
    3⤵
    PID:1536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.10.2028008263\725105125" -childID 9 -isForBrowser -prefsHandle 5600 -prefMapHandle 5608 -prefsLen 30298 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b6ce83c-6101-4a11-83f8-ef2d04da271a} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 5572 1fcc132d558 tab
    3⤵
    PID:5408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.11.2072491265\893169920" -childID 10 -isForBrowser -prefsHandle 4776 -prefMapHandle 3492 -prefsLen 30298 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ee3e755-a5a4-429e-8016-bbead3f14eeb} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 4792 1fcd48e8b58 tab
    3⤵
    PID:5388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.12.2022635617\985894510" -parentBuildID 20221007134813 -prefsHandle 10208 -prefMapHandle 5612 -prefsLen 30298 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec62fb79-bac3-4b00-b6bd-4a6b004cfb69} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 6096 1fcdd83ac58 rdd
    3⤵
    PID:1204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.13.1950792615\1561772930" -childID 11 -isForBrowser -prefsHandle 8336 -prefMapHandle 8348 -prefsLen 30298 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {57234428-446c-463b-a48f-a061e6c8a37d} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 8332 1fcd9a35258 tab
    3⤵
    PID:380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.14.1159163336\121190685" -childID 12 -isForBrowser -prefsHandle 5224 -prefMapHandle 5208 -prefsLen 30307 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88aa2433-620f-4bbe-8f02-a639d70bd5b1} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 5232 1fcd2e4c558 tab
    3⤵
    PID:4332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.15.1368903696\1761756591" -childID 13 -isForBrowser -prefsHandle 6356 -prefMapHandle 2844 -prefsLen 30307 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {17328c2f-20ec-4025-a394-0dca4a92e066} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 3112 1fcd5335558 tab
    3⤵
    PID:224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.16.727821114\1866073242" -childID 14 -isForBrowser -prefsHandle 5392 -prefMapHandle 4820 -prefsLen 30307 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {134dd662-5b47-48da-bb61-b76c26eb8a46} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 3528 1fcd5303558 tab
    3⤵
    PID:5664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.17.1219879975\1231236298" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 8348 -prefMapHandle 9984 -prefsLen 30307 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee5d6159-17f2-4507-8a7e-ccb91cc8af3f} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 9724 1fcd7fc8858 utility
    3⤵
    PID:2880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.18.394650318\812005550" -childID 15 -isForBrowser -prefsHandle 6380 -prefMapHandle 5928 -prefsLen 30307 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89872be1-e90c-48eb-858f-c2f349ebff4d} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 6168 1fcdb1ed358 tab
    3⤵
    PID:5160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.19.2006752889\1229678524" -childID 16 -isForBrowser -prefsHandle 9484 -prefMapHandle 9480 -prefsLen 30307 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d4be4a0-8a03-46f4-b85a-6bbdee437c76} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 9496 1fcdb1ee258 tab
    3⤵
    PID:4352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.20.57344007\1118120371" -childID 17 -isForBrowser -prefsHandle 9060 -prefMapHandle 9064 -prefsLen 30307 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {247d0d8e-592d-4b87-9234-60488765e706} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 9052 1fcdda05c58 tab
    3⤵
    PID:2400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.23.1720163926\131617940" -childID 20 -isForBrowser -prefsHandle 9076 -prefMapHandle 8924 -prefsLen 30307 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e71ff338-a9af-461b-857b-79277ce7dcd7} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 9252 1fcd6ba1b58 tab
    3⤵
    PID:3488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.22.108073413\242936462" -childID 19 -isForBrowser -prefsHandle 8740 -prefMapHandle 8736 -prefsLen 30307 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7cb90c61-e96b-4062-8613-5b319b5554f6} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 9464 1fcd6ba4558 tab
    3⤵
    PID:2924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.21.381367473\1533017533" -childID 18 -isForBrowser -prefsHandle 8836 -prefMapHandle 8832 -prefsLen 30307 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c37090d8-89ee-4c0b-a0c6-eeaaea98b808} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 8844 1fcd6ba1858 tab
    3⤵
    PID:4416

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x294 0x4a0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1792

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
080320bb3fe7e7f860019942e6f77f9c

SHA1
2d6f3813b1ed7972c01df6330eb3b0c30339eda9

SHA256
9eb11d5a62c35054e50d193211638a08c9b94d5b360f943df4124e28ab793a6f

SHA512
9def7fa57fc58af72dc374f0ca010107585a355ffcb3c1d3b99064a455acf3fe8ed7d42052234fe2d042b5ccda8af4ba16a8b2dd882b01f0be7edb8cf7aa8944

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
160257d0fe9468aac95753a0e1ee9217

SHA1
e858d31dfef7e2bd290f0821ad802c9be96c7d33

SHA256
f05b7c2c0b3e4546738921c49aa41ba84af99a8bbb00c66273992f4a1893d512

SHA512
4eb223be148517b1e125d4573b51d0791a1392bb0a499769bba8f9dc58526ee95088777bb779054d17bc6b95e82ef5f02ed9c51c5b9330c22d90dd38dab0ea00

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\activity-stream.discovery_stream.json.tmp

Filesize
140KB

MD5
e224fd2be0622ed4ee1621ee8094905d

SHA1
71e271056743260106658552a9a1bd80c0301dcf

SHA256
78df3c146ec31ffacc1d25f1eaa3ae6d4fc0f63978bb8a4beab657dc774b3e8b

SHA512
b731bd6877dbc731bf10f2f5696e47240e132c9ddc7ef24f2a61cce0505a593615cf1c699f021602bdc9ee66626f88bcd4a4fceddd4e00cc271d763b9e2e7979

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\12379

Filesize
51KB

MD5
c4411c41146b6ff168ad79e1356b4ab3

SHA1
8bbb6d0b38b054d36b3038912151af079fccde03

SHA256
cff1f226f6a2815a2f378afc2464ec644f37f7f47beb18a2e655466998b8f180

SHA512
0e995b3c8e12226667290d2660515ea709e4a4ac531c3acdd46ae87c6c6e472f365407e76bd68e46cb2064ca84b97478105a9467a2dcf69fb33566ed921b1dc9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\12381

Filesize
9KB

MD5
a1dcc7d5eb42ae2510b5ce05509b5985

SHA1
464ac87ee3c5fd22d8e42c17380f210863e29858

SHA256
afefa6a1901ebd68d28d3d21d1feac129811892db51bf2ec25f36f99cb51236c

SHA512
2c68d89b24bf92b6486b0974eb36f981113b57a3fabc95f62cc96db080c6ff3231b1cff4adcff9bfffce430b0fddbaad0f08d0818df944610da1397e652bc813

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\1259

Filesize
8KB

MD5
78304e188c7612fb765acbda371d40be

SHA1
ef3abcb52a3f77e9ab9d21def0fc0332dc90d563

SHA256
0256bd77af3f638cececfd89bc0e2d4d45a04c0a2ec61e6d9c4d4bd0a7bd6057

SHA512
cb5e857d134d8f418233f3e0e503034263f66dc25e191b419a587e9a90f87a0addcbd78c4be8fde7eec27b08247c2dac2971e54486255a5949583d2b1428af03

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\15140

Filesize
8KB

MD5
bff2442fde1a74bd943e79b3f76f9611

SHA1
28ade0a34cc6f5f368a1f104f95a88abe4ea4e88

SHA256
a043b34622ce836a0b7a2e6b806d672cd977093d57f63f9e60a8d65ecd532099

SHA512
154ad5a99183fe6ddec476c8f4004ef0893ea56d84f371e6ba6a68d6279d244683707ce17c78e090e604dfe34f6ff708907ce6007cc7fd826b9c4569409455c7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\16152

Filesize
8KB

MD5
1701a9d07dafdd4b553ad4f03645c808

SHA1
48550c823b06b89f37ad5e7021cc12a2ed2c9508

SHA256
20153e7bed15b3a3b1993cfd5f8f5eacd896a7342166cde26fe231d154e3209d

SHA512
c6d6eb51b9ed4e68de931fcc3223dbf32f1542170537fb01cb98795a4c7f2cf41d9f521962d98f0da178fb923798143ea47d57ecbc7c57b3f933070fd9e1789c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\19044

Filesize
8KB

MD5
ceb8c6f2f574f9bbf7de338359da2eba

SHA1
a477ed9fa414c9356e122071f222b793391fbd0d

SHA256
bfc0c6207af8b3b98965d0a1ac8add230260b628d9fba1ec648060f919384f40

SHA512
85f7d552217f0898e18b89d453265e63903c2c7c5f859755c4df4ae116ec2fe9889f16f492f3b678278c2fea1c30411a496f290f3bbf302c567ac311733a0f1e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\20576

Filesize
9KB

MD5
5bbfa0e271b0454cf366b89f32519eb3

SHA1
d627b5c5b1b0cef7eb545bd34408198348db38eb

SHA256
25a9ae7066d67e4293e850b74e94b23515d7b8cb5c0c2fea6ac4d869162d9873

SHA512
f75ee9b03b5a6e2a5b156772a768b8a943b08c4b530b0d76a2a9bb73a9cc917f8477e7e5b16a6e9ae2373c2fd62a1986cc657cdabc495df95a460fde07dce526

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\21493

Filesize
9KB

MD5
144dbeb3804b2499d28b87595f119b1f

SHA1
2b9527e17407e98077fd497302e9b25470778dfd

SHA256
6812f6cb56c7b01faf6c787c48f87cfba4c16db9a7c708ae022c80ef3a975feb

SHA512
a9bfe4a25698b5506a97073e53b3cedb5a403cbc50e8299745e2f737bc6dde269b852114d730d2e524e22638175b4ccc412aff2cc5a4c0ff08e0352e01af6ca1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\23712

Filesize
8KB

MD5
0ac5944eee4ef2b41d52b3e77fc7675b

SHA1
0d4d2bd2ced05c3e0426caf22d43a7fa57509284

SHA256
326aec1cb98af325efdbe76f1ebc9075237e8a06f03c78f54c4b6ee2e3227dd6

SHA512
b6208ff525ab32aa475f2f858811e36d1d5eb1588722a22a780310adfd982e2768819dd21193a8b895a68f551018bc3d4ac057196183691263b442311b2d5824

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\25455

Filesize
8KB

MD5
7fa945c4b3961da2ab25c18d4dd4ef8c

SHA1
c4daea6a09a8a3d50366f8e6b5fa571ce5547905

SHA256
dfd86193a480fd6bcbc8f07a73b229f536ce1a1fec7941896c6208477e925ece

SHA512
0180d8c69c7d409a57d28b61d53bfe37aba4c8c6700523399a70ed4c38814c07a5f1b0ab9635c66a0aa3fe1de3a85ac878aa257c144f0b35b5b8d8e9719e64fc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\26198

Filesize
9KB

MD5
39ca8d5105610faafa7bad23ac285dc2

SHA1
995ef3e35e7a9b9efae0a177bf06de1f74b33b07

SHA256
518849f9b728b53d852e4019008424142a78640ab065fd88a331b778a770c352

SHA512
913bf5c5e6ce47614876159badda644663a3e6bff6e508dd2e570cd485f93380d0e79ce485c1d73419337faa3a409adbc1053aff0647d89dcba485e0bc4a564f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\27341

Filesize
14KB

MD5
1373a40460bd6b5f49ae6343dfd1c46e

SHA1
f140e3c0ee58659a0a7d7a6257f9f2889534190a

SHA256
c48544e58a57781596e3acb9f4cb33694c2e8be89205bf79bd326ab70f21636d

SHA512
f3e4d26f5bbf3578091b68c44960ce3151f944bbff605e6d849edb5269ad900451b23891ab077486d31062b261b54468043a048d4af196b2c694e1d3de80b2e9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\28516

Filesize
9KB

MD5
b8c5c3cd2dcf9ce00c58e411200a2b30

SHA1
fd4351a6a3ecd3098831d6016c40b66544b30d8c

SHA256
65e8ae177e81ac32be2da27d8c4c1824ca281f267db81ccbb494299af18f5967

SHA512
9fa31e20d56579b3e7df5e6a500b2e747065a7e0f116c3ad2e30029e5ed4e3877411b1546f823460788f80a91c3cba785603d0d848871827733f755f870323db

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\32617

Filesize
8KB

MD5
b432d6ce7687145738e84e908eca8a9f

SHA1
47f1513e4e85079f14bd1ed71b577b4fa8670539

SHA256
0c42e9a79895ab06c6e39b7947e3f22cb0e973a5bd9381a2947270b562283330

SHA512
b53cc7ea560580f24937fb53352e52babefa5b58d770fc637c9f805e98ab27c982358f52a8ad1b3a61f8ba1fba02dd269dd979093e92dc3277bb33e523ef8d0a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\5015

Filesize
9KB

MD5
b7a365e5726c81d59bc8710aaf782943

SHA1
adefdd2c0e47f1032f9e712c1499ee8ff03a68af

SHA256
f83ddf169b2334779926cae3b8a5cd0c56e701080c3f09bfd4ab597135e1fe49

SHA512
31871c7d45653b1887d8950ac142b551e52fedf9be3a1afcc07ae2de92a0ddc30b3d1138c52b706b675b0363eccaa7c37143d3a3e3b4877c4ce1277327d62c02

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\5D5D3134D49FEE64BF7C48486845C3A5CFF98530

Filesize
242KB

MD5
4a3aac5f7d5d2723e02cdb091bc9412d

SHA1
78e8d9e5d134b596548b96d79017224e69073f9d

SHA256
59ec5f41692431b7a0e556e4a0933b506ce91d26050fb26f41a6950c732e2455

SHA512
d46f06119480b53f771977d6c1fbf0343cf349ede1d11f9e70e9071ef92800b2eb45377d5a1cf77aa1cfab2e5801cec59ccadc92f6d1775982054d6cacfa1f80

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF16510E7399A30FD6.TMP

Filesize
16KB

MD5
33adce32c025bf60f84affe332150d17

SHA1
efaa2609d5a558d8a9f6723d3726b5d128656a05

SHA256
b5e5de58ad4abb0a0c241f47ac20b857f2284dfe27887cf6a1e2272ad6251f0e

SHA512
b7066b00d487e34a9d226487f6352eb4b7e378a313b52163c56344fc3af4ffad39f1d70417cd25ec6573e95e7a420866883006f2aaac11e4afca980836f40b61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
7KB

MD5
49a3cff24ccfa07ed297339af5b674ca

SHA1
69ff31c12bedb7ab1d724dfbed596113094431f6

SHA256
a115ff2efeab9eaec6cdb66f6320309bd131ede083dd811e0c67d76737b49313

SHA512
0fa261502230587d8e7b648cc24e2a0f375027679a882888ad3561460029b93b14a6597ff67ef989e8958bf6b239e59af41005a2fad5fb2e20a92479cdc74859

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
6KB

MD5
9e26c893dc79002e915b335b165b23dc

SHA1
4fa072bb5f5260c35c1344ecd2ba44b9c370d8fc

SHA256
d52e3e281713428cbdf5b5a1fd01583f4d7ed0d22e6fa4cd482cbfb24584b9eb

SHA512
66b7ecaa342122032c7d8d23e8f92383b671c5f9347c0c5641e221e54700683f0f14c1afd216f31d448fe045b9921ec6bec6d16e73263b5ed35537f283d95628

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
6KB

MD5
19c6715e49dd98f80257add7658812c7

SHA1
b5e6adb8ecfdd47de0aab7a9109ea7bb1ae4872c

SHA256
ecdf4cf8cfc2eb8f0320a6a99c0a6adb2ea03a772e3f7774186d237e166878bd

SHA512
73a519a63f911b6ccb48c6bedd9710f406aa45b2555d7991684dbf23b9a176c7e9eb00dcd0649f00f23fe72faf07d1940c19a38a5596c41f455da1184d10f82e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
8KB

MD5
5c74e3071bcdbbcb9db750d8428d0781

SHA1
15947a57086a903a1c1bac5a1471a1d4c7224937

SHA256
935f61ceab6a542ee5fb16ee5b510973b3c17b04fec1abc9ace09d41860877c9

SHA512
d13ffe645795352bd2169efd0e10ccef9e295f0d2142e8489a83231c19f1f53c846be52a32f70e9291783b5a58806e2ab4bf8fe399b91e3c8b8ae5a614dfc268

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
10KB

MD5
588353c943337686e9d35d8549c2f376

SHA1
62f98a0a387c73b866f7edbb310ea24b1ee9db3b

SHA256
472a429ef392b1d16576a20bb1f3ff2b0265ee94be44c22b83d48162bc23e9a3

SHA512
bd7b75b726bc2fe36c7d5f2df99c364c41bd5043c993420397aec73b3937ab6f4b322b536d27c4852b2b4de8a6a72c89b6b0714f44ef9f8a054116b0962c6d2a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
10KB

MD5
82a5e4d38c1008b46f1089ec0e52d59f

SHA1
66f3702cddcdea1b4ca1070345163999321d33ad

SHA256
c8e2787244e0da1b74a3605242aeb7b20295a74a7f2fc986ffcd261a46abe9de

SHA512
b0931af083c83d8d35783889ae1a12d767dc6ecbfd0c40ed8c2f9b43b5a3f8f2795d85a5cafbf614bffe83d4bf4dfad46cedd2b7e2efcdde17cde64150c29c87

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs.js

Filesize
6KB

MD5
207077fed406e49d74fa19116d2712aa

SHA1
3ce60cb9b4fbd6b00a9ae26c599b9fdbe2b6c5ee

SHA256
b02701ad3c4478f891a550eac65f0a8c183999aa22a1dd171bd698b990124c58

SHA512
0c6398230b3eb103a0ce280f127515d998a6c9ea8908b8b248b132782f8166141ba8e1faabc7ace4b80e9c925bc5d7885f0fba8c16cb2e7798055727dc66190e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
c8dc58eff0c029d381a67f5dca34a913

SHA1
3576807e793473bcbd3cf7d664b83948e3ec8f2d

SHA256
4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17

SHA512
b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
20d0daadff42a0c292be0ce3c739ed45

SHA1
643498271b9c9cce9e8eaf3f20a7a4116e341bc2

SHA256
137f14860e2ecf7ad2f3d3e6750f20a3dcc6bf16f305353caa131904ecdcc515

SHA512
3397032cec42d1d9b5e9a4fa2d81512d057ff3491eeba6a0e87fec00b3c0aab3cab361ecce350006d2f97be5b99d55f2f8beecd61beaddcc6c9421df38f80f8f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
1130d8103abf9aa59b38a78dcdde0912

SHA1
8b44c4b218a1e84556a19e74cd3776f02e254ded

SHA256
f53855d2344abae2177919230029fed829166d5d9da709a268133e3d80146401

SHA512
4669acef342957afdab877581a95c7715667c231d569810ef496f78870c1d26f6c20763ccafd5fd6a467a5b9afd19703a6a552f5de8153ade083b6e32dd32538

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore.jsonlz4

Filesize
68KB

MD5
5dc690cd3c39a75606a5bfd609ccdb05

SHA1
c749eeebef66a796c95fa506fa04c8f90bad2245

SHA256
5c46ae39d323bd8a08e5f3e52a7c68f173448aad6b711b6951e062fe6b1f542a

SHA512
0f86180f4280739f9087f11b12ce563a47c0fbe84b5a66932512610fc56278f39602c27b33046dc25348d38db840a96f4f4a942e1dbee083b0cd822bb9e986e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\storage\default\https+++www.fuckbookmobile.org\cache\morgue\42\{04ff9d34-379f-44b5-a919-31884285412a}.final

Filesize
60KB

MD5
1fbdd593721ac7493e12895758f01317

SHA1
19430defb6afcc8e8eebc8f9e1985f4789237fa5

SHA256
d0bfddc60c44c664911c8592002d334b2f5c1d34605137b572e19cb6986ec511

SHA512
47cff5e8f1ea9796606759c76b91c79be5aba0a437224220e81f2dbd5e37028ab1ad1ed832c6e10b804b8013c83312c6f6e84ad6281738a5c574fa389af23050

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\storage\default\https+++www.fuckbookmobile.org\cache\morgue\86\{2ab91308-32f3-4609-8319-17ed47a0d056}.final

Filesize
90B

MD5
09b43678b0c675d28dc325b3218c4a4a

SHA1
67f9b0d6d6cbdf970902f181b4ba29d3e6d4d8eb

SHA256
34f9e3dafa09a4bd5c9f5c0850fbf563459a429bce0b0403a62270340cd12418

SHA512
5b08c5272616b57677e98db235d2604dc0a8149d1c9f49ee8e30007a9aefe9898c979cff8c6e2d408e4d0d5dac6d64062f4deb70b73b27a2f2751fcc8962741c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\storage\default\https+++www.fuckbookmobile.org\idb\993782502OBNDE__KSDISG_NLA.sqlite

Filesize
48KB

MD5
1f6e3848d98fc9fe14fec575f0ebeace

SHA1
c2dbd80be11c17ea75d67f1586ac4b93cb78bfe5

SHA256
4d549e1b3ac5650d10738771145c7df3cfcad453147450ffaf67db2672f731b9

SHA512
c0292e84b0e6c443bb0bbab7949c8273b271bb809e587b4e338c0d3bcd14eaca185abbaeae9b5c6b8755c3924654d5aae68b96338e9598e36bca9d139d067b5c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.1MB

MD5
659747af4d9195f95bc83c1a6d851c5e

SHA1
516cf039dfa014eb0221d3f704974e5d7f2e3805

SHA256
fef06cc2fc1f0d2ddccbb4855638c2720191a7245014fc3ac0af73bb81767100

SHA512
c6c6e171c38b13d597075ab26c4a0debf7768e547f93527155b2357effc985562842f1574fe8bec832a3308f66da076a54ff1710438f7d0878e82935570d1b17

Download Submit