hxxps://chaldaev[.]pro/парсер-друзей-вконтакте/1299/

Resubmissions

23/01/2024, 13:09

240123-qd7b7abdb5 7

Analysis

max time kernel
297s
max time network
298s
platform
windows10-1703_x64
resource
win10-20231215-en
resource tags

arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
submitted
23/01/2024, 13:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://chaldaev.pro/парсер-друзей-вконтакте/1299/

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3792	VkFriendsParser v1.1.4.exe

Loads dropped DLL 3 IoCs

pid	Process
3792	VkFriendsParser v1.1.4.exe
3792	VkFriendsParser v1.1.4.exe
3792	VkFriendsParser v1.1.4.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133504891545728749"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
204	chrome.exe
204	chrome.exe
1412	chrome.exe
1412	chrome.exe
3792	VkFriendsParser v1.1.4.exe
3792	VkFriendsParser v1.1.4.exe
3792	VkFriendsParser v1.1.4.exe
3792	VkFriendsParser v1.1.4.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4876	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe

Suspicious use of FindShellTrayWindow 44 IoCs

pid	Process
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
4876	7zFM.exe
4876	7zFM.exe
824	firefox.exe
824	firefox.exe
824	firefox.exe
824	firefox.exe
824	firefox.exe
824	firefox.exe
824	firefox.exe
824	firefox.exe
824	firefox.exe

Suspicious use of SendNotifyMessage 31 IoCs

pid	Process
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
824	firefox.exe
824	firefox.exe
824	firefox.exe
824	firefox.exe
824	firefox.exe
824	firefox.exe
824	firefox.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3792	VkFriendsParser v1.1.4.exe
824	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 204 wrote to memory of 2836	204	chrome.exe	74
PID 204 wrote to memory of 2836	204	chrome.exe	74
PID 204 wrote to memory of 2620	204	chrome.exe	77
PID 204 wrote to memory of 2620	204	chrome.exe	77
PID 204 wrote to memory of 2620	204	chrome.exe	77
PID 204 wrote to memory of 2620	204	chrome.exe	77
PID 204 wrote to memory of 2620	204	chrome.exe	77
PID 204 wrote to memory of 2620	204	chrome.exe	77
PID 204 wrote to memory of 2620	204	chrome.exe	77
PID 204 wrote to memory of 2620	204	chrome.exe	77
PID 204 wrote to memory of 2620	204	chrome.exe	77
PID 204 wrote to memory of 2620	204	chrome.exe	77
PID 204 wrote to memory of 2620	204	chrome.exe	77
PID 204 wrote to memory of 2620	204	chrome.exe	77
PID 204 wrote to memory of 2620	204	chrome.exe	77
PID 204 wrote to memory of 2620	204	chrome.exe	77
PID 204 wrote to memory of 2620	204	chrome.exe	77
PID 204 wrote to memory of 2620	204	chrome.exe	77
PID 204 wrote to memory of 2620	204	chrome.exe	77
PID 204 wrote to memory of 2620	204	chrome.exe	77
PID 204 wrote to memory of 2620	204	chrome.exe	77
PID 204 wrote to memory of 2620	204	chrome.exe	77
PID 204 wrote to memory of 2620	204	chrome.exe	77
PID 204 wrote to memory of 2620	204	chrome.exe	77
PID 204 wrote to memory of 2620	204	chrome.exe	77
PID 204 wrote to memory of 2620	204	chrome.exe	77
PID 204 wrote to memory of 2620	204	chrome.exe	77
PID 204 wrote to memory of 2620	204	chrome.exe	77
PID 204 wrote to memory of 2620	204	chrome.exe	77
PID 204 wrote to memory of 2620	204	chrome.exe	77
PID 204 wrote to memory of 2620	204	chrome.exe	77
PID 204 wrote to memory of 2620	204	chrome.exe	77
PID 204 wrote to memory of 2620	204	chrome.exe	77
PID 204 wrote to memory of 2620	204	chrome.exe	77
PID 204 wrote to memory of 2620	204	chrome.exe	77
PID 204 wrote to memory of 2620	204	chrome.exe	77
PID 204 wrote to memory of 2620	204	chrome.exe	77
PID 204 wrote to memory of 2620	204	chrome.exe	77
PID 204 wrote to memory of 2620	204	chrome.exe	77
PID 204 wrote to memory of 2620	204	chrome.exe	77
PID 204 wrote to memory of 756	204	chrome.exe	76
PID 204 wrote to memory of 756	204	chrome.exe	76
PID 204 wrote to memory of 368	204	chrome.exe	78
PID 204 wrote to memory of 368	204	chrome.exe	78
PID 204 wrote to memory of 368	204	chrome.exe	78
PID 204 wrote to memory of 368	204	chrome.exe	78
PID 204 wrote to memory of 368	204	chrome.exe	78
PID 204 wrote to memory of 368	204	chrome.exe	78
PID 204 wrote to memory of 368	204	chrome.exe	78
PID 204 wrote to memory of 368	204	chrome.exe	78
PID 204 wrote to memory of 368	204	chrome.exe	78
PID 204 wrote to memory of 368	204	chrome.exe	78
PID 204 wrote to memory of 368	204	chrome.exe	78
PID 204 wrote to memory of 368	204	chrome.exe	78
PID 204 wrote to memory of 368	204	chrome.exe	78
PID 204 wrote to memory of 368	204	chrome.exe	78
PID 204 wrote to memory of 368	204	chrome.exe	78
PID 204 wrote to memory of 368	204	chrome.exe	78
PID 204 wrote to memory of 368	204	chrome.exe	78
PID 204 wrote to memory of 368	204	chrome.exe	78
PID 204 wrote to memory of 368	204	chrome.exe	78
PID 204 wrote to memory of 368	204	chrome.exe	78
PID 204 wrote to memory of 368	204	chrome.exe	78
PID 204 wrote to memory of 368	204	chrome.exe	78

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://chaldaev.pro/парсер-друзей-вконтакте/1299/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xcc,0xdc,0x7ffa01819758,0x7ffa01819768,0x7ffa01819778
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1848 --field-trial-handle=1792,i,17963197106655937369,9543829241883951711,131072 /prefetch:8
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=280 --field-trial-handle=1792,i,17963197106655937369,9543829241883951711,131072 /prefetch:2
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1792,i,17963197106655937369,9543829241883951711,131072 /prefetch:8
  2⤵
  PID:368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2100 --field-trial-handle=1792,i,17963197106655937369,9543829241883951711,131072 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2848 --field-trial-handle=1792,i,17963197106655937369,9543829241883951711,131072 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4332 --field-trial-handle=1792,i,17963197106655937369,9543829241883951711,131072 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1792,i,17963197106655937369,9543829241883951711,131072 /prefetch:8
  2⤵
  PID:988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4852 --field-trial-handle=1792,i,17963197106655937369,9543829241883951711,131072 /prefetch:8
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1792,i,17963197106655937369,9543829241883951711,131072 /prefetch:8
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 --field-trial-handle=1792,i,17963197106655937369,9543829241883951711,131072 /prefetch:8
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1792,i,17963197106655937369,9543829241883951711,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4696 --field-trial-handle=1792,i,17963197106655937369,9543829241883951711,131072 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 --field-trial-handle=1792,i,17963197106655937369,9543829241883951711,131072 /prefetch:8
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1636 --field-trial-handle=1792,i,17963197106655937369,9543829241883951711,131072 /prefetch:8
  2⤵
  PID:3336
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\VkFriendsParser.rar"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  PID:4876

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4276

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3404

C:\Users\Admin\Desktop\VkFriendsParser\VkFriendsParser v1.1.4.exe
"C:\Users\Admin\Desktop\VkFriendsParser\VkFriendsParser v1.1.4.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3792

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1404
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.0.1923709111\238384027" -parentBuildID 20221007134813 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d188d60e-0ff5-403b-baa8-67b8fa8f1502} 824 "\\.\pipe\gecko-crash-server-pipe.824" 1764 1b67acab158 gpu
    3⤵
    PID:3220
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.1.1928084387\592489046" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {62bfbadc-14cd-4c7a-83c5-06938691f6a7} 824 "\\.\pipe\gecko-crash-server-pipe.824" 2120 1b66ea6fe58 socket
    3⤵
    PID:3248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.2.314671771\412274261" -childID 1 -isForBrowser -prefsHandle 2860 -prefMapHandle 2856 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {57949229-f197-4bc4-b1a8-50b057ba0f8d} 824 "\\.\pipe\gecko-crash-server-pipe.824" 2872 1b67dd14158 tab
    3⤵
    PID:916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.3.86279225\1259197579" -childID 2 -isForBrowser -prefsHandle 3432 -prefMapHandle 3428 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5548528-c2ba-4e60-9473-0a691e2c4d10} 824 "\\.\pipe\gecko-crash-server-pipe.824" 3448 1b67c5ae358 tab
    3⤵
    PID:1084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.4.1693028642\1252404790" -childID 3 -isForBrowser -prefsHandle 4076 -prefMapHandle 4080 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb7fbb76-4bd2-4517-bdbe-e6300f6016eb} 824 "\\.\pipe\gecko-crash-server-pipe.824" 3912 1b67f0c8b58 tab
    3⤵
    PID:3620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.5.2040925482\823761678" -childID 4 -isForBrowser -prefsHandle 4892 -prefMapHandle 3108 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b6f0c3e-b232-4c42-9b17-c69928f59272} 824 "\\.\pipe\gecko-crash-server-pipe.824" 4904 1b67fe5ad58 tab
    3⤵
    PID:2404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.7.889697143\1020694129" -childID 6 -isForBrowser -prefsHandle 5208 -prefMapHandle 5212 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {17a92111-8028-4399-a7da-0fd0a641e7f4} 824 "\\.\pipe\gecko-crash-server-pipe.824" 5200 1b68013f858 tab
    3⤵
    PID:3776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.6.337322814\308877077" -childID 5 -isForBrowser -prefsHandle 5088 -prefMapHandle 5092 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7aa6e4f3-16e0-4f01-a488-f57f48f8c4f8} 824 "\\.\pipe\gecko-crash-server-pipe.824" 5076 1b680141058 tab
    3⤵
    PID:3988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.8.857717106\668858612" -childID 7 -isForBrowser -prefsHandle 5668 -prefMapHandle 5676 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b9278e9-5e76-456b-b6f5-e12268c776d4} 824 "\\.\pipe\gecko-crash-server-pipe.824" 5692 1b682095e58 tab
    3⤵
    PID:5620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.9.375016897\184693749" -childID 8 -isForBrowser -prefsHandle 5944 -prefMapHandle 5940 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {708863b2-b3c2-4539-a3d0-eb36f6c7f97e} 824 "\\.\pipe\gecko-crash-server-pipe.824" 5952 1b682405358 tab
    3⤵
    PID:6016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.10.207228609\527079812" -childID 9 -isForBrowser -prefsHandle 6084 -prefMapHandle 6088 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9677983-80a6-4cbf-a58e-9bf1857bcc4b} 824 "\\.\pipe\gecko-crash-server-pipe.824" 6072 1b682406258 tab
    3⤵
    PID:6032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.11.956277046\1726485787" -childID 10 -isForBrowser -prefsHandle 3916 -prefMapHandle 1548 -prefsLen 27380 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7bb8121e-9802-495e-ac5f-82199895d417} 824 "\\.\pipe\gecko-crash-server-pipe.824" 5312 1b681b7fd58 tab
    3⤵
    PID:5988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
ab180e8b858e80e675df6a1a79dd1b6b

SHA1
afe6561061a55520c814a5d2e8f1b495f2c94d93

SHA256
c6daeafdf6979d2757429f6b2229f944fe996153c442ebc233edc017669f0de1

SHA512
eccbd3f27eb934ff0ac85ee74c7f12450db5cbbc6b292a59a5cf31918c7cd02318bc872b1df640a2a6abddeab10dcbf4a7bd5fb53919c82331b3f834dba6ecb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
e7e25c96ed27b2a11a5ace64a1101f9e

SHA1
abbce2258aacaee05b050b8cea43642de6ec3bce

SHA256
7bea72d92db25ed2463a3a5fcae0811386ffa6b75f751dfe69c04df75eb1c20e

SHA512
aae390b5bff30774dd3135e2ad3f777b8e4c8648f68ccfcec6850a905ac7c5142fdba7e4b5fdf2436251ef5dfffe72d7f5de20f3a2b466ecc4cbc290a997d632

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a83f055c536f170df7d27489b4877739

SHA1
3473609baa8867c69e3345672272050bb5f1e759

SHA256
0114601ab3d33b79f9896a3faf35ecc187a48c8fde82db6c5962dceeba16491e

SHA512
c58b688b57f3f3c1ec1e00d37e75036a7e36a653a1e436d9fc4dfa3de78b39ac937e0bf47e3d165ed1db12badcab5594d044ed1d0fdc458c4e8ee6961d38e4df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
ea164f01b6e8e0783d7ecddfec3ba057

SHA1
85a4dd0b680526740156e587be54a5b636f2a075

SHA256
fc6f0a21ae5053b3e9b52073553f5900c34776b347fc352ebefc959a2fe92e9f

SHA512
2e3ef51af8884d7c3dc233feb836e6a31fd410a9d3a2330d923619ee9682f6f7fbc4a1db9a93ebe03fb56deef36ab021294216cbfb1b176c59e821ffc0c94c66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
666bfac3606e9eec395363a80a5869e3

SHA1
487e5777cd0d9d112136c4713e50b9ec94595795

SHA256
d6ac2fe0a94a9f1f31d31aea61f6b484457e8e172b93d87483ef3ce15031c7da

SHA512
1f47277fc91495dedad19f0739e56051be05c7b340d417e9e48d33fa972f6dc793b2874cf1de4e7d41b878d1213b2b20c01026616a0259e4ce6b17621062798d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
5822421c47e61be21bffc9db877762c8

SHA1
796cfb51a82322e752aaa99f21ec5580a12eff2a

SHA256
7085acdebed7717701a9ce13faf6086664f956242926a45c2286a7622e8ac814

SHA512
e4795ce63233f05567fd90d3a592f591f78a0435596702a266c3dffbb17d3052229b7c74ab1d4132fe19054b36a6fbdb2d67ff67dc3e038d8cb892614df9e8c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b67d65f227c9783ed31c3885d8739157

SHA1
ec410332bfbc6f256a4ad7cf1bfaae25e55b469c

SHA256
eb238af780959b42cb2c44a6c9a34a1a0d1067ed97675fe89789144f0ca7244a

SHA512
a353a6de5ff25664c9381fe003edb4358f9777dcab84722b05eeb5af2425f72551cd0fd23bc4d543033c5a6c13793b97f0edec4fa05858c33ca6e9dd246b20c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fe358b9eeda8d4af43355b79dda10ddd

SHA1
063413c433a374a126c21b3ec5f2576c5fcad225

SHA256
fedabc3bd2105be7fe68b8d12cbe47cd5b6d6c253af7196d4751f6ea8b5624bd

SHA512
cb94ba89c61f4e0e722eb70b572f08aa7b222f1bd06e8fc98cc83cdd0b238d8a1d700fcdba678d08829416e8c5992c22c2f8a6f1ddaab4d040e7004b2854541f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b910704370d7fb54ad5c994afeaf0d2c

SHA1
3a13376bd1f09a95ca9edbbfa83bd132f7e87dc5

SHA256
959b33f7d837b4afd563a83ea2f9793273a1c30fc82c74647a8f07c3bc783dd0

SHA512
a535e64a3fcf77f96d21923c46c4b63ea15dce1814c1401cd45a9998ce818fb28f91c607e5b78c30756ce8dd2ab908d0582fb65023d3538718595667ce1406fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f703f087f8b3fed4488754fa8c3b482d

SHA1
0be7bed3b26a18b9ddce6816eb145794b361a452

SHA256
329068fcd6a91d92e2238dc41aa57d35926b70a06221388138777846550fb7eb

SHA512
6078fe3f1f45b6203a23efda25e02a916049ee42501e43df315c69fff03f5b7e957b1d623fd2234674262e4db06c080fa9745ccfd610746df4eb1527c415c150

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
46609f85bc07d180fd6ab94436271a16

SHA1
2cc77510bc89c5bcc414775c68e617515582339a

SHA256
66231da4cad3c987621c5517b8fd810d6774d1a5589fda9bd1fb357b89b4d253

SHA512
14f2f1cd353dd4b8c69e8e4046e6c3ae8b1adb7222e9a5df52ca1b602b6e51ea2ee23e665a6cc364b993ac0f56f7a20062360497933af3b9a81210d18f17fb0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
58a0f77ed0b6279c4dfa24e614406893

SHA1
f718ac8aad6eb11cb3fe96e670864712cd24a2d1

SHA256
87089309a1f71e4c5a1ef1206f47abe1e9239d5e5c130c40338a398c06a2c1e0

SHA512
35924c2effcba9baa460d6903c4e0225d984fa9e06f05c72cbdf5191fa1ec035dd2153671165bf1cfa5c6b5199e9a53eb70a7c678d1f23b11c96af2c28973e18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6ee72e98c8d29eb2a3d1af3331950747

SHA1
7b2b6d22624386ac3d018a8389c898d3f6286749

SHA256
9d0fd6d5b9ae00dc6f54ee9d92003e3d896f8572f2a3617a8c2cc064824c69f5

SHA512
94d66d32e735b4a8dc44684893a980f2a43238b6cb5c52775ce9b9efd3ff96533d940f0bc87c57de0421d2c131c4adea89b826719f1a3d0a79510488e67b7ee0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe578443.TMP

Filesize
120B

MD5
03db7867e6316db1dcdb077440d37f4c

SHA1
db928d29c76a2bd234d60b96d9021486dec3f26a

SHA256
b3d51537f5e821aa7f35329ba9f8703fe53797f2b5e049a0997a11f3a3a26427

SHA512
a19473a85ac40e19fdfe18f2a4887c47fdb5f7ac218a25e7fb6cda48c92256804b4c0039e6c50e3fb157f8a64df57969f2b23bb09c95bac34111cc17cd6374d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
8cb70118cf6676098bc8eafd48773d42

SHA1
4e128735a7f1b9f880025ef33e65b0396783d9e4

SHA256
99a36412b7da783a86a4b418cb7fb00981bf868dd077cc11e624fe97aecc9c07

SHA512
01f4283d20f5b13333070a3a6f516566ae7690b60020b277a6c57e36065549b5dda4d51cfbe2604c9543b43ebd7e4dd6886c0d945dc76de9fc4a58e3994b90ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
51563c4f8d18574fde731115f26edce5

SHA1
49488daa8d23a5e66f58f4f68688bb0808de262c

SHA256
9b8e351242489db677aded5db3db3daaf3040cab1b32cddbd0be6e0f936042a6

SHA512
74d4d1a12429c9a026189d1254923df8404d2aa33cab768e3d5c1f05465eb430f998ddc82b0a908ffed78d830f60d19e52b5879b4ede3cec835ca9eeb69ffffd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
46afbe069683195d42a4878b34e1376a

SHA1
06e5bf79fe1bab689d55f079a22937ccf9532582

SHA256
8eb05e12700f6e894e55c7e894f8db8ced66c9914844d628226f917e4ffd8e12

SHA512
b5b4e60c8fee09013676cda77aa9cd107f0c044b1750d302e2ce5ec3f72ba6b8620e71037a0391905b60be5c54b6ee99c899f879eb7f8580075506e1fa1fa7e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5ad562.TMP

Filesize
98KB

MD5
ee6afe5a170a8d9843f7aa9587957b07

SHA1
7706d6eeb89403979dbf0f92fe961420ef9a479f

SHA256
44bbf3a50a4b5565943d3e2cc3c0f1ba0d5d089cd888fbdcec5cff754a42f45a

SHA512
7c5adbe912a5afae199fcda9ebc44338722f760a4b8f6e96d714f05e7af14a42409c0f329d4645e3fe01312c6ec1224ffdd27d602e30e21957fbe86c41bd076b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\cache2\doomed\15630

Filesize
41KB

MD5
e1928e4c21bfc1e344cfa3bf0400c1c7

SHA1
d214830af9c96355b4bacb65bac91cfc240e464b

SHA256
57661b8de8951fb2537f8ca38e39c72061291ccd2a4c2b30918fb4459d4739f3

SHA512
2735ed52eb970e90f15081fd08b05fe3895ccb7b304c536102821a111fbd8f2641b7b90f4920197d3b4e05cd34552059de4177b51779750409a1e26431a69fcd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\cache2\doomed\17751

Filesize
17KB

MD5
c371dc7eecd2f73f4396083faf1ebce3

SHA1
3990ff210fad789cfcc6ec887f07c6a890aaf3cf

SHA256
53ed4bd8ec0d7ceb705f7d5cdd5a12d8cdc2404ee1c4e28eb8c8034ebe116509

SHA512
2cb1693aced9a1b67192def28b2dc82550cc745a441f92eb111044ec6a359ab2a281801759bfed64469e38513e598616a3ab8282105c32096e88ff1a238dac16

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\cache2\doomed\30813

Filesize
9KB

MD5
3162c1f62ee5e45f84396ab5e4f05491

SHA1
6475090070b9a6d6694b15256b1cf31d54635d64

SHA256
2a1e4c97047fb0f3206bad0ebbd621e977cef17a2943d6c01a39c2b421b95590

SHA512
ffbf79cdbb24098afd70cc0dedd9cf34311f9d41871df428c32bd46d789ad54d6bc4e7b2093eafdf568775246a0ac0ce1b86d310b8be95aa9956193c409d9d37

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\cache2\doomed\7804

Filesize
17KB

MD5
2a1de64f2f81212797713bfae6bde052

SHA1
6a0e1bf2c5dd81b09269e7ddfee655ec22c3e3c4

SHA256
d2f9eda49773a1de74b2100422552d7513976e675610c070273b3ab690a295ff

SHA512
d57b454f11a42e34d2ea784b10849030a9abd10e00095c6f5ebf54fe466fc5aaa7908fa07f5ff767e916b4c75d16b9fd6f62cf76787690da19836fac1ba0265f

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
4.0MB

MD5
df053074933ab3e6a2d4db2f5fd65811

SHA1
2b3f4af15db14c70be6bb8cf322ea0b6e1d1d4cf

SHA256
9e61bba6a67ca26c5f1d74ac09d33ce5bdd30b479ae2911d71c99ea57ab42047

SHA512
8c2cab3e163ad8a6627364ae7c3fe841dd99a99795551462f5ee66bba3d4071e240c5fa60cb757cc053a8c86bdd281d01f0b93e63677eca8aafe9604d2ae9724

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
162314e76ae8fb911ed57b7618dd8c9f

SHA1
28b80dbae3704a926785d6b547bcd51df0f5d2a2

SHA256
eecec9b4844e869b6c041e9baa7523aff926147e19c1aa3e4d539a5e18462c69

SHA512
947a4ea73645193bf20f25361c2427d1017fc5b3af1ebd25ea22eb91dda5992fbf797b693f8e54b460a70cd442b8446a4c9bfa85a3a35e3ed992725f4de96db6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\datareporting\glean\pending_pings\12dec6aa-79ec-40b2-aaee-bf6bb29c179a

Filesize
746B

MD5
b2952cdf45faa913e566b43d671e3011

SHA1
2a5d545e6fc65e8259b758c8097ca412bf2ce9e8

SHA256
2e8639380c3a1c6b92e037920f08fa3e6fe607196f1380c9e2cb9b612db2fee7

SHA512
837fa7b8e65456b9be4c4c7cb9c704fa6ac0b5439b32c781780b644096568150d5930c88e78eaf4c16d4e193d3a1a32c133b603cdc8d2f88fdba1401e996d79e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\datareporting\glean\pending_pings\9eeee0d7-b733-4611-a400-e7867df17191

Filesize
10KB

MD5
decbcbd76956175bacb73e14aff4148b

SHA1
ccb4eb7b1a0075a23b59e1ef45ba382cc324ee25

SHA256
4dc33b9009115124fc8fb793398c9f23e95f8d4487f59d2b17ff79ab19d70a04

SHA512
b8ae08fe9efc85d846d5da50692a793219da5ddc04a21a4d07c473ff67e65ccf89a57bb4afe652178cdaf06e86e5be7109e7f217f79889433895bb55985cb47b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
5.1MB

MD5
6e62384a0a9ce3901e94834e62b1d9a6

SHA1
16d565996f1f2c4ff71c835be4deeb655b611297

SHA256
6109fe552a72498e6d2df57ba0766d37533714c745261a41ec4e863d07ddd5cb

SHA512
6607a90488e1500eba0c10b7bbe2304a7ea25e3cafaa1f1e135ef1de31be121163b80901d61d6769146b3eb56a7d7e8c61f7517f1c858cadd3b918d53bba9744

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\prefs-1.js

Filesize
6KB

MD5
6dfaebd22089852af594f791c2a3aa13

SHA1
10446149c8a31b3d300518a91b4a99129450e6a6

SHA256
5cfea15dfb1ebd88be9dfa1a08da353d2d27d6d2bc741b6c62b6277ab9f3bccb

SHA512
43b8c07051e46d5327c13774f2a9e2c357e2e740ec3f84b8053f5dd74a43ee52d1be67ea64abfe69c25d19f6c23ae0ed3e547fb8654586da7fd6495a8f0cc2a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\prefs.js

Filesize
6KB

MD5
6611b6248da0c3ca029b0211d8bc2efa

SHA1
18d211f4305e0dd41d65e662222797286bc659a9

SHA256
4cedb4e2a99909d53f8d721f3dc83cdfc4221794522342f42cd717a3f3d8ded9

SHA512
3c84f8f60349087298713abf2116156af965b070fc3077db9d6731f3c69684b03f841521eda5c2be032bf246fc46d06befdc470679383ad5f1991c4776379af6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\prefs.js

Filesize
6KB

MD5
dd7c4f36fbffcd804902b9e9b3f7d693

SHA1
e25bf6cd6d56a6c0cf55a34dce08c533574a1e5d

SHA256
7cbde429e65ce18ef90e1b3c6bc76f06c0c61a667749848748d77cf857ad2ae5

SHA512
7eb663c35e2730bffc54b6f784a162a003b7eef47609920096b9e5c62800b4989a480b5630a9451b618102c777ac3ebf5866d69125dcae6b502c2e36d29e7cdb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
5b044c6408bf8e4a1cfe0fa71f7d2edd

SHA1
42e9e82a954099989c7f8dc0e2fbcd726f83f559

SHA256
f3f8be9eda864e81039f134a07f8d329526032e002ffec9600dd1f67945973ba

SHA512
2014dff5f55739d1ab2b1de6bc6f44014cff0c85719e51cb8cd97e55bd099b837bf8954aa2c3a35f3e8f2c1bab64763694a4b8fd15e2e60f52a472e8cb1b5080

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
8487535404b22c9b2974a69913a610f0

SHA1
85912ed12d3c44b914f0af4ad173087fe8324a83

SHA256
f330d0216038154ff9cd209755e0af0188910e08d90b1e5d41c98f8d540f13ed

SHA512
9ad73967637d58e49d34e985ff891a2d7cc0635f17a77fa75579dc910e15b2470cbbe3b91f8f72a2df1caca81e85c7b0de438d58d77ee9c44e9a42c9a5a30e92

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
9ce1b0bbf44c19bc520be3c6540273cd

SHA1
72ee6e1441fa3356fcd9527272c9e20d8868b782

SHA256
a684d56ea42d2696d5ef643a7b259620c6b4270dc5ebeb8818ee8f387b4f4a4e

SHA512
fa370c54fb38460d2c2c9a6d6d623522f15e6e7cfb7956ef3fc7a6f4b7f28df55e194ef7151029acd33e6544bb78914b249612d31e761ebc12abd7d1e8bac71b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\storage\default\https+++www.virustotal.com\cache\morgue\64\{96cc140f-bc71-4e71-b9e5-ff46486bd440}.final

Filesize
45KB

MD5
48d163952fe730c9f9a808113c42a0cb

SHA1
e2993085335694b034e5c3538dca699599dc2669

SHA256
9584afe0aa976eb185e636f5f5712bf8784b979a74ebc2a1774aaf9fe71265ad

SHA512
0b179511f126845d933fd76e4dda40d5a600f0a208a67f6096d18395eb1bda6ec269aea45e2fa39d32c81866415804c4ac8ce234a66204e56ddd1f13c537c199

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w1dhfpjv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
cce9aa2d663e6ce1db4bf06c64a0d318

SHA1
82a957cd007577c21cbe7e876f054cad3fc6fb4a

SHA256
8575d1ead68838c4a1d7f48157e4773a15ede878be4064b2c5fd70bb32218471

SHA512
b537881517a387dce0a768b97e3014bf6be54f5e357b37a6e5fbdc9fe536e271b3045e24a2c1e53442ec060e327976400ea281ad3901f5e52f07cb24e5948d0f

Download Submit
C:\Users\Admin\Desktop\VkFriendsParser\VkFriendsParser v1.1.4.exe

Filesize
2.2MB

MD5
2c691cac1f3e10adca49afe5d8b02f0f

SHA1
0845cd163ba2265bcc12aab0131d022e1ebbdfc0

SHA256
176b1ce0a60d3d61f69ac0c10febe4b3c6b3a53b5b73b0e46ee441e40fdfdc99

SHA512
2e4d749affe0f1df3a2eec9c4fa40ebe0dc2b14fbb70434154232bc5b0c29caeead30b95873ac963c25abe0f2a2ada9ec55ed8b3f2695861912151a7fb404737

Download Submit
C:\Users\Admin\Desktop\VkFriendsParser\libeay32.dll

Filesize
1.2MB

MD5
63fc3d04431e49ebf8e8974c70634636

SHA1
c81f63508f0b8a5e5fb6ea967b56f9285d6812d1

SHA256
5eb29b254b9ee9ddd7b831ee51c788dfe2a899c61dd5eb2684e83580ef4bfdba

SHA512
08c5539ef693d3e206226a869a2b28ea81c11971eb362fbed73a765dbfdc978b12fcac6083b1ef01e540988fbcc7fe3a0f737a381076c1bf2c40f59d1427667a

Download Submit
C:\Users\Admin\Downloads\VkFriendsParser.rar

Filesize
2.3MB

MD5
af3dfbba32aeb3057a688f4e64ff1da6

SHA1
b54f8eed2e2514053390c6173bd8db7725cf6364

SHA256
51e49e431435ebffd1c4e144814f41d2c22f6cb47194b13c6a076cb4ebd96813

SHA512
673516ec7435b6e74aada0e8593b9906ac7bfcf6da40176d475c4dd8e19a5990dda4201d80d3323cb21154a7fbfc8a92f915626987c6182d094dcf208e9e29d4

Download Submit
C:\Users\Admin\Downloads\VkFriendsParser.rar.crdownload

Filesize
998KB

MD5
ec8a866722dec3c9d7e9c2cf18d08605

SHA1
ac6972e99a3035ad69dc82752d4e20ff007b8b1a

SHA256
8d8968a066cc8f1e2b87ccf688d1ff52c89cb1e4e8119bef2e89ef2589f57a47

SHA512
1e58c58d3f06a3a12d723d02eb9814cf38e5e40672568bd3efb597db1e6bdbabf27c51bbf8c9d5747e748f86cc64159ac0b78d3f3b3c67105ee358df70b4c6c4

Download Submit
\Users\Admin\Desktop\VkFriendsParser\libeay32.dll

Filesize
1.2MB

MD5
cb211e472665d71eb95b23528349171d

SHA1
78683983c1ce68bc5b99d03cd5fc8bbdef11c2f6

SHA256
42e592dcd89e3dec71d20f0e67116c2ac497d307838e78b1693f74d968dbaf24

SHA512
761fafffc8d3303cc2c9aef71aeeebbcf689e2a3cfbdecf3d1496a677421964b7731aaa8db4228f01c616e58dbe759b0ca85f71d0d897bd8b94f645427a0afc5

Download Submit
\Users\Admin\Desktop\VkFriendsParser\ssleay32.dll

Filesize
278KB

MD5
2ad834075fe967f15e20fd6a7a91a2cb

SHA1
5f05488b6d4fc6708aa0bc55fbeb1d7d2d09bb5d

SHA256
94382ca853720af299714063127cdb8e787847a1f80f18c0d71df6477a688ff8

SHA512
091fd55ec195de750ad2582d12d11d7345362ba08a844b3240809a80d8ec34680a8477b0fef0cb87e274cefd96fbfba28dc71140b13dabece41249e2dbf486de

Download Submit
memory/3792-367-0x0000000000400000-0x0000000000987000-memory.dmp

Filesize
5.5MB

Download
memory/3792-269-0x0000000004BA0000-0x0000000004BE7000-memory.dmp

Filesize
284KB

Download
memory/3792-263-0x0000000000AC0000-0x0000000000AC1000-memory.dmp

Filesize
4KB

Download
memory/3792-494-0x0000000000AC0000-0x0000000000AC1000-memory.dmp

Filesize
4KB

Download