af4738f333ac8e080a54964ea0d19fa4d7f801b1bc32bc7aa8a39f882579c620

Analysis

max time kernel
92s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/02/2024, 16:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

rc7.exe
Size

5.9MB
MD5

ba1dfdcf43cc948b0fb1cf5e66303464
SHA1

2222d1f6099980d5fdc124e4be7c239ceb9592ad
SHA256

af4738f333ac8e080a54964ea0d19fa4d7f801b1bc32bc7aa8a39f882579c620
SHA512

50e0c392eb7bddd0f8516402014e094f643195555a1e056bb5a26db30f5af65abd92adc30240669f3b4a3799e5bc753d20fb2509a0269b4044310ef562e114ce
SSDEEP

98304:iRNDe7pzfaKI8MMhJMjarCtaCObO/OH9KkqQz4W1kgeDrHMfL3ksCM:iSNzDB6yA+KO0WRGsfDCM

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 17 IoCs

pid	Process
4880	rc7.exe
4880	rc7.exe
4880	rc7.exe
4880	rc7.exe
4880	rc7.exe
4880	rc7.exe
4880	rc7.exe
4880	rc7.exe
4880	rc7.exe
4880	rc7.exe
4880	rc7.exe
4880	rc7.exe
4880	rc7.exe
4880	rc7.exe
4880	rc7.exe
4880	rc7.exe
4880	rc7.exe

UPX packed file 60 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0006000000023145-21.dat	upx
behavioral2/memory/4880-24-0x00007FF92B1D0000-0x00007FF92B636000-memory.dmp	upx
behavioral2/files/0x0006000000023138-27.dat	upx
behavioral2/memory/4880-30-0x00007FF93EF60000-0x00007FF93EF84000-memory.dmp	upx
behavioral2/files/0x0006000000023143-31.dat	upx
behavioral2/files/0x000600000002313d-46.dat	upx
behavioral2/files/0x000600000002313c-45.dat	upx
behavioral2/files/0x000600000002313b-44.dat	upx
behavioral2/files/0x000600000002313a-43.dat	upx
behavioral2/files/0x0006000000023139-42.dat	upx
behavioral2/files/0x0006000000023137-41.dat	upx
behavioral2/files/0x000600000002314a-40.dat	upx
behavioral2/files/0x0006000000023149-39.dat	upx
behavioral2/files/0x0006000000023148-38.dat	upx
behavioral2/files/0x0006000000023144-35.dat	upx
behavioral2/files/0x0006000000023142-34.dat	upx
behavioral2/memory/4880-32-0x00007FF9434B0000-0x00007FF9434BF000-memory.dmp	upx
behavioral2/files/0x000600000002313e-47.dat	upx
behavioral2/files/0x000600000002313f-48.dat	upx
behavioral2/memory/4880-54-0x00007FF93B740000-0x00007FF93B76C000-memory.dmp	upx
behavioral2/memory/4880-57-0x00007FF93FAF0000-0x00007FF93FB08000-memory.dmp	upx
behavioral2/memory/4880-58-0x00007FF93F280000-0x00007FF93F29F000-memory.dmp	upx
behavioral2/memory/4880-60-0x00007FF93AC00000-0x00007FF93AD7D000-memory.dmp	upx
behavioral2/memory/4880-62-0x00007FF93EF40000-0x00007FF93EF59000-memory.dmp	upx
behavioral2/memory/4880-64-0x00007FF93FBD0000-0x00007FF93FBDD000-memory.dmp	upx
behavioral2/memory/4880-66-0x00007FF93B670000-0x00007FF93B69E000-memory.dmp	upx
behavioral2/memory/4880-68-0x00007FF93A790000-0x00007FF93A848000-memory.dmp	upx
behavioral2/files/0x0006000000023142-70.dat	upx
behavioral2/files/0x0006000000023142-69.dat	upx
behavioral2/memory/4880-71-0x00007FF92B1D0000-0x00007FF92B636000-memory.dmp	upx
behavioral2/memory/4880-72-0x00007FF92AE50000-0x00007FF92B1C5000-memory.dmp	upx
behavioral2/memory/4880-76-0x00007FF93B650000-0x00007FF93B665000-memory.dmp	upx
behavioral2/memory/4880-75-0x00007FF93EF60000-0x00007FF93EF84000-memory.dmp	upx
behavioral2/memory/4880-78-0x00007FF93B070000-0x00007FF93B07D000-memory.dmp	upx
behavioral2/files/0x000600000002314a-79.dat	upx
behavioral2/memory/4880-80-0x00007FF93A530000-0x00007FF93A648000-memory.dmp	upx
behavioral2/memory/4880-81-0x00007FF93F280000-0x00007FF93F29F000-memory.dmp	upx
behavioral2/memory/4880-103-0x00007FF93EF60000-0x00007FF93EF84000-memory.dmp	upx
behavioral2/memory/4880-102-0x00007FF92B1D0000-0x00007FF92B636000-memory.dmp	upx
behavioral2/memory/4880-113-0x00007FF92AE50000-0x00007FF92B1C5000-memory.dmp	upx
behavioral2/memory/4880-112-0x00007FF93A790000-0x00007FF93A848000-memory.dmp	upx
behavioral2/memory/4880-116-0x00007FF93A530000-0x00007FF93A648000-memory.dmp	upx
behavioral2/memory/4880-111-0x00007FF93B670000-0x00007FF93B69E000-memory.dmp	upx
behavioral2/memory/4880-109-0x00007FF93EF40000-0x00007FF93EF59000-memory.dmp	upx
behavioral2/memory/4880-108-0x00007FF93AC00000-0x00007FF93AD7D000-memory.dmp	upx
behavioral2/memory/4880-122-0x00007FF93EF60000-0x00007FF93EF84000-memory.dmp	upx
behavioral2/memory/4880-126-0x00007FF93F280000-0x00007FF93F29F000-memory.dmp	upx
behavioral2/memory/4880-131-0x00007FF93A790000-0x00007FF93A848000-memory.dmp	upx
behavioral2/memory/4880-130-0x00007FF93B670000-0x00007FF93B69E000-memory.dmp	upx
behavioral2/memory/4880-134-0x00007FF93B070000-0x00007FF93B07D000-memory.dmp	upx
behavioral2/memory/4880-135-0x00007FF93A530000-0x00007FF93A648000-memory.dmp	upx
behavioral2/memory/4880-132-0x00007FF92AE50000-0x00007FF92B1C5000-memory.dmp	upx
behavioral2/memory/4880-133-0x00007FF93B650000-0x00007FF93B665000-memory.dmp	upx
behavioral2/memory/4880-129-0x00007FF93FBD0000-0x00007FF93FBDD000-memory.dmp	upx
behavioral2/memory/4880-128-0x00007FF93EF40000-0x00007FF93EF59000-memory.dmp	upx
behavioral2/memory/4880-127-0x00007FF93AC00000-0x00007FF93AD7D000-memory.dmp	upx
behavioral2/memory/4880-125-0x00007FF93FAF0000-0x00007FF93FB08000-memory.dmp	upx
behavioral2/memory/4880-124-0x00007FF93B740000-0x00007FF93B76C000-memory.dmp	upx
behavioral2/memory/4880-123-0x00007FF9434B0000-0x00007FF9434BF000-memory.dmp	upx
behavioral2/memory/4880-121-0x00007FF92B1D0000-0x00007FF92B636000-memory.dmp	upx

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
4732	tasklist.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1900	powershell.exe
452	powershell.exe
1900	powershell.exe
452	powershell.exe

Suspicious use of AdjustPrivilegeToken 47 IoCs

description	pid	Process
Token: SeDebugPrivilege	4732	tasklist.exe
Token: SeDebugPrivilege	1900	powershell.exe
Token: SeIncreaseQuotaPrivilege	4460	WMIC.exe
Token: SeSecurityPrivilege	4460	WMIC.exe
Token: SeTakeOwnershipPrivilege	4460	WMIC.exe
Token: SeLoadDriverPrivilege	4460	WMIC.exe
Token: SeSystemProfilePrivilege	4460	WMIC.exe
Token: SeSystemtimePrivilege	4460	WMIC.exe
Token: SeProfSingleProcessPrivilege	4460	WMIC.exe
Token: SeIncBasePriorityPrivilege	4460	WMIC.exe
Token: SeCreatePagefilePrivilege	4460	WMIC.exe
Token: SeBackupPrivilege	4460	WMIC.exe
Token: SeRestorePrivilege	4460	WMIC.exe
Token: SeShutdownPrivilege	4460	WMIC.exe
Token: SeDebugPrivilege	4460	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4460	WMIC.exe
Token: SeRemoteShutdownPrivilege	4460	WMIC.exe
Token: SeUndockPrivilege	4460	WMIC.exe
Token: SeManageVolumePrivilege	4460	WMIC.exe
Token: 33	4460	WMIC.exe
Token: 34	4460	WMIC.exe
Token: 35	4460	WMIC.exe
Token: 36	4460	WMIC.exe
Token: SeDebugPrivilege	452	powershell.exe
Token: SeIncreaseQuotaPrivilege	4460	WMIC.exe
Token: SeSecurityPrivilege	4460	WMIC.exe
Token: SeTakeOwnershipPrivilege	4460	WMIC.exe
Token: SeLoadDriverPrivilege	4460	WMIC.exe
Token: SeSystemProfilePrivilege	4460	WMIC.exe
Token: SeSystemtimePrivilege	4460	WMIC.exe
Token: SeProfSingleProcessPrivilege	4460	WMIC.exe
Token: SeIncBasePriorityPrivilege	4460	WMIC.exe
Token: SeCreatePagefilePrivilege	4460	WMIC.exe
Token: SeBackupPrivilege	4460	WMIC.exe
Token: SeRestorePrivilege	4460	WMIC.exe
Token: SeShutdownPrivilege	4460	WMIC.exe
Token: SeDebugPrivilege	4460	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4460	WMIC.exe
Token: SeRemoteShutdownPrivilege	4460	WMIC.exe
Token: SeUndockPrivilege	4460	WMIC.exe
Token: SeManageVolumePrivilege	4460	WMIC.exe
Token: 33	4460	WMIC.exe
Token: 34	4460	WMIC.exe
Token: 35	4460	WMIC.exe
Token: 36	4460	WMIC.exe
Token: SeDebugPrivilege	4828	firefox.exe
Token: SeDebugPrivilege	4828	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4828	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1396 wrote to memory of 4880	1396	rc7.exe	83
PID 1396 wrote to memory of 4880	1396	rc7.exe	83
PID 4880 wrote to memory of 700	4880	rc7.exe	86
PID 4880 wrote to memory of 700	4880	rc7.exe	86
PID 4880 wrote to memory of 3184	4880	rc7.exe	84
PID 4880 wrote to memory of 3184	4880	rc7.exe	84
PID 4880 wrote to memory of 3464	4880	rc7.exe	89
PID 4880 wrote to memory of 3464	4880	rc7.exe	89
PID 700 wrote to memory of 452	700	cmd.exe	91
PID 700 wrote to memory of 452	700	cmd.exe	91
PID 3184 wrote to memory of 1900	3184	cmd.exe	90
PID 3184 wrote to memory of 1900	3184	cmd.exe	90
PID 4880 wrote to memory of 2456	4880	rc7.exe	94
PID 4880 wrote to memory of 2456	4880	rc7.exe	94
PID 3464 wrote to memory of 4732	3464	cmd.exe	92
PID 3464 wrote to memory of 4732	3464	cmd.exe	92
PID 2456 wrote to memory of 4460	2456	cmd.exe	95
PID 2456 wrote to memory of 4460	2456	cmd.exe	95
PID 660 wrote to memory of 4828	660	firefox.exe	99
PID 660 wrote to memory of 4828	660	firefox.exe	99
PID 660 wrote to memory of 4828	660	firefox.exe	99
PID 660 wrote to memory of 4828	660	firefox.exe	99
PID 660 wrote to memory of 4828	660	firefox.exe	99
PID 660 wrote to memory of 4828	660	firefox.exe	99
PID 660 wrote to memory of 4828	660	firefox.exe	99
PID 660 wrote to memory of 4828	660	firefox.exe	99
PID 660 wrote to memory of 4828	660	firefox.exe	99
PID 660 wrote to memory of 4828	660	firefox.exe	99
PID 660 wrote to memory of 4828	660	firefox.exe	99
PID 4828 wrote to memory of 3152	4828	firefox.exe	100
PID 4828 wrote to memory of 3152	4828	firefox.exe	100
PID 4828 wrote to memory of 1196	4828	firefox.exe	101
PID 4828 wrote to memory of 1196	4828	firefox.exe	101
PID 4828 wrote to memory of 1196	4828	firefox.exe	101
PID 4828 wrote to memory of 1196	4828	firefox.exe	101
PID 4828 wrote to memory of 1196	4828	firefox.exe	101
PID 4828 wrote to memory of 1196	4828	firefox.exe	101
PID 4828 wrote to memory of 1196	4828	firefox.exe	101
PID 4828 wrote to memory of 1196	4828	firefox.exe	101
PID 4828 wrote to memory of 1196	4828	firefox.exe	101
PID 4828 wrote to memory of 1196	4828	firefox.exe	101
PID 4828 wrote to memory of 1196	4828	firefox.exe	101
PID 4828 wrote to memory of 1196	4828	firefox.exe	101
PID 4828 wrote to memory of 1196	4828	firefox.exe	101
PID 4828 wrote to memory of 1196	4828	firefox.exe	101
PID 4828 wrote to memory of 1196	4828	firefox.exe	101
PID 4828 wrote to memory of 1196	4828	firefox.exe	101
PID 4828 wrote to memory of 1196	4828	firefox.exe	101
PID 4828 wrote to memory of 1196	4828	firefox.exe	101
PID 4828 wrote to memory of 1196	4828	firefox.exe	101
PID 4828 wrote to memory of 1196	4828	firefox.exe	101
PID 4828 wrote to memory of 1196	4828	firefox.exe	101
PID 4828 wrote to memory of 1196	4828	firefox.exe	101
PID 4828 wrote to memory of 1196	4828	firefox.exe	101
PID 4828 wrote to memory of 1196	4828	firefox.exe	101
PID 4828 wrote to memory of 1196	4828	firefox.exe	101
PID 4828 wrote to memory of 1196	4828	firefox.exe	101
PID 4828 wrote to memory of 1196	4828	firefox.exe	101
PID 4828 wrote to memory of 1196	4828	firefox.exe	101
PID 4828 wrote to memory of 1196	4828	firefox.exe	101
PID 4828 wrote to memory of 1196	4828	firefox.exe	101
PID 4828 wrote to memory of 1196	4828	firefox.exe	101
PID 4828 wrote to memory of 1196	4828	firefox.exe	101
PID 4828 wrote to memory of 1196	4828	firefox.exe	101

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\rc7.exe
"C:\Users\Admin\AppData\Local\Temp\rc7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1396
- C:\Users\Admin\AppData\Local\Temp\rc7.exe
  "C:\Users\Admin\AppData\Local\Temp\rc7.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:4880
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3184
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1900
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\rc7.exe'"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:700
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\rc7.exe'
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:452
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3464
  - - C:\Windows\system32\tasklist.exe
      tasklist /FO LIST
      4⤵
      Enumerates processes with tasklist
      Suspicious use of AdjustPrivilegeToken
      PID:4732
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2456
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic csproduct get uuid
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4460

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:660
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4828.0.1316345606\339607823" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9b8a0c4-3ec7-4fff-b70b-dc03631e8ec8} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" 1964 1b0dc1cae58 gpu
    3⤵
    PID:3152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4828.1.1852535719\2132752021" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2340 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9e021cb-8177-4450-99c3-a9e12007ab8c} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" 2364 1b0dbefd258 socket
    3⤵
    PID:1196
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4828.2.1895524936\711008439" -childID 1 -isForBrowser -prefsHandle 2976 -prefMapHandle 2972 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f5e788d-ef32-4b20-ae45-3cb934275c12} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" 3104 1b0e0098158 tab
    3⤵
    PID:5020
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4828.3.1933705458\1950197690" -childID 2 -isForBrowser -prefsHandle 3520 -prefMapHandle 3528 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d396afe6-452d-4c7b-8273-4f4bedf04a3f} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" 3444 1b0e1022b58 tab
    3⤵
    PID:4508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4828.4.1132406140\1503474027" -childID 3 -isForBrowser -prefsHandle 3808 -prefMapHandle 3804 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88283543-98ec-4e1f-adee-48c15c0baeaa} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" 3816 1b0de9b3858 tab
    3⤵
    PID:1884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4828.5.349864687\1259904983" -childID 4 -isForBrowser -prefsHandle 4836 -prefMapHandle 4852 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb62fd51-b8ee-41d2-98df-6144e74040be} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" 4980 1b0e2582258 tab
    3⤵
    PID:4920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4828.6.1411111971\1252178814" -childID 5 -isForBrowser -prefsHandle 4820 -prefMapHandle 4824 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {480bdf93-2d46-4463-b9e7-028935ad914b} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" 4996 1b0e27b6e58 tab
    3⤵
    PID:1748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4828.7.219977592\1558666941" -childID 6 -isForBrowser -prefsHandle 4792 -prefMapHandle 4996 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30ff9883-862e-40b4-ab75-1f2c33a0db43} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" 5152 1b0e27b6b58 tab
    3⤵
    PID:1396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
d85ba6ff808d9e5444a4b369f5bc2730

SHA1
31aa9d96590fff6981b315e0b391b575e4c0804a

SHA256
84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f

SHA512
8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
cadef9abd087803c630df65264a6c81c

SHA1
babbf3636c347c8727c35f3eef2ee643dbcc4bd2

SHA256
cce65b73cdfe9304bcd5207913e8b60fb69faa20cd3b684f2b0343b755b99438

SHA512
7278aa87124abb382d9024a645e881e7b7cf1b84e8894943b36e018dbf0399e6858392f77980b599fa5488e2e21bf757a0702fe6419417edac93b68e0c2ec085

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x3x6afp6.default-release\cache2\entries\4832D199584363B876D3E7D57CA02A9B0F4D91CD

Filesize
13KB

MD5
8f72139d7c3c54aee2fbfee933cc35b6

SHA1
2f5eeba813684880648ad517140707370b14e342

SHA256
a13ebd09db32284d7e399957a0573fa8d31efb4a05389336a6697c7aa912d026

SHA512
c3a20995af7f38521eaa2b08a72c7dda005d5f89485b3d60087a1d2ee0fea6b5baca885ad620df20e8fbf78cc23d44526c6596be94e02f4b2e95f610c5b857eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13962\VCRUNTIME140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13962\_bz2.pyd

Filesize
47KB

MD5
f6e387f20808828796e876682a328e98

SHA1
6679ae43b0634ac706218996bac961bef4138a02

SHA256
8886bd30421c6c6bfae17847002b9bf4ee4d9eee1a3be7369ee66b36e26c372b

SHA512
ad7cf281f2d830f9dbf66d8ef50e418b4a17a0144b6616c43d7e98b00e6f0cbafc6fe4aba4fabf2f008bb0df85553614b38ae303e5726621a804051d950e744e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13962\_ctypes.pyd

Filesize
58KB

MD5
48ce90022e97f72114a95630ba43b8fb

SHA1
f2eba0434ec204d8c6ca4f01af33ef34f09b52fd

SHA256
5998de3112a710248d29df76a05272775bf08a8dbc5a051a7ecb909fef069635

SHA512
7e6c2591805136f74c413b9633d5fdc4428e6f01e0e632b278bee98170b4f418ef2afd237c09e60b0e72076924ed0e3ffb0e2453e543b5e030b263f64568fab8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13962\_decimal.pyd

Filesize
105KB

MD5
2030438e4f397a7d4241a701a3ca2419

SHA1
28b8d06135cd1f784ccabda39432cc83ba22daf7

SHA256
07d7ac065f25af2c7498d5d93b1551cc43a4d4b5e8fb2f9293b647d0f7bd7c72

SHA512
767f2a9f9eef6ebeca95ab9652b7d0976f2ac87b9e9da1dbd3c4ccf58e8ecb0da8242f4df0b07612282c16ba85197ed0296d1052027cd48b96d61bdf678abaad

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13962\_hashlib.pyd

Filesize
35KB

MD5
13f99120a244ab62af1684fbbc5d5a7e

SHA1
5147a90082eb3cd2c34b7f2deb8a4ef24d7ae724

SHA256
11658b52e7166da976abeeed78a940d69b2f11f518046877bea799759a17f58b

SHA512
46c2f9f43df6de72458ed24c2a0433a6092fd5b49b3234135f06c19a80f18f8bdbfb297e5a411cf29f8c60af342c80db123959f7317cfa045c73bd6f835eb22d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13962\_lzma.pyd

Filesize
85KB

MD5
7c66f33a67fbb4d99041f085ef3c6428

SHA1
e1384891df177b45b889459c503985b113e754a3

SHA256
32f911e178fa9e4db9bd797598f84f9896f99e5022f2b76a1589b81f686b0866

SHA512
d0caabd031fa0c63f4cfb79d8f3531ad85eda468d77a78dd3dde40ce9ac2d404fc0099c4f67579aa802fe5c6c6a464894fd88c19f1fc601f26189780b36f3f9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13962\_queue.pyd

Filesize
25KB

MD5
f9d8b75ccb258b8bc4eef7311c6d611d

SHA1
1b48555c39a36f035699189329cda133b63e36b5

SHA256
b3d9763fc71b001a1a2cc430946933e3832f859eb7857b590f8daeef8017179c

SHA512
cbf8490501b002eec96ae6c1fa4f3684aa1cab1e63025087df92c0e857299b9b498bff91c1f301f926ff86e0dc81e8f0c17db992366bed3cd9f41bcae43542db

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13962\_socket.pyd

Filesize
42KB

MD5
0dd957099cf15d172d0a343886fb7c66

SHA1
950f7f15c6accffac699c5db6ce475365821b92a

SHA256
8142d92dc7557e8c585ea9ee41146b77864b7529ed464fdf51dfb6d797828a4a

SHA512
3dc0380dfc871d8cab7e95d6119f16be2f31cdde784f8f90ffddd6a43323a2988c61e343eede5e5cb347fc2af594fe8d8944644396faf2e478a3487bcf9cf9ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13962\_sqlite3.pyd

Filesize
49KB

MD5
dde6bab39abd5fce90860584d4e35f49

SHA1
23e27776241b60f7c936000e72376c4a5180b935

SHA256
c84e5f739ce046b4582663a3017f31fe9ae5e706e087ac4c5ff11c7bba07b5f9

SHA512
8190c6befbe660096363409cb82977e9dce5ab9a78c60f3d3db9dc08a2300504f9b2058d8cfb740d7a17995267d8005392ee0f1a03fb74030286fbc7a9c287de

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13962\_ssl.pyd

Filesize
62KB

MD5
a4dba3f258344390ee9929b93754f673

SHA1
75bbf00e79bb25f93455a806d0cd951bdd305752

SHA256
e0aa8cfa2e383820561bce2aee35b77a6902ff383076c237c7859cd894d37f49

SHA512
6201e0d840f85d1627db849bfaf4a32f6fc0634a16416074fe6d13329317520b0a06806ad3337a3370dcc1c1e3d1910d18c823c6a7a62efe400de36b28d1767a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13962\base_library.zip

Filesize
859KB

MD5
c4989bceb9e7e83078812c9532baeea7

SHA1
aafb66ebdb5edc327d7cb6632eb80742be1ad2eb

SHA256
a0f5c7f0bac1ea9dc86d60d20f903cc42cff3f21737426d69d47909fc28b6dcd

SHA512
fb6d431d0f2c8543af8df242337797f981d108755712ec6c134d451aa777d377df085b4046970cc5ac0991922ddf1f37445a51be1a63ef46b0d80841222fb671

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13962\blank.aes

Filesize
73KB

MD5
acb699e3806405d7c10cd0f0043e4789

SHA1
6601e834555caf182801a3a0289bf9a7890e36d7

SHA256
4cdfc38acec56ef418cee4b2e3c11396c436fc549f98f9ae0048891d4e32d5c3

SHA512
852b5ffa0be7b4e91233fa274a8a71f0d731754ba4003ad8c8308d032bf22177aad05e70eebdf3a56b52ac023c1e56103e182c2881bdb78c25bfcb09599401d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13962\blank.aes

Filesize
73KB

MD5
814808ef249ee32f5d66cab176b3da4e

SHA1
e546124753670f74ce4a33491e017431c1a726f3

SHA256
0bec74d4d0e296a6551e9fe18858a1864d2f11e0fdd1b87aee6471c6f6f435ae

SHA512
690b351adef3b2f69c93158693ed3a92c013fa253c6f7af512bb71b44f463741f55a51c2ffdf2d1e48c373030e800729099acf1147286b3d5326487c9ea5a548

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13962\libcrypto-1_1.dll

Filesize
967KB

MD5
f0be792e6bba71c90822ab502de8d218

SHA1
35f1e5aa935800aae719c9bc7a260c518f28316f

SHA256
6839e25443734d0d3f2b4c28748dbb9887158b1f8a220dd5fbf13c325f307cc1

SHA512
221cf2af57fb5c5580769f311df0e1d78f15a93cea19ac4a4eb68f38ea54dae7113428faed70567b06f6c6ca5feccc0a6d7f06a9205fa526aa871c666647a0d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13962\libcrypto-1_1.dll

Filesize
1.0MB

MD5
0d93617b0d991f18b9cf56cb674a15a3

SHA1
96a81f7cbafccd8330411dd6fa81afda645046c9

SHA256
a58757abac1196167262ed52109533164230021bd10e5d27827dcf01dbebdcad

SHA512
5d8f652995abea5756fd4d671bfc5fed973a5dfed61a0476933a7a13d4e6b6c5bf4dd20a713748a5d778d9a64eda5f95db47ecfd6331c7b638428f6e6bf78537

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13962\libcrypto-1_1.dll

Filesize
980KB

MD5
9435889dab0ec7ebceb9b01b8d42acde

SHA1
1c88527128e6440c53787f91617c18325f9b6454

SHA256
472f56c061613335244e1935a90dcf43cf6e4c11ee4ce52e880645bd9014512f

SHA512
b8909a97291f98b98be629afa7b29f4e74f4eb02b93895347716589db4a3a6cec430e543d7e4719feec5badd06366555c60bde2c23408edbdc274c463371b399

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13962\libffi-7.dll

Filesize
23KB

MD5
6f818913fafe8e4df7fedc46131f201f

SHA1
bbb7ba3edbd4783f7f973d97b0b568cc69cadac5

SHA256
3f94ee4f23f6c7702ab0cc12995a6457bf22183fa828c30cc12288adf153ae56

SHA512
5473fe57dc40af44edb4f8a7efd68c512784649d51b2045d570c7e49399990285b59cfa6bcd25ef1316e0a073ea2a89fe46be3bfc33f05e3333037a1fd3a6639

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13962\libssl-1_1.dll

Filesize
203KB

MD5
7bcb0f97635b91097398fd1b7410b3bc

SHA1
7d4fc6b820c465d46f934a5610bc215263ee6d3e

SHA256
abe8267f399a803224a1f3c737bca14dee2166ba43c1221950e2fbce1314479e

SHA512
835bab65d00884912307694c36066528e7b21f3b6e7a1b9c90d4da385334388af24540b9d7a9171e89a4802612a8b6523c77f4752c052bf47adbd6839bc4b92c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13962\python310.dll

Filesize
1.4MB

MD5
3f782cf7874b03c1d20ed90d370f4329

SHA1
08a2b4a21092321de1dcad1bb2afb660b0fa7749

SHA256
2a382aff16533054e6de7d13b837a24d97ea2957805730cc7b08b75e369f58d6

SHA512
950c039eb23ed64ca8b2f0a9284ebdb6f0efe71dde5bbf0187357a66c3ab0823418edca34811650270eea967f0e541eece90132f9959d5ba5984405630a99857

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13962\rar.exe

Filesize
615KB

MD5
9c223575ae5b9544bc3d69ac6364f75e

SHA1
8a1cb5ee02c742e937febc57609ac312247ba386

SHA256
90341ac8dcc9ec5f9efe89945a381eb701fe15c3196f594d9d9f0f67b4fc2213

SHA512
57663e2c07b56024aaae07515ee3a56b2f5068ebb2f2dc42be95d1224376c2458da21c965aab6ae54de780cb874c2fc9de83d9089abf4536de0f50faca582d09

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13962\rarreg.key

Filesize
456B

MD5
4531984cad7dacf24c086830068c4abe

SHA1
fa7c8c46677af01a83cf652ef30ba39b2aae14c3

SHA256
58209c8ab4191e834ffe2ecd003fd7a830d3650f0fd1355a74eb8a47c61d4211

SHA512
00056f471945d838ef2ce56d51c32967879fe54fcbf93a237ed85a98e27c5c8d2a39bc815b41c15caace2071edd0239d775a31d1794dc4dba49e7ecff1555122

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13962\select.pyd

Filesize
25KB

MD5
5c66bcf3cc3c364ecac7cf40ad28d8f0

SHA1
faf0848c231bf120dc9f749f726c807874d9d612

SHA256
26dada1a4730a51a0e3aa62e7abc7e6517a4dc48f02616e0b6e5291014a809cc

SHA512
034cd4c70c4e0d95d6bb3f72751c07b8b91918aabe59abf9009c60aa22600247694d6b9e232fefff78868aad20f5f5548e8740659036096fab44b65f6c4f8db6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13962\sqlite3.dll

Filesize
622KB

MD5
ad4bcb50bb8309e4bbda374c01fab914

SHA1
a299963016a3d5386bf83584a073754c6b84b236

SHA256
32c0978437c9163bb12606607e88701dd79400cdde926d890cdbf6334c2b8435

SHA512
ba6bfa3c27fa4285eeb2978ff17cba94375d84d7c0f79150d1f2f7163c80c347b84d712da83435e8d13e27ed59ea0375edb5af2ea1ba67b2c77b6dfcb62ad65a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13962\unicodedata.pyd

Filesize
289KB

MD5
dfa1f0cd0ad295b31cb9dda2803bbd8c

SHA1
cc68460feae2ff4e9d85a72be58c8011cb318bc2

SHA256
46a90852f6651f20b7c89e71cc63f0154f00a0e7cd543f046020d5ec9ef6cb10

SHA512
7fbdfd56e12c8f030483f4d033f1b920968ea87687e9896f418e9cf1b9e345e2be2dc8f1ea1a8afb0040a376ffb7a5dc0db27d84fb8291b50e2ed3b10c10168e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13962\unicodedata.pyd

Filesize
243KB

MD5
b7f8f0a608f35298ec073298f73f95aa

SHA1
ee59b21c6d5406d6f589235d3d4b3ccf42cb50bd

SHA256
caf3e0b37136fda9784b7cc1042d58d066e5e1b02ddfdd531c5f12204d450689

SHA512
a4d621fcdba00a84daec9f0cc85433a1cf11df44f558bb3978e9fbf0ba286c2f809396c5306306308c5821a9d33fd547c97dc5ed85aaa150b5bef91474a9c1c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fsgukjmh.wsz.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
1.7MB

MD5
009e931dc1083fccabb2d73746528397

SHA1
0a86dfeb2e84a3987dbe19393c5e5c2f2cbaf098

SHA256
f74959f5742f47387e63abfa3b3dc083acff5931cb721bb688310bf8c0d33002

SHA512
f98dc651fcab672a02f54fe6c27950d80fe3140a2b707ab4b0b9a573ef092b600b15b20ea52b316dc60602fb06ca39274af0188039e5e6726ef82405ea68d156

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
04521c6f741b16a60032cde25b39878e

SHA1
7200d4dfc9b1746772c45c0c79d316e064fb2709

SHA256
826038ca0d0e44ff2b1cd92de87c9a3a8241160258702e8218b83d8fc43f044c

SHA512
18b286be7e2f25f6558e27eb18462fa087b73fdbb8d2d6ef0af716270ff83c03621e922f493f5496abb60b259a6431054701f99f70f1235f5f8b5068bbda2445

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\datareporting\glean\pending_pings\07820415-09e3-4af6-948e-52c0835ca0db

Filesize
746B

MD5
018b14f2a899eed6e8f230aaf34a4fad

SHA1
9054e2e462e068961782e6ee26a53e440e7153ba

SHA256
df126d5b262738f6187658d19b7c3f304451bd8185ca457989f1cfc0fa03a55e

SHA512
f24386fa1b52de607d9cf81376f1abcf727eb0271fa59d04fdc9ce381ddbad43f0ddc3b669a2d965a59c8d96068f5b1e16dda400130f2465f32a26a44d5c09da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\datareporting\glean\pending_pings\6d3ab08f-1c50-4afc-8c36-ffb20ad428d0

Filesize
12KB

MD5
c8df6c7bbdbd2bccebe776f2415749d1

SHA1
3c852acca5cf49d6ad9cf584839fea36e6c404ae

SHA256
23ab04716c95e88d2c1e49ee94cd1741659d12b4f046ac7eb8f70cf3995c8493

SHA512
4714b99fbdb88acc6d9055a203be7d7a8ede2146a575962261e6afaf17c047eae4b3345a75758d8b696994b6cb0202aafdb1ce7446128ca9eb406ffccc9d8201

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
224KB

MD5
9ed6523e26b2fc7d5cd019d459753b20

SHA1
b0722737d09cfd795845481e2dc11ad65fad56b4

SHA256
1f7a0dc2c2cb84b27a78d0e44ee895e3ce17b3f25b5369a7816c0dd97ddc5fa7

SHA512
d348c8f8617e8269a1b4b9623718b94817e10e8270ede9daa2a9106eba0d8aeb5ae659b4fd64cab2628cec0a794ae42e1f3827d0695ea021e74eae4b61c8c015

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
1.1MB

MD5
6f5646e14b878f711383eea36c1d132f

SHA1
3a08b72964e25407ccffb5c9253b54ad37058275

SHA256
ff8bddfac3540cd52b3935208d51b8676c41d693f32225629f9d9244f2e21b7e

SHA512
ea471ca6216f157178a01742a7062dc5cced0a46671f4c681e04803f70b036640e9746b66b4d1c2d221a6a3dd5f71cfc11b287b10d1fa9d17eb0a53868fbd5f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\prefs-1.js

Filesize
7KB

MD5
3c60fc3002fd1dc82baac8a2836478fe

SHA1
32beb1f058e0cc7702a16d715a8f725eddfac1b1

SHA256
971da3f45237a677b6b6d324bbce09c00cf6c69165a865cb1807b1e3d2716c05

SHA512
59b4cf8f04a0b31440cbea161370093b6831a13722aa44ba361a74e72b2de93b3983dcb5bafcb55c789ee2040b87e5a4aef9d3ffac40570095e3a1b36e8fe6f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\prefs-1.js

Filesize
6KB

MD5
f2f08ede1a63c33536ba902aa0c8a128

SHA1
7c20c5adc503a464b4653795af4eb7b774951457

SHA256
273ff2eccf497c2231a2d2b11026b030c0e516c8235c51c3cbf933715d92eae0

SHA512
5398fb7ebf312d4de633954c86d96b836ff8101adccc5c2cbdc963fa48acf41bf40d93eeda632d704c614bc9cfbc3a5b761752e4eaa8dc8b162ec259d7c2840b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
47de213ac82066677f2e956f471fe00b

SHA1
c97608739830f4f9496635576ccbd27371507ae9

SHA256
90e4ef356bd257c45af88fe06f2ab894c1b3440d3302e8ad2d5da7f97a232311

SHA512
2e3a5a655181844f1d37318e6ab52aa34f2bdf3cdaa2c9bb2da76d073035357d889eaaa5353e8affa1931f3bc58948dab2f80a1da3553079eb6143f52776f969

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
26b209a4d3ecedb1e307a91ac2622b2c

SHA1
0fc749d6e90dabfce97f6c43a2d3b756a6401506

SHA256
fccb5f645464c2c7eb8dbe5115bb82e646aba373a9b8cf7b208e8f9c60702533

SHA512
960085a238ecede59ce519b440a1c4f1f1a05ae283fb467fddbb4872f153dc349a5dd58416acdd8d19306ac29dedf50f1c704605ff9e6c3d8a3dd7eafa721ed7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.3MB

MD5
093f5566d38ac2d847259835b4f8e1d1

SHA1
a69601746fb09d113174e1d1cfbceda5cf287e78

SHA256
ad24678bf88afd6f33786ca972f8f5f92dc7b3e5c061e8b153137447388a478b

SHA512
7124e57de0f8af263c4d40262cb1a62e634a42f2b64e1b1a6ece81828256a99793b8f3905ea2a462da7c394049e8f7f144d6051a07e1439b44a7488f6a43cb9c

Download Submit
memory/452-149-0x00007FF92A380000-0x00007FF92AE41000-memory.dmp

Filesize
10.8MB

Download
memory/452-137-0x000001F5D5E90000-0x000001F5D5EA0000-memory.dmp

Filesize
64KB

Download
memory/452-118-0x00007FF92A380000-0x00007FF92AE41000-memory.dmp

Filesize
10.8MB

Download
memory/1900-101-0x00007FF92A380000-0x00007FF92AE41000-memory.dmp

Filesize
10.8MB

Download
memory/1900-82-0x000001F8A66A0000-0x000001F8A66C2000-memory.dmp

Filesize
136KB

Download
memory/1900-150-0x00007FF92A380000-0x00007FF92AE41000-memory.dmp

Filesize
10.8MB

Download
memory/1900-138-0x000001F88BFC0000-0x000001F88BFD0000-memory.dmp

Filesize
64KB

Download
memory/1900-117-0x000001F88BFC0000-0x000001F88BFD0000-memory.dmp

Filesize
64KB

Download
memory/1900-119-0x000001F88BFC0000-0x000001F88BFD0000-memory.dmp

Filesize
64KB

Download
memory/1900-120-0x000001F88BFC0000-0x000001F88BFD0000-memory.dmp

Filesize
64KB

Download
memory/4880-113-0x00007FF92AE50000-0x00007FF92B1C5000-memory.dmp

Filesize
3.5MB

Download
memory/4880-108-0x00007FF93AC00000-0x00007FF93AD7D000-memory.dmp

Filesize
1.5MB

Download
memory/4880-122-0x00007FF93EF60000-0x00007FF93EF84000-memory.dmp

Filesize
144KB

Download
memory/4880-126-0x00007FF93F280000-0x00007FF93F29F000-memory.dmp

Filesize
124KB

Download
memory/4880-131-0x00007FF93A790000-0x00007FF93A848000-memory.dmp

Filesize
736KB

Download
memory/4880-130-0x00007FF93B670000-0x00007FF93B69E000-memory.dmp

Filesize
184KB

Download
memory/4880-134-0x00007FF93B070000-0x00007FF93B07D000-memory.dmp

Filesize
52KB

Download
memory/4880-135-0x00007FF93A530000-0x00007FF93A648000-memory.dmp

Filesize
1.1MB

Download
memory/4880-132-0x00007FF92AE50000-0x00007FF92B1C5000-memory.dmp

Filesize
3.5MB

Download
memory/4880-133-0x00007FF93B650000-0x00007FF93B665000-memory.dmp

Filesize
84KB

Download
memory/4880-129-0x00007FF93FBD0000-0x00007FF93FBDD000-memory.dmp

Filesize
52KB

Download
memory/4880-128-0x00007FF93EF40000-0x00007FF93EF59000-memory.dmp

Filesize
100KB

Download
memory/4880-127-0x00007FF93AC00000-0x00007FF93AD7D000-memory.dmp

Filesize
1.5MB

Download
memory/4880-109-0x00007FF93EF40000-0x00007FF93EF59000-memory.dmp

Filesize
100KB

Download
memory/4880-125-0x00007FF93FAF0000-0x00007FF93FB08000-memory.dmp

Filesize
96KB

Download
memory/4880-124-0x00007FF93B740000-0x00007FF93B76C000-memory.dmp

Filesize
176KB

Download
memory/4880-123-0x00007FF9434B0000-0x00007FF9434BF000-memory.dmp

Filesize
60KB

Download
memory/4880-111-0x00007FF93B670000-0x00007FF93B69E000-memory.dmp

Filesize
184KB

Download
memory/4880-121-0x00007FF92B1D0000-0x00007FF92B636000-memory.dmp

Filesize
4.4MB

Download
memory/4880-116-0x00007FF93A530000-0x00007FF93A648000-memory.dmp

Filesize
1.1MB

Download
memory/4880-112-0x00007FF93A790000-0x00007FF93A848000-memory.dmp

Filesize
736KB

Download
memory/4880-102-0x00007FF92B1D0000-0x00007FF92B636000-memory.dmp

Filesize
4.4MB

Download
memory/4880-103-0x00007FF93EF60000-0x00007FF93EF84000-memory.dmp

Filesize
144KB

Download
memory/4880-81-0x00007FF93F280000-0x00007FF93F29F000-memory.dmp

Filesize
124KB

Download
memory/4880-80-0x00007FF93A530000-0x00007FF93A648000-memory.dmp

Filesize
1.1MB

Download
memory/4880-78-0x00007FF93B070000-0x00007FF93B07D000-memory.dmp

Filesize
52KB

Download
memory/4880-75-0x00007FF93EF60000-0x00007FF93EF84000-memory.dmp

Filesize
144KB

Download
memory/4880-76-0x00007FF93B650000-0x00007FF93B665000-memory.dmp

Filesize
84KB

Download
memory/4880-73-0x000002C7CBBA0000-0x000002C7CBF15000-memory.dmp

Filesize
3.5MB

Download
memory/4880-72-0x00007FF92AE50000-0x00007FF92B1C5000-memory.dmp

Filesize
3.5MB

Download
memory/4880-71-0x00007FF92B1D0000-0x00007FF92B636000-memory.dmp

Filesize
4.4MB

Download
memory/4880-68-0x00007FF93A790000-0x00007FF93A848000-memory.dmp

Filesize
736KB

Download
memory/4880-66-0x00007FF93B670000-0x00007FF93B69E000-memory.dmp

Filesize
184KB

Download
memory/4880-64-0x00007FF93FBD0000-0x00007FF93FBDD000-memory.dmp

Filesize
52KB

Download
memory/4880-62-0x00007FF93EF40000-0x00007FF93EF59000-memory.dmp

Filesize
100KB

Download
memory/4880-60-0x00007FF93AC00000-0x00007FF93AD7D000-memory.dmp

Filesize
1.5MB

Download
memory/4880-58-0x00007FF93F280000-0x00007FF93F29F000-memory.dmp

Filesize
124KB

Download
memory/4880-57-0x00007FF93FAF0000-0x00007FF93FB08000-memory.dmp

Filesize
96KB

Download
memory/4880-54-0x00007FF93B740000-0x00007FF93B76C000-memory.dmp

Filesize
176KB

Download
memory/4880-32-0x00007FF9434B0000-0x00007FF9434BF000-memory.dmp

Filesize
60KB

Download
memory/4880-30-0x00007FF93EF60000-0x00007FF93EF84000-memory.dmp

Filesize
144KB

Download
memory/4880-24-0x00007FF92B1D0000-0x00007FF92B636000-memory.dmp

Filesize
4.4MB

Download