eacd5ed86a8ddd368a1089c7b97b791258e3eeb89c76c6da829b58d469f654b2

Analysis

max time kernel
874s
max time network
875s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08-03-2024 11:19

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

MrsMajor 3.0.7z
Size

234KB
MD5

fedb45ddbd72fc70a81c789763038d81
SHA1

f1ed20c626d0a7ca2808ed768e7d7b319bc4c84a
SHA256

eacd5ed86a8ddd368a1089c7b97b791258e3eeb89c76c6da829b58d469f654b2
SHA512

813c0367f3aeceea9be02ffad4bfa8092ea44b428e68db8f3f33e45e4e5e53599d985fa79a708679b6957cbd04d9b9d67b288137fa71ac5a59e917b8792c8298
SSDEEP

6144:HMMAgnxjSgdHCueEVIzAMAcqXvYEC86TFSQ:HagxjSg1xrIzAMAcuI5TFT

Score

10^/10

agilenet evasion trojan upx

Malware Config

Signatures

UAC bypass 3 TTPs 4 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Processes:

wscript.exewscript.exewscript.exewscript.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	wscript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	wscript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	wscript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	wscript.exe

Downloads MZ/PE file

Executes dropped EXE 9 IoCs

Processes:

NRVP.exeMrsMajor 3.0.exeeulascr.exeMrsMajor 3.0.exeeulascr.exeMrsMajor 3.0.exeeulascr.exeMrsMajor 3.0.exeeulascr.exe

pid	process
3868	NRVP.exe
1984	MrsMajor 3.0.exe
2852	eulascr.exe
1992	MrsMajor 3.0.exe
3276	eulascr.exe
3436	MrsMajor 3.0.exe
3524	eulascr.exe
3744	MrsMajor 3.0.exe
2236	eulascr.exe

Loads dropped DLL 10 IoCs

Processes:

firefox.exe7zFM.exeeulascr.exeeulascr.exeeulascr.exeeulascr.exe

pid process

2184 firefox.exe
2184 firefox.exe
2056 7zFM.exe
2852 eulascr.exe
1200
1200
1200
3276 eulascr.exe
3524 eulascr.exe
2236 eulascr.exe

pid	process
2184	firefox.exe
2184	firefox.exe
2056	7zFM.exe
2852	eulascr.exe
1200
1200
1200
3276	eulascr.exe
3524	eulascr.exe
2236	eulascr.exe

Obfuscated with Agile.Net obfuscator 6 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
behavioral1/memory/2852-1642-0x0000000000AF0000-0x0000000000B1A000-memory.dmp	agile_net
behavioral1/memory/3276-1672-0x0000000000D30000-0x0000000000D5A000-memory.dmp	agile_net
C:\Users\Admin\AppData\Local\Temp\471E.tmp\AgileDotNet.VMRuntime.dll	agile_net
C:\Users\Admin\AppData\Local\Temp\471E.tmp\eulascr.exe	agile_net
behavioral1/memory/3524-1692-0x0000000000A90000-0x0000000000ABA000-memory.dmp	agile_net
behavioral1/memory/2236-2795-0x00000000002B0000-0x00000000002DA000-memory.dmp	agile_net

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\NRVP.exe	upx
behavioral1/memory/3868-1613-0x000000013F4A0000-0x000000013F4AC000-memory.dmp	upx
behavioral1/memory/3868-1623-0x000000013F4A0000-0x000000013F4AC000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 12 IoCs

Web Service

T1102

Processes:

flow	ioc
317	drive.google.com
319	drive.google.com
385	drive.google.com
391	drive.google.com
416	drive.google.com
284	camo.githubusercontent.com
291	camo.githubusercontent.com
316	drive.google.com
422	drive.google.com
286	camo.githubusercontent.com
287	camo.githubusercontent.com
318	drive.google.com

Drops file in System32 directory 2 IoCs

Processes:

firefox.execmd.exe

description	ioc	process
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	firefox.exe
File opened for modification	C:\Windows\system32\ickr0a.exe	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 36 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

Processes:

NRVP.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\NRVP.exe = "11000"	NRVP.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	NRVP.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	NRVP.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	NRVP.exe

Modifies registry class 4 IoCs

Processes:

firefox.exefirefox.exefirefox.exefirefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

Processes:

firefox.exe

description ioc process

File created C:\Users\Admin\Downloads\NRVP.exe:Zone.Identifier firefox.exe
Suspicious behavior: EnumeratesProcesses 7 IoCs

Processes:

chrome.exe7zFM.exeeulascr.exeeulascr.exeeulascr.exeeulascr.exe

pid process

2520 chrome.exe
2520 chrome.exe
2056 7zFM.exe
2852 eulascr.exe
3276 eulascr.exe
3524 eulascr.exe
2236 eulascr.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

7zFM.exe

pid process

2056 7zFM.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\NRVP.exe:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

7zFM.exechrome.exe

description	pid	process
Token: SeRestorePrivilege	2056	7zFM.exe
Token: 35	2056	7zFM.exe
Token: SeSecurityPrivilege	2056	7zFM.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe
Token: SeShutdownPrivilege	2520	chrome.exe

Suspicious use of FindShellTrayWindow 61 IoCs

Processes:

7zFM.exechrome.exefirefox.exefirefox.exefirefox.exefirefox.exe

pid	process
2056	7zFM.exe
2056	7zFM.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2644	firefox.exe
2644	firefox.exe
2644	firefox.exe
2644	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2056	7zFM.exe
2056	7zFM.exe
2184	firefox.exe
2184	firefox.exe
3440	firefox.exe
3440	firefox.exe
3440	firefox.exe
3440	firefox.exe
3440	firefox.exe
2880	firefox.exe
2880	firefox.exe
2880	firefox.exe
2880	firefox.exe
2880	firefox.exe
2880	firefox.exe
2880	firefox.exe

Suspicious use of SendNotifyMessage 50 IoCs

Processes:

chrome.exefirefox.exefirefox.exefirefox.exefirefox.exe

pid	process
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2644	firefox.exe
2644	firefox.exe
2644	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
3440	firefox.exe
3440	firefox.exe
3440	firefox.exe
3440	firefox.exe
2880	firefox.exe
2880	firefox.exe
2880	firefox.exe
2880	firefox.exe
2880	firefox.exe
2880	firefox.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

firefox.exeNRVP.exe

pid process

2184 firefox.exe
2184 firefox.exe
2184 firefox.exe
3868 NRVP.exe
3868 NRVP.exe

pid	process
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
3868	NRVP.exe
3868	NRVP.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

cmd.exechrome.exe

description	pid	process	target process
PID 2384 wrote to memory of 2056	2384	cmd.exe	7zFM.exe
PID 2384 wrote to memory of 2056	2384	cmd.exe	7zFM.exe
PID 2384 wrote to memory of 2056	2384	cmd.exe	7zFM.exe
PID 2520 wrote to memory of 2372	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2372	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2372	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 1428	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2164	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2164	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2164	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2216	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2216	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2216	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2216	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2216	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2216	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2216	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2216	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2216	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2216	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2216	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2216	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2216	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2216	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2216	2520	chrome.exe	chrome.exe
PID 2520 wrote to memory of 2216	2520	chrome.exe	chrome.exe

System policy modification 1 TTPs 8 IoCs

evasion

Modify Registry

T1112

Processes:

wscript.exewscript.exewscript.exewscript.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System	wscript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	wscript.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System	wscript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	wscript.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System	wscript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	wscript.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System	wscript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	wscript.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\MrsMajor 3.0.7z"
1⤵
- Suspicious use of WriteProcessMemory
PID:2384

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\MrsMajor 3.0.7z"
2⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2056

C:\Users\Admin\AppData\Local\Temp\7zO808E769A\MrsMajor 3.0.exe
"C:\Users\Admin\AppData\Local\Temp\7zO808E769A\MrsMajor 3.0.exe"
3⤵
- Executes dropped EXE
PID:1984

C:\Windows\system32\wscript.exe
"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\C83F.tmp\C840.tmp\C841.vbs //Nologo
4⤵
- UAC bypass
- System policy modification
PID:1944

C:\Users\Admin\AppData\Local\Temp\C83F.tmp\eulascr.exe
"C:\Users\Admin\AppData\Local\Temp\C83F.tmp\eulascr.exe"
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6639758,0x7fef6639768,0x7fef6639778
2⤵
PID:2372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1364,i,15192219771014358401,3450607788940395189,131072 /prefetch:2
2⤵
PID:1428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1364,i,15192219771014358401,3450607788940395189,131072 /prefetch:8
2⤵
PID:2164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1364,i,15192219771014358401,3450607788940395189,131072 /prefetch:8
2⤵
PID:2216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2176 --field-trial-handle=1364,i,15192219771014358401,3450607788940395189,131072 /prefetch:1
2⤵
PID:1060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2184 --field-trial-handle=1364,i,15192219771014358401,3450607788940395189,131072 /prefetch:1
2⤵
PID:744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1448 --field-trial-handle=1364,i,15192219771014358401,3450607788940395189,131072 /prefetch:2
2⤵
PID:2132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3300 --field-trial-handle=1364,i,15192219771014358401,3450607788940395189,131072 /prefetch:1
2⤵
PID:960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3648 --field-trial-handle=1364,i,15192219771014358401,3450607788940395189,131072 /prefetch:8
2⤵
PID:2124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3712 --field-trial-handle=1364,i,15192219771014358401,3450607788940395189,131072 /prefetch:1
2⤵
PID:1624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3720 --field-trial-handle=1364,i,15192219771014358401,3450607788940395189,131072 /prefetch:1
2⤵
PID:1608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3440 --field-trial-handle=1364,i,15192219771014358401,3450607788940395189,131072 /prefetch:1
2⤵
PID:1724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3704 --field-trial-handle=1364,i,15192219771014358401,3450607788940395189,131072 /prefetch:8
2⤵
PID:2308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3640 --field-trial-handle=1364,i,15192219771014358401,3450607788940395189,131072 /prefetch:1
2⤵
PID:2700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2624 --field-trial-handle=1364,i,15192219771014358401,3450607788940395189,131072 /prefetch:1
2⤵
PID:2032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3872 --field-trial-handle=1364,i,15192219771014358401,3450607788940395189,131072 /prefetch:8
2⤵
PID:1944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3724 --field-trial-handle=1364,i,15192219771014358401,3450607788940395189,131072 /prefetch:8
2⤵
PID:1264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3656 --field-trial-handle=1364,i,15192219771014358401,3450607788940395189,131072 /prefetch:8
2⤵
PID:1928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2564 --field-trial-handle=1364,i,15192219771014358401,3450607788940395189,131072 /prefetch:1
2⤵
PID:960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3720 --field-trial-handle=1364,i,15192219771014358401,3450607788940395189,131072 /prefetch:8
2⤵
PID:1524

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1840

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2572

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2644

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2644.0.1842216642\540344216" -parentBuildID 20221007134813 -prefsHandle 1272 -prefMapHandle 1220 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f1c24ba-93d5-47bb-96ad-54e69988f03b} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" 1372 101d7b58 gpu
3⤵
PID:1572

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2644.1.1686324368\1211327568" -parentBuildID 20221007134813 -prefsHandle 1512 -prefMapHandle 1508 -prefsLen 20830 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb55e87e-1a23-4077-8290-4382f167a2e8} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" 1524 41ed958 socket
3⤵
- Checks processor information in registry
PID:756

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2644.2.1439737008\297154859" -childID 1 -isForBrowser -prefsHandle 1940 -prefMapHandle 1876 -prefsLen 20868 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e33f9fa1-22ee-4156-8a16-f96ce8539d2e} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" 1916 1a46f258 tab
3⤵
PID:2896

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2644.3.860121184\1731987542" -childID 2 -isForBrowser -prefsHandle 2752 -prefMapHandle 2748 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee71608b-e10f-4fa2-b216-d6c4032151aa} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" 2764 1c697258 tab
3⤵
PID:824

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2644.4.1918342307\424525858" -childID 3 -isForBrowser -prefsHandle 2916 -prefMapHandle 2732 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {863638c0-e090-4289-8d44-86aada3fd128} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" 2924 1c697858 tab
3⤵
PID:2856

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2644.5.2049889357\441986876" -childID 4 -isForBrowser -prefsHandle 3680 -prefMapHandle 3716 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {232b70b9-34e6-4a81-98e1-21dcc07754a4} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" 3732 1ea18558 tab
3⤵
PID:1720

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2644.6.1581272258\995745990" -childID 5 -isForBrowser -prefsHandle 3848 -prefMapHandle 3852 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {18e1205e-643b-4bc2-8527-fb97bc48bf93} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" 3840 1ea16d58 tab
3⤵
PID:1384

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2644.7.1148912354\1012309207" -childID 6 -isForBrowser -prefsHandle 4028 -prefMapHandle 4032 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6845eb7-d84c-4f59-8754-97be3d4f8712} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" 4016 1ea17058 tab
3⤵
PID:1664

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2644.8.1916393819\2075065282" -childID 7 -isForBrowser -prefsHandle 3000 -prefMapHandle 2084 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {79b23ec5-9da4-42a9-83cf-163119648d9d} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" 3044 1a394058 tab
3⤵
PID:2492

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1516

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Loads dropped DLL
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2184

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.0.1017919519\1748920072" -parentBuildID 20221007134813 -prefsHandle 1224 -prefMapHandle 1216 -prefsLen 20873 -prefMapSize 233496 -appDir "C:\Program Files\Mozilla Firefox\browser" - {43f6cc81-9516-4d8f-9775-f48daaf8cad0} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 1304 11fe9358 gpu
3⤵
PID:348

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.1.218567199\1983010159" -parentBuildID 20221007134813 -prefsHandle 1480 -prefMapHandle 1476 -prefsLen 20954 -prefMapSize 233496 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdcc6831-f4ad-4289-8ee1-4113e1febcb6} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 1492 d6fe58 socket
3⤵
- Checks processor information in registry
PID:1916

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.2.1407301468\1500771666" -childID 1 -isForBrowser -prefsHandle 1976 -prefMapHandle 1972 -prefsLen 21057 -prefMapSize 233496 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2905755e-5fc4-4fdd-b7d2-1b9f86e4b225} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 1988 19e35558 tab
3⤵
PID:1696

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.3.649065072\161420033" -childID 2 -isForBrowser -prefsHandle 844 -prefMapHandle 828 -prefsLen 26235 -prefMapSize 233496 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a67f3478-df53-4302-aabc-b05a4bb8dc36} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 644 19d64d58 tab
3⤵
PID:2648

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.4.284221318\1388177393" -childID 3 -isForBrowser -prefsHandle 2648 -prefMapHandle 2644 -prefsLen 26235 -prefMapSize 233496 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3be0ee7-3b73-4bbd-8f42-253cb76ceb39} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 2660 d5e258 tab
3⤵
PID:1544

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.5.1749599296\757538190" -childID 4 -isForBrowser -prefsHandle 1112 -prefMapHandle 3248 -prefsLen 26235 -prefMapSize 233496 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf10a4c5-c685-4336-b028-212baa4382f0} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 3292 1aadf858 tab
3⤵
PID:2360

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.6.494547413\101568002" -childID 5 -isForBrowser -prefsHandle 3300 -prefMapHandle 3260 -prefsLen 26235 -prefMapSize 233496 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e30e786e-0f5c-463f-964b-5416ba9e8a23} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 3348 1b7a0a58 tab
3⤵
PID:1680

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.7.608799816\9092567" -childID 6 -isForBrowser -prefsHandle 3516 -prefMapHandle 3352 -prefsLen 26235 -prefMapSize 233496 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4f9b3d1-62b1-4b1a-8e05-1cc2e4e15c84} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 3528 1b7a0758 tab
3⤵
PID:1964

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.8.343486546\143206395" -childID 7 -isForBrowser -prefsHandle 3992 -prefMapHandle 3984 -prefsLen 26235 -prefMapSize 233496 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6383e61-5dd4-457a-b16b-64dfcb1f4128} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 4004 1df3e858 tab
3⤵
PID:1300

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.9.508597519\903532479" -childID 8 -isForBrowser -prefsHandle 2404 -prefMapHandle 3536 -prefsLen 26235 -prefMapSize 233496 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab35ae40-efb4-4de2-b388-c6a593f5756d} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 2916 1f89d558 tab
3⤵
PID:924

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.10.1634039807\986062212" -childID 9 -isForBrowser -prefsHandle 3336 -prefMapHandle 1096 -prefsLen 26235 -prefMapSize 233496 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a27986e3-9862-48f7-8413-a4bffaa33cc8} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 2316 1ba7fe58 tab
3⤵
PID:1780

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.11.443390496\1986634632" -childID 10 -isForBrowser -prefsHandle 4316 -prefMapHandle 4328 -prefsLen 26235 -prefMapSize 233496 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {34334a77-bbaa-439f-8959-9a746717f902} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 4304 1f89c058 tab
3⤵
PID:2864

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.12.1888096855\967500735" -parentBuildID 20221007134813 -prefsHandle 3216 -prefMapHandle 3232 -prefsLen 26500 -prefMapSize 233496 -appDir "C:\Program Files\Mozilla Firefox\browser" - {29b51a15-b77e-4f42-9bc4-605a6c993f54} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 4188 22f55858 rdd
3⤵
PID:3592

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.13.383415645\1448973318" -childID 11 -isForBrowser -prefsHandle 4180 -prefMapHandle 1696 -prefsLen 26500 -prefMapSize 233496 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7bf9ad6e-1387-4744-95b9-1e1f5e489f23} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 4320 22f58e58 tab
3⤵
PID:3652

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.14.327996471\276191467" -childID 12 -isForBrowser -prefsHandle 4556 -prefMapHandle 4552 -prefsLen 26500 -prefMapSize 233496 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae6723e2-0baf-44ae-b7a8-d58718ca9278} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 4496 23518258 tab
3⤵
PID:2940

C:\Users\Admin\Downloads\NRVP.exe
"C:\Users\Admin\Downloads\NRVP.exe"
3⤵
- Executes dropped EXE
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3868

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.15.543171601\376647444" -childID 13 -isForBrowser -prefsHandle 8680 -prefMapHandle 8684 -prefsLen 26540 -prefMapSize 233496 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9cb020e-7cde-4596-a31e-db9ac3bb49f6} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 8668 1df40f58 tab
3⤵
PID:2288

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.16.1903885186\1747506443" -childID 14 -isForBrowser -prefsHandle 8520 -prefMapHandle 3916 -prefsLen 26540 -prefMapSize 233496 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86a4614d-275d-41ac-816e-4a7a1d44b7b5} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 8500 1ed8c558 tab
3⤵
PID:2968

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.17.1901558381\1994887743" -childID 15 -isForBrowser -prefsHandle 1604 -prefMapHandle 1844 -prefsLen 26549 -prefMapSize 233496 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6cabe41-b620-4216-aac9-3c26d766ed23} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 8352 22f55558 tab
3⤵
PID:3460

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x488
1⤵
PID:3024

C:\Users\Admin\Desktop\MrsMajor 3.0.exe
"C:\Users\Admin\Desktop\MrsMajor 3.0.exe"
1⤵
- Executes dropped EXE
PID:1992

C:\Windows\system32\wscript.exe
"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\29CF.tmp\29D0.tmp\29D1.vbs //Nologo
2⤵
- UAC bypass
- System policy modification
PID:3548

C:\Users\Admin\AppData\Local\Temp\29CF.tmp\eulascr.exe
"C:\Users\Admin\AppData\Local\Temp\29CF.tmp\eulascr.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3276

C:\Users\Admin\Desktop\MrsMajor 3.0.exe
"C:\Users\Admin\Desktop\MrsMajor 3.0.exe"
1⤵
- Executes dropped EXE
PID:3436

C:\Windows\system32\wscript.exe
"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\471E.tmp\471F.tmp\4720.vbs //Nologo
2⤵
- UAC bypass
- System policy modification
PID:3464

C:\Users\Admin\AppData\Local\Temp\471E.tmp\eulascr.exe
"C:\Users\Admin\AppData\Local\Temp\471E.tmp\eulascr.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3524

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1976

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1368

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3440

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3440.0.669101126\607486153" -parentBuildID 20221007134813 -prefsHandle 1140 -prefMapHandle 1132 -prefsLen 21147 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd5f23a4-049f-42bd-b0f9-4cfdc67b7de5} 3440 "\\.\pipe\gecko-crash-server-pipe.3440" 1204 3ffce58 gpu
3⤵
PID:3104

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3440.1.1656588635\968774257" -parentBuildID 20221007134813 -prefsHandle 1344 -prefMapHandle 1340 -prefsLen 21192 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {accbd0f2-ef5a-4d64-b756-39cffca179de} 3440 "\\.\pipe\gecko-crash-server-pipe.3440" 1360 de3e58 socket
3⤵
- Checks processor information in registry
PID:3084

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3440.2.1499209528\1909268089" -childID 1 -isForBrowser -prefsHandle 2008 -prefMapHandle 2004 -prefsLen 21653 -prefMapSize 233536 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {31eab290-f1bd-4b86-9273-d67c7dbc541d} 3440 "\\.\pipe\gecko-crash-server-pipe.3440" 2020 19a84858 tab
3⤵
PID:904

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3440.3.1576727865\1334750308" -childID 2 -isForBrowser -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 26831 -prefMapSize 233536 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d1c63b5-a580-4ddf-858d-5836a813e82d} 3440 "\\.\pipe\gecko-crash-server-pipe.3440" 2400 1b845558 tab
3⤵
PID:2144

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3440.4.2020622535\209079735" -childID 3 -isForBrowser -prefsHandle 2640 -prefMapHandle 2632 -prefsLen 26831 -prefMapSize 233536 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0ae559e-c949-401a-a5e1-12a8bcafd718} 3440 "\\.\pipe\gecko-crash-server-pipe.3440" 2656 1ba45c58 tab
3⤵
PID:636

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3440.5.1541664387\1291620654" -childID 4 -isForBrowser -prefsHandle 3444 -prefMapHandle 3416 -prefsLen 26831 -prefMapSize 233536 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9efb1c8-ab91-4695-bffd-8c513d2ae2ea} 3440 "\\.\pipe\gecko-crash-server-pipe.3440" 3464 1e528158 tab
3⤵
PID:1988

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3440.6.1458454125\650364782" -childID 5 -isForBrowser -prefsHandle 3572 -prefMapHandle 3576 -prefsLen 26831 -prefMapSize 233536 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4efdf05-487f-489e-b2bb-8d578fe755fa} 3440 "\\.\pipe\gecko-crash-server-pipe.3440" 3560 1e528458 tab
3⤵
PID:3864

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3440.7.133776361\1111505234" -childID 6 -isForBrowser -prefsHandle 3768 -prefMapHandle 3772 -prefsLen 26831 -prefMapSize 233536 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dcb29604-9c28-407b-a43c-a3ec4250fdff} 3440 "\\.\pipe\gecko-crash-server-pipe.3440" 3756 1e528a58 tab
3⤵
PID:2320

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3440.8.618166640\78719810" -childID 7 -isForBrowser -prefsHandle 3932 -prefMapHandle 3936 -prefsLen 26831 -prefMapSize 233536 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c49880c3-3871-4e7d-aa25-b24f773e2478} 3440 "\\.\pipe\gecko-crash-server-pipe.3440" 3920 217a5e58 tab
3⤵
PID:3564

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3440.9.1863570548\1173776626" -childID 8 -isForBrowser -prefsHandle 4280 -prefMapHandle 3532 -prefsLen 26831 -prefMapSize 233536 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f42c6cbd-fd77-4a13-aa13-ef4f55c38afa} 3440 "\\.\pipe\gecko-crash-server-pipe.3440" 3508 d66858 tab
3⤵
PID:860

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1952

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Drops file in System32 directory
- Checks processor information in registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2880

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2880.0.534316440\1410453845" -parentBuildID 20221007134813 -prefsHandle 1144 -prefMapHandle 1136 -prefsLen 21147 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4510b69d-febd-4231-bf49-55eda294a298} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" 1208 9eeca58 gpu
3⤵
PID:3816

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2880.1.129125241\1105308888" -parentBuildID 20221007134813 -prefsHandle 1348 -prefMapHandle 1344 -prefsLen 21192 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4deff07e-01bc-483b-9c18-322758de2795} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" 1360 ddfe58 socket
3⤵
- Checks processor information in registry
PID:3968

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2880.2.328895013\224856657" -childID 1 -isForBrowser -prefsHandle 2020 -prefMapHandle 2016 -prefsLen 21653 -prefMapSize 233536 -jsInitHandle 728 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c71c7658-75aa-4640-8197-3b4bd6a6fa33} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" 2032 19b40e58 tab
3⤵
PID:2180

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2880.3.656322496\759131724" -childID 2 -isForBrowser -prefsHandle 2364 -prefMapHandle 2360 -prefsLen 26831 -prefMapSize 233536 -jsInitHandle 728 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed584078-92d4-4a8b-a104-3fbdce5cb4e5} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" 2320 d62b58 tab
3⤵
PID:1988

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2880.4.923620512\181383984" -childID 3 -isForBrowser -prefsHandle 2748 -prefMapHandle 2744 -prefsLen 26831 -prefMapSize 233536 -jsInitHandle 728 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {091c96e3-cbe6-4829-aa36-048a9934fb3a} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" 2760 1c20a958 tab
3⤵
PID:2084

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2880.5.842238193\1734067274" -childID 4 -isForBrowser -prefsHandle 2500 -prefMapHandle 3288 -prefsLen 26831 -prefMapSize 233536 -jsInitHandle 728 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7099640f-093a-4126-9834-a75305a646b5} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" 3344 1b34ec58 tab
3⤵
PID:2712

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2880.6.563305416\690121109" -childID 5 -isForBrowser -prefsHandle 3452 -prefMapHandle 3456 -prefsLen 26831 -prefMapSize 233536 -jsInitHandle 728 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {47adfa5c-bfcd-425c-ac05-e779070879e5} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" 3440 1eb39458 tab
3⤵
PID:1624

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2880.7.610553547\1270511021" -childID 6 -isForBrowser -prefsHandle 3664 -prefMapHandle 3668 -prefsLen 26831 -prefMapSize 233536 -jsInitHandle 728 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {62b3f66b-5080-4138-aba8-969750dbb892} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" 3652 1f4e7558 tab
3⤵
PID:2472

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2880.8.2030135319\299733750" -childID 7 -isForBrowser -prefsHandle 4120 -prefMapHandle 4080 -prefsLen 26831 -prefMapSize 233536 -jsInitHandle 728 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d690552-e7b7-4c35-9843-d222634a732c} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" 4132 1a03be58 tab
3⤵
PID:3576

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2880.9.847227309\952128400" -childID 8 -isForBrowser -prefsHandle 4516 -prefMapHandle 4520 -prefsLen 26840 -prefMapSize 233536 -jsInitHandle 728 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc0996c1-acf1-4b50-a82e-1108cd1522e8} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" 4504 22e69e58 tab
3⤵
PID:3536

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2880.10.1978208145\1240663439" -childID 9 -isForBrowser -prefsHandle 4692 -prefMapHandle 4632 -prefsLen 26840 -prefMapSize 233536 -jsInitHandle 728 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7917bd73-c411-4daa-9b8e-c1af1d4ea8a9} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" 4704 234f7a58 tab
3⤵
PID:3004

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2880.11.1920506939\472600139" -childID 10 -isForBrowser -prefsHandle 8808 -prefMapHandle 8816 -prefsLen 26840 -prefMapSize 233536 -jsInitHandle 728 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {64651f3f-89f7-4017-9f57-22bdc9940786} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" 4852 23af3358 tab
3⤵
PID:3520

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2880.12.988183621\177030868" -parentBuildID 20221007134813 -prefsHandle 8640 -prefMapHandle 8808 -prefsLen 26840 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3a34d5c-4534-4c3c-be3d-4456db26f979} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" 8648 24490058 rdd
3⤵
PID:1672

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2880.13.1622245378\155460820" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 8540 -prefMapHandle 8544 -prefsLen 26840 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ed7429b-0eee-4423-aabd-e4067f766337} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" 8528 2471b858 utility
3⤵
PID:2200

C:\Users\Admin\Desktop\MrsMajor 3.0.exe
"C:\Users\Admin\Desktop\MrsMajor 3.0.exe"
1⤵
- Executes dropped EXE
PID:3744

C:\Windows\system32\wscript.exe
"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\4B81.tmp\4B82.tmp\4B83.vbs //Nologo
2⤵
- UAC bypass
- System policy modification
PID:3272

C:\Users\Admin\AppData\Local\Temp\4B81.tmp\eulascr.exe
"C:\Users\Admin\AppData\Local\Temp\4B81.tmp\eulascr.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2236

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
- Drops file in System32 directory
PID:2144

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:1520

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x574
1⤵
PID:112

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:2280

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
749cbd7d2d4cef69dcc8e67575edb8d1

SHA1
421acf6ae349d98825e6e067ddc4d1ee57c612dc

SHA256
f8e2059573956f46c1282f5d912bfc1f56dab4c2a44f8126e0bf1b809abd482a

SHA512
1e2e1efb4f20d91069156e0e21ccf0761455d51b7d1cdaff1a1ca7a949e8f4938ade71f264dd89c8fb3f2847fd923c1773e7ed26d3fdd24754be8df27571a478

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\7af3560c-ab48-4a4b-a191-d2314d0144ec.tmp
Filesize
258KB

MD5
410b86ef5bd940948c3f2fc08dcd10ea

SHA1
b94bae5fb25d26e1adca4a9c11e91e0bc4b96cef

SHA256
fd58e72bb6cf7a2a337ec328d09aa841a6a40f930c6f752bdf154b6bb9965943

SHA512
12c2fa03e703f5b9ad03cc12699bad753473c30eec2b8c1b5b5ef963ef6176c303027b1bdf8f67fe53d93e490e3a65fe7eff499c6eeff940c32b379bf46941a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004
Filesize
39KB

MD5
074d7c0ab0352d979572b757de8b9f0c

SHA1
ca7dd3b86c5e8a750401b8d6d773a9cc3af55b81

SHA256
46a06c3ec01cd4c5d5d8bb131febc48e3b1eeac94a47fe0718dfce6af821f83a

SHA512
00de9f645ca784322b005c73302aa573ab0665e8334533e7408326f0c84c12f3d056f39a2197d5c4bb8092f3b09dec4b79ec73de1b5d161951c5c48b9548216d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
d8e953be1b60a96c7d3c5bfc451b919c

SHA1
5a933e7ae2127f313e5db345136903ad3edafef5

SHA256
4d9bd5cbad98126681f7f79a46ca588862351baef7269601016e8bd6748b5121

SHA512
0d52952771332609e1b808f65356f54331db57aaacf4c586479a0277a585764900dd57e2b6d68bc67e825adf6ba164eb2e185026752331df5b338aff522d52a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\000002.dbtmp
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\Paths\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT~RFf782efc.TMP
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
987B

MD5
40df20fc637eb40ffb1c565f33e495ee

SHA1
d343e166296a93e6252db8084c65b974a277b08f

SHA256
73d9ea572f305a40bdfbd4007633c3dcab4057cd7d082929d507c3e966630671

SHA512
a24df2a19fab0b477aa95a7c7798e9f259fb7745857d925557801a3479f58b0f8d24894f29315df35051ce7cae11d4e0c59608ed27f05792858c122bea99c72e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
069ba000d04c1c25a7e548a7cc405ebc

SHA1
39da2a7c0abde8bedc931b8b99e455bf4662e70e

SHA256
495a1f84f081598c7d7f6c362820bdd60dfae2d5a5d82db242f9a13890754073

SHA512
2b4865095855ac91ee180936c2483ae3fa67c852ac756d63ffa5a69bd693cae5d368bf6a584ea1b852452f11ce406bfd988791bd62c4453c2ed3e3f42a4432c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
741d7fbaa2503eb4413b6c4a868e4b61

SHA1
92a6f9d708e80aa1c4af483427e4f3948404026a

SHA256
27c3992dc9f574af5902635412cff29ef9bd2100e9b6b9eb0c1adcd1654d595a

SHA512
cca7a7d0299769bea4c6fd62c335dac521c8c7c8918e419e1b6dd9a457830b71945d4b1731a1b1fc774f3ccfce020e6e2a95c6307af3dbfa45075cb9d6bf1928

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
018ef275157b81bea323bbbec1e10a88

SHA1
3672738cd6fdde0b0faa53bb6286a41928a5fbd4

SHA256
c32023d10718c17e3aae373966ce06fdeb6eb2523f07fa1e620a8b468ebf60e4

SHA512
d0eee1458c8e511b769247478ddba0c5d7b678102974981c540ea463ce62c49c92f8ddae2f91d4bf66d997275fc78fe2949cd6345acd0130a4bdb9d357e3da7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
d51e1f68d4f6a038871706bac17c82df

SHA1
f219cb5d1fd95fbce915e83c299359fbd03e9d72

SHA256
018b6c26092c5ad027ff500ba84333b3504a59c96db2cc7bd22ba19d14ed9ca6

SHA512
6e09e6fbd9fd5b3106bd29e81e8f12bed363fc510aa89fd74fad814872c46dab90efa6a119e4b9bdd43de40d74c6b30d02ceb0abb0b6bd51241a525bf5c08f6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
2d58a015e2789241dc8924eaec562300

SHA1
c6d0271255e2192fa9915f22d272b27a4a83052a

SHA256
4dbb67e2bf722e4bb6fc3cf08ebf72fe1781ad9dd36e2344d895d2eb409a3ab3

SHA512
33a49bc29e95741304153ba9f664fad6893b50332f545b55507d2017d1ed5d1cb82fa45c0b735b41880cd1a73c6b06d0f5b2ea14c06ae6331cc8ba616665bdf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
8df9e3b1bb1c5fe1564daa42fb540e9b

SHA1
bb1d96d924cf76cbf80d651926705c5848c0a64a

SHA256
4aef278ef6a48f261b71796cb1e65490000b327cb75a2fe254ba4676deae988c

SHA512
c888f15e9279a2dfb03f877eea4f7b86249c975943ddda39d8d18cf37215d6f53c6b013dda14bbbf5381d99c1e23bfcc761435c7588f56be01c3576e6e292e06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
258KB

MD5
b7ae32554254751ba05d1033e0379e45

SHA1
5cd65ee6df0859077b1d618086f78783c06d31d6

SHA256
6ac722d0bcf7e8c71a099176ae207c1c868bf4497e2fe139e5f54cf0b7d273b4

SHA512
7beaa63ea80e61b57c5cbb0210db7945fb65da0e203e849ee7b9a143f19f4b4bbac14923350378c002830d200e96b8d6929b77eff2cae626259155ddf1c46b69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
258KB

MD5
f6c0672199512c4b5a511d3a6935008b

SHA1
18c4d3192190861aebfd924e8a8c015ae18d4099

SHA256
e01a47e2c672618b95a13a2e06ff0b00c2dc34669ec591ec426076543565c1b9

SHA512
2ee4eb8138ecb186bfc1097ad16f5bdbad7c0eee99694961c460e4e9e2a579502a134181c0b4a364e6b93a90edb73cfbc19b955844b18cf8d42203be5c6c9c50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
76KB

MD5
16619cb5d5b126b7de5590281616bf9b

SHA1
5643945d39046b31580ae028e9482d9191d3a591

SHA256
9113b0a47b50e1d56deb2ca0ceea9fc51306a792c3dd1fd5052185513279e1ac

SHA512
9ab46984367dd62dc683a9b0dd57630e3a7f83cfe707f775881b4b3fd1a062fcb2fb07462509d74d74c89a7259b04f4057afbfdd99861e8449f590f511cd1e68

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\doomed\10874
Filesize
9KB

MD5
dab814a7d738a6e7de63bbd2385ef612

SHA1
c8410b4c271161ca1f59a5aa18280611d45349ec

SHA256
2d066fe39d4d1f568e6215fd1486526c2faa77c10f897b2fa9487a21e1f4840f

SHA512
2825a7856bd71e1935ac0dbd338120325f667e3bf289eb7bcaaace328c2233b092a87cf73ebaeb4dad521d3a9c241a762bc9f88ddba71a93db0fe92382d714f6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\doomed\31591
Filesize
12KB

MD5
717562822d3ed18c54ba5b721325fd11

SHA1
08069e951df16fbf87e267737753f944c396ec55

SHA256
b21b95dd49d43d85dce99dd120a49c533f75bf0b35c37b7bb6053e10cd13c37d

SHA512
d3e99f5acbcdf8cc8adf0203627080300dd187d949e005296b8ab02358754d95dcf7c9bee1ae0d4941da215f77013211eb761e222c17dae7fdc091e402b7a288

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\entries\037778A55E1B7E9BED3390289866D09402D6C913
Filesize
9KB

MD5
1951e805482871a1b7a5118411c7d65a

SHA1
7c512765b0316e6365446cd7ae1f3340509ed5e5

SHA256
04bf894fdfc792d5231580e1ce569fc2c386689d5180fafac6973c8c29c9262c

SHA512
c629e434d7392160b08249778766091c85f908d0b4fd15c54ff9b1d269e4fbdaf4861efe2cccff0b861eec5d4666767478be5d532b1c75ebee273ffa9df3b01f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\entries\044E0127D20CBD0FFD2EB21004A6C7FE4ACAADD5
Filesize
56KB

MD5
cc63676a3184dcd866815c5d585ad62b

SHA1
88898a389c850e68eab896e4f77949f3eff6c3e9

SHA256
6e6914dadf3ed99f936e957d238a0e280dc43dc0e9b703c2dd2859e5832bbf56

SHA512
90601a55cffd33b8abe74a3ea06ca22a48f3c2c871bf92461502acd7e78253a8d49fdb2d69bc5fb88b68e4b3207d113aa7be0314232decb01407443f69893db5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\entries\0AA4F8AD27A4691282BB33C056EF241557E8E943
Filesize
49KB

MD5
e06c366e948279e2287950e888cd20e4

SHA1
398fc7c79e012e5cba93f6dc9235ce466ff39c5f

SHA256
64ae45b46194563789a4d7a385395881ceb919effc2e08ce39c4102abfbcff52

SHA512
ab5454b7ad7d6857f7baa9a928de5f874530194bec7fa1fe8a587fadac92dba3c0934efae3116efaed40a9c871b5d722ce6833851ddb69f4d03d85c34ea8f19d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\entries\142D557E34659735E53B8E66CC66008080747169
Filesize
45KB

MD5
4cb4ffe04fae793fe6ca5be468368ad0

SHA1
05f2c6c56dbeffafa494e4d603b91710ef4f6362

SHA256
3ad5023283262c2f4360c85fc4edf4ae089923f3d1f3ee98a003c5b4f39538b8

SHA512
c441bc3816fecedbdbc6dc932fbfeed5865fcbdcd9105f9c27e05e1b1e14c9bc697d585181ebfe8c28a5956d6e6ed4bc77b67907d8be9fb2b97fa449c3e34f6e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495
Filesize
9KB

MD5
4035e90d5edeac0ab225553969b384db

SHA1
95257f0e7f7d83b92898a50b2ba62d9f36a1d615

SHA256
f5acf8821beccd627b1186303072520b194ac6a1f9787bbf92116949ddafe171

SHA512
0b002bbfa2a203dc9f52b18b604a99946b36c2557d6367d631acb929d7c76b40fdf88363266231ecea33c0ac59af3c5b12dc3585df66e4c1bbe97d4ddccb88de

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\entries\2EA20B497DD72C2F14B695D3E1E74179424E2AEF
Filesize
36KB

MD5
5a8d915cfed6e57ea7a8cb65b42aac4e

SHA1
e740b8709d3041ae55dc9d6e3fecac29c98b7c75

SHA256
421d3ba52e2e375ddb4d7cf6819b1bb37df31a2f1136f93d621510a1b9ea6133

SHA512
334cb0e55ba5ad5a5a628e28f636315611cd01ffe8377989018244645dae25a756a7d54dfe777cac0bb9bef150c221377043c827494d4171dee9f398c766bcb2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\entries\45514F58EE166DE19E4DE720A21DDF1DA12F6C6C
Filesize
203KB

MD5
541967b2a02ccad59217ad2ff74bf916

SHA1
ae5cfc5e222638ab298518e33ac47cf06b0f34a9

SHA256
d73bbe5b1179730b9e2b7477da5667174a3d58c281f22516610ff06f5365aa8d

SHA512
8efe4c475a51cf4fcb3a5c3bb2489ec03f910ba48edfd231a5207d7ee961ef7f948d64863fca0e339032bc93612a07c00e39255482144b238f97ad4113783e5d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\entries\45514F58EE166DE19E4DE720A21DDF1DA12F6C6C
Filesize
203KB

MD5
2cf7543834f9031a65467db3a17cf9eb

SHA1
92f24dc8246c144dabf1e680a15ebee5de41ac70

SHA256
f1d3ad7a9707274c84974dcb8eadfeaf60ad2acd1e22c478b029b2641a9a461f

SHA512
cce0e74111647050d0042faa9dddf9a587cb9815a466d0ab9eb5bd73056ccb99e8a54a5991a3fff5cdf9081b2dc35e6b7d6dd8e3026c2875fa5c5230f722893f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\entries\4832D199584363B876D3E7D57CA02A9B0F4D91CD
Filesize
13KB

MD5
9fba0abff27af1f0a31aaa6a04bdfc93

SHA1
77876416072b4d7f486888baeb8eb71301512088

SHA256
c023c3b8c1ac5e5f5aaf13ffed13d447a9e3c47f96ef582520fbd29bc35c8fa2

SHA512
285369bda13dbb023ac5f4ea9aa1dac5a142d698e52b584cac8302419b17f96b1c6a6e59b8b5513e055699bfba9f47c529ca316d7916628e18cc2265b4d3ea37

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\entries\4A8537BB969C8A4AD68681FAC66A9A74AE46874A
Filesize
81KB

MD5
0dc22144db35b2c01a7fb04045f3efa9

SHA1
de3c5ef6eac91ac6dcb7a577ea933c38bcdebab6

SHA256
ae3f26faf9dfcdf86369879697c56dc81fcf7ed7c1785b67a2bc76d3ba895813

SHA512
064580de3bf6f7cb4864ec0de986c010297474cc3c51662b0f344e6fa8cc04bd3bcd59ce2d21bc3c714a158aa64cb39eeaf923ffc2422f675951277331195938

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\entries\5051CD2B52203DFA6727A7DC4F24E6F1A8EC7577
Filesize
22KB

MD5
c568bf5cf07f240767b6fc7f87120926

SHA1
a902480212214239722536bc14bf0b096a3f35d4

SHA256
bd71c5225534db270d9ba27d4695821c36db56baf1a06b57df06bf72e43d0f66

SHA512
eb9087c50d85472f49289f3551bd22316be567dc3acf69446e13d693d113d1ad5ac4de3398756c70d56b6a6030007f1f3ae3fad6d4cb80b78a9bfe65990c293e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\entries\56A173C485939B5DCA974C835E7D11179BFF0B5D
Filesize
27KB

MD5
9834b13681dd6938825c8ec6fb00ce0f

SHA1
6bce1016c3683bded30583e52b8cbbf2386ba16d

SHA256
8cdc8cdcb1392aaca254c455d98e51906921714823a0fb2ba6b390a4f4fd00de

SHA512
3668549e746fd6f03b47d60728467228bc9536302716213bf4d02493fdb6e16704124ddf5dbc41711a425796340cc31cfb8693e0fa4df55b8d9f2c54a53254b0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\entries\5DA867E0372C91699486E79D67D53E6E054176AF
Filesize
16KB

MD5
1614b38da21536dc29df353729984470

SHA1
0baa0a4094190dc04f26fa5e80dd2420cb1d0ccb

SHA256
2562051371508dcd0de170762f1fa457dbed145c03fc8b20673c180a5809fb88

SHA512
62e9139bf9500e34837efbaef9a597afc69386471db488291503ad5bc90474866a088c6eceff4ac020a119b240ad7a86bb197c3cc8477b1b78a3acaf66ce3e03

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
Filesize
9KB

MD5
19ce6301e8b3e965570bb28bbf301803

SHA1
289fc4188e91d3081accd7440260337935b95b08

SHA256
874ec2446561e6b2fee4198c3556a228069a70987794d2365b05a85e4d28e83f

SHA512
2fef87424454d8d5251ad86513111d93eb4b9020267b75cb71fa34d6d79e00f8897a3307b05fd8a173c25eb15901ed47dec3d02c99d5681ee840d6eae1dd59cd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\entries\ADA6C86B925ABEA53D56C395ABC5915010260733
Filesize
63KB

MD5
1ace4f50b388a219fadac6c4b19792f6

SHA1
6089c89c4da353e6af81e7493d7338de1928e027

SHA256
7987f78f01f74f13ce3af5ca2439215f5a3dfd6a5f54034ed8889547ef41e3d7

SHA512
71408b9c25a567f9d83521693ab9b954ace6bdf97f0c0e47bf7f1e07bdfb561a799d063f2b6c361903338d63ce9040fa5ccaa64a9c331f8f92b10584823e75b3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\entries\E0D8E0A445AF8F02405C79C5D32DC0FDFAD0416A
Filesize
34KB

MD5
ff024bcd4dfe470153a501a9f9ca7594

SHA1
72c830f35a7cfa69ce64c75f06fe754ad0a10ca6

SHA256
3bd3ba692a4362859fc1e57311de7610bb530cefd3ac673501232d3ac9c172c5

SHA512
252f8e923077348b6c8f9924693cae4e90a5f82ebdb6046db3ca26a4f600657586ea7fc4c39f06fcbe84a9f5464c33d44a348d042b412a5e88f0dd12c5a44a9d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\entries\E78319AD973A9A8CFAB7CE6BC05E64A36C76ACA4
Filesize
56KB

MD5
324254c8c21a44eecf382b9126b30346

SHA1
7d65bdfc538140e88e87434a6e90176b59bbd96b

SHA256
f7384f62b415b6119a3a29e0e8a28ed0145cb79362feae81fc17c91259641235

SHA512
920702337a1554123adb43ec470a6e6da18c98e2c1c5a37a5133b25e58f3ed1db5f52c7dec0fca89d89c814cfd6b012c2396d675504bbd54da2e5a83a3d0a5ff

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\entries\F5F00877EF43D24CEA3C2440FA5F69225F1FF686
Filesize
81KB

MD5
ea6e35db16d2876d86eeaea66bb4eb43

SHA1
5115fb1739f06d2a3c0282bcb50e1abf14de66ed

SHA256
cb2b1c80126ce7fef364cac80dccbdb2d59be840016057f29d352984e41a498e

SHA512
f2ab2109c95ce94a5d7bd1b03c09b9f438e1764771232dfd716684f1c22f4ffe1acb4b39904c79db912eee1df9aa9c8ee7a24ea0977e703e83ba973a9daed5b4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\startupCache\scriptCache.bin
Filesize
6.2MB

MD5
0e66abd7793f1c0d892e2d1d99d0addb

SHA1
ee70e4fa370fa2f91ad6d8c2ae34aff32a0e9b83

SHA256
00fb20757d12cd24d76b6cbd8b8fac32b066d809ae8d88af8b8540c21a3dc08b

SHA512
f76b16f5f1fae0cea7799f4480af90bcfa8c9f3d55cedc46125d1f41c32b090a0b50715e71ecb501a2bc5a9dce72bc4db2cd2fab38d511359e86d739fb8f6506

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\startupCache\urlCache.bin
Filesize
2KB

MD5
21cb9dfbaa83ce582f1ded04bdb1be37

SHA1
c3725457a5b257705773dcfd7d3d9d4c1d1e9950

SHA256
a9053da609f76ceebd8bcfb0ebc377cc02a7fe56b410ea351cc5425e01a5f370

SHA512
77679912305162aba35330f4184fa8314d2b9773d998571bb69dc49e01238e8aec0abbdbd3f1a0275fefdba833dbf1a21514f680a7f39d8f514cc39dd6e45423

Download Submit
C:\Users\Admin\AppData\Local\Temp\471E.tmp\AgileDotNet.VMRuntime.dll
Filesize
49KB

MD5
266373fadd81120baeae3504e1654a5a

SHA1
1a66e205c7b0ba5cd235f35c0f2ea5f52fdea249

SHA256
0798779dc944ba73c5a9ce4b8781d79f5dd7b5f49e4e8ef75020de665bad8ccb

SHA512
12da48e8770dc511685fb5d843f73ef6b7e6747af021f4ba87494bba0ec341a6d7d3704f2501e2ad26822675e83fd2877467342aacdb2fd718e526dafd10506b

Download Submit
C:\Users\Admin\AppData\Local\Temp\471E.tmp\eulascr.exe
Filesize
143KB

MD5
8b1c352450e480d9320fce5e6f2c8713

SHA1
d6bd88bf33de7c5d4e68b233c37cc1540c97bd3a

SHA256
2c343174231b55e463ca044d19d47bd5842793c15954583eb340bfd95628516e

SHA512
2d8e43b1021da08ed1bf5aff110159e6bc10478102c024371302ccfce595e77fd76794658617b5b52f9a50190db250c1ba486d247d9cd69e4732a768edbb4cbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\5a530dfd-bc51-4992-a05d-f09d41a331d4\AgileDotNetRT64.dll
Filesize
75KB

MD5
42b2c266e49a3acd346b91e3b0e638c0

SHA1
2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1

SHA256
adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29

SHA512
770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO808E769A\MrsMajor 3.0.exe
Filesize
381KB

MD5
35a27d088cd5be278629fae37d464182

SHA1
d5a291fadead1f2a0cf35082012fe6f4bf22a3ab

SHA256
4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69

SHA512
eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9CF2.tmp
Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
20KB

MD5
60935338814f53daf53b46f1cba52b40

SHA1
5fc9abf203be0fa889495c40144f3b1f19e62aca

SHA256
2d01281c5e131248d92c61708c8725401dcfdd6680b123d728fc8ecf9fcd7aff

SHA512
9041eef5b86063fa0d2f737cc1449e964254253e6c429b2f19dd96eea88409f857a9d0e253c64f330f9ddd660208b3ab95a4fe059ee172abf42fac5d11eaffd3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\AlternateServices.txt
Filesize
603B

MD5
ce0df69a2ccf79e5ae46eaafa9cb47a2

SHA1
610f356a95a28dfbc29e0957566b1eb087aed4f0

SHA256
374f8b03361c6f8bac455b51fe03fbd135d5e020b18dae4bd2682f3ef8ab42e3

SHA512
3cab4ad2c2db52bc34f1a131df34cf47c69bc0e448c52ece79f26f0202f64b68ffa7dd18becc4d742739a0d87118504e35dc847080f6c79772342544f54b0110

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\SiteSecurityServiceState.txt
Filesize
407B

MD5
d3eb35d3f3d075169d581c0ef2f861b1

SHA1
48d57af65717a977ffd190610dd508a24425915b

SHA256
59b4900a6085d411be430b57f63cf2ef82ad7284c786ea4aea40b13eeb671d22

SHA512
2aaba516996ae63faa9068744f8a8b173bbf265d883d0faa6b0c0cfbba28ea11a05d3506b980536bbf94793ca4160066fa5147bed0cec89d8a32c178a3296575

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\addonStartup.json.lz4
Filesize
5KB

MD5
4e493678a5f10b40d3e731dbe739c850

SHA1
65122b29f6db32b4bec10708c1f4c5bad181e842

SHA256
4d083a33487384e56dea0d5df8fbed64641a55a3b8d9d488b302f4d2dc1902ee

SHA512
d5c98f53891345a12e8c2fd0a4657d463fcf67ab43e3d84480e1b813ee069812b571dbf232ffc02abbad65d10b9b8f8f1162a7ebfa4927180bf5ba11a8935421

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cert9.db
Filesize
224KB

MD5
fd20a6944a7fdafbbe752fd977a58cc4

SHA1
1fa54e9d9e0206b0666074ef8c45e9eb02f872cd

SHA256
9f5748721578baa512b9de8d1fbbfd1b29cb253c1a35a4bae5c77e3c3a8115b9

SHA512
e6c397df36fde5b3bd40010becbdab5ed42c41ca08b11cddd6442ae86a544efc7e47d4b44f49a61d730e1ba25f436dbf4caf241789ae4d9ca9f0abae9b99396d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cookies.sqlite
Filesize
512KB

MD5
3871f18270647a4308d31f1d31fc706b

SHA1
5654a3c0b451db9a83966182854ce8f0db60a8a2

SHA256
9279210cfab08e47f49e401fd090b2201257ccbd50cad005a743718dbbc74d9d

SHA512
b7abd496012af4e265b5c0ea60891a68e2d8e81cf3324452b0a12d327b2f9eb30b9b8af705483c2615fb7a734600c9a102c3a00e7ab56f1bce1f2f676bdc6b2f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\crashes\store.json.mozlz4.tmp
Filesize
66B

MD5
a6338865eb252d0ef8fcf11fa9af3f0d

SHA1
cecdd4c4dcae10c2ffc8eb938121b6231de48cd3

SHA256
078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965

SHA512
d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\datareporting\glean\db\data.safe.bin
Filesize
17KB

MD5
9e107783f7f3eef7307657db25f28211

SHA1
19203457f03e47ade82e3a774b8cf1101ea7e69e

SHA256
f84e4c495ec186ee623b9f247deae448c76540c5c1bc1725793088efbbd8c155

SHA512
103e3ece02c901515f3da1249685f8effe41597f47ab7ecc10f5b4fb864a6dde14dbbdf49f0a579a76446321cb21c754855499d84f2c5d9e4617887e9323a93e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\datareporting\glean\db\data.safe.bin
Filesize
17KB

MD5
6f63056e8f71163b80239ec616008642

SHA1
3422cd1edad24470f967b7add9aa2bfb6a19bc6c

SHA256
be207f560a34e9a8fa3911b8812fd24cbfe07e55a5abe3a1434385495b607022

SHA512
d7882f95c4e091a1a30da3b3508af117b36f364476c286af55369f9ff394bd4f49887bfffee00e44ef3cc4c0a6b5d99948f890a6973c1020b68e932786805c37

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\datareporting\glean\db\data.safe.bin
Filesize
2KB

MD5
1918cdd5e75716c53cc334a4c1bda5dc

SHA1
e70b354623d700be5a6cbc2388ec92e1a5f6397c

SHA256
98fac87913ca46214aff2e54472978227c7e2e14f5c9a349b86fb078f528b2ef

SHA512
cc27b0fc3201425487b1a948b9cbd48ca0cc5a502696524a30d11185e61a783262556a033825c98279257c526472d920ff7d16e5fd0690aa5ceaf6394bcb655f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\datareporting\glean\db\data.safe.bin
Filesize
5KB

MD5
255329103bc7b00eb421b841d2f7e905

SHA1
b921feee88f9546f6ec28f8ddb7e1bd2089b3e5b

SHA256
6beb20509acf5041365fff9c3276b60214855fb85282cfd4b69e42281613b62e

SHA512
bec35c7223c3cc87f6777515bb619f326446d8440822b3151ab88cdfb05d46c0cce0c4c632d860fb0c90704e92042cf4525fa4ff24f247fff294a1255a546ea9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\datareporting\glean\db\data.safe.bin
Filesize
5KB

MD5
d815d2cf7bd80bec9f574ba25bea4ae7

SHA1
e4e3c59df1267283b24b6825818520bb36bd1f83

SHA256
2e8cd06f94edf1ef01f34e54dcd246fa034c336acfb83f5932fe5c679f745db3

SHA512
0eaf7c93ebc104ad7c708d057a9b61c13a4415e06b1c57ddf615db24628b4fb0ce5e924c3b3787fefd8832613a45263f780ec8d77182196631c1a28a7f203e63

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\datareporting\glean\events\events
Filesize
162B

MD5
649acc55d6097e46245c29ffe2f64a9d

SHA1
16ca663f8c326b046b8929422999bfa8cc9125c2

SHA256
34d6eb2bb2b86c135cdac256ad6caa24accb8f790a89624aa9a9fed29ee75318

SHA512
0395ba6cf6d14189c523fa4c70ea4397b3d02becba4daf4fb9e592d78e90f69315e5a3779a0f5fa2349a1e7999781ef434bd07854bfcd15e9f1843fb1626f1ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\datareporting\glean\pending_pings\35a12714-6a06-4af0-a7f9-cde011319959
Filesize
712B

MD5
10a4d3dcb39c7b678188617f6c4fe2b1

SHA1
d3f0c692190a4cafdce85de2209b854db7174af8

SHA256
4ca6721d9f507d739d16c464719f8e85736a992026c97e165de06c7bdb22268d

SHA512
0caac411fa4448ec0b6f0c70c4741aba03a872054c5e28a41ef2bddebe34d7c75ab2cc220152c5cd793897baf784bf86e52e5a1ed99e4ab3a8340a4e5c8713c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\datareporting\glean\pending_pings\4f6ff297-68ed-4bf7-afdc-f4dca1500a12
Filesize
679B

MD5
6113230e98b7c2fae0600ef4b26cc009

SHA1
d4b06b6709825c040c74b55de43ba6322c59a916

SHA256
41f30a7b805a99459dd26b8f1795a4933bb1f196a8b54a0f316e8bfc45a72b5d

SHA512
aba340100f2877f324e753b6d3493e6a9b913a702a0fc58e103a90a0f023722710d1323b74a148c6e30d46dbe35f7e69526e6c151abb667f355f71ab95c716dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\datareporting\glean\pending_pings\7144cac1-e347-49da-a31e-f3375c4f3738
Filesize
745B

MD5
1849bff8d311c66c84b172f8974bdb63

SHA1
658e7cc4d3b40745e2ee145208ed250769b74b03

SHA256
1cc358648247f653e5874e5e3dffca4591128e6021d21dca543860d8ca27529f

SHA512
a2bcd5bd26144cc981ac8f7771a6d472ec27e1325f8c6ba38af15da08f90c8039efc5dee3512f3f20d482be8513fff52b8f1ca8aabdc51655d94a45e76caf95c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\datareporting\glean\pending_pings\9c7cfb95-9ce8-4c2f-bf4e-8bc9546cb788
Filesize
1KB

MD5
f6cd838a5164a33997a3249ccf1d11bc

SHA1
81d744e22f469bfaa66f8e8f5d3f6725621c1e79

SHA256
267620d901f5f40d73bacc6da8d73410d0811da730d6479104a02b644c2863e5

SHA512
a964ad4d30b3afd4faf10e09b7d54620fe429e9f7fd34d6261906716386aa645a106634624144579e4f47db8e5b63f2baf2050dd876c2b412f94e079cc39ab5f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\datareporting\glean\pending_pings\b958ebdc-0b36-4954-b523-890595ef4f76
Filesize
11KB

MD5
1cdb82896ecdd8f360e564572cbcab75

SHA1
9ea249464b1f1b2098957cb2dee41d23ea42191b

SHA256
10f50fc06222442d0288bdb71c8a8699df5a3ef88849b7e59aababb0317514fa

SHA512
1baf253f5984c4e9b8ae8e3250d0bd019adb70b3742f2d2858fa3c4c9935c23c3278f360c8da94e9210eedca52ea8b28a06f7327dc2e9f439d01c49dd2d05515

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\datareporting\glean\pending_pings\d2f8149e-9063-4959-ac38-b1e26a72ba38
Filesize
713B

MD5
8e23bd2756550e94b529bc15b2b4b3ef

SHA1
2f9152d43ade7ecc25d23137e09f11cb56056b99

SHA256
dddf64c822bf65a0f22c49f2b3f9404627b6cb066c692197e6bd3136fd882048

SHA512
3284fef6069f7ba57f350294d0dea4d79f1df3d4b2f5e418b7293ebaa30c447d64dc8adff7ccf79c77d5cdc18f7fa40932fa70f1e7246c61efbdc0c4ac05458e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\datareporting\glean\pending_pings\f5e1a94e-1658-4dcd-a707-08981189427d
Filesize
789B

MD5
a4c5b17b9eaae6a39dfb91d40bdd0ec3

SHA1
f826b4daabc93652a0d2e69df26e69875a5723cb

SHA256
73bc84c90005b0851161ea81d5793e00fcc15d7ba2175773ae1e91925c7cd2b5

SHA512
b01ecb33c9685938fbb44da3c61b0ef8f2f760d2d306939cb952669f5d8f833d6e316365e7540f85dabc37c96915a5fe3f550ebc45e146e5620754ec70289ea5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\datareporting\glean\pending_pings\f931166d-78a1-4d9f-8dd1-8db5c0179cb9
Filesize
766B

MD5
8b1e1c8d97127ff20519113aa9efd676

SHA1
227f42cefaee8f7c6b99ff773fa534f5d1c1084a

SHA256
c093ff75995c82c770fd56eec25df075cefb9d7c26017e31be0bc34787725721

SHA512
0cd31daf72fbd19518a2aaa0bb0b1ea6e8391574726b568dcd8e8c93bf2f6865404e44177dc48a8de8d41725c07fca8839e4f88f35955453a62f4f32a9fcf50d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\favicons.sqlite
Filesize
5.0MB

MD5
44233678928b56254914eb5e713cc7f5

SHA1
30162d2349d11cedceb3e3fe814d2b497dd702c1

SHA256
609a8e99ec7ea234c203a9fd6145edd69b71d06231f00dd952d17da4fa429306

SHA512
32f3bf420b060184d06aea479ed181f530c0044f55d5bc73569465f120609d0c1868ed9e25007e3845412e4765ed79130e3cd9d7d0a9cb3cd3dd004b18963107

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\permissions.sqlite
Filesize
96KB

MD5
216267fcfa4b971ff44f165d28406d53

SHA1
727b2b2ef85b2e929a5e877ad00ac8f405bb26ee

SHA256
e65fc4ab60cf2daf3d40353484fa664f0c71a74459dba2e4a9a67f4b5bf990f6

SHA512
d1bfcf0c9fbd312671ca08852f7079a0eae3fe50103a03116f8719dffa106230c48c30035488018b7098ab9f23e0dd43a022c32dda6e3ed8bde3a058f6af88c0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\places.sqlite
Filesize
5.0MB

MD5
6d8df6507828aa374f79ab0a7fe43575

SHA1
1ab18415ab82825a310b8a2cefc8c772a8b698d0

SHA256
c32a3fe59234d6086f78b2634a273e9299ced2a3a49c64bc4d28abbc5dcc8320

SHA512
1e24774e180de119b2815db094bacd940a1d688c7a08d440beb2dbf4891011e7f60e3cdbe011722d2f74d39c473a075d49e0cdf8c037805e6d5c4bf57987b7b8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\places.sqlite
Filesize
5.0MB

MD5
39c70aa946435f07fbabc9a6887e264c

SHA1
2a4ed1f3f89f4eb71669b98885c5df23143c1e60

SHA256
7b595143ef62486200e566fbc70ad9331aa763894f773631ec154c017a5689ab

SHA512
b36806facaa0f70296f12fc2c02258839054b0b9142f90941add69959dd5889c43dd67d75ccbf5f133be0b6203c3b0e77f8df8b79c710819a696fa10fda91df7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\prefs-1.js
Filesize
7KB

MD5
8def8de300889b11544441f17ef51d22

SHA1
2df5316061a88fc2c92d7c2e77571ed50d62fdc5

SHA256
7b1ecd2f5fdec97ac56c7345cb6abf60373ea577e2db8890c5d35bc902c1169a

SHA512
d0d46df6ffef218a5e3deade2c947f3620f8aa7101453b8186808c0712ebe1e17c9a3e6122c094f664859d3cbb847858e178ead788a2479868129f258a39cde7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\prefs-1.js
Filesize
6KB

MD5
3bdc0558c3a28b88bb8602035f446b6b

SHA1
1a026bfab9263c84652258c71750f732a31fb01f

SHA256
184cbe19b622055125a19d0f8ceecc26fc1ae47a0c6762e5530293be2a650c7d

SHA512
3677fccee5fad3bd5f0ee2989c8517cf777d2664b8ff3f5385b3c226191088690e8f9c961d221db9b71f089435f534e56fa56104acb30263395341d2c0fd6d51

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\prefs-1.js
Filesize
6KB

MD5
44ed4ebd6177826dcdefe3daf2edb32e

SHA1
69323fd1633d470758855761810e4174d11326af

SHA256
863e3ae5f72efd3d26d9f3454624b60e84d45080635c85c17f429fd46914111a

SHA512
5e6e7006660e619bb82a19833743783faf1c8144bd6a3bbc040abf72837a153aa3c3a52a8e3b91716ecaadaedecc6ba98708e5f7b95f74e99e439fa3fa3d465e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\prefs-1.js
Filesize
7KB

MD5
37c8d79c0527744ed17804199b41b987

SHA1
01f3013593a5219c9ae1baf71039427e4714074e

SHA256
43c86d2508e13f42826a5b2830eb1748b1e125c1d7bb0fd317a5df8a372b7441

SHA512
942504ce98c39f33fb936ef32bca393f9a0ffa9bb0506f4395ee41559c13192701ea240761ce0826e35af1605b5ff862400001d3c34960989863e7db7c21623d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\prefs-1.js
Filesize
6KB

MD5
ee071b49bd8f16c01479ccb35f5dcfbd

SHA1
0c379b111285bb100c00aaeebbe8c7918392a6a0

SHA256
932bd81596e3a5db4e7b6a4783241ebff4e949fbcd77fe3976b72a12662034c0

SHA512
f34c8547f705c953eae8c4ad1eac0b3b553f1d4a9aa86a4675152e8194761826803d2f30ce8d24f32551ec6dfe0854d8c245ebfa826be604d77901119a7e7be0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\prefs-1.js
Filesize
6KB

MD5
04244bf003084342130f0aa517314f0c

SHA1
9a315990c0a38327921fd719edbae0e17b356b98

SHA256
fed9eaa8a0d28450d6f49d5f84dc6b3cac8821d6d69ae979f58902d09cd69f9a

SHA512
acbb736c0fa07ed7b77a586e1b2c7003f0a085d5e92b86967dd957a9edf8862de89cb506e22b15bdd560f26998c6c640ea3e1d57ba92c92d9baa10099cbfa78e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\prefs-1.js
Filesize
6KB

MD5
cadc3b9653cf8f309f95e0bb42897352

SHA1
c5d83d8ba8bb17d10f1a936e675903f4329f0225

SHA256
85a152ee7317f371177e8de61eb63109911c3dc808423550db3514021b401537

SHA512
43f9817e113fd34bd0ae63dbfc7599cd6e58459fa397b9215b6ce91a53506a643f2bba1be7506b89b4873d7464d747d6ec236bd1625271df798bcf8e90b2eb96

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\prefs.js
Filesize
6KB

MD5
5389ad75ba723921dd5d2cfc56fcbec5

SHA1
7f7dce4bae0c7aef3217eb0b2c70a319d58374fe

SHA256
eefee09188d7694c4d391378b371c7a038eea8f9973e598e97fd50d12b7bd7bf

SHA512
ed59222f5af7d07b222ca31e93a66c986466d24440f8a7965fbfacf2c55389293cf92c814cdffcd91f9563d406d00d07fb489cf964c16552e038814180794722

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\protections.sqlite
Filesize
64KB

MD5
deeced8825e857ead7ba3784966be7be

SHA1
e72a09807d97d0aeb8baedd537f2489306e25490

SHA256
b9f022442a1506e592bf51284091a8a7fe17580b165d07e70c06fd6827343a54

SHA512
01d303232d6481af322137b44fef6c2a584f0643c48bab2836f9fe3193207015da7f7514fe338500ae4469651e3d9618293858ae507e722198a249257677099e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionCheckpoints.json
Filesize
288B

MD5
362985746d24dbb2b166089f30cd1bb7

SHA1
6520fc33381879a120165ede6a0f8aadf9013d3b

SHA256
b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e

SHA512
0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionCheckpoints.json.tmp
Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionCheckpoints.json.tmp
Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionCheckpoints.json.tmp
Filesize
181B

MD5
2d87ba02e79c11351c1d478b06ca9b29

SHA1
4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1

SHA256
16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524

SHA512
be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionCheckpoints.json.tmp
Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionCheckpoints.json.tmp
Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionCheckpoints.json.tmp
Filesize
259B

MD5
c8dc58eff0c029d381a67f5dca34a913

SHA1
3576807e793473bcbd3cf7d664b83948e3ec8f2d

SHA256
4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17

SHA512
b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
13KB

MD5
3aad700c198b991393d912c91f314db8

SHA1
cca99742d73c95091ccaafc894de1ec3c4d9a856

SHA256
ab4ab754b94b7548e0bb407812bcadaecacbf3e30e735411e9ac7a528da373a3

SHA512
eb1729574a1fa2d0a9c75e9974fa714084d8ed26149442424fc90475cfed783f4eaa5f419c84b31b8b1cfc61d86fc2bd54e8280d1e9df0eee8aa983d47f82cb7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
13KB

MD5
10e6aa85775a4d053cbd699b5e2a8785

SHA1
7681d8a6d6582e5ef2ba616266472128722d2467

SHA256
36c0a9d7f13f9036a394547dd852302e52da3fef2afe813a1a45301d77c94ab5

SHA512
cfe260a9e7de1594ed92f459b7b3387a228e183ae22cad144645f1202df9583f2d7c96cd15803e0b166f5bd899e668b0e1cf7463ea4b42ba567d525c241dd5dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
5e254764e493634456be5cc35286fc62

SHA1
445eaece0daa493c49718fc9c987125092f12b63

SHA256
21006908f1629568937a82a54db5ea00b00b914157110950658097f713493a30

SHA512
ea37b88ca2629861e9b088b17b2c86ab0859a7d81534e786b9b774beedaf7701f8a74659381cb650704b508c15cb5bf6eb16581847fab1401580ccccc0fc5e2f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
5KB

MD5
eef6bcc84dd364648a7480dc0c5d5ca8

SHA1
4d41dd110886d1e342073168f0c019afb27ce675

SHA256
d6f235b66e42eb2b92987fe2cd8eed8ee5b523b97a9113022ec2bb6ecc0ba92e

SHA512
81a3d3d57a6a96811b9ea1a10001fc4a1172225a120f706795915035bdcab1e3f7a3be34f25232bc5ae240e3211b25379edf806585e709ec3d010e42b73e49c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
13KB

MD5
4b82b54e05ffd44036255d5ec07d2eba

SHA1
6aadb57b549b65cbf0d0ce7c79e20adebd8b0560

SHA256
ea1a65be225d668149b08dc57e8ba683cac27ff46c60ab7ac546f0ef5ea27cba

SHA512
dc0bfb1debe5d8f1f27de81ef3d2bc40e6677a8ed319674d29258106e3ddb8c6e0a1f0a20be553a73b0f03886e148dbe31f23ef3a50560609abc1af6f925c316

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
10KB

MD5
22df0a5beb32ea13e2756a8ce199f3cc

SHA1
a9e49efe01f9b6a36256ae366f3968747972eb21

SHA256
5c74609865f9c06a5a600bd0d78a2cf82920ed317bf643dbf4151b6bdb4d777f

SHA512
aede93ef497a0bad2d31e5c29ae87cbf94106f849340f033f2e30aa78509bab5bf5ce5cdb331a319f10cb7896082c7e1ac060cbb2d4724b2fa221691125e9b62

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
c4e5b1e914a170a8e286aeb18d1d6088

SHA1
242fb366e345925c1643576cd2cf2d6b40cf0a61

SHA256
f48cb53332a63a0495249dcfd7b00948ae9f0018468cd50cd4ed7508719e4e00

SHA512
2afee3308d9f3034c6fdcdeb7d6d659292ad0e64fc988fe5660553f798eb2c76179019b3c2f2169568094df2d9d8fd35d767087614e3460ff6be04b0c8546791

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
15KB

MD5
43b005a20af6c7d8aac15dd376cb3827

SHA1
95afb45e927fa861b8007c0c4a6bcff0ae63a184

SHA256
1641f32c6898b74877a10df40e90a603a6fd37d742e9fc487d01f2fb5437c4f9

SHA512
95872327ce35df2547c72ea1d860b921abc8eb1d4c907414323fafebd7dbad2e30c7847e5f9b0984e59c8af389122e3d4df2f8463c09a10d67d701c0b6b9814d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
8KB

MD5
37dedb1bb38e65c09cfd56f6336b8a25

SHA1
6f6380d8ab3639490ffea5382598000143dbec14

SHA256
b8ad61c798e653e4c97785aec27df2b6ec1ae8edf7e8571adea5268ea7a2e4aa

SHA512
a5033277fa99b3a31f9f8d0b38a71104de955155e787686015c0aad288808dddcfeaf5e8834f6642e5f6175c507684a01ed70e591795da03384fe0b1d85ef507

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
18KB

MD5
f861e6e91dfa8882ca3853393f3311d6

SHA1
79c69a392ccb4db313b1c949d3ce0c0b070dc9f1

SHA256
9155322b6d700bfedd66556421ee869476865b1ff125b4240efd742da0c3932e

SHA512
d5f8524ba1184d33b558966b1e40e4b61b4de5c78585e9e4da5a8a7d94fef752d02ee2737b94b213c8995d6f006079f00bb77ef2aed88951e2f3248c9bd514e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
3541452453a2e6dcb307522530246a69

SHA1
ed242f6608b1dfdbb847550f2e54dfb994ea6bbb

SHA256
55492da638d2a467bfbdac84f543cc752c5953ac470c2b090b37fd45f3b9eebd

SHA512
c542158bf113fce242681f57ae6f3a40aa41e483abd5f067f31494cac1040e3e63d10a94474c479622357aeab43f75636f1865838ca853ab67a818c62b9348f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
8596b01a2ba0d6e24544daeb72b76658

SHA1
d9ea6b0acc606cd1e221262627ea216f012a9901

SHA256
9335910137318255a55a9fb6a2eae46e0ca923f4c57aef9793e0aaa69d03d5ea

SHA512
b9c06d56883466724d96ea05d7abaeb9963b042b10a6a3258bd1be63c38148c96d4e3e0391cc9a208b746dde7af51397072f8db6512609a70f504a8db5c4f1e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
9KB

MD5
514f00a4a802930a40dd09a7aa734618

SHA1
4f096ad0aa7c4983674fd890ee885c74c9175576

SHA256
829ab53c4c1a2dab20c8500ac928b58b5e076d196c88eb260b93c4d59931c9f7

SHA512
d9c58f188d60749d8dc717b3da8ebd35494a443be6daadada32b98fb3a0b8245a7f2ce5a3c303a7daec211807fd59a1fbab60ac3752403fc794fe8a8c2bead66

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
15KB

MD5
df7e021fda72ce894925c144773f8387

SHA1
594d499102059c096a766125f63f034a2532dee4

SHA256
4e4051b4268c89f271fee4132de08016011c0b1f37dc2c4c121d0821697bf198

SHA512
a8b697ace6456adf63fa9ee6aef2090a3142cb43b9fa7eccc64c2d22172db57971ab75f1907ee33db821cf8d07f21d8f402623a23672c6dbeb6a62416cb4f029

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
15KB

MD5
4e8c0707fd5fa58b016bd2c7d410cbe0

SHA1
6ef0042e0ff1b549a5d4efb772acf27e846911de

SHA256
0aeb7197c01a6cb131a659f02603d64a9eb79f5647d0bfe83a1bebb2a61e43e8

SHA512
d08f9277aa900696cca69af4202af7cb598df9e0e02fc29009a1029c520b60c46a45e0cb4f766a50cfde6535bdc471dc55b7644c3f806282c5848c66a9c8b6ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
18KB

MD5
626d96dd979cdbfe33d87aaffdb39f2b

SHA1
3c5aa86bbd0238446c2d303a0d4dc6334f531b28

SHA256
2bccb86c295e8b917e199abd4ad30456658cb185b703a0b60a4067ae10a5c564

SHA512
df4b45b6096fdc05b2bcafb5b5a906848eceb634110c25542b659e3799801c6488a82f68509409c2d6375c825c525a0940fad3b0d8effbeb4f2bff9310c17c76

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore.jsonlz4
Filesize
15KB

MD5
c5336ee7606aca9c4f870d93f3cc8de8

SHA1
f67464e95394b14f9cadb765fd40f601fd075011

SHA256
4e64c59aa14c094032adbe268dd6439cdff6645f76213f87932aac7888ea6665

SHA512
ea9d85bb4390e0a31ee5f47268b126464b478c66a61cf56dd86369d9ceb4fb8478044d78960725bbb229ce39d6f7e9d072d319d2a74129550a78ae5cb40f3952

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore.jsonlz4
Filesize
9KB

MD5
c8942bd7f022db531aaf3448a67b984f

SHA1
49694ad7080d75dd5624b29d7526acae75dadbe1

SHA256
7e123aef64dc6a8d9cbf23de9c908559a4eb04f80212a8f28c53016a7f99979e

SHA512
0fedfd74958baed01d6c124de503c0ea2dca9c403d99469608ff5cd1c044df4e818164155004edba9ebe03686c825cf2f844e6af2597cd11ab80d508e62adcd2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore.jsonlz4
Filesize
4KB

MD5
9459e995d1ceee2c3cee2b47605db82a

SHA1
8830fcd8463b3482db06a6543c4d3f587bd39ee4

SHA256
8a032b99fa07c3005875423db2d093ab6fdba150ecfd402fcd08d877c7cdbc81

SHA512
1e49515d4bdd7a0bf6b07a67b5527f923ab5380174fed38cba0d8e72e533e6a3849e5cfd4cad2433049f1b57d96b96ce3a9c32eea86b89fe380e3fcacf2331aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore.jsonlz4
Filesize
4KB

MD5
64e60e09f753fe887d712293798934b0

SHA1
aa35782654ad10e6f009ba4e64d81d141158f81a

SHA256
9974f164bec2da18d6a8dd78c7e624d1a6d54975e0d4dd2069daf6b13c04dd0e

SHA512
e037f5671c0b1b175afcde6f7aafd5afd1c2cdc191e1437dc837c038afaaf9d3f174f3fd4a179b303e499eb221891534a612b439e3618f9e023fc6c95366c921

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\storage.sqlite
Filesize
4KB

MD5
41d26d2ab8a408607207f5f4c2562b82

SHA1
fd577276440d4b3df8c664354bf0fcc998d90889

SHA256
21cbfe1ae41a3f09a3208c41a08d0cfaec8f5bbbad65ccd52f76d3b18322659c

SHA512
e01d2f01c135c31d3e4f28f69c90274a39a2856166c1054b8a76f4f37f96d8e5f0fd0d159f4212d4f4d3e10b962275fbce7a8f36b4992606d0e4d05f02951971

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\storage\default\https+++otvet.mail.ru\cache\morgue\61\{3652b382-0fbd-4d85-9603-910d55ee233d}.final
Filesize
1KB

MD5
9b65faffbe310b762c01265a04d1d101

SHA1
20070edaf8217cb230f64f62a427bcd091a6838b

SHA256
edf8a62904857810493dbcd333d02387ec4ea6176679b2e7ad077d62ff985f68

SHA512
72920e7ae310635940e849b612792742b42738121a9f525df1cbbd688113ba9d1832edec56f418a342e32ad0f78c805e33e8cdb0a7f688eb8e3ae8dd46d7849c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\storage\default\https+++otvet.mail.ru\ls\usage
Filesize
12B

MD5
2dda603fc574d307fd232b632c4e069b

SHA1
98c38a76670a8e4620bdc831b08599a1c7798c0c

SHA256
32c902765ace387d0ae040b7612259cb824ff14b36fa8ea9c7901a3fb339fee6

SHA512
45cb93b7de40a9b1388e0dda25f5a0299795177188527d1de691b2f8cdae91b6d09c4162c18cf639b89972158f6132cbe7d2bb0b7bbdad9e04e5524f6d4208d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\storage\default\https+++ya.ru\ls\usage
Filesize
12B

MD5
87ae0d6b3a837a2a85d7617c8dbb6242

SHA1
3d07b0c348ceb568e9598b721817a10184be1f47

SHA256
bc03c34d123a5bff2b1e7795000b2dc24a00a7350c098852fda811385482148d

SHA512
050342042230c2dd1f188511dc9fbfa490e98dd07f55cb15f7259660d852677ef12d336baf908e38aa49d9e02929e3a96eeef1cef2bd3ff1190788661bffb197

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\storage\default\https+++ya.ru\ls\usage
Filesize
12B

MD5
7d3ae5a2d1b95f328dd0b09f08cc4ae6

SHA1
fa2a22903020005a8adbe871c64ea1070cd4c20c

SHA256
941d4b70fb2d989c738f21159aa07fd0313aed6adc0d489ba7a31b793da925de

SHA512
05c5deb0b1972f9b5e0699a98da2b113ea04ff8f89ed913a94c490bf134a3337f0c31a121068bb3ee15c723367c3f4083d39180144d577be902ab4375e1065ed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\storage\default\https+++ya.ru\ls\usage
Filesize
12B

MD5
3ef717801938ae2f4a3a3f1ce2ac0615

SHA1
1c9c60c9af505b8a797c9d9215180ffb704dc7c7

SHA256
c79c58f2e96bec8f099f7896b69fe7b20f4c81fde859e817a413b794f1c678b9

SHA512
ee7cd9cf7b7b71fac9c8409b0cbb2adb48e8de07f163b0e3c4294d63ee295b2b4b7572f3b58a73f0f62133ff8443bd07fbb46ff3ebba72fa4594c125863015a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\storage\default\https+++ya.ru\ls\usage
Filesize
12B

MD5
753ccc3e8dc88a05838b3882a227604f

SHA1
04708e1d45f01e24248282c04636637f14775943

SHA256
38b7c57f105315f88e653f0b2e716874001c658317e60bd0d231b5f70d523106

SHA512
a86e13b982daff9c2a4b887137486675cb38011eae18b8c73f17759aaa3a6bf4a4e8e19841e312a4708a0e4463dcd5b18fd6ad771148606afa0ed6abbbeea4ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
Filesize
48KB

MD5
a46948310da0ce4594c6efa1a0a26c05

SHA1
ee5a8117510c777b89c54e2b9beca31d59df217f

SHA256
5c9bd6bee1972f305f23dfe83ac7f5492c6eb856514bf5ce2472b95d7b14d36c

SHA512
ead774374531411e029fe3d5e70f6bee715ec718813fc55722c664fc53bbe5a053eca6a532de9b855600b45fe07059bd10023b693a8e6fee3f2448ebc5cc49c4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\xulstore.json
Filesize
120B

MD5
05e1ddb4298be4c948c3ae839859c3e9

SHA1
ea9195602eeed8d06644026809e07b3ad29335e5

SHA256
1c2c5d5211674c3c8473e0589085499471399e53e9a85d7dd3b075fef6cbb6be

SHA512
3177b48cd0c877821419d7e5eb247a4c899bc37258994f22257ceaafefb316e6f5959faae02e380e432d7752f0218d45d56d6878c1e751d201d9fdb3ff98612e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\xulstore.json.tmp
Filesize
141B

MD5
8c8e29dfc7492b92903124e1da454a88

SHA1
09e1ea8b5a53255747809121543598e55e38f9ba

SHA256
08e5486c5550ae2844b9569fbe77ca63617c48b2918e8427ba729deba24a2cbb

SHA512
bb1b2cab79ab3a1e467094748fa6879ec325c21da733255428d2b661c02255dcd3036a3706afeb4f576c168127b4a537802f5748950a3db8fb0c04f4827f903f

Download Submit
C:\Users\Admin\Downloads\NRVP.exe
Filesize
9KB

MD5
f7349874043c175bee2d0ff66438cbf0

SHA1
da371495289e25e92ad5d73dff6f29beea422427

SHA256
f852b9baeeefde61a20e5de4751b978594a9bf3b34514bc652d01224ee76da1b

SHA512
878f4bc1ab1b84b993725bcf2e98b1b9dcb72f75a20e34287d13016cc72f1df0334ac630aa8604a3d25b9569be2541c8f18f4f644f5f31ff31dd2d3fedd6d1ad

Download Submit
\??\pipe\crashpad_2520_GMZVKZRTNPTEWXJM
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1520-3574-0x0000000002D90000-0x0000000002D91000-memory.dmp

Filesize
4KB

Download
memory/2236-2803-0x000000001AFB0000-0x000000001B030000-memory.dmp

Filesize
512KB

Download
memory/2236-2799-0x000000001AFB0000-0x000000001B030000-memory.dmp

Filesize
512KB

Download
memory/2236-2797-0x000007FEF4180000-0x000007FEF42AC000-memory.dmp

Filesize
1.2MB

Download
memory/2236-2844-0x000007FEE57D0000-0x000007FEE61BC000-memory.dmp

Filesize
9.9MB

Download
memory/2236-2796-0x000007FEE57D0000-0x000007FEE61BC000-memory.dmp

Filesize
9.9MB

Download
memory/2236-2795-0x00000000002B0000-0x00000000002DA000-memory.dmp

Filesize
168KB

Download
memory/2280-3575-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

Filesize
4KB

Download
memory/2852-1642-0x0000000000AF0000-0x0000000000B1A000-memory.dmp

Filesize
168KB

Download
memory/2852-1643-0x000007FEF1680000-0x000007FEF206C000-memory.dmp

Filesize
9.9MB

Download
memory/2852-1644-0x000000001ADB0000-0x000000001AE30000-memory.dmp

Filesize
512KB

Download
memory/2852-1650-0x000007FEF1550000-0x000007FEF167C000-memory.dmp

Filesize
1.2MB

Download
memory/2852-1651-0x000000001ADB0000-0x000000001AE30000-memory.dmp

Filesize
512KB

Download
memory/2852-1653-0x000007FEF1680000-0x000007FEF206C000-memory.dmp

Filesize
9.9MB

Download
memory/2852-1654-0x000000001ADB0000-0x000000001AE30000-memory.dmp

Filesize
512KB

Download
memory/2852-1655-0x000007FEF1680000-0x000007FEF206C000-memory.dmp

Filesize
9.9MB

Download
memory/3276-1675-0x0000000000CA0000-0x0000000000D20000-memory.dmp

Filesize
512KB

Download
memory/3276-1673-0x000007FEF1460000-0x000007FEF1E4C000-memory.dmp

Filesize
9.9MB

Download
memory/3276-1672-0x0000000000D30000-0x0000000000D5A000-memory.dmp

Filesize
168KB

Download
memory/3276-1674-0x000007FEEFA90000-0x000007FEEFBBC000-memory.dmp

Filesize
1.2MB

Download
memory/3276-1676-0x0000000000CA0000-0x0000000000D20000-memory.dmp

Filesize
512KB

Download
memory/3276-1677-0x000007FEF1460000-0x000007FEF1E4C000-memory.dmp

Filesize
9.9MB

Download
memory/3524-1692-0x0000000000A90000-0x0000000000ABA000-memory.dmp

Filesize
168KB

Download
memory/3524-1693-0x000007FEE6730000-0x000007FEE711C000-memory.dmp

Filesize
9.9MB

Download
memory/3524-1694-0x000000001AE00000-0x000000001AE80000-memory.dmp

Filesize
512KB

Download
memory/3524-1695-0x000007FEF1C20000-0x000007FEF1D4C000-memory.dmp

Filesize
1.2MB

Download
memory/3524-1696-0x000000001AE00000-0x000000001AE80000-memory.dmp

Filesize
512KB

Download
memory/3524-1698-0x000007FEE6730000-0x000007FEE711C000-memory.dmp

Filesize
9.9MB

Download
memory/3868-1623-0x000000013F4A0000-0x000000013F4AC000-memory.dmp

Filesize
48KB

Download
memory/3868-1613-0x000000013F4A0000-0x000000013F4AC000-memory.dmp

Filesize
48KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads