a1ed0e58c2c30b3fe1d05f5b27b51e49bf539ed27dbe371f2996dbae3332b9dd

Analysis

max time kernel
304s
max time network
296s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/02/2024, 20:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

kcc_5.6.5.exe
Size

42.9MB
MD5

01539eed32d72cdc653cec8b6551f7db
SHA1

569fc96ea5bbbd9d8d7d1943bef9134ca6236a05
SHA256

a1ed0e58c2c30b3fe1d05f5b27b51e49bf539ed27dbe371f2996dbae3332b9dd
SHA512

b521438eecc3ad00ceb2f1d072e0719f7bda45428b03a6ef127037118b34e8ceaced837f8e4e496eaa1e396fe5f0a7f0faff1ef45bdd838bb0a6bc11fa857539
SSDEEP

786432:z5B+6VytjvRV7+gX4BMdhwzTQXRsdFbMp3C0Er7lMFcSS5U/LT2KXowkYXk9:zRyRvXlXGMK4XRszbWC0E39SCU/+0pkd

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 51 IoCs

pid	Process
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 40 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	kcc_5.6.5.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	kcc_5.6.5.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	kcc_5.6.5.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\NodeSlot = "1"	kcc_5.6.5.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	kcc_5.6.5.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	kcc_5.6.5.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	kcc_5.6.5.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	kcc_5.6.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	kcc_5.6.5.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	kcc_5.6.5.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	kcc_5.6.5.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 4e003100000000005c5863a3100054656d7000003a0009000400efbe5a5899715c5863a32e000000bce10100000001000000000000000000000000000000a7263001540065006d007000000014000000	kcc_5.6.5.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	kcc_5.6.5.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	kcc_5.6.5.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	kcc_5.6.5.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	kcc_5.6.5.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	kcc_5.6.5.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	kcc_5.6.5.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 50003100000000005a58137b10004c6f63616c003c0009000400efbe5a5899715c5857a32e000000bbe10100000001000000000000000000000000000000daf3e4004c006f00630061006c00000014000000	kcc_5.6.5.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	kcc_5.6.5.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	kcc_5.6.5.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	kcc_5.6.5.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	kcc_5.6.5.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	kcc_5.6.5.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = ffffffff	kcc_5.6.5.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	kcc_5.6.5.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	kcc_5.6.5.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	kcc_5.6.5.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	kcc_5.6.5.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	kcc_5.6.5.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	kcc_5.6.5.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 820074001c004346534616003100000000005a589971120041707044617461000000741a595e96dfd3488d671733bcee28bac5cdfadf9f6756418947c5c76bc0b67f400009000400efbe5a5899715c5857a32e000000a8e101000000010000000000000000000000000000001a54ab004100700070004400610074006100000042000000	kcc_5.6.5.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	kcc_5.6.5.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	kcc_5.6.5.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	kcc_5.6.5.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	kcc_5.6.5.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f44471a0359723fa74489c55595fe6b30ee0000	kcc_5.6.5.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	kcc_5.6.5.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	kcc_5.6.5.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
656	kcc_5.6.5.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
656	kcc_5.6.5.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	656	kcc_5.6.5.exe
Token: SeDebugPrivilege	4904	firefox.exe
Token: SeDebugPrivilege	4904	firefox.exe
Token: SeDebugPrivilege	4904	firefox.exe
Token: SeDebugPrivilege	4904	firefox.exe
Token: SeDebugPrivilege	4904	firefox.exe
Token: SeDebugPrivilege	4904	firefox.exe

Suspicious use of FindShellTrayWindow 9 IoCs

pid	Process
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe

Suspicious use of SendNotifyMessage 8 IoCs

pid	Process
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
656	kcc_5.6.5.exe
656	kcc_5.6.5.exe
4904	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4764 wrote to memory of 656	4764	kcc_5.6.5.exe	97
PID 4764 wrote to memory of 656	4764	kcc_5.6.5.exe	97
PID 656 wrote to memory of 2104	656	kcc_5.6.5.exe	103
PID 656 wrote to memory of 2104	656	kcc_5.6.5.exe	103
PID 656 wrote to memory of 4028	656	kcc_5.6.5.exe	105
PID 656 wrote to memory of 4028	656	kcc_5.6.5.exe	105
PID 3204 wrote to memory of 4904	3204	firefox.exe	113
PID 3204 wrote to memory of 4904	3204	firefox.exe	113
PID 3204 wrote to memory of 4904	3204	firefox.exe	113
PID 3204 wrote to memory of 4904	3204	firefox.exe	113
PID 3204 wrote to memory of 4904	3204	firefox.exe	113
PID 3204 wrote to memory of 4904	3204	firefox.exe	113
PID 3204 wrote to memory of 4904	3204	firefox.exe	113
PID 3204 wrote to memory of 4904	3204	firefox.exe	113
PID 3204 wrote to memory of 4904	3204	firefox.exe	113
PID 3204 wrote to memory of 4904	3204	firefox.exe	113
PID 3204 wrote to memory of 4904	3204	firefox.exe	113
PID 4904 wrote to memory of 2572	4904	firefox.exe	114
PID 4904 wrote to memory of 2572	4904	firefox.exe	114
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115
PID 4904 wrote to memory of 4436	4904	firefox.exe	115

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\kcc_5.6.5.exe
"C:\Users\Admin\AppData\Local\Temp\kcc_5.6.5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4764
- C:\Users\Admin\AppData\Local\Temp\kcc_5.6.5.exe
  "C:\Users\Admin\AppData\Local\Temp\kcc_5.6.5.exe"
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:656
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:2104
- - C:\Program Files\7-Zip\7z.exe
    7z
    3⤵
    PID:4028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2228 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
1⤵
PID:4752

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3204
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4904.0.2106869442\54425102" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1724 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0aad481f-d75b-4b4c-b4a4-ef51191fcb4d} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" 1964 1bee67d2858 gpu
    3⤵
    PID:2572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4904.1.1676223988\681372868" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6135cee6-bf79-4979-b21f-8f792d9717ef} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" 2364 1bed2a72858 socket
    3⤵
    PID:4436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4904.2.1679826613\2053016285" -childID 1 -isForBrowser -prefsHandle 3040 -prefMapHandle 2988 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35ff35ac-abd3-465f-b2ed-e84cbfcd6b22} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" 2984 1beea797c58 tab
    3⤵
    PID:3744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4904.3.1414969195\823471804" -childID 2 -isForBrowser -prefsHandle 1048 -prefMapHandle 1328 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {067bc051-8f25-4f00-83f2-583334a6d974} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" 1348 1bed2a70a58 tab
    3⤵
    PID:5196
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4904.4.648520455\21085019" -childID 3 -isForBrowser -prefsHandle 3820 -prefMapHandle 3808 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {865e7998-836d-4d7e-870e-646a11c55656} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" 3824 1beeb74e558 tab
    3⤵
    PID:5224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4904.5.669412989\713482224" -childID 4 -isForBrowser -prefsHandle 4956 -prefMapHandle 4796 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a93af24-13a4-4c7b-ac74-c00adee625ab} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" 4964 1beeca60058 tab
    3⤵
    PID:5824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4904.6.811038723\1961292311" -childID 5 -isForBrowser -prefsHandle 4988 -prefMapHandle 5096 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a1ca3c1-f483-4b1b-a10e-ac43ee2a44a4} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" 4964 1beeca61258 tab
    3⤵
    PID:5852
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4904.7.1537813388\169274229" -childID 6 -isForBrowser -prefsHandle 5312 -prefMapHandle 5316 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d69724e-706e-4e1e-a9c6-830a3e5caafd} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" 5300 1beeca61858 tab
    3⤵
    PID:5864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\E66F5AA5E3C285C270CF84BD11111C74D38F245C

Filesize
13KB

MD5
3387b19ca9818ecfa9d7f43f26e8d002

SHA1
5817f383578ca963565cab1ff7d359619262003f

SHA256
925a57231460d9bbfd7cbda0f0b94695cf20575e2719c00ce2c194d2bfc94510

SHA512
61e16b0ee385b40a4bfc8c45e0631c5fc1f24c06bf5c47f494496168b7be42bf89fa1f2d90494d6f0790f6475e28fd6318324d960a1d26ca1d4a89204d421617

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\MSVCP140.dll

Filesize
626KB

MD5
d396985225d85caa7d743d67c7da6316

SHA1
915d5829ed02171684c2a9e8b3b57f7a35bc1e2c

SHA256
be2ef4f6d540d0ac5fddd556dcb6bfaf6cb6288679e4d64882d625ff35f173aa

SHA512
d7b0df2865bf491c9caf34cbabefb7b7f04b35b85276a59fef0499d02b09651d8f6d0db9e87df4a9a1417f07784a8e5625e9805bc434b87d64e442ab98e24075

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\MSVCP140_1.dll

Filesize
30KB

MD5
0fe6d52eb94c848fe258dc0ec9ff4c11

SHA1
95cc74c64ab80785f3893d61a73b8a958d24da29

SHA256
446c48c1224c289bd3080087fe15d6759416d64f4136addf30086abd5415d83f

SHA512
c39a134210e314627b0f2072f4ffc9b2ce060d44d3365d11d8c1fe908b3b9403ebdd6f33e67d556bd052338d0ed3d5f16b54d628e8290fd3a155f55d36019a86

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\PyQt5\QtCore.pyd

Filesize
2.4MB

MD5
d6d51c8f5e381cbba49d54e507a41220

SHA1
86deaab67d3fc4e26bc81db89faec720a5d8a3a4

SHA256
5a2aed6f96abec6905e6a36d33bc00d2c23e13f6333ea0545a32ab57b33a7c47

SHA512
3b3b386d3d0a8865348a574740473325a1a7deac6a9b767fbca253e1de90412aa76e4e9b36d9586f3307f10ee567adb34d85bf21751e568e86ec66683131fbf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\PyQt5\QtCore.pyd

Filesize
2.3MB

MD5
bea6dcfd787beb3dc9a2cde373a9c6b1

SHA1
44415d85eeea811533b57f8bd97ed65dc2fcc7a7

SHA256
73aadfd446addf07306f63e49a2a2ff0c41682e4b97adcd7a5b79043dc7484eb

SHA512
78a0898defe2f34e5e2160523344f8c1750a8f1a3808fe85b7ff6af1b531a5b14b4edd207c78ffa74940ed9604a9a954a2b0904a30dbe62341384433b1b7a8df

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\PyQt5\QtGui.pyd

Filesize
1.4MB

MD5
0e910f668100db38c334acd8c3383266

SHA1
63fe8857f7cec6e9b4cb1c4f5bbae79ea300ea8f

SHA256
5ecf205fc10401482ff952e717943ccc44887429620aa934bbf4a90ef86bd3b2

SHA512
080568f4ea075ae37534ba5a145aeb2f490f975de4a957d579f760073ec1e7729f3134c1f53c959216f3b7063215b2857368633fefa95796b6593d96aa8b32bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\PyQt5\QtGui.pyd

Filesize
1.4MB

MD5
2b199c80c13e6f3c9b7b2d9769dad5f6

SHA1
48e2fcab3e18d142c5d359d5153648163428c883

SHA256
2b86f93a5d3ecb37eb065a4067459ce64bf537eca3c7cf60334b86f59ef9c38f

SHA512
e6f25e9a9d74439ea364646952df7dfb0aae6b5b94d3485e82b3545ade0bd55cdc0e52d117318d254ab36ceff0e0f867e139d43d9688fa50399b63e6cd38b11e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\PyQt5\QtWidgets.pyd

Filesize
1.7MB

MD5
b89a84584d9f6f86d324f1341749898e

SHA1
b5f2c22c5ef9465cbf5972fd247fab62bc31f9a3

SHA256
d13c756c0bee35475f1aff3160e47f5dc6fac3e574cf5fddc5517846003279a9

SHA512
725ad2c98c3f04489130286fa376e77e398294b9f1c7125747bdf9e6faf8fe6e177883bef1b8066f66dc47f672152cf31f7224053bb58970896aff600b637e7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\PyQt5\QtWidgets.pyd

Filesize
4.9MB

MD5
9cde8433816662eaeb762c8e6fe77e6b

SHA1
d9d69268af89c4134ed94c768baedd6abbce7557

SHA256
e732f15729fa69c3067dc33abb60e241570398aa9ab3359d9ff2a9714d1a1e4c

SHA512
3f6dfc0fdc9eeb4f5d041aaf5d0420091f7230bf60796e979503d345ce9a74e0f23dd229c31207221c8509bab1edde616ff9803776708a5b4097a7338d372c54

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\PyQt5\sip.cp310-win_amd64.pyd

Filesize
119KB

MD5
31fda8b192af6a8ba26cc166d5ebef69

SHA1
bf81645b4454d077656810e03fc169a63ee3d3e4

SHA256
b7492bb574f1ea88a1eeef3ea4ea0dac21c427ff54294600cf0ea42bb5ca53fd

SHA512
7ac94b80c594922d29b9c3b3465d2959c855b31c7d2e9f58b5b683fa9065fafbec639b0b9e42cfec39f448ce55d322db50db118e72f1d174f94bd912551cb475

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\Qt5Core.dll

Filesize
2.4MB

MD5
99b77440f8bafda6b4b3833c07fcb1c3

SHA1
08261b95b307f5b6629b1e7613c794c7507939c3

SHA256
70aa85654505b761d6053224ef51199b0673a48c76fcd75f0c9baf24472785a8

SHA512
93bd85282f761dc535572975e9323322c311b902b064ec36ebf647eec8cfd5b02d7d0c28a8dfde9afa9c1fca107f11b852f3773f548e5b6b589d9abbdcacc6d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\Qt5Core.dll

Filesize
64KB

MD5
2cf174f3a09c9b4cdfe5f8a75c9e74b9

SHA1
cb401afec60230bb35f8e15e497cbc5139eaf495

SHA256
7231b53cb71bf76a24b098714f58a31b843937f9aa8130a7335af02e96337cbd

SHA512
ccf8cd5190edb614b1f45d30a1d2a91016fd46db63e2e5d94c407e93dac8a946282011c7b6e96b1586088803b0f81b18b8e01494d142d52ec2f9e338d5af65f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\Qt5Gui.dll

Filesize
1.3MB

MD5
96f3712389377b1d2da672a01b2e1a81

SHA1
7a6869080e8eb64c16dc86fcbbddade7b76ef7be

SHA256
5a10d03d13a497ac779fb80e549d33c1d9a0bf129e7c50532a6ac33fe46b6532

SHA512
6cbb1a658be6aa2e70e2b13eb0455629cf277470de2abac3ee30bb2112d8c16d276efb3b388deeb5b49a955bc936e13f6c8d44b4fdde3cca18245fc800789736

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\Qt5Gui.dll

Filesize
1.2MB

MD5
0765b156e1247fc488bda4d420b5aadd

SHA1
7a1b577673beaea4219af92f3652488bde34ffa6

SHA256
e92c5acfc91ccc5d29242a73451166595ec9423f4e7b3e6225ec67eec479e344

SHA512
e1d872820bb2ba4e563b9b5061ae78929d2eb2defd03b830cc93d12cf5d0161550d467e96fb6bb6fb5eadd88c78f439bfc00f173be2f8b1b13241a2d0e034b9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\Qt5Widgets.dll

Filesize
64KB

MD5
6a6d4dbb9545a85d27e1e5377fe70fb2

SHA1
dffa0ea1574d8a910e17c5aa5ca3f1b30321e5c4

SHA256
7603989b24feb2c31a123e0bc5cfa8110fec66423bfd51c77ca41ffc7349ecce

SHA512
f8bafc19ed3992c1300c1cc7c12e640b1ca4f9c90b02c29cf2868d91f0653a416e39b49f022651fbdca49bd7c9ca985ee0d00446f07d010583c3a81c40f5c358

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\VCRUNTIME140.dll

Filesize
94KB

MD5
a87575e7cf8967e481241f13940ee4f7

SHA1
879098b8a353a39e16c79e6479195d43ce98629e

SHA256
ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e

SHA512
e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\VCRUNTIME140_1.dll

Filesize
36KB

MD5
37c372da4b1adb96dc995ecb7e68e465

SHA1
6c1b6cb92ff76c40c77f86ea9a917a5f854397e2

SHA256
1554b5802968fdb2705a67cbb61585e9560b9e429d043a5aa742ef3c9bbfb6bf

SHA512
926f081b1678c15dc649d7e53bfbe98e4983c9ad6ccdf11c9383ca1d85f2a7353d5c52bebf867d6e155ff897f4702fc4da36a8f4cf76b00cb842152935e319a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\_bz2.pyd

Filesize
78KB

MD5
e877e39cc3c42ed1f5461e2d5e62fc0f

SHA1
156f62a163aca4c5c5f6e8f846a1edd9b073ed7e

SHA256
4b1d29f19adaf856727fa4a1f50eee0a86c893038dfba2e52f26c11ab5b3672f

SHA512
d6579d07ede093676cdca0fb15aa2de9fcd10ff4675919ab689d961de113f6543edbceecf29430da3f7121549f5450f4fe43d67b9eab117e2a7d403f88501d51

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\_ctypes.pyd

Filesize
116KB

MD5
c8f57695af24a4f71dafa887ce731ebc

SHA1
cc393263bafce2a37500e071acb44f78e3729939

SHA256
e3b69285f27a8ad97555bebea29628a93333de203ee2fae95b73b6b6d6c162b1

SHA512
44a1fb805d9ef1a2d39b8c7d80f3545e527ab3b6bfc7abd2f4b610f17c3e6af2ae1fed3688a7cc93da06938ae94e5e865b75937352d12f6b3c45e2d24b6ab731

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\_hashlib.pyd

Filesize
57KB

MD5
4fb84e5d3f58453d7ccbf7bcc06266a0

SHA1
15fd2d345ec3a7f4d337450d4f55d1997fae0694

SHA256
df47255c100d9cc033a14c7d60051abe89c24da9c60362fe33cdf24c19651f7c

SHA512
1ca574e9e58ced8d4b2a87a119a2db9874cd1f6cedef5d7cbf49abf324fb0d9fb89d8aac7e7dfefbeb00f6834719ed55110bcb36056e0df08b36576ffd4db84c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\_lzma.pyd

Filesize
149KB

MD5
80da699f55ca8ed4df2d154f17a08583

SHA1
fbd6c7f3c72a6ba4185394209e80373177c2f8d7

SHA256
2e3fd65c4e02c99a61344ce59e09ec7fde74c671db5f82a891732e1140910f20

SHA512
15ea7cd4075940096a4ab66778a0320964562aa4ae2f6e1acbe173cd5da8855977c66f019fd343cfe8dacc3e410edf933bce117a4e9b542182bad3023805fd44

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\_queue.pyd

Filesize
26KB

MD5
7e7d6da688789aa48094eda82be671b7

SHA1
7bf245f638e549d32957a91e17fcb66da5b00a31

SHA256
9ad5bcf2a88e1ffff3b8ee29235dc92ce48b7fca4655e87cb6e4d71bd1150afb

SHA512
d4c722e741474fe430dd6b6bd5c76367cc01ae4331720d17ed37074ad10493cc96eb717f64e1451e856c863fbb886bdc761d5a2767548874ba67eabf57ac89bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\_socket.pyd

Filesize
72KB

MD5
7f25ab4019e6c759fc77383f523ef9af

SHA1
5e6748ce7f6753195117fdc2820996b49fd8d3af

SHA256
d0497b79345b2c255f6274baea6ac44b74f345e111ab25bf6c91af9b2a3f3b95

SHA512
a179b22c61f661e4d9b17f56b6a7f66f2d8d8e1d2a9a8aca3c4d6a9cb7755ce6d223bfbca817c1098692a39b6fc20ffbdacefd9bfb47ff02ffa47badca437514

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\_ssl.pyd

Filesize
152KB

MD5
cf2f95ecf1a72f8670177c081eedeb04

SHA1
6652f432c86718fed9a83be93e66ea5755986709

SHA256
ba6025ab22d8e6c5ad53c66dc919f219a542e87540502905609b33dc0a8dddd8

SHA512
7e5df920f6acb671e78078e9c4fa3278ae838ea6bef49c0ae44de6a79923a3d7bccf0fb3f0e477ca5092e23450494dee265d8735b24d8026456e1328f6fe8b2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\_uuid.pyd

Filesize
20KB

MD5
e40fd3e717ac6edbb4238bbf9afa7362

SHA1
c4ae109b8cb3dc91cfb7da8e33bb0ef4b1c07a93

SHA256
fe822f84185005b2f84189b51226a3591693ec7c936c2fc009139c36493f4cd8

SHA512
730bd359a04f3bae3be70b5833ad8147f91df9071b007bd9bfbd09ea332c685c1ce886b955ffc4801ff1ab7fa3354eee3159a9d8ed0d6466e713992be1327c6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\base_library.zip

Filesize
1.0MB

MD5
0e4a3cd75e605eee83719960c0cb589d

SHA1
5b00b2151c35d28d2f9fc526b6c3b34ba05e08e1

SHA256
e64d3f12f94137602f282d839550d4d3ef9e4f69981a34fb3d85dd6e23f3f050

SHA512
31eaef88584d36c9a4243b67ef61d93d57ff4bafe446ab37d538a2b9741c4820bee33c69891aa464b310735b9e969f3e3f79e4ca551b2ba79c524c6e572bfa8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\charset_normalizer\md.cp310-win_amd64.pyd

Filesize
10KB

MD5
f33ca57d413e6b5313272fa54dbc8baa

SHA1
4e0cabe7d38fe8d649a0a497ed18d4d1ca5f4c44

SHA256
9b3d70922dcfaeb02812afa9030a40433b9d2b58bcf088781f9ab68a74d20664

SHA512
f17c06f4202b6edbb66660d68ff938d4f75b411f9fab48636c3575e42abaab6464d66cb57bce7f84e8e2b5755b6ef757a820a50c13dd5f85faa63cd553d3ff32

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\charset_normalizer\md__mypyc.cp310-win_amd64.pyd

Filesize
117KB

MD5
494f5b9adc1cfb7fdb919c9b1af346e1

SHA1
4a5fddd47812d19948585390f76d5435c4220e6b

SHA256
ad9bcc0de6815516dfde91bb2e477f8fb5f099d7f5511d0f54b50fa77b721051

SHA512
2c0d68da196075ea30d97b5fd853c673e28949df2b6bf005ae72fd8b60a0c036f18103c5de662cac63baaef740b65b4ed2394fcd2e6da4dfcfbeef5b64dab794

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\libcrypto-1_1.dll

Filesize
1.9MB

MD5
debb1e73b3d453a2367f2cf56ad53f1a

SHA1
2302a82d0369487c7bb6e02545f5b2ec32ede93e

SHA256
1984e9b413a0d85d37f8356e8792eb0b4797e8697fe8c4df4da41166543ad8e2

SHA512
1236b45448b71b6772b016bb6713db2df6c27e501bf8654e7830897de8ff7596919c9d19966109f684f9096638a9d488738d60f5324d47ace50c9f305b661c9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\libcrypto-1_1.dll

Filesize
320KB

MD5
c934ef293eb28870b35efd7959a6a066

SHA1
12cca642778716bde28480cec660906cd189f2a0

SHA256
6f5aff21c77527c3759dfaefab8967e2a516e573856521b4e2ff619694bae58a

SHA512
f85356360a140440f795231a144fa3175c7e03d0fdd33130474f379e4d356e437f8e1e7f4afec75055926ce5d37269bc3702cee9bdcd16c85dfd2cd9a50b1ea6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\libssl-1_1.dll

Filesize
678KB

MD5
bd857f444ebbf147a8fcd1215efe79fc

SHA1
1550e0d241c27f41c63f197b1bd669591a20c15b

SHA256
b7c0e42c1a60a2a062b899c8d4ebd0c50ef956177ba21785ce07c517c143aeaf

SHA512
2b85c1521edeadf7e118610d6546fafbbad43c288a7f0f9d38d97c4423a541dfac686634cde956812916830fbb4aad8351a23d95cd490c4a5c0f628244d30f0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\psutil\_psutil_windows.pyd

Filesize
65KB

MD5
3cba71b6bc59c26518dc865241add80a

SHA1
7e9c609790b1de110328bbbcbb4cd09b7150e5bd

SHA256
e10b73d6e13a5ae2624630f3d8535c5091ef403db6a00a2798f30874938ee996

SHA512
3ef7e20e382d51d93c707be930e12781636433650d0a2c27e109ebebeba1f30ea3e7b09af985f87f67f6b9d2ac6a7a717435f94b9d1585a9eb093a83771b43f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\pyexpat.pyd

Filesize
187KB

MD5
4135f7cc7e58900575605b7809ef11f9

SHA1
500c2d16d0d399ab97db65ca5dc4f9a40925695d

SHA256
66b14ebdd917f046315b666f841ea54a32760ecd624863071da8d3f1fd24459b

SHA512
c677c1e97e682213245641155210919278b8917e6ed2df756dd181809dd16555b700a063514c327cd8da3183b8d3f492b4b143ed076702889c35a1f53e663686

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\python3.DLL

Filesize
60KB

MD5
64a9384c6b329fb089e4d1657a06b175

SHA1
ba0e6fcc3b1406356a40b9d8577b2e7ce69c4aea

SHA256
ec655cc34819d6a9677c0541fd7e7b2b8a92804e8bf73aee692a9c44d1a24b5d

SHA512
9593d38abfd46bb94409838dd9cbe603fbe154fa0043959512afc264dceec50d846eefa409bcf9936ee1a7c7313604a578b4051eb6fd6918f2beb0da6c8ee532

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\python310.dll

Filesize
896KB

MD5
7af505045eeb62b7fd9570c547bbf320

SHA1
0911548393ef85aa71126ac7bf491cdd5731a99f

SHA256
f8e73441a8cf2cec9708fbdfb6293a7930d60c0ee0185bfc7ae6fa25c63f6503

SHA512
3a5c162710225d49f372ce302f17d651356fd7c039da34982923e80cee8b68fe2252b4a8733327db6fc808478d0021683e321ff2754472b2275ea5142da9186b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\python310.dll

Filesize
4.3MB

MD5
316ce972b0104d68847ab38aba3de06a

SHA1
ca1e227fd7f1cfb1382102320dadef683213024b

SHA256
34f0e44a0d089587e1ea48c1cc4c3164a1819c6db27a7c1b746af46d6388c26e

SHA512
a11da6590a71d977c62b1c26c275763413f6a455e6d85fa052654d05d845dbbe8122bbd8e0a23887f9873d4291382ebbd5df19674ad2dda1cf0ff3206054939b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\select.pyd

Filesize
24KB

MD5
589f030c0baa8c47f7f8082a92b834f5

SHA1
6c0f575c0556b41e35e7272f0f858dcf90c192a7

SHA256
b9ef1709ed4cd0fd72e4c4ba9b7702cb79d1619c11554ea06277f3dac21bd010

SHA512
6761c0e191795f504fc2d63fd866654869d8819c101de51df78ff071a8985541eec9a9659626dfcb31024d25fd47eff42caa2ae85cc0deb8a11113675fac8500

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\text_unidecode\data.bin

Filesize
303KB

MD5
3d1504137e89bbdc42920321b6a62404

SHA1
aaf3032171d358629c32faf2b4bdbecd8c533501

SHA256
7924666da4ce0ad24d4b8142b330e6d8e89465cd883934724cd9e4b7d8130f09

SHA512
d2d1c307970e867ad0b047245e6f9716510217733b6e170de2605190e96f82373693c8ee9d0e5d52152e688cf19830b03da3fbfb7cc21799116ff053f5a0fd61

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\ucrtbase.dll

Filesize
970KB

MD5
aad2e99881765464c9ad9ccdbe78f0e0

SHA1
8634ce21a2683674210e836822fda448262e2e16

SHA256
e6287f7ba5892c99da70e9785d320a665809ca8e657a64b9fef1e8afcfb6a2f9

SHA512
68d2e898cdd73a3ad41ef3db7a149588a82629ac0628c07606f009bd6a92a62f9816c995b1794c8a957a4f3c55a72fcab17a400a2f55016a0ee8d773a172d002

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\unicodedata.pyd

Filesize
1.1MB

MD5
ababf276d726328ca9a289f612f6904c

SHA1
32e6fc81f1d0cd3b7d2459e0aa053c0711466f84

SHA256
89c93a672b649cd1e296499333df5b3d9ba2fd28f9280233b56441c69c126631

SHA512
6d18b28fb53ffe2eebd2c5487b61f5586d693d69dd1693d3b14fb47ca0cd830e2bd60f8118693c2ff2dcb3995bbfcc703b6e3067e6b80e82b6f4666ca2a9c2ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
896KB

MD5
a888d2f70b47491011eae64ad3b7d90c

SHA1
6e5120614ec2011210b4115d92a64577cf76e7f3

SHA256
a7ca8532dc42da7ebd49a29c07117522de62cb6bf91b52ffe855cf810261b705

SHA512
96f84f4562aa9fdf07b21ad3eab4e1850b433e9a49879e3218610eae16e3404713e2394a32f6a182d71a50270fe1da204ea52e95432a2532e609a9a76fcdb706

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
2961fc71c5e0abf6b7168d4110fdba13

SHA1
e788340fcd2cf18b4c7c174b1b45dcadf7339d13

SHA256
6553f6159eccd167e0580bb335b39c1f866647ad8fde25d353868466203b41e4

SHA512
33178337c1396f65083c0b10c6c06e8aaf48f64a075833e74a1857802c03ac649d3ab910ab4c193107bf72683799aeb4456f3ef4d0ac2bf412b12a008535e351

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\bookmarkbackups\bookmarks-2024-02-28_11_8isp+gHyP3QyHg7eXV012w==.jsonlz4

Filesize
950B

MD5
4f250385aeaa84a357a344af5ad6354a

SHA1
4f1ca11ca083ed02b315c489223a20017a6ecbc4

SHA256
1496d4f20935c304d2e661264713fb152b1558850d404b59353a09e7f830c264

SHA512
16e9f6c632ecb3f96663d06f567445f294a0195a922e9e2105893550fba609767602cbaa87dd5380c5888274d7988b25e937335f58200e91db9cce6cc375c0e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\broadcast-listeners.json

Filesize
216B

MD5
44592ad1e8a3e9a0462518bc53434d9f

SHA1
056de965c95e829eef0597c546a7372e66ef4164

SHA256
9c36d4aa830200055d977d79bfd1286a56e0a225d37cc6dd00c0f05c75f37ef5

SHA512
19943390f3cd6dc633014519dcd1a8502fbc6ea796ccf511b1f9c15da621a5bc549347fda233a310a378ba35e2ac48098c2318b8c386aeda88f89399a3a88759

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
21557fc1dec5e611eaef8f2c6688e040

SHA1
0ccb2a6a4a961dfe0f7c26e7f23bc8103de8a354

SHA256
9fbf86fa21e629ee11dd3a11c8152c005a2cedc1c5fb6556a3e6ddbac5e024e3

SHA512
3f623d7864dc0a2e93393c698c096e4e19e483372989a35d0a986c0f5cb295a680cec5d4bf1df490e9a7b816c6a831ad6f6cb5f4bb2ba7d600b9b752f766419d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\b70efe72-69bb-46b4-bcd6-d26abfafb923

Filesize
746B

MD5
084e3861e624cc6f9f1d168ae72cf5ea

SHA1
1202429db47efe713ff2dbab561e21f3bfa192a5

SHA256
835d058dc05ae279cb3b9e973e0aa55b45093de07b69b77e82c92553b648b66e

SHA512
4a266d0e5c2bfc76a058732de876be606908a534ce7ff31a625b3ba8f8fafa1aec7d0b8a7a329b1adb547ffedfb208aa075baf78f7dd65445ccd7d21fc42dcb1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\e623d2c5-7446-4a1a-9bd3-8c93fe8c5049

Filesize
11KB

MD5
017a83b818181ed771d175b55e9ff594

SHA1
48453d744cc964ed51872c92837bbda09477f91d

SHA256
94969e8cd4f0d28766454f1da1cbc5028aa126288c24afd696b461976d0cfadb

SHA512
b52a20edb0db91ab6daf231005d4c7009d9842c0b151f8d0b2c3856c84953bd9d93f0c33528189c5dd45b981bded61d5e934cd8c18a8a245e4876d898914e1f5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
192KB

MD5
e10b7869c6ef32a46cad164f147b16a7

SHA1
9eedb0462c09eb5bb7605f167bccb701dbf46560

SHA256
0f62c8c807b57149f7cde82ca171de95eca10f58c2effbfb75a9a2eb26aef056

SHA512
1f917cd1163a11652ea6c566f81af2eac9606fab75d5e5a103a9346cacb6496f55ec5ff204b424679cdfb5ffc6a3780e3f851f6d491cf49433c156abab5c3df0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
9KB

MD5
94749ccfbe2752a30a4d93a5ff58f67a

SHA1
52a509f289e4c6656656e1a2565f453dfa5f2c65

SHA256
b602e2a9c8c23a4b95404781839ca925e36913ab66639a42d0fc2c9c1f961456

SHA512
2e186ecbbfad588088e78a251c0aae121d8e2a56229831dad0f524ca25e307230b2b2396cfac885e2852cba2173903de82a15de5513e6590d0aa7f6f59067897

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
9KB

MD5
7855ac7595e4369815f47a2df084b0bf

SHA1
aaffd3caec02abcae30b18820089aea56b732657

SHA256
eae2e64d6cffc9c5ea335f534d4855cc2336dc486be03e2efaf5316fce1ad150

SHA512
463aa0c6f3510b6f026a8a3ab19d4691b8ca559fdfb7cab6011adaa57a7e4e925b1677d5a9687e52d488a69dec02caab5104f2927caca7368816b04a506f73e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
d657ce657f167800cbed7f4ea0b12fde

SHA1
f1bac17a4d8bf53d6e207680db91dcea5371ce79

SHA256
98de9a7d438962527ddb243684f15c73894ac0d6c1fcb9eb345a5bf42a0270a7

SHA512
e22545324fc55ea57eece74314d3dad9d7a9efb328460eb13da6f39b8e2a1ce6b675963656c57baaba4cb84fecc9f43a129f977a6220350699554988eede376d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
0e333805793193a65d58489ec4a1fa26

SHA1
04c70bea1a94d32453e3cc53fe31e185907d8be7

SHA256
87dae7ee7b80f9172d46211b4b395331b871e12c0fb9f79187b392c3120041d9

SHA512
eddb8062857f27a072c7758f28759a2b773c3919b1fa80bc89a21c928b3348d72562efd82c1bbea21ded3183087a730fb878628e43cc7dbc8714ab17ba85b10e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

Filesize
6KB

MD5
4ad73dc50dac5a286a20cb32b3227c79

SHA1
a47c2b90786c57f86843727bf9257da23d16e164

SHA256
d1a61db8977ddd69d15546183d66c1e1b264a5bea652021f9158a239d4cae198

SHA512
27d44bf262c2abe808c2af2ab85184dee2fdd1aa2efc6a80552f1110aad5485728030fe734d70ec998deb606770f9d9330c308602f54efb6d54f91366fb57ea3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
f5be7aa127f95dc724673a82f897a7bc

SHA1
d593bbfc59f9256cc35b7de95207f147a48a242c

SHA256
a40ba1724146630e27fba15b09683a6815826dd914904af7e574ff4016da91b6

SHA512
68f66c55b18599601b3df939476f278dc477f087af4d8856715ebd157a4c1ac6a457aa1860ecc91b246ee25c4f9e11c39ea111d23a7541efb32390173bc07ba4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.3MB

MD5
f0047aa7c2ac757499b577937d72c05c

SHA1
3972f3d28d365f723526d4d6c0bb742970aba828

SHA256
3988f069f080d79cf78944a3ed6049a8255f88c508d8805b4393586b0f68ef0a

SHA512
2f9c7f2cc342b07c1b709a49f66b3e1bc14d84fd6e66b2ef21f33dbe757867a797d062c1e7d85f7bb1226c2bdae103c1c240df82f5b56a689d37ed23817b4e4a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\targeting.snapshot.json

Filesize
3KB

MD5
c81b02fb9f7ea8b96f741bd1fd99a2ea

SHA1
e40314d6d096bcaf6e59620c016854c55192f465

SHA256
655288f44dbb47e7f293c4e335c81815e0025e9bfcd01465c292a4efa35d1b78

SHA512
cd41ed1ec5cc595f997b774a58f4faafbd6c7545912a33f4616646d444d40f4ed1e3c4bc9aac7ca8a9c6061581555a7b24472c0ef7171b68b80b4236fd2603ed

Download Submit
memory/656-229-0x00000231254E0000-0x0000023125A21000-memory.dmp

Filesize
5.3MB

Download
memory/656-234-0x00000231254E0000-0x0000023125A21000-memory.dmp

Filesize
5.3MB

Download
memory/656-230-0x0000023125A90000-0x0000023125AA0000-memory.dmp

Filesize
64KB

Download
memory/656-235-0x00000231254E0000-0x0000023125A21000-memory.dmp

Filesize
5.3MB

Download
memory/656-233-0x00000231254E0000-0x0000023125A21000-memory.dmp

Filesize
5.3MB

Download
memory/656-227-0x00007FFEAAFD0000-0x00007FFEAB4C0000-memory.dmp

Filesize
4.9MB

Download
memory/656-228-0x00000231254E0000-0x0000023125A21000-memory.dmp

Filesize
5.3MB

Download
memory/656-329-0x00000231254E0000-0x0000023125A21000-memory.dmp

Filesize
5.3MB

Download
memory/656-195-0x00007FFEAA0D0000-0x00007FFEAA333000-memory.dmp

Filesize
2.4MB

Download
memory/656-223-0x00007FFEA93B0000-0x00007FFEA9615000-memory.dmp

Filesize
2.4MB

Download