hxxp://ph[.]ontools[.]net/2023/08/2[.]html#?o=54ad6f29cd350e44171d5723faf765f75157177bdcf3185767bdb908139cba8b1433fa1287b9da45

Analysis

max time kernel
207s
max time network
212s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2024, 14:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://ph.ontools.net/2023/08/2.html#?o=54ad6f29cd350e44171d5723faf765f75157177bdcf3185767bdb908139cba8b1433fa1287b9da45

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings	firefox.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4296	NOTEPAD.EXE

Suspicious use of AdjustPrivilegeToken 13 IoCs

description	pid	Process
Token: SeDebugPrivilege	2852	firefox.exe
Token: SeDebugPrivilege	2852	firefox.exe
Token: SeDebugPrivilege	2852	firefox.exe
Token: SeDebugPrivilege	2852	firefox.exe
Token: SeDebugPrivilege	2852	firefox.exe
Token: SeRestorePrivilege	6024	7zG.exe
Token: 35	6024	7zG.exe
Token: SeSecurityPrivilege	6024	7zG.exe
Token: SeSecurityPrivilege	6024	7zG.exe
Token: SeRestorePrivilege	4696	7zG.exe
Token: 35	4696	7zG.exe
Token: SeSecurityPrivilege	4696	7zG.exe
Token: SeSecurityPrivilege	4696	7zG.exe

Suspicious use of FindShellTrayWindow 12 IoCs

pid	Process
2852	firefox.exe
2852	firefox.exe
2852	firefox.exe
2852	firefox.exe
2852	firefox.exe
2852	firefox.exe
2852	firefox.exe
2852	firefox.exe
2852	firefox.exe
2852	firefox.exe
6024	7zG.exe
4696	7zG.exe

Suspicious use of SendNotifyMessage 9 IoCs

pid	Process
2852	firefox.exe
2852	firefox.exe
2852	firefox.exe
2852	firefox.exe
2852	firefox.exe
2852	firefox.exe
2852	firefox.exe
2852	firefox.exe
2852	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2852	firefox.exe
2852	firefox.exe
2852	firefox.exe
2852	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3484 wrote to memory of 2852	3484	firefox.exe	86
PID 3484 wrote to memory of 2852	3484	firefox.exe	86
PID 3484 wrote to memory of 2852	3484	firefox.exe	86
PID 3484 wrote to memory of 2852	3484	firefox.exe	86
PID 3484 wrote to memory of 2852	3484	firefox.exe	86
PID 3484 wrote to memory of 2852	3484	firefox.exe	86
PID 3484 wrote to memory of 2852	3484	firefox.exe	86
PID 3484 wrote to memory of 2852	3484	firefox.exe	86
PID 3484 wrote to memory of 2852	3484	firefox.exe	86
PID 3484 wrote to memory of 2852	3484	firefox.exe	86
PID 3484 wrote to memory of 2852	3484	firefox.exe	86
PID 2852 wrote to memory of 2856	2852	firefox.exe	87
PID 2852 wrote to memory of 2856	2852	firefox.exe	87
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 816	2852	firefox.exe	88
PID 2852 wrote to memory of 4196	2852	firefox.exe	89
PID 2852 wrote to memory of 4196	2852	firefox.exe	89
PID 2852 wrote to memory of 4196	2852	firefox.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://ph.ontools.net/2023/08/2.html#?o=54ad6f29cd350e44171d5723faf765f75157177bdcf3185767bdb908139cba8b1433fa1287b9da45"
1⤵
- Suspicious use of WriteProcessMemory
PID:3484
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://ph.ontools.net/2023/08/2.html#?o=54ad6f29cd350e44171d5723faf765f75157177bdcf3185767bdb908139cba8b1433fa1287b9da45
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2852
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.0.1663692432\833649591" -parentBuildID 20221007134813 -prefsHandle 1936 -prefMapHandle 1932 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {326ee74e-224e-4056-97a5-d206a722feee} 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 2008 12b254d6a58 gpu
    3⤵
    PID:2856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.1.766175414\1305287391" -parentBuildID 20221007134813 -prefsHandle 2432 -prefMapHandle 2428 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5670780e-026c-4df9-8cd2-bb5004203d71} 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 2204 12b24fe4158 socket
    3⤵
    PID:816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.2.332930376\2002013311" -childID 1 -isForBrowser -prefsHandle 3000 -prefMapHandle 3032 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1064 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eee44acf-9a94-4c66-a181-8003648cc996} 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 2936 12b28fd8b58 tab
    3⤵
    PID:4196
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.3.1074581815\699817640" -childID 2 -isForBrowser -prefsHandle 3596 -prefMapHandle 3592 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1064 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {758cd52f-210b-4254-a467-fd34ed6c986b} 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 3608 12b18862b58 tab
    3⤵
    PID:4916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.4.462160143\1074496688" -childID 3 -isForBrowser -prefsHandle 5096 -prefMapHandle 5092 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1064 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d021cca4-8df7-4c55-a7a0-d45b74c5879d} 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 5068 12b2ba22b58 tab
    3⤵
    PID:4504
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.5.115725222\1040173803" -childID 4 -isForBrowser -prefsHandle 5236 -prefMapHandle 5240 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1064 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {edce5c25-f782-469a-b05e-4dfd6dde7872} 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 5228 12b2bd9e558 tab
    3⤵
    PID:2028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.6.2010375474\1401094292" -childID 5 -isForBrowser -prefsHandle 5416 -prefMapHandle 5420 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1064 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {887a4cf8-f391-48c0-8bd6-c797c0240832} 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 5508 12b2bda0058 tab
    3⤵
    PID:3596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.7.2021090928\82173587" -childID 6 -isForBrowser -prefsHandle 5476 -prefMapHandle 5460 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1064 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1595a6c9-d8fe-4353-9348-15f29f3cb32b} 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 5456 12b27a67b58 tab
    3⤵
    PID:3940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.8.1538652515\772565936" -childID 7 -isForBrowser -prefsHandle 2888 -prefMapHandle 2860 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1064 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0fc9aa41-2452-42a4-b43e-d07032a0687d} 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 2892 12b2ba23758 tab
    3⤵
    PID:5836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.9.376156093\80482658" -childID 8 -isForBrowser -prefsHandle 6140 -prefMapHandle 2892 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1064 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c532995-7558-4662-817e-5f5243f63ca9} 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 6128 12b2ba25e58 tab
    3⤵
    PID:5844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.10.1719254830\149899398" -parentBuildID 20221007134813 -prefsHandle 6376 -prefMapHandle 6380 -prefsLen 26381 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {864d91ca-0efa-4217-85cf-461b48942d2d} 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 6188 12b2ccf1258 rdd
    3⤵
    PID:5936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.11.560786324\1033961216" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 10056 -prefMapHandle 10528 -prefsLen 26381 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2edcd663-05d8-431c-9b89-968eca6962cd} 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 10040 12b2d38e358 utility
    3⤵
    PID:5260
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.12.716391524\971649106" -childID 9 -isForBrowser -prefsHandle 5520 -prefMapHandle 5220 -prefsLen 26646 -prefMapSize 233444 -jsInitHandle 1064 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b7e2b09-fea7-4f80-87a8-3a777e72edc0} 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 5404 12b27a65158 tab
    3⤵
    PID:5672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.13.1072861319\540450454" -childID 10 -isForBrowser -prefsHandle 3240 -prefMapHandle 3260 -prefsLen 26646 -prefMapSize 233444 -jsInitHandle 1064 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a1ecce6-f57d-4dfe-84e2-362e9742c42c} 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 2872 12b2bd7bf58 tab
    3⤵
    PID:5824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.14.1667152608\1006904076" -childID 11 -isForBrowser -prefsHandle 4656 -prefMapHandle 3128 -prefsLen 26646 -prefMapSize 233444 -jsInitHandle 1064 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {23b89be0-302f-4f40-add8-ae3fca9cb13d} 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 5000 12b2d1bbe58 tab
    3⤵
    PID:4424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.15.970717075\1412120692" -childID 12 -isForBrowser -prefsHandle 5208 -prefMapHandle 5068 -prefsLen 26646 -prefMapSize 233444 -jsInitHandle 1064 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b2b80d5-9bbf-4749-ab46-f2752b7f7457} 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 4796 12b2e8ca858 tab
    3⤵
    PID:5624
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.16.1196056395\1708940027" -childID 13 -isForBrowser -prefsHandle 5528 -prefMapHandle 5652 -prefsLen 26646 -prefMapSize 233444 -jsInitHandle 1064 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5f0ad04-7d35-41ae-a2d5-ba6dbdd835ed} 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 6396 12b2c31ce58 tab
    3⤵
    PID:5112
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.17.1268577534\562115013" -childID 14 -isForBrowser -prefsHandle 4736 -prefMapHandle 4724 -prefsLen 26646 -prefMapSize 233444 -jsInitHandle 1064 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa180c64-90ec-4da4-a950-1eb2b3e7af49} 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 4744 12b2c0d4458 tab
    3⤵
    PID:3484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.18.1709153295\1323418737" -childID 15 -isForBrowser -prefsHandle 6396 -prefMapHandle 6272 -prefsLen 26646 -prefMapSize 233444 -jsInitHandle 1064 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10205f8c-5984-4031-a6a7-f1051142714e} 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 5528 12b2c0d5f58 tab
    3⤵
    PID:1284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.19.1984183875\1338495510" -childID 16 -isForBrowser -prefsHandle 10980 -prefMapHandle 6204 -prefsLen 26646 -prefMapSize 233444 -jsInitHandle 1064 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44729fbf-4b4b-4422-8015-2d35887153ae} 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 10972 12b2a1bfa58 tab
    3⤵
    PID:1088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.20.459094676\226345153" -childID 17 -isForBrowser -prefsHandle 5368 -prefMapHandle 11092 -prefsLen 26646 -prefMapSize 233444 -jsInitHandle 1064 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a8df0dd-670d-4ac7-8995-84d24dcd2525} 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 5588 12b2e8cd858 tab
    3⤵
    PID:2352

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\ds2.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:4296

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap7356:64:7zEvent4406 -t7z -sae -- "C:\Users\Admin\Desktop\ds2.7z"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:6024

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap30522:64:7zEvent2465 -tzip -sae -- "C:\Users\Admin\Desktop\ds2.zip"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\doomed\10488

Filesize
9KB

MD5
72e6123d7698cfe2d7efb4e0ca2fbc71

SHA1
af70b62618bae04c16f6b8b7f4ad30777c96b94f

SHA256
f9a6f7dddc00a88823f109d79e0c58c1fd9d52ccd8fc0cd54328f3a35abeb071

SHA512
b8e9130977669cef0813fce4842ef8cca8998ccacd738aa2a8e0326341d30e604b3be44f0c1e21312f8f5fbed8bcc5b80cb5e574e888375c1cc65d0b664341bf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\doomed\15515

Filesize
9KB

MD5
91387e4bc0f3cc54a79444b6f1e0eea0

SHA1
f00a79194d9a8d4ea76f5dc25b5bfea7a343d5e4

SHA256
21cc329dadcf26a170abe4507394ecc20be3e09bbbb5daa372a76b8c6b708e3f

SHA512
abc1d653e15533d7e4dfd93e91e9eb424ac2b7f21ea1eb321264fd6d7135429c0aa35acd9af8c5357a354bcc49240ce0c1eabd4396d5fd3592ae0ed56a396e1e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\doomed\15695

Filesize
21KB

MD5
eca196662f9daa64d6d07136c3282f7b

SHA1
5e2c92a689722c324a269aaea1820557125ffb76

SHA256
d625c22386f16b37b5cffff1b3c1affce97a0aa7921a8c45a524f325c57b9bb9

SHA512
c2646ab35a8d7428c948670f4cc344cf391e4aae98c1b2547eb80127b97ab601c787bef87c97f486a5efbafce9847052bf30b40c49b266a2e4ea5d2ea380a897

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\doomed\17086

Filesize
9KB

MD5
78a8c8040fb5eed49f7d5ce6bbc14f57

SHA1
79e5794dc4735b964a963209859621d2cf710fee

SHA256
ccfe5a277647fa7d7063752939a642965c7b9d031d72a9a27fb32830970d5048

SHA512
1a7f7a692c0aec039ca9d2ec4c16cf549bf596b853260fdf94aa11aa6fd535391795687482b9127cb9a2264b94b63411b6ad658dcaa2294f8b80c9a2c4a839f3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\doomed\22905

Filesize
9KB

MD5
b8f9189bf4c9b9957cadd1d7a071b70f

SHA1
8a30a9764b45f021330c2c823aa23fc08e60c755

SHA256
ebe83731fc35b2c935cc1b6d4f0a119eec2fad68c1b0892dfb521e76ede045b5

SHA512
b6afabff72b0c97882d10fd04fc43db674cbd27ce5415f2e6dc2fd99ff9007deeaa985df88f51abb84c0b838fad013f1a57b7007352ea388ddf294e7c5d68c19

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\doomed\25526

Filesize
9KB

MD5
0347baad48512d2fcc97950725d3ad4f

SHA1
d9cd7324f8d33ffa806744ed65a0598043062bb1

SHA256
a38f7c6d3f33a4c9fe76c4d09fa3524ecd465f550241554cf74c93517033e3d8

SHA512
40c60e78590ec6dddc60fc932870d2b51ad0c966c062f80f028a9e787fc1fcb60805aff059ca5c08939e8ea85a8c73fa19c4be09fb727b9103393592173ab352

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\doomed\28475

Filesize
9KB

MD5
59b2197a21fda795490b3671cee02259

SHA1
8fff52dce4676a8494209825a48a1760c50d3814

SHA256
1074468858c1513e0cab68d719076bb742c046ffdf1fbccd3d985de6711895e6

SHA512
8649de2969cd958c9b946f62a6287e16366ac85f8af6160b32bfa558e7bb1d9b08548dfd2e01139bf89f379d14f5c8b5ca0869fa5c085c0faceaab8d13a53173

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\doomed\29923

Filesize
1KB

MD5
b85a1a91f5e712435bbb7c796876275e

SHA1
1c4c9de0f5411590b0c8d2100946e2782151386b

SHA256
3a5be6734f8e5f028eabba970aaeca1933110279b1bd1023c60077d93896033a

SHA512
15b428239cb46c7a2e8d8a56f4fca1ef1e4a2954a91e13e689a9f75a18e6f5a41abd84caa0a53c10579e050d700c0499ca2abf3b21cf7fa6db18341f29aa1890

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\doomed\3250

Filesize
9KB

MD5
e91e643588ac8ba5e0a828f40b5a0a9e

SHA1
925a5655287b518ba2cf9fb5e79312ea2a9b630b

SHA256
11318d144ae6d31cc5ef8be6d2553d2fdc8d4692d943eaec64406fd507e9325e

SHA512
4dcfb53f543d58ed67d590b937b20d573e9da058095822c5f335d79581a591d67dad8c105cb0a948c03a8cd7dfd249413d368f231a79f923712576ddc45bd9ee

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\doomed\32673

Filesize
9KB

MD5
bcd9d93eafa17616c201dea7044ba6ab

SHA1
48b235742ba735b3b5ca3aa7ef01a915c954e27d

SHA256
be9e1e4a9da2af5e7c93e2c9f54e136c57cbd79fbc1be5fddee29dc48796ac0b

SHA512
d1703c147f120ce2a43e0a158acd0ab15b73bb5b54ceb24b8d025e5d49a8072c52e94d48d25f26f7431022b075edce92778885a8aada7742f7d35d510872f453

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\doomed\4204

Filesize
9KB

MD5
0f40be07b934451fe316b68a7bd4c28f

SHA1
63b58ffa17758e90d08014c5a37c9c987503d6c8

SHA256
ed3cda1c190355f9fb55a1aab94f7b705456e5f3b917603545da11d5a7fe5513

SHA512
56c1ef8f953bba7508f45ff767f24459f685aebb3d7c925aee54475cf14e29270510409e240a1c7689b99333c5c823633b20c0390d65bfdff5801b090e838455

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\doomed\7257

Filesize
9KB

MD5
87067415d7a2952eefa983adc554acb4

SHA1
0d595aa58f8fadadad7090b3518b62f83d3285a4

SHA256
6cadd3201b5604d44473b79a68001c84e2bab4faa2cd024ecd20a84d028d746c

SHA512
a36f0be8e4a6ff79811d0b9eb6ab34e299d6941f67ad24629ceed19ca6469006b428eacf1d9663f1671bb1c56758ce1a42fd864291121e03fbf2402e43309f18

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\doomed\7463

Filesize
9KB

MD5
b855254d1f6ed28328aa41ce2e322322

SHA1
8a069e9f69625c3ef09bd5fea46a37b66007e9db

SHA256
594d8eaa3230566f5ec2aa6b28d2848badacba1349c9b7e60858149f696859db

SHA512
1f197020dd5ec6004fee2abd58eb1b965ad72f51c727d39001f8ede607a0e456b27b7802d8e78bf9788fc88c733d1d0a4576bd64430e90dded5945340b1175d8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\doomed\7849

Filesize
2KB

MD5
5277eca0a6f58c5cb5ecbf8ed6adeb66

SHA1
ebd8a6dd2ddcaf6cbf4c4c64578e6cd55ccc1b65

SHA256
c3397e636f603067e8f7f06e15360cece473fb2fa07e89d2f38f9c630ad5edb3

SHA512
6b62f5d885c73614f53bd4e047dfe910081738a0995023666c4446dff344bdea9dc1be8899b09cc240ea9dceb917d1df90609fd7173b60b94fbad023242ed4f1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\doomed\9636

Filesize
21KB

MD5
76c75a4487c4f41881fc6a6d70b4f2a8

SHA1
3aca26e45abba0c2fb170d12bbb1657ad8eaa68b

SHA256
53a81290226a6578bc2ab7bc63a8f6410318986f4643f686a17f9d2146ed1e7a

SHA512
42a19e2a2338b70b9fa6ad94afb6a22d31b13ad8f08b2e2456b7400e3c6c361c6a58474a0e3d717100223a80d25e5d837f63745cac4fdf8ec6e51752ce906f97

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\entries\0DF3FF9128A9EE4D8B2F787E89254520A4793EF3

Filesize
22KB

MD5
cceaf50946e2af587fa4ab408705da68

SHA1
0db7915461c34a82b2863b87cabb205286cb30f6

SHA256
d8443c72b5e3a87d72c59d9711513427669fe914153714c07057b35bd1eb6dfb

SHA512
eb06dc40faec041841c2d1dd44bc623b5ac2ce08f341b8f70ba33ebce79d2591f8267a98a0ec7679f671e54810fd118455f5a581f589c8919cd9afa8491f6f4e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\entries\29D9EBCA47F433F6F2BA5B596D790DD13B6C47C5

Filesize
121KB

MD5
ff1336d01da84694fb3e3cfb9017234f

SHA1
c54c9d48a9a4bae72c7f2c85abdacef389affc4c

SHA256
d04bfb4ce1e785b1629154f2c78715005853ffbfd15e52b4fd102acad7a0a28c

SHA512
87594ae30890beab42f330830ab4a855d115a19c6fa25df0c04433069a20bff49ba1f427d37fbedb745cbc7738e558768aae1c09e7090c3f237d657b0f1a178e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\entries\3EA1951AA911C5F3FF0225A33D61542FBA150909

Filesize
115KB

MD5
32378646d89d88c277f0f8c1103a8f53

SHA1
b653d6f8a6cc5e24a863a8d428132bd7884a6a78

SHA256
fedd53bfef51defc5413dfdec70230c3930cc102839399752939207f9b86c4d4

SHA512
fe3b763facb5a640eff006f6ec9fde850408315669975c947ab48dfe1d7fb81a1f0fc5d1dfb0d174a66448ab4768a57f10c43be5d5deecc7356cb3c7f7b918e7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\entries\4B485A636B3F425B86AEABF03CE6A6A343F86B82

Filesize
24KB

MD5
871af89496cf60dd8be3bce6105c70ac

SHA1
933c2515b8fa34d176592c5cc36daf8a0bcc6eae

SHA256
7a45b12251208e7b580447c0d322b17806714023e4001d29f163f7825c60511a

SHA512
d6826eb299ee98ea81f9554282110da5220d76725036be329cfbaf263c668c9036c72ba9335fdcee8c61203ecef4b66a8a0221522248eb6f27723655a4f646a8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\entries\515AEFB6F5964EFABA01DF95B0118F4179977BD4

Filesize
722KB

MD5
f0333b02d7860b7afae78c2e81ff0c70

SHA1
e226588e6acec0d07a6d88d078cbd7ba7f83053b

SHA256
be02b73210fe33422100e98ade506292c6ec23fcc3fbca576bf2cec661e33081

SHA512
e17c62b166d0ab41f4c2383b09784964d569833d7c8ebbeeb8238e77156adf02c1738a681bddde629d4b51993a361a3936b3aaeb6f474a282c376eaea3648fc2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\entries\54ADB6E8906D8CF21EADF38DC4CD203B0F399B27

Filesize
13KB

MD5
bef6c3a33b6ff895e29421822a587606

SHA1
a6d9005cd2e6014373ef958ca581857cb526b95b

SHA256
ca76a16f05b9cc55980279245eec5042adf5f6d71916778659ef1daba2ee416f

SHA512
1ba89fdef294ced610d4826aec31c44fda7b9aa394460f57afffe923c1f7e85796135827d8170d991bf4283108908090aee1970873f9dcc7a254cbf339a1115b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\entries\596DEBFF192CD6C4DCD3D14E1D74F6EE12E76489

Filesize
74KB

MD5
b5371550d52686d33df8ec355210e630

SHA1
25e594c3b0677437daed193cb45727e023f7c6f1

SHA256
5e310c394c4fbdde8019efcdf284c7a3981deaaebe985d8fa1d67ac7f9bbeb9a

SHA512
84b55bbfaf684b16b267a808f499e748868bfb52f7b58a2f074ed4714716604f2a327a490106999009b071177f58dd581ea84d8f5d346d1a03712382e1cd9aa2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\entries\6BD1909211C1E036255726AE93FF0AE1745B2740

Filesize
16KB

MD5
6d9384e32a591c55ba359db36ecd42b5

SHA1
e51ce346785f05ab61a6c91c2caedc012beb8c77

SHA256
430175ebf533ce9941cd9619462a93d0559c6816678c0f519662daf44272b2ad

SHA512
687c353576e2973d4774d71c7ee2fee5153091a051995845f515eb51c7dd52f468db3022395d0a0b8f46256a68c39cf7e264eceedfefe0be02bdd8d89ad6f2c5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\entries\6F234C4236533B67807B0842637BFA8281B9FC6A

Filesize
725KB

MD5
4f95b6d2263168c631d3a3bacb33028d

SHA1
bd36e905a3cf150176118fa5acc08b06fc32cff6

SHA256
08c104430554bbb43bb5aad8344b49dda96b82532020b93cc96b03203bac1ca4

SHA512
56a64058ff5eb62af86c08148cc91885b0217c9bd1e2377e7d593b93e15927a41e12df002d509f41d3fc96cbd30040e6b0e7e6ecf7f5d83e6627a9ca5aaaaad1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\entries\81BDD4599158F780B4A770D7B6E0B27992A95C49

Filesize
134KB

MD5
4e617a553ddfd4543f0c5afb4ac93afe

SHA1
5f32f0daa1e5081153c14813ff811063ea5e0d45

SHA256
65d749eaed6a2c5b139ec700ae4e03887e39ac9aaeb06b3944c853a059be2af2

SHA512
5d55d7134355917f0ad30d63c5771946a1f0535da0eb27bb2adee0a159fe87f1b89e77f3c2deda405a5e43d10dd1123fefad7cfa508fd54d60cbf38b66fbfa2b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\entries\8688646CCB47C1CCBC9EC91BB432ADCEA8F07857

Filesize
15KB

MD5
64977f2653792de8d7451b78838207e0

SHA1
ce64439565316467b0d920026d019cde8acbc593

SHA256
236b03f8e8779dc57487cc0da39ba71108d6df2543038279248b5005f8ea8676

SHA512
025c6ffff9dc4ff24112d4a1d411c89df514a179be479992ca9ac5e02db7a6e59fdfab88f7758d8f65fac93195e0d102bec061a3c8eb1aab0eb3ead1c9c67dd3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\entries\8BC00B166AA45F65CB7611B4C21575569346DA14

Filesize
42KB

MD5
513e4af526ce1dd50e620288331cd645

SHA1
8d63c57a379ee5b8a42874f435f20db64c659d05

SHA256
8582f67664212ab5d33d2ce0818f4d202beb0871fe4d81a266feea924d3003b3

SHA512
f667b15736528a2de5b3a8a0b4804db3abf9df9a188ee709f0651f55bd1f11e9a8fba905baffd925f98d08e95a60c70a1bc2aa3152b9e9524df6fd834338ae0b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\entries\B2B5EAB15A44574287D9BFB0F64942FB5AB263FC

Filesize
24KB

MD5
3544fce6082d0a803be2e88f743f9242

SHA1
bb77591f62966337f89d3fb9ec84e360adac17e7

SHA256
9bd64f70a418ab63970dc56f67fbae012bc3169684bad15ceb18bf4a26aab00f

SHA512
3ab9c40bfe89d9068db90e2183d356ff01b9040e64d42118e6758382e6593ac398154b3face9394ea5aedbe6b75ef0ae58e265b9555eb08e5f1714afafa6aa6b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\entries\BC4CB2618703760FBCC3B961B166C5A92F2192FA

Filesize
33KB

MD5
31329df2853c4a347008591216949bcc

SHA1
9c42b14b8f3ee0c38bb7945658cace6a7563dafc

SHA256
6d0d49506d5c190143d532b20e0184e332ad3eea43c224b7b591660915441d4f

SHA512
4bb356014cadae1a76b7c73f9a6c554e18d1699c5724df0d19ddfa14199b5340fc764dfbc9b3f6a8cb36cd966733043de14e517b3000de1fcee0b0bbc3d9f773

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\entries\C498F48A7ECF4FB1097D970A6AD49B11A7734571

Filesize
23KB

MD5
8d98bad557618bcf7d021acf50379a7c

SHA1
257abfdb868074aaf1c27ace7cb05d25415bd8a4

SHA256
da69063254c1c2d953a00792fe468da2a25272cd3cc7d96c07f44b9fe2b15bbc

SHA512
09401f22da758c4149094332e17495f092215cc33ab5cbca759f1146242e76f63f9d34c3853798f79598e6078cfad8d92b863e877be5fea9c555c59f1f56a0ee

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\entries\D12761C294E29E13D8919121F9E002583367E096

Filesize
207KB

MD5
1e346859e82fc96a569002a415f024c7

SHA1
45f19d409f04592b12c6733d6e26d359430f9d6c

SHA256
0a1b8978b109a161a1de7a3b063f5a07d62147ec943552226faba6d8e287f57b

SHA512
71de645560cae4e25589f514c8952818d72b40d1eef8655a7e1c1d090d9fc59bb29cf97e090e2142a7c13255052037f0825bc8589895168056f7149b29a65c7c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\entries\D623FF9BAA7D566B2784BCA16952B479DDF0EE76

Filesize
24KB

MD5
aeed283469c3a06cde30cb4ff6970525

SHA1
749b3d9f2431a71a67562b19a6605c78d437252a

SHA256
1399c70e578ce29076b6e6da1054b581a410dff46fcc3b79e472ae57b7354139

SHA512
ccb1e2d6c580c380c83702557c8cd6125427e343844220a7280264b36724ad5470f7a550107e3bffede08aad4699ed08dc437d64c8db983cd00b7724a27dbb7b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\entries\D87D476A345F74DE49A6A9B0B09DB9964265EEF8

Filesize
18KB

MD5
40c9092398d0170fb6bfc4ffe6bd02fc

SHA1
ac6b0dc79aa69b16cfb1b2738b4ed19e26a5ac9d

SHA256
5fb2d7f021c390e47bb77aba9e6abe13a961c064e9a3bc9e94ab967a6ffe4045

SHA512
4c65cdd7cefb98ee104a5cb8fc0844cb82571c2c30a1a148cc031629e8e0ba535a667cc258cd9dd4dc5a36e3c7b56917af726595aa58bfab9c5dccc80585e803

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\entries\EFD0B0E5CE758F2CBA1075128ED96EE13DC832B8

Filesize
24KB

MD5
ef6532c3d858daf99da89f5916ae7bcc

SHA1
06b2f5473680a7c95a22c17d2c5ed62d63a65666

SHA256
a885b43b76e5bfa79471d3fc5e21418b543f50eebdf6964744d68b94b96b6c5a

SHA512
bbd03ba6114987e09b59bd5a9f7472b8becb3b66dd835747bebd3c87eef49d812e33f296d051e049ef867c0445781c530dbc9c187c70538b61b6834c336abcd6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
e55b46d6595f6303db7a90c2b105d063

SHA1
ac07f6f6323f7491f282159c19b41e09a53e9901

SHA256
b8ed59c9629b7ea4564abf9e27ed94bb6d3cc5a25e571e95cd127cf0a4dcdb59

SHA512
84d933ee378fc45837a640481fd82d892e7f6814eb5f6263aa9445d9317903bbc8869d0c91d77546e45dd8d5b3facafaca8384b404c7452a30d5d5544b637ad7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\pending_pings\05477ab8-87f0-411d-bc24-332aeaaa73d0

Filesize
10KB

MD5
770bf0d1266f72dfe6bcedff9c033da6

SHA1
ec5cedc89c90c18dcb780faf8e7fefefb0e9077a

SHA256
f3b38764588c444af380db462fb07b727cdd02179476de2243c038ef8dff2540

SHA512
dc201c6bf476dc36ba5c37e571c0771463ab4d4805caa5695c1241bae9eb38a25a98a601a65bbdbfaf18cbf627f96ae6bdd59c507bd437137e78e96160a51167

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\pending_pings\208bed5b-780a-4460-9688-3a2a1521cc2c

Filesize
770B

MD5
a5be20b150b324b2e3440d0d2552a21f

SHA1
19a5e2e81cc8fd2c938a52abb4f290e0cc55131b

SHA256
af6f27a904ddacd23d9f9efa94d005b450a59ce9266bf0029b24e61b7c504893

SHA512
ce2522fdccce6941040460ec45d232a79a78aa9b44f155ce60782894cd03da42a3a75d5c6348633964d6b70b6218252eb0d46843c6bec1c1fc5a25ed1e91b0ae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\pending_pings\73c4324d-d5ea-40a0-bf9a-8d82f0c77660

Filesize
746B

MD5
2ca912c3c9e8b525fa02f5018a6a9dc6

SHA1
2f6e51a9f35a7deca0740e500d28e1c5c76d73c3

SHA256
bad845a0ec9df7d3341c1651c0a75c64340df9a61d7ebb3b7ab205b8b412e7bc

SHA512
436ca8a2d194a211a899c4be484e2948d974f66933fc6912417187ee1c5486c8df54d6a6fd47377850ff891a8d753e8d3efaf0fa808641765e9e2c69ecf143bc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\pending_pings\fadead82-3c3a-4201-83dc-5e2e940e1f59

Filesize
855B

MD5
b07380d2e2d93944a84dab7488fd9647

SHA1
cac24be07f04c296d4430ef4135b261b07767054

SHA256
a6992499ab94293bf17fd1533b8527dd2263adb3e512dd9133d71eb0cc8ef7be

SHA512
0db6471912180c99a8f76afcebdc110ee5c6656a38d26237388679a809dba59a0cd5011571af210e0d1711373f7b23f0ab45578ef67d4fedd8c1f17051b189d4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs-1.js

Filesize
6KB

MD5
b372927004736da779a814b7b75b29f0

SHA1
a23c00b1eb8a71c4a8d6ef38e0d4108582253834

SHA256
a0e00ce7dba1face8087ef8b824000b371a5d91aff121c930f0c5c75d8f2e5dc

SHA512
3a7bdf7ab90e1a4d8d0c1c93dbe98137ac04ba749079cc093c0380eb27501e45d3366e36f5da2c1475a6531cddcaccc0da7576807c4d0b55e5c56eb7c60b43e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs-1.js

Filesize
6KB

MD5
6cf53f7c54723e4867db118bab3ab140

SHA1
4d9de6643f1382034573b276a102daf1569d6c08

SHA256
78fdec9e4ed868041fb02abb4054bcf2aa93e3d7f2015a0bff2b915ec8daaf69

SHA512
01c44d7ef036a2682a49d058c62054e027170209c14e3dbd6e2c0c9be32616adab7fc4d8f4740c5abb645649a5a55662154b62de1b1f4b7cc103a33f444c97e8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs.js

Filesize
6KB

MD5
644ab985d0b1875ab9b88e5b3707c0f3

SHA1
d725c7a0cbe31799d998fc762de1899db81bcb69

SHA256
60ddbc2f9eb45073b3c46f7a385cc843a7a6a401f9d8c592bbc4df2a4c307154

SHA512
1937aabbbf7235246389d3c05f3142f20a0559cf9a971f31957a09d7f4ca75e1a354b98d938e111f20a3c37301e91258b5c1ec275a9f63f48b36d99cd6f00175

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
510aec2766121678cfd6aa0a342eaae7

SHA1
db6fbb39d6bd6f1ff74aeed46a7d1b61c9b86eac

SHA256
b847c9c1fa660319f4430accbfebe67d0f615fa36f89a24d4d3c0784e6cb3f86

SHA512
67fa979ae8151c646edd93911c21f2ba90ac26b955456617c584e14be65dd1a06908b64254d3cb983fe3e4695321e307e85387cfae667f4829f150999babcbd7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
5dcd9ca8e4b69bd1bc86ee5361c7dabc

SHA1
7100c767b81a2fdeb54cb3ae680c99bebf0a0ff5

SHA256
4877c7a09baa70a09f915649fd66b53cb18390f15de33fe4eeb0bfc506234043

SHA512
d0a3b2715f58ab22dab747c968f717b28eaf129d43375d6f730ea4026c282b1e2854c06ab4279c5eff53f2be9102a5dd7db676013db045b0d1bb32c7e5a32236

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
37782255bc894ff78e2cbc81c14bbe92

SHA1
489b3f2946cace45264be9749ace08c3ffbc568c

SHA256
02bb9003fb2b149589b1e8b007de782798eeedb3932767876b3fdc7d37b7aa8d

SHA512
511d3b891af2d5d056a380d53c413ffb11b0d7abcf8e202447d4dbc8402286f6b817cb8e2fdd9aaaa5b27c66060ebcb3f327458d4a152b2167d777d2da0f570f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
25c8287bbba304b25c94796a991b336c

SHA1
73bfd405974b3f9a7021b93db252bc466174e8b1

SHA256
abc44c1269d201202ce384b88c215405ce0b0870bce21f5de9e9bc47de9f0f4e

SHA512
50d1ac61484763380f8ade7d34721e4ffdbeebcc6e913f35d67331c20dab4f1ebcb17d904f9cd9c708f48f9e64ebe7c4e93bc6f9e6a0beaab4d8029aacfb44b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
8de880b8f8c80b1d83f041ed7787c714

SHA1
51554d01779b1f55ec0d2166384cab6868fae2e6

SHA256
d6ad406ecf00d3d549856e288256565faf6053c8471fb4948a34a50ab8b39475

SHA512
83baa9f83bd91025c13276867db3e0a6d21b89efe11754bf036f437007e8347397a6082ad69a98f6226f3193360d0402e8ea98c2f8c269d3198532421aeda245

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
cd135f0a44aef10558aef12da416b9a0

SHA1
b5e723f5f485aa62bb28730401a96823d6ddb2a9

SHA256
9ca31f25e7e4f6558156aefc4e8f01b76f53ee6dec9c0319443e6f30921eca84

SHA512
51604262b76fddc0fad8bf3429f29fb54cbd5faa3a757e05b179fe4cbb30ac489c87186bb1bd7d0e453fbb4403d096a3d6366f15e9268b931ad7175815306e63

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
b1f01ae39515cdb8304e4a2d1b456396

SHA1
30b687e4f31952cb308dc68c06e91b9597258907

SHA256
97bfa29ec574e042056484445083a887c158e06f7df2f6fe440772476c9d623d

SHA512
632c33749601328329ba55598ebd5ebf7c794d9a56be08aca462273f279b99229bafc47ab0eb064d658a04fd6a44d2d55013fd64f5e0846c8b8a0f1d3cea5ad7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
3fe8e2f64e36ae0b5c6e475482c75278

SHA1
b1598530686e121a4ebe7b6f44b7cf19a667e989

SHA256
9c6cdb43930634a67fa761e8e454da0988a8da44f024e6e7bd2e46f2f2cba790

SHA512
9feca8dfcc586d689eb950c645b91b09ae8a303bfade2ced581916965367c057efac3c06c88f543bc0ae118ead0e24d41cfebcc6153381e7c52db02a46167e2c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
b46b44ce795fc910cc8d9f567913b274

SHA1
1f197917781a077415bf5facb4a950e29c064bfe

SHA256
b8ae292fe8dc5a69f69a93b74bd5670cc514fb7bbb155137f295b4c09a077603

SHA512
8555272e2d745efad76b4b83e82af17af3330bd4573cecd3463fb5ac83cbca1ed4defc532e8c0fc07c25a8c9a1d1e65e194e2217a1173bea6ec997fb65219330

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
0507a82addb52151b1a189455324898d

SHA1
5f0642e244d37223c386af2279613bd503de9b43

SHA256
63c4a619c00ffc9eac92396d0b7eb8ee8a25fb4604a8bdf1a3dd17c4bd800ec8

SHA512
3f95f1182ea764ceaa118ca7feb0878a3dde808a6efe0bbd8b272e1abebae59775f698d10abfa9491a9abf0aa80d336039f4e15c018426bb8794bbd6e011df04

Download Submit
C:\Users\Admin\Desktop\ds2.txt

Filesize
33KB

MD5
31c80558032d08bdafc476854a5d441c

SHA1
299c1025c151c9992b9b7c4544c51f204b89a04d

SHA256
411da5a259b45f21423a30c7f0019c9e2e618acfa0cab08bc6d47a83e44e5753

SHA512
34d53b3b4a2eeff8f9a13734c805be4420e36b4096ce8de2c4ed830fcb28493321d8211db62531693e0482ef010ba71e2b3745c4c4431b0db25d0c584fab69ba

Download Submit