xmrig | hxxps://oxy[.]st/d/YcHh

Analysis

max time kernel
1793s
max time network
1799s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
12/02/2024, 13:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://oxy.st/d/YcHh

Score

10^/10

xmrig miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 63 IoCs

miner

resource	yara_rule
behavioral4/memory/1532-837-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-847-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-863-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-879-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-891-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-899-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-900-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-928-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-929-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-944-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-945-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-947-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-961-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-962-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-976-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-987-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-997-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1002-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1063-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1077-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1078-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1094-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1097-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1106-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1122-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1123-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1134-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1148-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1157-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1163-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1181-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1248-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1249-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1259-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1264-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1265-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1282-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1283-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1295-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1298-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1307-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1313-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1324-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1370-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1373-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1381-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1388-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1389-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1403-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1404-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1416-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1419-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1430-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1444-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1469-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1535-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1538-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1539-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1553-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1554-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1568-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1569-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig
behavioral4/memory/1532-1580-0x00007FF753570000-0x00007FF754073000-memory.dmp	xmrig

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\xmrig.zip:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	3672	firefox.exe
Token: SeDebugPrivilege	3672	firefox.exe
Token: SeDebugPrivilege	3672	firefox.exe
Token: SeLockMemoryPrivilege	1532	xmrig.exe
Token: SeLockMemoryPrivilege	1532	xmrig.exe
Token: SeDebugPrivilege	3672	firefox.exe
Token: SeDebugPrivilege	3672	firefox.exe
Token: SeDebugPrivilege	3672	firefox.exe
Token: SeDebugPrivilege	3672	firefox.exe
Token: SeDebugPrivilege	3672	firefox.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
3672	firefox.exe
3672	firefox.exe
3672	firefox.exe
3672	firefox.exe
1532	xmrig.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
3672	firefox.exe
3672	firefox.exe
3672	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3672	firefox.exe
3672	firefox.exe
3672	firefox.exe
3672	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4844 wrote to memory of 3672	4844	firefox.exe	78
PID 4844 wrote to memory of 3672	4844	firefox.exe	78
PID 4844 wrote to memory of 3672	4844	firefox.exe	78
PID 4844 wrote to memory of 3672	4844	firefox.exe	78
PID 4844 wrote to memory of 3672	4844	firefox.exe	78
PID 4844 wrote to memory of 3672	4844	firefox.exe	78
PID 4844 wrote to memory of 3672	4844	firefox.exe	78
PID 4844 wrote to memory of 3672	4844	firefox.exe	78
PID 4844 wrote to memory of 3672	4844	firefox.exe	78
PID 4844 wrote to memory of 3672	4844	firefox.exe	78
PID 4844 wrote to memory of 3672	4844	firefox.exe	78
PID 3672 wrote to memory of 4760	3672	firefox.exe	79
PID 3672 wrote to memory of 4760	3672	firefox.exe	79
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 224	3672	firefox.exe	80
PID 3672 wrote to memory of 2032	3672	firefox.exe	81
PID 3672 wrote to memory of 2032	3672	firefox.exe	81
PID 3672 wrote to memory of 2032	3672	firefox.exe	81

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://oxy.st/d/YcHh"
1⤵
- Suspicious use of WriteProcessMemory
PID:4844
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://oxy.st/d/YcHh
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3672.0.517854913\1276788856" -parentBuildID 20221007134813 -prefsHandle 1756 -prefMapHandle 1748 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {22a81c7a-70b2-44a3-8258-aa6092587d91} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 1836 264b2bf6758 gpu
    3⤵
    PID:4760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3672.1.1578653035\849456765" -parentBuildID 20221007134813 -prefsHandle 2220 -prefMapHandle 2208 -prefsLen 21563 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bfd73f3e-9c9c-47a4-9644-4700240a78c0} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 2232 264a6b72858 socket
    3⤵
    PID:224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3672.2.490804439\38269248" -childID 1 -isForBrowser -prefsHandle 2888 -prefMapHandle 2996 -prefsLen 21666 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9d37c36-2fce-47fc-b297-49e57a039dcf} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 3008 264b2b5d158 tab
    3⤵
    PID:2032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3672.3.366306488\633634392" -childID 2 -isForBrowser -prefsHandle 3520 -prefMapHandle 3516 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {31676c99-f062-4b58-8b51-0e6b95721e07} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 3532 264a6b69658 tab
    3⤵
    PID:2332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3672.4.2135854313\236117661" -childID 3 -isForBrowser -prefsHandle 4824 -prefMapHandle 5044 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5663fc25-7263-4144-8221-ca4464073612} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 5156 264baf4f558 tab
    3⤵
    PID:2860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3672.5.1982754736\794924433" -childID 4 -isForBrowser -prefsHandle 5384 -prefMapHandle 5388 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e0abf55-a6b9-4a4c-909a-60e7f764ce7d} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 5372 264bb19c058 tab
    3⤵
    PID:2040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3672.6.926833661\1379000490" -childID 5 -isForBrowser -prefsHandle 8788 -prefMapHandle 8792 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {14bae8cc-153d-4433-b254-e7086d9cef90} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 9728 264bb0a7b58 tab
    3⤵
    PID:3164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3672.8.1157525566\1575074209" -childID 7 -isForBrowser -prefsHandle 9400 -prefMapHandle 9396 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ac7eb35-dc08-48e7-9164-9dc1dad24ba9} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 9412 264bbcc6a58 tab
    3⤵
    PID:3128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3672.7.327511187\939774502" -childID 6 -isForBrowser -prefsHandle 9596 -prefMapHandle 9592 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {912c387d-e617-4133-af89-2d96afa8ed81} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 9604 264bbcc8258 tab
    3⤵
    PID:3560
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3672.9.453646134\1975879563" -childID 8 -isForBrowser -prefsHandle 9548 -prefMapHandle 5760 -prefsLen 26379 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73155422-528c-42d7-84c8-93839718be7d} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 9524 264bbcc5b58 tab
    3⤵
    PID:3464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3672.10.798894370\181752081" -childID 9 -isForBrowser -prefsHandle 3500 -prefMapHandle 3496 -prefsLen 26379 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70dd1301-a609-4012-9422-43e769ca584c} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 2704 264bc724158 tab
    3⤵
    PID:2656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3672.11.452862876\1613182223" -childID 10 -isForBrowser -prefsHandle 4696 -prefMapHandle 4700 -prefsLen 26379 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {992fb924-8981-49ea-902f-dcccc1d13d11} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 4688 264bbca9958 tab
    3⤵
    PID:3580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3672.12.579098144\1171600128" -childID 11 -isForBrowser -prefsHandle 9068 -prefMapHandle 9064 -prefsLen 26379 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66680feb-b8ba-4bf2-a371-3ad4b2722711} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 9076 264bc5d0558 tab
    3⤵
    PID:4396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3672.13.1493588632\134806607" -childID 12 -isForBrowser -prefsHandle 8720 -prefMapHandle 8852 -prefsLen 26593 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3cc2f893-e307-48c8-8ff1-90e2c8e7830f} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 8848 264b2ffcf58 tab
    3⤵
    PID:5204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3672.15.944399035\449741987" -childID 14 -isForBrowser -prefsHandle 8392 -prefMapHandle 8388 -prefsLen 26593 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {56914f8b-a643-4afc-94af-a752d6678c21} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 8400 264bc893258 tab
    3⤵
    PID:5220
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3672.14.701643968\478670210" -childID 13 -isForBrowser -prefsHandle 8580 -prefMapHandle 8576 -prefsLen 26593 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0335f3cf-17e0-4466-8eb4-e7e57ecbf823} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 8588 264b2ffdb58 tab
    3⤵
    PID:5212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3672.18.1341068676\673461114" -childID 17 -isForBrowser -prefsHandle 5520 -prefMapHandle 5528 -prefsLen 27335 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {691b9248-f61a-4dc9-b678-7167e90c039e} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 5360 264bbcc7358 tab
    3⤵
    PID:5544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3672.17.307360348\731149261" -childID 16 -isForBrowser -prefsHandle 3360 -prefMapHandle 2724 -prefsLen 27335 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c36fabcd-7212-4281-bed9-f799a93f18c5} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 5628 264bbcc6458 tab
    3⤵
    PID:3476
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3672.16.1865177796\733450924" -childID 15 -isForBrowser -prefsHandle 8504 -prefMapHandle 8600 -prefsLen 27335 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {379b13bf-6ee9-4cea-b641-abb739194e71} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 8436 264bbcc5b58 tab
    3⤵
    PID:5272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3672.19.1258520732\31430834" -childID 18 -isForBrowser -prefsHandle 9004 -prefMapHandle 8572 -prefsLen 27375 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42a97293-c9e5-4c2d-bfe6-daea7b97e116} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 2884 264bb0c9358 tab
    3⤵
    PID:1596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3672.20.752794483\319079520" -childID 19 -isForBrowser -prefsHandle 5516 -prefMapHandle 5452 -prefsLen 27375 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6703d152-d1f1-4247-8dd1-f8e18a8d3b88} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 5444 264bb19ba58 tab
    3⤵
    PID:6104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3672.21.1489480635\351471279" -childID 20 -isForBrowser -prefsHandle 5412 -prefMapHandle 5324 -prefsLen 27375 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ce31b1c-d632-497b-b3ab-99e5c5e7cd8b} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 9268 264bb0c8158 tab
    3⤵
    PID:4872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3672.22.1849834916\961682737" -childID 21 -isForBrowser -prefsHandle 9684 -prefMapHandle 9696 -prefsLen 27375 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c92ac373-72cc-485e-accd-909f4cb93228} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 9648 264bb3e2b58 tab
    3⤵
    PID:4980
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3672.23.421385772\1304082771" -childID 22 -isForBrowser -prefsHandle 7940 -prefMapHandle 8784 -prefsLen 27375 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e11aaa9-b847-44bf-ba95-ee0fe4901a72} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 7948 264bbc4fb58 tab
    3⤵
    PID:2228
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3672.24.2034721796\301177273" -childID 23 -isForBrowser -prefsHandle 5208 -prefMapHandle 8164 -prefsLen 27375 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {565d8511-c67a-447c-8882-6544fb6f3a31} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 7908 264bbc50158 tab
    3⤵
    PID:3376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3672.25.836230018\1223025619" -childID 24 -isForBrowser -prefsHandle 7892 -prefMapHandle 7792 -prefsLen 27375 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4221081-55ef-4fe4-8c8c-054e81c2fd8f} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 8040 264bbc50758 tab
    3⤵
    PID:2888

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3156

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\xmrig\xmrig\pool_mine_2miners480K.cmd" "
1⤵
PID:2100
- C:\Users\Admin\Downloads\xmrig\xmrig\xmrig.exe
  xmrig.exe -o xmr.2miners.com:2222 -u 483gLHmdb3AKeKd4D4c9GrhPvCcJ7Bg8J3Jo5rawpnkTMXKQ9u97PW3XDN9L1VQdch3gLSuyngvpobGQz5MqXMhR11tvo36 -p x
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:1532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dqzncde8.default-release\cache2\doomed\11451

Filesize
22KB

MD5
ec870ced963a3dc15d7eeb933fc0748f

SHA1
ebb330a0c10f8a8706bdf842aecf91ba55d5dce4

SHA256
682e91969efe26bec3c58c284ce3b9ce490ee6b9eefc0aeeb884943b0ca80303

SHA512
04649b3437ba4f7049e0309cdefc1fc49b134210b45da2c1e0f4799261d97cb8e77c7905c8e5c66bfb81b6ec97476764da0de134280a077265e6c5444ae98947

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dqzncde8.default-release\cache2\doomed\11572

Filesize
8KB

MD5
7d1f3b6787cf41dcca7a250027e82429

SHA1
7d44b071ffd117cc71e6f575247e95bbb4aac795

SHA256
f9f60dfe6bc7f3d17b2908844dcf7ea9e34927a83d256cc38b449ae6830ca2be

SHA512
e6c885cc6638f360a714ebbf14ed0f8cee1e72b7dae6b04c7838290b3b68273a15681f5ef23031f89ec2361d938e21234c1c21f5fb71e2f82a879ba870d02b62

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dqzncde8.default-release\cache2\doomed\13573

Filesize
8KB

MD5
d4db0608e4166d1d85131cd83b559acb

SHA1
73d68c16953df7fe93a3f5549456305189eb78bb

SHA256
f1022acc29fc43bbe9a9fc1a47386ac5300cc6b34bf3058948d343c4b50fc268

SHA512
442859f2f5bc2dd83e4f363831546099f43da38641bce6f6b80932fa59849aa579a2e9e20fd90c4ce692fb3b4685565b8d37e7b70bbbf62d5331e37900da67b6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dqzncde8.default-release\cache2\doomed\13798

Filesize
8KB

MD5
05be66f04a151dc153f9a966869ce3ea

SHA1
84b314b8d7f19088555acf90790049ffb4385bc0

SHA256
b460d2b8d3e0b0817602f41883f2a0886b121c49581e82d23c03f5d878fe0738

SHA512
530c474f85307196fd33a4269aae24ec7692c30a341175d29e8700126a2c3de452c54269996440a12eabc0ecd43cb86ef65f8d0aa08d87e3704c3523c57133b8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dqzncde8.default-release\cache2\doomed\14040

Filesize
8KB

MD5
9b2e117d0af5b2b2102b697b386b2e4b

SHA1
1a7e6bd5eb1d0e969a87e6dd4a4b73234f1c53ab

SHA256
679d81987893c866f8274792e2e353c2656d604cb7acbaf5a53fe4fc0f53468a

SHA512
16ff0974eaadf0e738d0052b6fb9b62c776250f6b27a4442b41762a48fca9c2644c8dafbf47a20377e0a66dd596d010cd840e9316fe9d46426e3eb7438b543ba

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dqzncde8.default-release\cache2\doomed\15236

Filesize
8KB

MD5
10e8ae4e8e31d682e4a23f82f030f059

SHA1
2893ddae76cfdb685a5ac5a4719aaae51418e61d

SHA256
d4d352463c5d287936cf686fbddec5ccd003641a02b15a8227a812c2712d1eac

SHA512
b7e35c19665c4b6c16732e93022433d5706860c141f14ab857b5c18742a1bdcd3923820f013130e2b392ede835fe5a7e1f4db1d14448c248037e739355bc7650

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dqzncde8.default-release\cache2\doomed\16524

Filesize
8KB

MD5
edccf3e53f17cbcf925e5991c0a0113f

SHA1
c408a403203d261fa64ceefbe74ea18035840d5d

SHA256
e41df2757ddd0073ea42e05be08f3bc5740e1bc8cf7f77b322c81dd5c97cff46

SHA512
35a73d31af06a8b629d0bc3cb73c20af904e4811c3d4ba56d4e4f3d3c92bc13eaffbc92d8ed0e25b74ba1f8559d5f0ed7d49635f25767b159451dcc90c547277

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dqzncde8.default-release\cache2\doomed\16619

Filesize
8KB

MD5
937a9a9867a7427c18180b0db480ba33

SHA1
4d422dec3fb1d0229e3bd456578068e1267b09b1

SHA256
560154b6bd7b4c8f1a58146fcc143cf941710b5fddd875585dccba9593c07592

SHA512
670b23d7503ed2d14d80a8dd85f8b29f84025460fb3e9b7c5271d6cbd8dc0c27660648cc07bce8ef93a22cfaa5e8ec216526bee438a355d992830a3c95a53711

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dqzncde8.default-release\cache2\doomed\18204

Filesize
8KB

MD5
d4e9d2cd13c2fbcbf86e47bfa81bd7ec

SHA1
eaa533404a07e68aa3f5286eff38a27644c28c84

SHA256
303240ea02e36efed222021656649e52a35b4c20576919027da23d98fe2f9b47

SHA512
483fbe5687c27c1cfba462f5f69637574570062eb72dafc50974d0ffec5fde631e5a45bc979cb901c85b1e134e75218ad0d9b1c7a957decd51042ed03cde193e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dqzncde8.default-release\cache2\doomed\20217

Filesize
8KB

MD5
23a9b6359c4dcfb17c70ab04be427feb

SHA1
c34f82a2f346e6d6f38a64614f23e9d4476082ea

SHA256
e4dc5810546001d2767222091f01186b313db7778de19e85e5ed143b82c936dc

SHA512
f490bdfae594ceeaa4a21ab349a72d2734964b20004f522a45b447e60ff6dc9f84993c584b8bcf8f01e94080cc6922ded02a9900e037e691f9bef8c2dd29482b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dqzncde8.default-release\cache2\doomed\24398

Filesize
9KB

MD5
8a701492010d5bc7ffbb8b4da75811d6

SHA1
d03f44bf900db1b703ca9d37949e9285286dc675

SHA256
00f4aab56d2587f5af6957f99fb0d44377a1ffd883f487b2da07ee7a062e5a62

SHA512
4535f6a2ad70c9437707bc9a48fc41d2f4a9c4d9439aa4518418e71262ff8b205065ddd8daf6b805089def8dbd64d773438ad32342a30c567d0b818f353fb9f2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dqzncde8.default-release\cache2\doomed\25656

Filesize
6KB

MD5
55f0ba3dfd4d35bd1f2aab0e156d093d

SHA1
027ca79022892072072a9dc0ce7c9ac516a759ec

SHA256
7ab7f43498eedb2358d1c650390be28323ba7c1855a9763af39508b5ed1b7f4f

SHA512
d123f417dd8560838f130a1c86214d69438c60bc32e300b4e25a811e0c4ecf57d5cc70ec145cc142f50198b7b8d076ee3ae53b857af72f52f162c214d6e87f17

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dqzncde8.default-release\cache2\doomed\26340

Filesize
8KB

MD5
2a7f822a8f4cb68a659bf6ca72c5eef8

SHA1
2b8499d2cbb69a11a6fb92d261ab340266565213

SHA256
82f69df84743225703950d726b97405275930ee974349f8269de730f8f2fee8f

SHA512
a3a4e0a40f3368bd68cd0309bc78cbaef95306133940cf33f23de2ce6fa66866f8997131ce7210c8d81fe91075d1862790fdff6fb8dab4b21233d4306fc4e4a7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dqzncde8.default-release\cache2\doomed\26636

Filesize
8KB

MD5
7d1877cca540f14f02ed4b92f63d2fb1

SHA1
61b7c3a9f2cfd79a62d92b3632e89f1b72db5ddc

SHA256
eb336484ee75b4ac540f785ce7d3eb5ef8844774f2c6f96df65d02008115832e

SHA512
326510d6cd535c1111b0a1d1a81852fa5840738ee82d44e9a2ba679c1d43b54fd7578da1095845f8563436a8000c89f18775002c6a1d9ac6b3d8f9bb4fed7c3e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dqzncde8.default-release\cache2\doomed\28422

Filesize
10KB

MD5
2e66153c5f48ed51bc6704c400b213ab

SHA1
0f7ebb60df32adbb0bde08ff3cc2c6bbc7487aab

SHA256
2d48112c0454b2684c764ff9243bb431a1e35ae2efef03ff8b387876b73eb7fd

SHA512
d4f4f56ef58a2f6dbe208fc016e6de1ee05d39980a17208741c38212b856751ec8fb119d1192a2bedef93a07032bbbd79989196dc87adf4ed2e0807a34a934a6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dqzncde8.default-release\cache2\doomed\29606

Filesize
8KB

MD5
cf4cc27e77d6b574949bc7a77f92c8dd

SHA1
0847c82dd477fb4f99092f424216e2be83800377

SHA256
72285f42d84e5a3ac33f7a6522f227f93de1c270281a4a15d9c87530478eb5e6

SHA512
714b4a9caa5de40dd51bd903832d1f866a8da88dfb6920c501ef825398e19086247e36c82c1af888add2de314c814757d0171b42ac90f5d1716369d37085049f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dqzncde8.default-release\cache2\doomed\30840

Filesize
7KB

MD5
c8dca9423aaf683c22811f7158ea42e6

SHA1
23fef541b7d6b651dbd5881e37fbcf09b1827df7

SHA256
f40b8b23ecd417f85d68093c3d3755367137b3dd1d5a0c2dbf109d6617bf88e0

SHA512
41a7f5e9bcb37c6b4f35f11b746f07da2fbb95d0a4d1d46cac77938a5cbfc2692c48f1e249efec8f50dccee408485512c116b9fc46588b95e4c65feabf67770a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dqzncde8.default-release\cache2\doomed\31122

Filesize
7KB

MD5
f3ee66d6c6116f3aded5e1ef1c1dd648

SHA1
4075d74d164f1397fb4c45e496c31f8fec720faa

SHA256
39680b1d34c9ca847dd2319218a7cef5643efc1507423f8ec3e7d010a2b468ed

SHA512
a6c9b99f500f5a804fc7b1e55e9828ca8784ede82ea9edaccf60d506e478d4468072694c4abf3b79f4ee9b1069dd0e1f482a59ec752dc2a50ec8de8b99ca947f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dqzncde8.default-release\cache2\doomed\31625

Filesize
7KB

MD5
ae185b80a39f81f6d1fa981bf03df80f

SHA1
f08710a58afdd077275fca2237009f0a5181ab99

SHA256
bef180a823b227321bbb2438116f0a4562fa8b32ae04c10bb05515f7a549be5d

SHA512
6eba8162975bfd27fdaa0ba08c015ee6a014bc417c17c67f6de5572b59fa870123fd5202d88a08d53aa6088c55707086d513b2d010dcccb76b9121c56f382072

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dqzncde8.default-release\cache2\doomed\4349

Filesize
8KB

MD5
6396f8d6c50952c8cb39317abb19c87b

SHA1
6e819920385f8a5c567bd83e9614895eeab689c2

SHA256
3039377c17d29c5ad0c50847b81d1ef203fe4f0d36210967cb3de65e8a9bedc7

SHA512
9de08d3efd3feabe8b12c87527c146079edfdf4f9ff802cda595017464b892e40ab056a5a844690b411888aaa2fbc933c711d2c7f499032844e3c29fd32c6afd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dqzncde8.default-release\cache2\doomed\7154

Filesize
8KB

MD5
5d8812ba0029fca62f243995acbcfb41

SHA1
ab0992281f210050d45baefb6e31696c575f9c68

SHA256
e6f5564c47d5e1515406b9fe15c48d7f8f929213d4c2325a9bf83eeb9fdc283c

SHA512
271655278927d4ae82127ef034bf9bfeb233d20279f46ee8e8002eff9a76b05e7cbf1b1818072ac573962f967151b12430ab591e82c05122fe82fc9a92b9fd1a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dqzncde8.default-release\cache2\doomed\7828

Filesize
7KB

MD5
3d20f615dca91134507751b2d44a5531

SHA1
c63ce6ae10b70ff9fb012cdc61166c6ae89c5430

SHA256
954971847aa0e877cfa95d29c8beb1c804c4e4306f31e96d102d197250ee8132

SHA512
ee29d3d2d8851d1ee320070f0bee0fea6252e5821d5742b71b2ab532a0349732b91c6e2229ff0293b8df4c9f19763290450522f04d3a9523cefdac7d4e3e4842

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dqzncde8.default-release\cache2\entries\13EFA2A0AEBD2083A85C899358878A2DC2AD7C54

Filesize
41KB

MD5
9da91872bd5101fcbe445c8c7ff650f8

SHA1
fe62600e988fdd1074dac9da1477e82f34046e05

SHA256
1fff0a0fa9880f0a16b795b993f301b97dd1f7cfcc7b32940b547279f2c4c6cb

SHA512
43b6ffb972ca6762baaa4f04f3c82f90a9cf19e6a7f85e42de93363a009e3ab6d96e81559690cb02d08a34d0ea312fac78e3ef44295d734114b7842769a884c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

Filesize
3.2MB

MD5
c62fa839f292cdc5f8f5ea0a3046eb46

SHA1
1cc23250dee26bcf0dceaa4f29105b20f2bad692

SHA256
7455acfc1b67a788270ff72bc557b3fe1cd8a9178ddc50b1f97ff595beabd873

SHA512
2316a3778eaad2f94294e8fcda1ceea7717832bc290afa5289772513aea449be982e86092e5e31692150a063c6060f84cf96c5b5281395b560074adb69219d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
11KB

MD5
05ccfe37d50ddff0505f500e2de78f61

SHA1
9b9034341537afa3baa3e11293e70b6250b3981f

SHA256
8961b8b48c06521457d0f0eefeeb31e8adf989a88a21a02d5fff1beaf0ae832a

SHA512
5b8febc7263899ddabcd6a939a03e493f3874548ce28a4182b9b50110b3fb0b745169ce68bdcfa7c12db963cbb27875fe45f516a777c331ebd4be6e320d9320f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\AlternateServices.txt

Filesize
1KB

MD5
fde3e2b7ecd457de6f40d0d4913b9d23

SHA1
0aa7490334e5be0cada02606d840c01b944f651d

SHA256
4c25ec328ddc85b7ffc6aa685a5428880554879d04c33c787267cc3e4a76002f

SHA512
5eb669b82617bb7c572c26ea40a8bd0bfc620fe768a1ca0c67634ca47f1eb2ab6fb3d05edf113089b2b1bf2a0275c5dbad440a3bd2d9a2d34681dd6754050914

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\SiteSecurityServiceState.txt

Filesize
372B

MD5
8ac24f46f486bf41d1220289f92a16d5

SHA1
7affccccdd334786c9c4b48d81255171cb81056f

SHA256
0dd01846b54b446eede9963f4b746e2a867ca37b974af08a1b3147eb2e9343ec

SHA512
8664d8c33c2bcd3e83333b4eb3a488aa33fffc2d44539fab02612c4faa7212bb885e291a32173dc979e62ac6dd896222491760ab73b7839d3462049facb63d1f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
240ba8559eb2129c9de23ef68fb49e6d

SHA1
bc37cc5e3dbe368918d503e4304aa90006fd99d7

SHA256
b3fd0ee397e7e3214cf9076f4fc07e22ac7c89c1f15e3dbf2fdfb4f9e697b1ec

SHA512
ca97992adceb23b333c4c8fa57c28177fafe69a2472a774907a2119111c906f2b97552308c572e78abace3e1f7a61cf402f46010d8664f68b3554b2792aac7ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\bookmarkbackups\bookmarks-2024-02-12_11_zumuf5BEecglHtr+JgNPRg==.jsonlz4

Filesize
941B

MD5
a15899d0f3d98d49a19b5c537e680c6f

SHA1
824710cff0de63d9c0b6e64c39087cb8fc0db682

SHA256
003efcfc372a27f8a19308a4bcb002fad394da8df2eaa60138c6d7325eaf3bfe

SHA512
555b9dcb71b7b69ec0a89dfb2a67e9a2b7b271c9d8594ed4c4eedf9721464a9cd123e3706a2081b80b656dde6183680a459c1232729e22e8067d3b99478c4165

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
a036e208be1b23e4b427d644a3b21ab5

SHA1
8ef0a6e3cdc2c290b02b558cf327cb39dbac474f

SHA256
be162ae7dc799c6a01555fcc019d10f855066f009732d9163efee423ea9ae070

SHA512
d8697f7c8f11ffd32b592bc98a66e3801a90b0fd5a6e4aa41901ba447bcaf61e72d45a522c73c7e0510243549d667a0b02bcf922f5a8a4bead9bb702d7f898ff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\datareporting\glean\pending_pings\68574b9f-caac-45d9-bee5-fc59d8aea2f7

Filesize
746B

MD5
a67ce49c2b090243f771c2c02bd3687c

SHA1
9e39841a1fc41a555fd17d19fadc7a02a25d1530

SHA256
eab224604dc832013a90f2774c7736dbb2d525eea4986608c4f05c09e69433c5

SHA512
f3f7cd1d59d432a7880e7fbbf1e32b3d324c066da5a767fde36933ef22d0cb465844cf00dc4b4f391adb94037614b1c8c35da6f08b80444e0cb3194340d6e72a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\datareporting\glean\pending_pings\c5f667a8-9c89-47bd-b073-15a6cccd8579

Filesize
10KB

MD5
ee4f46d95b0afd135e64e6bd6fdf6ab8

SHA1
eec2d29dfe0cee4ad5adb61c799e095a3e8e4193

SHA256
3239d76239a3965d27c80f0e2e137e76db99f3e4a42cc8bb21ff3368ee7c36e4

SHA512
3777755ebba356e64b756a0bd47964a7c1eef907977a8ce8f2aafb595d8f42468b3411a71950a3ac6a1046fdd95a5ac98f3a52bd5a4978145fa3ba69d8833249

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\prefs-1.js

Filesize
6KB

MD5
d98b3e0e94d15bb42763b20af364252e

SHA1
be9562ce5f85108781fcab63e89644f70e6b6c7f

SHA256
19592b592d3278e010ed7ebbfef449ccd95ab6af5be07811d4098b3406137509

SHA512
63c2a4d9ce574e8c779bd3bd09b1f3ffdcaaa73be0c66e8c0b504da2e7e670013f80f525504ea7c97bcc2855b7860aabd434a7eb7bfcccadfc6382105723f45f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\prefs-1.js

Filesize
7KB

MD5
1f681039841f819eeb939ffc5961054b

SHA1
fe1e6556387dc45552e1d13fcccdd3b3b80d672a

SHA256
e8fa5b85d27b687286ddee68673679b0591517c9bf53331464b2bec212cbc2ea

SHA512
eb9870decb694b4df4184d9a4b71cc681165a814600df2c13531c338469933022cf8ccab18acda6d128a48a0149f3ec5ce225ab3095658f42202e9081e03ca2e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\prefs-1.js

Filesize
7KB

MD5
38a7b04e7a9e83fae293a71a9b5405e9

SHA1
aa1853a95a1d1c8968c6adacf567a77db1b116e4

SHA256
3d31102205df02589e02ebcada0e2bf99cce9437585be5a06162253ee50621fa

SHA512
f5d79de5443c200b03c043b0bf4a45953566d3c632ca1fc76746677458160333c87c3576fab139163d647cf8ffa84b978a1200301c924cccdd561b4f47ba4076

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\prefs-1.js

Filesize
7KB

MD5
8a918214762f002c0cdc743cc2775f1f

SHA1
e7202e5d96ec5dee12ca85cadf73b1eceaef2659

SHA256
0414f9fc9dc7a64acbfb3bb1042f4f31511defd954cf1a52583ddb4d14e53973

SHA512
3cfb1192ff6a709b2672b7c54a14299754d51ce6d64361bb0ae42e9c4d8607e8cdd24004f29a7e35488ee3db9af1818d108722d426f3c766c0377f1911e920aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\prefs-1.js

Filesize
7KB

MD5
fa1176f901f81e1bf62fa60964eb5354

SHA1
47b51b6dd5ffb6da145719c92531a77e234b0fac

SHA256
a077d3ac88571b44b68cadd5785303cd4d2ee35446bda860e310ba7e3d69794b

SHA512
561fbd47a0ba7425feb47001c0b552af758e4714911eb0cd5a9792066a3802218cd423b01c928716a2f206716127ef23bde12caada0bc9ee48c599f6b555512f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\prefs-1.js

Filesize
7KB

MD5
4f8a6871a4b0e4df75125eac54d28a36

SHA1
7dc5e32724040f4882c3fdc517896ce79ba40c67

SHA256
22e93e33f095355d0233defe9e5ab8e9f8b153a98e059bbaa99222c395cd61d4

SHA512
c9f1aa665e54f0720d1876a154d865a92b8e0760e6a4ec23f48056a9d87ebb2eb0917e7aa827f0bccbf6179419d25f22e3b9296af9fd036e8366154aadeb1c73

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\prefs-1.js

Filesize
7KB

MD5
afdd84bef7de8beb5c168d8c36af48c5

SHA1
c564ece2ff9a9e83a3bc070bd5d5ea23c9b7c6f8

SHA256
6607b95a7b4ede4d82119019ef9c7322418d5bdadef5d754780c6194b7cf90f7

SHA512
6b216a116f5ff184cb7e5f93357a5117aedd30ac839bb4b0a8a2292329d8d049fb797c88375a6f724cbc1727dcb71bd7cc5851576c5e8ce7419db990f5066ac0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\prefs.js

Filesize
6KB

MD5
1347606f0a3713cd1ac9e384c5beba06

SHA1
41e0fc1bc675cf29f21d342fe011df14d99fe223

SHA256
b3d63b064a8643f471e0b468e390b75bc20c6991bfb2641f9bf2b310e198d522

SHA512
a12c138e688a7813d33ede0f7fa4b52070da8becef27cc4299e1f8042a2ca3105c8224009e4a3f3e357abd00c00fd9308e09fd68444eaa54c59f368c7958027a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\prefs.js

Filesize
6KB

MD5
6187fdf7ebf91fddb036b8781657389f

SHA1
3cb97cf2d4e8c1a704cde1a3d818e9c70092d895

SHA256
f9a2db446478b5caf9dcebec11731a8ffc8a4cebf51501de9db350fa8a48dde8

SHA512
65173c57fb0d439c6517eb7290fda2950c331955a7c6308b9bc1792ff29d73229b22967faf4de7fdda5e07dd0223bbca70a1e0e70161cdcc167b4d5e8bdc3440

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\prefs.js

Filesize
7KB

MD5
d83932ff9f524233996147462707cafd

SHA1
7d47ce7195b52c471bb57536c5889d6caf92440e

SHA256
1874b7dbdb5f507b6e676f6cebc9ae1ce4f45b49f73bfc12a8a6b916d9ad8aa1

SHA512
9cab35d016e2f7a2bcc1adddb9c430f7d738ac098180acb46f2dd44eea1bc108052530bfa99b6719d44ea55b7c83aab28a7cfb81d069fafd7ecc292518a12f8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\prefs.js

Filesize
7KB

MD5
229e2615838009ccbfdbf7cf538f7def

SHA1
79898ce4c309159b742905e1498a2519a707987a

SHA256
4d32620f044ab0171cacc0d7f64837e182b5e5c61d6596003f1db8dd775e7031

SHA512
5b4f1c43df876c6198d31a3c63bed2d871c1ed7cfb99638de2b0bfcaecfa3274fa1934af6d400e575fe9ed22f8eaac85db8a2ca29200806249d07b5ef302ee73

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
12KB

MD5
f01e4715b1f90f95e13a90406a8ca092

SHA1
4986a5891121c3ffaa29f18ba81740578b2a42ca

SHA256
b2a4c4dabf527a0565bfc0d033aa38dd04f5806e9e84e005b316ac150de8d096

SHA512
a97696b212980f2f5e45f747b81f283ef3fdbce71783cb9479be0c97c4b6109e51b830fff73ddbf20b96c44cfc0ce0a69158e98fdc9e2eed39211a654aa8d9f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
12KB

MD5
b37128b0bf55201441de1cfc34060190

SHA1
cf865fec0504de6281fd2e75db93c0cbf9813cea

SHA256
6fbad5ce430e306cf3a47939406aba414fa2bf55a88645a2f599b9247deb387c

SHA512
a77b14b7bf86c27bf83ce90ad9449682bc18d680507cd04ed9265732e20009f731d1a23c8c36acfc8028a32c2fc9df17aec32390cb716284241b22a2009f42b7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
029370e93aecba7199ef883297aed345

SHA1
2def6debc126deaf00831e99538c9e00ed55537c

SHA256
1e4bad54f2382c11a64f9e7bdb7a4aac827c288d81a0c30e526c509a9545d48c

SHA512
186ba46d098cde73d357119264fe151c29c4e8714c7597c2bf0b3ee4a0f867ed1e8d4d9e51610d559bcb4e8cc4dec5d449fba65fdc764ce71eeeca14c9eb08be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
12KB

MD5
e948fdefc296f7cd22c84a2d167c5a03

SHA1
94db93e4586e9d2cd9f6d262938e755c28c826ca

SHA256
3e076a0cd4183785245be4bbc754696a4813bd9664773e1b9d352189fcb331bc

SHA512
0f3adeafd8022973ff441effda7e68292370cfac4d01557fe3568e6aac023df7567d66f76fc81198b65bae59706e256746a9fec5ff13ec6e320a775a3d0d8aeb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
671c83f2408ae00fb5c0155ec2c24f67

SHA1
b94dd4e61125180c185f700193343e2c06fddb12

SHA256
ad06dfafb6111f5401f0f41e11cb318fc81fe9dc924c931453cb1e492e77d46f

SHA512
075a0ab9da2aa569c639687e84d6ee1a0bdb61084f9e33a57cadaf882d06574fdae6da4cef512729b93005ee866baf51bb4ae5375ff43103b3821314b6d4414a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
ea9a8f2bdacf14e2bdfee4c9d67b1bc8

SHA1
8bf117c1c536e34c4d9a4bb939384b91ff62d0d6

SHA256
b788ee1682bf82b9bc481227f8435ec8275a64a5a7f6fa656225f9c9fc8cd5a2

SHA512
1e2371f7a76bd1aa877f43961b34483528ec65b05b0dd72fdaf887008f0cf589b0f1401ad4d2f30980c7d203c80e26d2d8b0177ca463f30745a16305fbea70ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\storage\default\https+++oxy.st\idb\556220133rrae_su.sqlite

Filesize
48KB

MD5
60da3f8e4bc4444d92694aab769beb3a

SHA1
5687c762e418e86a4104c019746c4c82c17392b2

SHA256
1a9264e48be46187eace2be6ed4d1d100e68f12f818d9333af5682e0b77a0db2

SHA512
d9abc2b4bbbcbd247a076fa5daaa2c4ede0ab2ba4a1cbb385c9b77fb9e03cdde7a79ca667842085f9e6660928bd50b755ae52e91162af2e56e0c1e5008a0d7a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
8c170d5ba915644a4b225b4263c45eb7

SHA1
57ecf3f82fbf1934b10d536e986f6526bda582c6

SHA256
ed22ed783b341424ea2a4545150a521d3ef68a76c1dc92fdc4dc2dec2fd67634

SHA512
c6ed447dc6e33f826b639825858148eaac7079fdf9dc2b59c24aa02ee040635416796461eeb4d88babc6dd5137c3990551ab7f950c3268ee09d5bafcf6b0aca0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\targeting.snapshot.json

Filesize
3KB

MD5
9c11957c4efd24cf7f8872b63b44baec

SHA1
744085c1d70962edc32088c8d3bdb2c12353927e

SHA256
4d757f3c51b6504876fe4fc4c16b3361a7cfa4bdf9b01d592578ab7dc4d2e968

SHA512
43029899364d2da0d320035e24c7cc3ef0fe1e19e4446d000bd97da87f7b776d826f79b58256ccf4f38e187bca17f12c88ebb5e8b8880702da41c43ea994a732

Download Submit
memory/1532-947-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1265-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-945-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-929-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-961-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-962-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-976-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-928-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-987-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-997-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1002-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-900-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-899-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-891-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-880-0x0000024EAFDD0000-0x0000024EAFDF0000-memory.dmp

Filesize
128KB

Download
memory/1532-1063-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1077-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1078-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1094-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1097-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-881-0x0000024EAFDF0000-0x0000024EAFE10000-memory.dmp

Filesize
128KB

Download
memory/1532-1106-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1122-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1123-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1134-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1148-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1157-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1163-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-879-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-863-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1181-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1248-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1249-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1259-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1264-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-944-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1282-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1283-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1295-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1298-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1307-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1313-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1324-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-849-0x0000024EAFDF0000-0x0000024EAFE10000-memory.dmp

Filesize
128KB

Download
memory/1532-1370-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1373-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1381-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1388-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1389-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1403-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1404-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1416-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1419-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1430-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1444-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-848-0x0000024EAFDD0000-0x0000024EAFDF0000-memory.dmp

Filesize
128KB

Download
memory/1532-1469-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1535-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1538-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1539-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1553-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1554-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1568-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1569-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-1580-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-847-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-837-0x00007FF753570000-0x00007FF754073000-memory.dmp

Filesize
11.0MB

Download
memory/1532-726-0x0000024EAFDB0000-0x0000024EAFDD0000-memory.dmp

Filesize
128KB

Download
memory/1532-717-0x0000024EAFD70000-0x0000024EAFD90000-memory.dmp

Filesize
128KB

Download