f29c00a73e33fab90329c7aacea5c7866c5fbaa25aa2e1c19cc91c383ff7d9a8

Analysis

max time kernel
151s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
23/01/2024, 21:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

main.exe
Size

13.3MB
MD5

9914af53044c63779dede6b3fc8dfb41
SHA1

14dc2658293f0253c62797795506544b6ea20616
SHA256

f29c00a73e33fab90329c7aacea5c7866c5fbaa25aa2e1c19cc91c383ff7d9a8
SHA512

4ca7abce0bd1ea04ad69ffc327a8fb9f4409369b66600a76ae679fe3dd7226ea3867e39aa1efcfc62586d43caf36268b18cac70cf1fe882cc2da520e22f2f993
SSDEEP

196608:LydEOZwAOejUzmhRsTYjPZWdkSjl5dK6FuaMf8XD/N7QEYhtkUdJiIwT/W54RY0a:+Dm14gkUdkqdZ/Mfe/JQ1htrj/546J

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4876	main.exe

Loads dropped DLL 26 IoCs

pid	Process
4876	main.exe
4876	main.exe
4876	main.exe
4876	main.exe
4876	main.exe
4876	main.exe
4876	main.exe
4876	main.exe
4876	main.exe
4876	main.exe
4876	main.exe
4876	main.exe
4876	main.exe
4876	main.exe
4876	main.exe
4876	main.exe
4876	main.exe
4876	main.exe
4876	main.exe
4876	main.exe
4876	main.exe
4876	main.exe
4876	main.exe
4876	main.exe
4876	main.exe
4876	main.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	1760	firefox.exe
Token: SeDebugPrivilege	1760	firefox.exe
Token: 33	3808	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3808	AUDIODG.EXE
Token: SeDebugPrivilege	1760	firefox.exe
Token: SeDebugPrivilege	1760	firefox.exe
Token: SeDebugPrivilege	1760	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
1760	firefox.exe
1760	firefox.exe
1760	firefox.exe
1760	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1760	firefox.exe
1760	firefox.exe
1760	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1760	firefox.exe
1760	firefox.exe
1760	firefox.exe
1760	firefox.exe
1760	firefox.exe
1760	firefox.exe
1760	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4112 wrote to memory of 4876	4112	main.exe	89
PID 4112 wrote to memory of 4876	4112	main.exe	89
PID 4876 wrote to memory of 2932	4876	main.exe	90
PID 4876 wrote to memory of 2932	4876	main.exe	90
PID 1728 wrote to memory of 1760	1728	firefox.exe	101
PID 1728 wrote to memory of 1760	1728	firefox.exe	101
PID 1728 wrote to memory of 1760	1728	firefox.exe	101
PID 1728 wrote to memory of 1760	1728	firefox.exe	101
PID 1728 wrote to memory of 1760	1728	firefox.exe	101
PID 1728 wrote to memory of 1760	1728	firefox.exe	101
PID 1728 wrote to memory of 1760	1728	firefox.exe	101
PID 1728 wrote to memory of 1760	1728	firefox.exe	101
PID 1728 wrote to memory of 1760	1728	firefox.exe	101
PID 1728 wrote to memory of 1760	1728	firefox.exe	101
PID 1728 wrote to memory of 1760	1728	firefox.exe	101
PID 1760 wrote to memory of 4480	1760	firefox.exe	102
PID 1760 wrote to memory of 4480	1760	firefox.exe	102
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103
PID 1760 wrote to memory of 2812	1760	firefox.exe	103

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4112
- C:\Users\Admin\AppData\Local\Temp\onefile_4112_133505194268333431\main.exe
  "C:\Users\Admin\AppData\Local\Temp\main.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:4876
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:2932

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.0.1937804786\798731986" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {30d80db4-49f1-4372-87a4-f1e368032f0e} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 1980 274da6f0c58 gpu
    3⤵
    PID:4480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.1.73574722\164975604" -parentBuildID 20221007134813 -prefsHandle 2372 -prefMapHandle 2368 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5181fd5-3775-48e3-912b-e048b1f6d259} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 2380 274da60a558 socket
    3⤵
    PID:2812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.2.130252273\1185812798" -childID 1 -isForBrowser -prefsHandle 2928 -prefMapHandle 3044 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5cec7ae2-74b1-457b-b25b-882cd1ebd9dd} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 2996 274da662858 tab
    3⤵
    PID:3096
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.3.1274113758\115940661" -childID 2 -isForBrowser -prefsHandle 3560 -prefMapHandle 3556 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d643d62-f535-4761-ac14-ef029a3a9dbf} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 3572 274dd20a558 tab
    3⤵
    PID:1240
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.4.1199358788\1591534790" -childID 3 -isForBrowser -prefsHandle 4352 -prefMapHandle 4348 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a76643ac-91f0-40f6-9af2-4219514f268e} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 4304 274df8ed258 tab
    3⤵
    PID:1636
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.7.813342555\1096755535" -childID 6 -isForBrowser -prefsHandle 5536 -prefMapHandle 5540 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1197ae2e-f4d5-4546-808a-9c0d16834e53} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 5528 274decccb58 tab
    3⤵
    PID:4628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.6.1586897776\1693407188" -childID 5 -isForBrowser -prefsHandle 5172 -prefMapHandle 5136 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {363cbfd9-3982-4bd4-9c93-315f1f68b4ea} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 5396 274dd225e58 tab
    3⤵
    PID:3540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.5.1089937117\398375381" -childID 4 -isForBrowser -prefsHandle 5220 -prefMapHandle 5216 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {68881700-8ad4-414d-9b22-49ef7c6fc760} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 5228 274dd225258 tab
    3⤵
    PID:212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.8.1196915575\353886280" -childID 7 -isForBrowser -prefsHandle 6092 -prefMapHandle 6088 -prefsLen 26550 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdf2e1ea-34bd-4f57-b6ae-32e62db0ab3f} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 6104 274e2613e58 tab
    3⤵
    PID:3328
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.9.346814701\60651906" -childID 8 -isForBrowser -prefsHandle 10372 -prefMapHandle 10304 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99228511-218e-4551-9f8f-45a1626a422e} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 10308 274e3736b58 tab
    3⤵
    PID:2116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.10.130314740\971908647" -childID 9 -isForBrowser -prefsHandle 10152 -prefMapHandle 10148 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03cf8e2f-9d1b-4b58-bbdc-d99d0dec60d8} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 10164 274e3738358 tab
    3⤵
    PID:3536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.12.1000803897\1779451013" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 9896 -prefMapHandle 9892 -prefsLen 26725 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a45706e7-c800-4e79-b0f3-eec4d3f5e5c0} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 9828 274e42d8358 utility
    3⤵
    PID:1380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.11.1685507544\1716953557" -parentBuildID 20221007134813 -prefsHandle 9852 -prefMapHandle 6160 -prefsLen 26725 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ef0c3f6-a3bc-4582-b6ac-0061b8cd7598} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 9840 274e409ee58 rdd
    3⤵
    PID:3196
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.14.1684470755\1196979152" -childID 11 -isForBrowser -prefsHandle 9476 -prefMapHandle 9528 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c771707-d0fe-4f8a-aed1-6f45854dea30} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 9428 274e4137858 tab
    3⤵
    PID:5344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.15.231169284\2109342807" -childID 12 -isForBrowser -prefsHandle 9248 -prefMapHandle 9244 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f1281ae-ce6c-4211-b211-7877610697fd} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 9256 274e4135758 tab
    3⤵
    PID:5356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.13.596075333\1844260014" -childID 10 -isForBrowser -prefsHandle 10096 -prefMapHandle 9552 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f83ff1ec-79e9-46ec-b9fc-a0e4d0465c1a} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 9556 274e4136958 tab
    3⤵
    PID:5332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.16.2087555686\561899179" -childID 13 -isForBrowser -prefsHandle 9388 -prefMapHandle 9384 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {143ac843-2a9c-4725-b7db-b5b8108fc563} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 9396 274e48abd58 tab
    3⤵
    PID:5980
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.17.429002879\924257481" -childID 14 -isForBrowser -prefsHandle 8672 -prefMapHandle 8668 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {916f73a8-eec0-4b9e-826a-9b85f5bba8dc} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 8676 274e4135458 tab
    3⤵
    PID:2224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.18.1986818832\465223084" -childID 15 -isForBrowser -prefsHandle 8548 -prefMapHandle 8544 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5d97d1a-3006-4e5f-a186-42b9f2589f5f} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 8560 274e4383458 tab
    3⤵
    PID:5220
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.21.785268622\1133251030" -childID 18 -isForBrowser -prefsHandle 8024 -prefMapHandle 8020 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {93c5d387-65d5-46a2-be2a-de228e93457f} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 8032 274e48bb558 tab
    3⤵
    PID:2900
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.20.1082703860\71265278" -childID 17 -isForBrowser -prefsHandle 8488 -prefMapHandle 8492 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99bd5f1e-8b71-4587-ad9e-5657ee7a2a55} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 8228 274e48b9458 tab
    3⤵
    PID:6104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.19.20936198\978951573" -childID 16 -isForBrowser -prefsHandle 8296 -prefMapHandle 8300 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5346af0b-dc2b-4f97-8c7e-f48ba958fe52} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 8252 274e48b9a58 tab
    3⤵
    PID:6084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.22.662053071\423806540" -childID 19 -isForBrowser -prefsHandle 6020 -prefMapHandle 5900 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e0c9755-fa20-4213-b4c6-8460919f649e} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 3420 274cde30b58 tab
    3⤵
    PID:6688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.23.1555601445\1706445300" -childID 20 -isForBrowser -prefsHandle 10352 -prefMapHandle 8860 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b66f23f-f91f-421b-ba9d-dcb7b59362c4} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 10368 274e2933158 tab
    3⤵
    PID:6248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.24.1286716249\1178970966" -childID 21 -isForBrowser -prefsHandle 9560 -prefMapHandle 10116 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a38fefe5-d8e6-4c37-a55f-ea05f1a0e41c} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 10184 274e2350e58 tab
    3⤵
    PID:4464

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a4 0x408
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\eypn1lcs.default-release\cache2\doomed\32405

Filesize
10KB

MD5
d8acee6f9f89b7a88e5f6a66ffff3f39

SHA1
06a45010454aeb716fddc0eb93544f82731f5044

SHA256
6ebf6e80fc7e307aac1df7a33451ce6b2b9c7bd09edc36965a2b42478810dd8d

SHA512
d3f56df567ad214b44b86be27946de72407f707893577ea335c14d8405f734d398f9382243fa067cd32edaba10bc07cf3306e11d9a682dde5d67f41fb8091b92

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\eypn1lcs.default-release\cache2\doomed\7251

Filesize
9KB

MD5
467e13c71373ec9eedc8501164a2f29f

SHA1
d03a9b46bfc14b934a37de83159cf9418a5aab47

SHA256
1a1983d827f4d5546ca5d67d2e540ebbd0b9118441e05c7a76503d1a73a2e8a8

SHA512
de13cb43f9690731a4092bd0db3adcd500b92a64275ee3d64f994bd74b2779ca9cb99c6b2790cffc14f6f23788e5734567dbd1b60dcffbe8006188afcbf0aa6e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\eypn1lcs.default-release\cache2\entries\21A7D5731DFA23DF1F2B625219D1B9B7A118D4C4

Filesize
192KB

MD5
af1c602c6a897c3b106a571d7b1272e5

SHA1
f6e74796dbab3a5bbd0f7cfe485a5b71152e8ee1

SHA256
cd5bbaa594b601c949a88d1fc2c41d4278a9096fcf965e0d7e81e03870b87b94

SHA512
c945843757a0d366099d496bbdcdb81905e11bb2345c2994a33e692f201dd7cedd809c78aea58ba3850f50423fc274aade7e254b61d0698d29480842c30bca0d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\eypn1lcs.default-release\cache2\entries\3AFB44AFE893A5028E4FECB3453A7E7BD6E9A75E

Filesize
18KB

MD5
e832223b8a80673fea890d4c7175773c

SHA1
e023cc47e822a4330314390bac8d6d5ba6361283

SHA256
d01561fe1823f76cf511054a35fe530951a17416f1ed54645014b10b26ab14f8

SHA512
127d859149e2c443adc2ebf83e023ee401d7a29d66dd3dd2111eada82adcdb337539d5e5beb76442acf6a9637b1adce82a995690ab93299c25532fcb8a4ae8c2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\eypn1lcs.default-release\cache2\entries\66F7A28EA723B6E0F38FDD933AE945F828FD9FF8

Filesize
1.7MB

MD5
93d2251c954366de4a38e60a81332305

SHA1
c84b7a1371bf5598342d115478b7f18225974337

SHA256
da6a60f714eb5f2877e996d4986eea6abcab5d3492cf488099d72d29e567050a

SHA512
6e278786e3251ed9a62fcf8fb898b910a7e8b89d3dd452a03a175d4eca2096f9ed37e9924d7d154dd5832790fa3f1685b07bbf87210b96ec6c9d63e8a2325115

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\eypn1lcs.default-release\cache2\entries\71248D89047CEC6071B96042490A45FEE6EC689E

Filesize
251KB

MD5
1274036b8acbb3001d82ad2a2f821993

SHA1
5780389e8dd7e71506c6c9ba5dcf183317eea58a

SHA256
859c48cb6e46e4963e1f8ec331fb7bdc718bd11c52c6d2d242f4dc56564bb8fe

SHA512
238ac19ef717e607a802f1927bcc9920ff8600e1e69138d8b70167a855d38277ed0a593e38f611284338ed0ef78e4edc3463d2ff2e93257ef5f0ff8c2c53c8f8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\eypn1lcs.default-release\cache2\entries\F4AC35FEA4BD6F9B06007EDBEFF252DBD7A6F015

Filesize
214KB

MD5
afcac130c4096d1928081a39f3785970

SHA1
5793cc8b138b0bf391d169f721ec21499188ff52

SHA256
42870c8cd56a9f74abae6e7111e056a3b7746c0e6aae5adc5b98190fa2b0f545

SHA512
a5da04a7c54e26ec4804d95d7d13045e22fae6b3c67d29727891fc2e0c2608b1a451284897bf07000aa676f951caf9213226eae8f02d0062078476bb319b0ad6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\eypn1lcs.default-release\thumbnails\14938555e3df1c4ff16047118f39fd8d.png

Filesize
9KB

MD5
ed0888e90f1dec2fb6507bf4e60e00ac

SHA1
3c154c59139f3a6c4d9ff557597b348e7ec4bce6

SHA256
19d24d8c184a0b5c9cb99865286478b6ae636ae613098d9c350fc47d819c3c9d

SHA512
92a395d5e2785aff5a9aec6c3bec67866c415cc0a46693540ca2858c11325e02442e9a6ef7e9dbe5133fc6af6498828b5c11f7e275b9af7868c2aab510c64dc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_ctypes.pyd

Filesize
124KB

MD5
7322f8245b5c8551d67c337c0dc247c9

SHA1
5f4cb918133daa86631211ae7fa65f26c23fcc98

SHA256
4fcf4c9c98b75a07a7779c52e1f7dff715ae8a2f8a34574e9dac66243fb86763

SHA512
52748b59ce5d488d2a4438548963eb0f2808447c563916e2917d08e5f4aab275e4769c02b63012b3d2606fdb5a8baa9eb5942ba5c5e11b7678f5f4187b82b0c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libcrypto-1_1.dll

Filesize
3.2MB

MD5
89511df61678befa2f62f5025c8c8448

SHA1
df3961f833b4964f70fcf1c002d9fd7309f53ef8

SHA256
296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf

SHA512
9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\numpy.libs\libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll

Filesize
36.4MB

MD5
5e46c3d334c90c3029eb6ae2a3fe58f2

SHA1
ad3d806f720289ccb90ce8bfd0da49fa99e7777b

SHA256
57b87772bf676b5c2d718c79dddc9f039d79ec3319fee1398cc305adff7b69e5

SHA512
4bd29d19b619076a64a928f3871edcce8416bcf100c1aa1250932479d6536d9497f2f9a2668c90b3479d0d4ab4234ffa06f81bc6b107fad1be5097fa2b60ab28

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\numpy\random\_philox.pyd

Filesize
69KB

MD5
8f3d6fdef92a0396891f65bd60d62b17

SHA1
53ad0ab7b70fff7062026f8f1d6502222e3fdcc1

SHA256
4d88223fa074b53ba124955b5dc1907674c621a122125f040455540870be8690

SHA512
5423a11c3f27ad4dd91a4442e40933cb38da82175737015945a6b7fad2d67594b7428782fd2bd86036d96eab9d9716930b2cbe7a340be68455ee3848a09e6374

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\pywintypes39.dll

Filesize
131KB

MD5
f20fd2e2ac9058a9fd227172f8ff2c12

SHA1
89eba891352be46581b94a17db7c2ede9a39ab01

SHA256
20bde8e50e42f7aabf59106eea238fcc0dece0c6e362c0a7feeb004ab981db8a

SHA512
42a86fa192aea7adb4283dc48a323a4f687dad40060ea3ffddcd8fd7670bb535d31a7764706e5c5473da28399fec048ae714a111ee238bb25e1aad03e12078d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4112_133505194268333431\VCRUNTIME140.dll

Filesize
94KB

MD5
18049f6811fc0f94547189a9e104f5d2

SHA1
dc127fa1ff0aab71abd76b89fc4b849ad3cf43a6

SHA256
c865c3366a98431ec3a5959cb5ac3966081a43b82dfcd8bfefafe0146b1508db

SHA512
38fa01debdb8c5369b3be45b1384434acb09a6afe75a50a31b3f0babb7bc0550261a5376dd7e5beac74234ec1722967a33fc55335b1809c0b64db42f7e56cdf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4112_133505194268333431\_hashlib.pyd

Filesize
64KB

MD5
88e2bf0a590791891fb5125ffcf5a318

SHA1
39f96abbabf3fdd46844ba5190d2043fb8388696

SHA256
e7aecb61a54dcc77b6d9cafe9a51fd1f8d78b2194cc3baf6304bbd1edfd0aee6

SHA512
7d91d2fa95bb0ffe92730679b9a82e13a3a6b9906b2c7f69bc9065f636a20be65e1d6e7a557bfd6e4b80edd0f00db92eb7fea06345c2c9b98176c65d18c4bdbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4112_133505194268333431\_queue.pyd

Filesize
28KB

MD5
f19d9a56df14aea465e7ead84751ea5f

SHA1
f170ccbeb8fb4a1e0fe56f9a7c20ae4c1a48e4a9

SHA256
17ccd37dfba38bba706189d12ed28ca32c7330cc60db7bf203bf7198287073e4

SHA512
2b69a11026bf4fe3792082d57eaf3b24713e7bd44dfd61ccaa6e5adb6771e49b6c81c1b542fbb159c9055db9739b9c4473a856914c72683a2a4cf658d6d7a469

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4112_133505194268333431\_socket.pyd

Filesize
78KB

MD5
478abd499eefeba3e50cfc4ff50ec49d

SHA1
fe1aae16b411a9c349b0ac1e490236d4d55b95b2

SHA256
fdb14859efee35e105f21a64f7afdf50c399ffa0fa8b7fcc76dae4b345d946cb

SHA512
475b8d533599991b4b8bfd27464b379d78e51c41f497e81698b4e7e871f82b5f6b2bfec70ec2c0a1a8842611c8c2591133eaef3f7fc4bc7625e18fc4189c914e

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4112_133505194268333431\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4112_133505194268333431\main.exe

Filesize
14.2MB

MD5
3f3d07a52259ad51bb8dd7ff77b0f7f8

SHA1
7e4224bb0eeb018d2a548ec365bd60843545110f

SHA256
6e4889f10b365905a47feb31e4996e30db99b2c31e9dde10732c7f3612251e50

SHA512
3b9709ff53066cf89851f6ba7120868b9ec3cfaa50860e25eabd2cc491c47201f42c0d4948813c25089306dd3292e001b596eaf296829b113cac1f8d2e94af16

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4112_133505194268333431\numpy\core\_multiarray_tests.pyd

Filesize
63KB

MD5
a8791e0a0ad2e6b46a1970d4055cd2f8

SHA1
fa2b78febaa32aa33f717ec80cf927c1458fee2b

SHA256
60408879cf762580884c394b4d7786bf8f18f707a6ba0587dd91acd1edb377ed

SHA512
643e83ccb1a5c69e9ec80e61e5e39740bbb32bee06d4bba99851f60592d18a17183e100e51f4bcd230a64eea07151c39107f84a444db47d0c8a96dbead1def64

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4112_133505194268333431\numpy\core\_multiarray_umath.pyd

Filesize
2.7MB

MD5
38d23b4fec7e4ae2cb196ee5a0895df5

SHA1
3694cab78ef7975744ddb795b6313760f10cc8b0

SHA256
1599ead18b71899e76d183c9c9c66bf987ef6e3e743f453f9f851fff16ec15ce

SHA512
be36ea596889ed833acaf27c291c8e14adfec9391cb772447016af633710ecd4429ac2e9ddaee88665ccd44d1f5eec8e044441211a81f8942ebe85b66ec8bc45

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4112_133505194268333431\numpy\fft\_pocketfft_internal.pyd

Filesize
107KB

MD5
2a83ff1140edc69a3601215cb774e2f2

SHA1
d76c5acea12b6d9d6a83ea6bc63776aa20d59fe6

SHA256
109e216ea8b51527f5fbddf50f6a53dcc6cdad1021c9fbb14a845b5bbf48461b

SHA512
13690c0c74a179c54c9ffc1222befd44d197eb5c358dd723a7f63d3111c3a8accefd68b98acbbacea1e46e45eeed076dc0674581eb4449fa3703ae3747b35624

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4112_133505194268333431\numpy\linalg\_umath_linalg.pyd

Filesize
104KB

MD5
808f3733eef250e5db1e2c54d19b245e

SHA1
09d06dc25ba8e9dc5a40f6412beb809998aefe69

SHA256
1295b5a32f96bac23fa6d8d401f7a2c189671d4e74912f8eb46e31163d7d267f

SHA512
d7de901c55079b23c25fa05c0da555c09756acbd4f4b6997f4a033de50c152ea451c65537735ae28bfeaeff0905d50de9d59607e5e1062ffcabb2137fc08131d

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4112_133505194268333431\numpy\random\_bounded_integers.pyd

Filesize
251KB

MD5
12fd56a03d0b9fa753adf8e9034825c4

SHA1
1272a3cf81254e2c1be4b63422a78fb700234dc3

SHA256
62e9b46e620437106838cf25eba512a88493b78d5cf22653b5986283daac3c96

SHA512
0b38efe7165b685a8671c7626f349c1df08a12e1c643c7ca3c6bb934c5092bd9f87ba37d8e85aaabe0f098420ed3c378bdd721a9cd65c25321a3257241fdfab6

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4112_133505194268333431\numpy\random\_common.pyd

Filesize
170KB

MD5
64f5222be067f64e90ea0c2e81e88dc7

SHA1
b07cc67686678390da7e50f9a18c981d616cb919

SHA256
c24d12418015ba9aaf51e29ed7db9947cd26a85cc11e9e548070df3bbf184c60

SHA512
ce25766170d13a6a13a5c424b885dcf41c19aef5bfd2f4326dc3f2d0535eb7de744f6f91a52b9187e523f0863c95c1a37f8e6027f15210ac45667ed7476763c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4112_133505194268333431\numpy\random\_generator.pyd

Filesize
683KB

MD5
dfc1b978dacf54764e4782187c8847f2

SHA1
8cad2751f3795e5a5837d0b47e9f2bc281743105

SHA256
c7a9c79277277777a6e3e4e29d805645899b04369f5be7bd7a44ef0f9e42fb67

SHA512
856cae6fb5a825501de05ff98d88a6556395d83d9cc4e14b90a67e7592428cda29c6a09594d59c0f3b66d96a1d27e055d9e5e39262d464a14aaed01bfa8bd779

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4112_133505194268333431\numpy\random\_mt19937.pyd

Filesize
76KB

MD5
64980dc592eadf758a5b4fdac62187ed

SHA1
40629a9d43d76ccf96ffa8f928a9d6608080bc99

SHA256
6957d7342a97306285a2c34b6b13b7b2864004a5f0de85bfde06c3206f1eeb77

SHA512
14226cee2a7886c846ca14dff972235c77b61b1dbb7689a4d8fb7adc2b930bd74012f0997893f211890ce1b5125796b4d88a3fa8801431173c841db4aa0a3ef2

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4112_133505194268333431\numpy\random\_pcg64.pyd

Filesize
82KB

MD5
e23c8a721cd0005850d743f6777bec27

SHA1
5c46c8ab457ce6a41f0ea7e13960c24a5c4623e4

SHA256
fb025909e2b353ea51105dc9de989def163f9b05960b3dff94083ceae069904a

SHA512
506aa91b1a504a90f259c617188067d9c9f7fe92c8de381a03114be02fb762e32aca4218fdaed757db65283cb932c833dcf3737c4634ec6ffd14eedbaa0c163f

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4112_133505194268333431\numpy\random\_sfc64.pyd

Filesize
50KB

MD5
0f979fa1acca2ba41b9dcc13d735e332

SHA1
f37d6995b76698a054c06c66fd8b6f3f6edeaade

SHA256
8365b3ab6e2420161220695e2c7a03f42dc4231f0ee84fcf3d6c0ef29931c986

SHA512
59849f82344b612b5130158dfdb4d058c69d4d6114d9977d4e134d1e11fb97a2d42f2fc76b224279196190bb7f8200d83d49b3e57b49ff46e37166bf76076868

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4112_133505194268333431\numpy\random\bit_generator.pyd

Filesize
160KB

MD5
297a47f657c9f50821bafa517878c3cf

SHA1
530ab4f6b9726fa0059c30d0bd46ee655f316ead

SHA256
de5b246a05bf9787de145171ef3510b93ac830fe7d538caaef97fc6e9339a05a

SHA512
40bdb881602ad047d3ce6d7e7c3ffb8f9c53f045544f58ffb7f97e83abf48ebcf69b53f4ff3454280c67903a3089a630bc9e1606e9aad18ce8b6e169a4cca75e

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4112_133505194268333431\numpy\random\mtrand.pyd

Filesize
583KB

MD5
314669ab10188b70f5e7042ed5014ab8

SHA1
fd606e37096de27f03127a2bcece024baa741f05

SHA256
f4021ebf9b822111d06c025a28665f95690623fa10752fc0e5ddd6349cc3860b

SHA512
838edc3d9f53c8e676ae78ecb0290778df77e779d446a1a185aea4ce4e4edc803a82cce8dab6df3ce8c5f221ffc445d3280d8787d9f1d4079b96fa146516da95

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4112_133505194268333431\python39.dll

Filesize
4.3MB

MD5
1d5e4c20a20740f38f061bdf48aaca4f

SHA1
de1b64ab5219aa6fef95cd2b0ccead1c925fd0d0

SHA256
f8172151d11bcf934f2a7518cd0d834e3f079bd980391e9da147ce4cff72c366

SHA512
9df64c97e4e993e815fdaf7e8ecbc3ce32aa8d979f8f4f7a732b2efa636cfeb9a145fe2c2dcdf2e5e9247ee376625e1fdc62f9657e8007bb504336ac8d05a397

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4112_133505194268333431\select.pyd

Filesize
28KB

MD5
fed3dae56f7c9ea35d2e896fede29581

SHA1
ae5b2ef114138c4d8a6479d6441967c170c5aa23

SHA256
d56542143775d02c70ad713ac36f295d473329ef3ad7a2999811d12151512931

SHA512
3128c57724b0609cfcaca430568d79b0e6abd13e5bba25295493191532dba24af062d4e0340d0ed68a885c24fbbf36b7a3d650add2f47f7c2364eab6a0b5faff

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4112_133505194268333431\vcruntime140_1.dll

Filesize
36KB

MD5
6e337d443990274b1e0ed308a1b28622

SHA1
0da718746f6981aae57d7043d87de8eb4c11859c

SHA256
6c1e531c25ab2934a4ea9970598bc751d924d7cc5650df3e1282b61d6cd24f42

SHA512
dcdadb2b763c9d82f26dfe745a6a6477f15bfa512dd34972ded1fb8572df85eae359fc012b2415258470780a5ccdee1eb75ff4153d7784ca9be228b0ed4da292

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4112_133505194268333431\win32api.pyd

Filesize
130KB

MD5
05e4b3b876e5fa6a2b8951f764559623

SHA1
4ad50f70eef4feaa9d051c2f161fbac8a862a4bc

SHA256
a52f8bd28b5b9558cde10333ce452a7d6f338ce1005a2b8451755005868e4a98

SHA512
5648306af7c056c9250731b7d5a508664294bbb8ba865f9dc06fd7216adf7b8cc31b1cfbc0175c7f2752680744f6546a1959e7f7d1ec7a8a845f75642ce034d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
7b92579b50e184d05308c065a9053456

SHA1
146bdc7406ff783555cd7f25d43ee83cd0a0ac42

SHA256
3fefd80e7643857823920ae03d494fce7f8a64555216b3d9baa6573bb3a726b7

SHA512
a06dea86a5c88d1d62d1efdfbbd1cfad4c666bbe55eba4d3ff3e61685fa6386565881c6368b5d0bbddc3ca206ecfc4827b9762a934ef906aa66a4b2b557a0018

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\datareporting\glean\pending_pings\53ac5012-44b7-4f58-a57a-7980c7d0f5bc

Filesize
12KB

MD5
ab52ed6a5b1074655d9e0c5efbf0e6c3

SHA1
44c545f2ad0c7eca5b673a1653b547befa43b317

SHA256
4d147faa0a7914d2a8a7e56971402d017d161bda4f00dcc21281eb071ac04898

SHA512
11555e4f991a6c782509f97ed5b49dc693e9a9267bb0af3eefc4e2ceb7cbacf76e5ee26245763761e3291286abe8751e95e5e7da9eb2d80be5925739265f5cf7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\datareporting\glean\pending_pings\774a27b1-bb60-421d-b2ff-b04be79ba72f

Filesize
746B

MD5
3027d0697859d6432d8a5a92f76808e4

SHA1
41fa64e5a66823a42ebf7925e20808c08a088598

SHA256
c999383250ee200f9774af6046fe02e123dc3a4d2bcfd5c4975ffb63d089d07c

SHA512
5fead351f277a3f06467263e9c8a4dddcc10485b4b15330d00271799e0514f7cec856e60e04e43933fec736faafb75a22d22e40790f4d5c0d00ca762bb2367f3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\prefs-1.js

Filesize
6KB

MD5
72361549afd858078b97988ec6cea409

SHA1
fb577ecc77c701b7707b4922f073af664754b23b

SHA256
9ba8364a71139c52b6c8ed507635049d39b47e05304e5ab4ddf27503c6fde5b6

SHA512
9df40ee81012d0f1c8c7f0453b40c2fa0608f192f879ec2f07620b45c7ed9493c9ed7deb6100ba3e850e0a3d07eda9943bf1ca277bb3b9e06ff27713f4814626

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\prefs-1.js

Filesize
6KB

MD5
d291ad436544b817c7ad3ebb6f7cf31c

SHA1
db2a242da58568696a9cc74dc053a0816825dfa3

SHA256
7e0a3fe38232c4fd85b1788b7e7a60375d677c0719d708ac0ee06b43babbf635

SHA512
d0b9adcd747d3889fe104c3014f0a93210852a025324cfc27dc833c49dea4e969f84f21c1db8702ddb3f331f88c7fd99033988f124d00405a4d3f9101a032edb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\prefs.js

Filesize
6KB

MD5
cf2694bbf6324ec06134a01b8449d6b9

SHA1
49144af65b2fb6e70021562e7ab43440a3f12cd9

SHA256
a48998ab5eba2c2227827437056ee3032bec117c7f504494ddd787bd9dea31f8

SHA512
1b81bbf00fd3c25ae9e92985e5a42ef7cdafd38ab5740cd0cc7056ed09f5d09a09493384a0d74d8a7ac22adb0bb73fb6876e1c0d021e23db951a520aa3e1ee43

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
c38a37dd64a347e434108876e20ad860

SHA1
e9a1ba26936a21d94e405920f81008a90375543f

SHA256
c14871afae8fb9c57137a2429e731a2987e4da03d4dfa46d804410d6e85978cf

SHA512
cf3b3a1d2ceb7bd37e20e128ff642229b915a4fdc639c9421fbde3de766674b810db1ef6ab3fa00003d4a452945d3e1cde5d7f2a44b3be573a05fd512014e835

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
49c275554cfe7a3749eddef67371ef73

SHA1
cfba33c579a4f690b7df42e67efd6430c2d0fdde

SHA256
ac55c352b7f348189b195e1df878f88e68b5e0e2c674ef5b55a9163e86eb6b33

SHA512
b4431b3f2521a4313e663a8422c6e420425b5dba43075dd3a9b03dc0c11266e5ec457b612bf18840fd8a47bb05882be5c0b35fff517d3bbf8efc8d2b6600fa23

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
c789e393dda8c7b825cc502372e2a1e2

SHA1
b264fdade64ec0d4b45a437d08db5f2318364ef3

SHA256
a4654036cb0d0206f6306a943b8de7dd8689dd6c208baa87126713a039f0a842

SHA512
c6a10249d398d935fc882e6323a3ce9b542b2f651d4d8dffaae92ce0150b18422ef9bf4f6d213bb556f4b8f4b329e6e855fe0c5b33182cbadc8a3664e36ed3ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
170529aeb63e92ca98263b810ccff506

SHA1
02704415eeccac4259eb3d22427d29214638a7dc

SHA256
7b332e4105257f974ef7a5f281c730efeca2869c46b9f2ff4a984e6e7918d2b1

SHA512
13aaf7d182c47ecdace757b5e51a5f7ec2685b2eb1106b4fb7e59f676db0cffd7adca251cf95a1498773d5435cd07557a9e67e6ca31f115d86376d6b305a5b84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
f64e7b91d00c4cf1dc2150ada142ea23

SHA1
de869d809ec060f32083b361e1b73f5306217226

SHA256
ea6b0e7c6629e2c1bca5683696a145d5164d0becda1b299ee463aa4497414f80

SHA512
07cc8685dc6df1728a580b9183e4c51fce5d2199bd47ec7a02af34d60e26da3b9cdc1dd8fbf5ba72943e7fa1eec2d9d17b83f556cf859f4f0e3a18608b7b8dfc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
7f88e0a6718974d2624b0e0125ab1e7b

SHA1
30b02fcc0db7ffd2eb0aa1ab71cce12066e3a3e5

SHA256
4540cae66e248163b8edf3a1259db3ed667a060cce33ad18ca13b98bc8ddd6a4

SHA512
6e1d2f5f9d450b981e05aaaf1976392093a07385ef6309c9b9b7a357c778689699561e207a062268a11b16408356d563be35af375a824831b5ac8ab896d58159

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\storage\default\https+++mega.nz\cache\morgue\94\{671fbb15-a11f-4039-9053-0642c1e18b5e}.final

Filesize
1KB

MD5
3efa9abd92666265dd81c4f4311a96f9

SHA1
41b6b716d67b93555e444cd453f3c6e3f8c9522c

SHA256
5066b1841e8877db31312ef3af86f9bc9234c95071119e025764f45241a4e2e7

SHA512
5961950f077501608a0f2975e7f69c483eeacc4eec4ac77fd650cc1131609501f87819f93ed23aa508a90426156abf038a859fac4112d2d4435bbb634027cd6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
91e2a4879f4a7d77b1152e53496bbfc4

SHA1
f22752151ef7f6758d30891a996b7b5c30acd97c

SHA256
198277a9823ee89020b45bdd52bf6c13641d0b7c9127ee1603b42cbd3ebc2fae

SHA512
3a27afe500c522face67427db3d6611608f058432874ae9ec438b9ef9fa9db4a0c2cef49d2d2c363f8dff56f3c68525af0f6bd3dde1e0750e0977c6a28644f87

Download Submit
memory/4876-90-0x00007FFC7EFE0000-0x00007FFC81096000-memory.dmp

Filesize
32.7MB

Download