hxxps://github[.]com/Dfmaaa/MEMZ-virus/raw/main/MEMZ[.]exe

Analysis

max time kernel
302s
max time network
299s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
19-04-2024 01:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Dfmaaa/MEMZ-virus/raw/main/MEMZ.exe

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 7 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid process

2648 MEMZ.exe
4944 MEMZ.exe
648 MEMZ.exe
4776 MEMZ.exe
4836 MEMZ.exe
4696 MEMZ.exe
4448 MEMZ.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service
T1102

Processes:

flow ioc

26 raw.githubusercontent.com
27 raw.githubusercontent.com
28 raw.githubusercontent.com
29 raw.githubusercontent.com
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
2648	MEMZ.exe
4944	MEMZ.exe
648	MEMZ.exe
4776	MEMZ.exe
4836	MEMZ.exe
4696	MEMZ.exe
4448	MEMZ.exe

flow	ioc
26	raw.githubusercontent.com
27	raw.githubusercontent.com
28	raw.githubusercontent.com
29	raw.githubusercontent.com

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Checks processor information in registry 2 TTPs 13 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 2 IoCs

Processes:

firefox.exefirefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings	firefox.exe

NTFS ADS 2 IoCs

Processes:

firefox.exefirefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\memz-master.zip:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
648	MEMZ.exe
4944	MEMZ.exe
648	MEMZ.exe
4944	MEMZ.exe
648	MEMZ.exe
4944	MEMZ.exe
4944	MEMZ.exe
648	MEMZ.exe
4836	MEMZ.exe
4696	MEMZ.exe
4836	MEMZ.exe
4696	MEMZ.exe
4776	MEMZ.exe
4776	MEMZ.exe
4776	MEMZ.exe
4836	MEMZ.exe
4836	MEMZ.exe
4776	MEMZ.exe
4696	MEMZ.exe
4696	MEMZ.exe
4944	MEMZ.exe
4944	MEMZ.exe
648	MEMZ.exe
648	MEMZ.exe
648	MEMZ.exe
4944	MEMZ.exe
648	MEMZ.exe
4944	MEMZ.exe
4696	MEMZ.exe
4776	MEMZ.exe
4696	MEMZ.exe
4776	MEMZ.exe
4836	MEMZ.exe
4836	MEMZ.exe
4776	MEMZ.exe
4696	MEMZ.exe
4776	MEMZ.exe
4696	MEMZ.exe
648	MEMZ.exe
648	MEMZ.exe
4944	MEMZ.exe
4944	MEMZ.exe
4944	MEMZ.exe
648	MEMZ.exe
4944	MEMZ.exe
648	MEMZ.exe
4696	MEMZ.exe
4696	MEMZ.exe
4776	MEMZ.exe
4776	MEMZ.exe
4836	MEMZ.exe
4836	MEMZ.exe
4836	MEMZ.exe
4776	MEMZ.exe
4836	MEMZ.exe
4776	MEMZ.exe
4696	MEMZ.exe
648	MEMZ.exe
4696	MEMZ.exe
648	MEMZ.exe
4944	MEMZ.exe
4944	MEMZ.exe
4944	MEMZ.exe
648	MEMZ.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

Processes:

firefox.exefirefox.exeAUDIODG.EXE

description	pid	process
Token: SeDebugPrivilege	2768	firefox.exe
Token: SeDebugPrivilege	2768	firefox.exe
Token: SeDebugPrivilege	1216	firefox.exe
Token: SeDebugPrivilege	1216	firefox.exe
Token: SeDebugPrivilege	1216	firefox.exe
Token: 33	5028	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5028	AUDIODG.EXE
Token: SeDebugPrivilege	1216	firefox.exe
Token: SeDebugPrivilege	1216	firefox.exe
Token: SeDebugPrivilege	1216	firefox.exe

Suspicious use of FindShellTrayWindow 9 IoCs

Processes:

firefox.exefirefox.exe

pid process

2768 firefox.exe
2768 firefox.exe
2768 firefox.exe
2768 firefox.exe
1216 firefox.exe
1216 firefox.exe
1216 firefox.exe
1216 firefox.exe
1216 firefox.exe
Suspicious use of SendNotifyMessage 7 IoCs

Processes:

firefox.exefirefox.exe

pid process

2768 firefox.exe
2768 firefox.exe
2768 firefox.exe
1216 firefox.exe
1216 firefox.exe
1216 firefox.exe
1216 firefox.exe

Suspicious use of SetWindowsHookEx 16 IoCs

Processes:

firefox.exefirefox.exeMEMZ-Clean.exe

pid	process
2768	firefox.exe
2768	firefox.exe
2768	firefox.exe
2768	firefox.exe
2768	firefox.exe
2768	firefox.exe
2768	firefox.exe
1216	firefox.exe
1216	firefox.exe
1216	firefox.exe
1216	firefox.exe
2428	MEMZ-Clean.exe
2428	MEMZ-Clean.exe
2428	MEMZ-Clean.exe
2428	MEMZ-Clean.exe
2428	MEMZ-Clean.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 1104 wrote to memory of 2768	1104	firefox.exe	firefox.exe
PID 1104 wrote to memory of 2768	1104	firefox.exe	firefox.exe
PID 1104 wrote to memory of 2768	1104	firefox.exe	firefox.exe
PID 1104 wrote to memory of 2768	1104	firefox.exe	firefox.exe
PID 1104 wrote to memory of 2768	1104	firefox.exe	firefox.exe
PID 1104 wrote to memory of 2768	1104	firefox.exe	firefox.exe
PID 1104 wrote to memory of 2768	1104	firefox.exe	firefox.exe
PID 1104 wrote to memory of 2768	1104	firefox.exe	firefox.exe
PID 1104 wrote to memory of 2768	1104	firefox.exe	firefox.exe
PID 1104 wrote to memory of 2768	1104	firefox.exe	firefox.exe
PID 1104 wrote to memory of 2768	1104	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4144	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4144	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 4516	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 3052	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 3052	2768	firefox.exe	firefox.exe
PID 2768 wrote to memory of 3052	2768	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/Dfmaaa/MEMZ-virus/raw/main/MEMZ.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1104

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/Dfmaaa/MEMZ-virus/raw/main/MEMZ.exe
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2768

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2768.0.1016686483\1046418021" -parentBuildID 20221007134813 -prefsHandle 1692 -prefMapHandle 1680 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c999fc2-8e44-4b3d-be24-eb5457de3bcf} 2768 "\\.\pipe\gecko-crash-server-pipe.2768" 1760 231158fb058 gpu
3⤵
PID:4144

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2768.1.1786497138\933551186" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d09f192a-d16a-485f-be36-c4df3101c224} 2768 "\\.\pipe\gecko-crash-server-pipe.2768" 2136 23103472b58 socket
3⤵
- Checks processor information in registry
PID:4516

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2768.2.1966927733\1695080900" -childID 1 -isForBrowser -prefsHandle 2672 -prefMapHandle 2724 -prefsLen 21646 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7eef6dc4-7535-4663-9ccf-40c283e1fc10} 2768 "\\.\pipe\gecko-crash-server-pipe.2768" 2760 23119bd2a58 tab
3⤵
PID:3052

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2768.3.261367175\40263437" -childID 2 -isForBrowser -prefsHandle 2944 -prefMapHandle 2748 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1bb134c-db94-40e5-8809-19d3166206f4} 2768 "\\.\pipe\gecko-crash-server-pipe.2768" 3572 23103461c58 tab
3⤵
PID:1576

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2768.4.740182537\1130389342" -childID 3 -isForBrowser -prefsHandle 4992 -prefMapHandle 4980 -prefsLen 26383 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed53fc14-5c08-42b2-886b-7e8e7cd6d5f9} 2768 "\\.\pipe\gecko-crash-server-pipe.2768" 5000 2311cbb6258 tab
3⤵
PID:4992

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2768.5.2033696570\496047523" -childID 4 -isForBrowser -prefsHandle 5128 -prefMapHandle 5132 -prefsLen 26383 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {656a8b21-9f62-427e-9875-08dcc357da3b} 2768 "\\.\pipe\gecko-crash-server-pipe.2768" 5116 2311d0d6858 tab
3⤵
PID:4124

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2768.6.1575925779\1687844451" -childID 5 -isForBrowser -prefsHandle 5316 -prefMapHandle 5320 -prefsLen 26383 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c675f085-558e-4772-8d92-0ef6b17380bd} 2768 "\\.\pipe\gecko-crash-server-pipe.2768" 5308 2311d0d9258 tab
3⤵
PID:4132

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
3⤵
- Executes dropped EXE
PID:2648

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4944

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:648

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4776

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4836

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4696

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /main
4⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:4448

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4492

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3924

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1216

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1216.0.91061366\122700620" -parentBuildID 20221007134813 -prefsHandle 1548 -prefMapHandle 1536 -prefsLen 21136 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a225ac18-e3c0-4743-8c02-87597f41c756} 1216 "\\.\pipe\gecko-crash-server-pipe.1216" 1640 1d66a105f58 gpu
3⤵
PID:1968

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1216.1.1237711844\550360816" -parentBuildID 20221007134813 -prefsHandle 1992 -prefMapHandle 1988 -prefsLen 21181 -prefMapSize 233536 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc60563f-fae7-4fa1-a833-c8ac462a7a0e} 1216 "\\.\pipe\gecko-crash-server-pipe.1216" 2004 1d657eddb58 socket
3⤵
PID:4748

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1216.2.1394452474\896435314" -childID 1 -isForBrowser -prefsHandle 2956 -prefMapHandle 2952 -prefsLen 21642 -prefMapSize 233536 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8f1a912-beec-4fbd-b2c4-eb9465ba59a2} 1216 "\\.\pipe\gecko-crash-server-pipe.1216" 2824 1d66da96a58 tab
3⤵
PID:3444

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1216.3.2087929542\1111644309" -childID 2 -isForBrowser -prefsHandle 3436 -prefMapHandle 3428 -prefsLen 26820 -prefMapSize 233536 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebf4cef7-0c43-470a-84fe-19fd1fe13823} 1216 "\\.\pipe\gecko-crash-server-pipe.1216" 3480 1d657e69c58 tab
3⤵
PID:4920

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1216.4.947371646\1782174248" -childID 3 -isForBrowser -prefsHandle 4284 -prefMapHandle 4280 -prefsLen 26879 -prefMapSize 233536 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5cdbd2c3-1126-4189-8af5-bce54e333e8c} 1216 "\\.\pipe\gecko-crash-server-pipe.1216" 4132 1d66fee3458 tab
3⤵
PID:2284

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1216.5.499196585\342959446" -childID 4 -isForBrowser -prefsHandle 4808 -prefMapHandle 4792 -prefsLen 26879 -prefMapSize 233536 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {314d6a79-6a60-4cf6-a788-2a834713ed0b} 1216 "\\.\pipe\gecko-crash-server-pipe.1216" 4816 1d66fee3758 tab
3⤵
PID:1564

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1216.6.675112551\937647938" -childID 5 -isForBrowser -prefsHandle 4920 -prefMapHandle 4924 -prefsLen 26879 -prefMapSize 233536 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {56a00d51-824d-40da-a97f-e470f31f88eb} 1216 "\\.\pipe\gecko-crash-server-pipe.1216" 4912 1d670874b58 tab
3⤵
PID:4464

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1216.7.653981793\776545005" -childID 6 -isForBrowser -prefsHandle 5112 -prefMapHandle 5116 -prefsLen 26879 -prefMapSize 233536 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {00ea1c02-c952-4be7-83f5-84728ccdb386} 1216 "\\.\pipe\gecko-crash-server-pipe.1216" 4816 1d670875158 tab
3⤵
PID:3468

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1216.8.1879731181\1460528555" -childID 7 -isForBrowser -prefsHandle 5592 -prefMapHandle 5584 -prefsLen 26958 -prefMapSize 233536 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0753fbcc-a8d6-45a3-a2e2-ff1de964df30} 1216 "\\.\pipe\gecko-crash-server-pipe.1216" 5608 1d6725bc558 tab
3⤵
PID:3660

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1216.9.1176967276\1091992023" -childID 8 -isForBrowser -prefsHandle 4532 -prefMapHandle 4812 -prefsLen 26967 -prefMapSize 233536 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8272a848-1507-484c-bb23-606a2ba3ccac} 1216 "\\.\pipe\gecko-crash-server-pipe.1216" 4936 1d66cca2658 tab
3⤵
PID:2448

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1216.10.1161507025\408797879" -childID 9 -isForBrowser -prefsHandle 5864 -prefMapHandle 5104 -prefsLen 26967 -prefMapSize 233536 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea37263e-a914-43ee-a532-fd318e485bb9} 1216 "\\.\pipe\gecko-crash-server-pipe.1216" 5844 1d671517c58 tab
3⤵
PID:2100

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1216.11.1998959703\36642224" -childID 10 -isForBrowser -prefsHandle 5880 -prefMapHandle 5356 -prefsLen 26967 -prefMapSize 233536 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {60da14c1-4c26-4eea-95d3-486cb0502f80} 1216 "\\.\pipe\gecko-crash-server-pipe.1216" 5396 1d671518558 tab
3⤵
PID:292

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1216.12.1963148536\145113231" -childID 11 -isForBrowser -prefsHandle 9504 -prefMapHandle 9500 -prefsLen 26967 -prefMapSize 233536 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f2f7635-7faa-4edc-ab13-d56ebd645cb4} 1216 "\\.\pipe\gecko-crash-server-pipe.1216" 9388 1d673069e58 tab
3⤵
PID:3472

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1216.13.2118583530\1664454033" -childID 12 -isForBrowser -prefsHandle 9272 -prefMapHandle 9268 -prefsLen 26967 -prefMapSize 233536 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d93ad391-b1db-4b06-b8b7-be41e45880a7} 1216 "\\.\pipe\gecko-crash-server-pipe.1216" 9280 1d673853058 tab
3⤵
PID:780

C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Clean.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Clean.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2428

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5028

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\4386
Filesize
20KB

MD5
6505b170bdd1f5d9417c0d623eadb170

SHA1
d25e9652f3c221655faa41a7f67f6c4f3b6de2ad

SHA256
78c4af53697c4c65ae1befdc51baf9250ed5aeadaf3235587bc4911bd41e0490

SHA512
a28aea60e13888ea609cac2ee7d066b9566a7258935248d9e938d6aea37a3d04165659fa5727de37e5e172d1ae4b718467e4b518e473ec611b5a584ffec347ea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495
Filesize
9KB

MD5
e40059e3b516fef353bad37deafd1d1d

SHA1
6cd5d1f738410685d92585d9e9f2e9325edc3801

SHA256
609e10489989ec7418b8e6f1fafdcdff30f4b44e503504693a36a1b0111a00b3

SHA512
888fa5beb7a070611d5542dccc35f94d00760bcb1748a769596da70ba2da3672598d23c5326c5243efb704dea1feff1a3bad6fddb8470c057f6dd87fd79cc7bb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\2F7DA8FE9642442C4EA209EF139B667E17752B4A
Filesize
12KB

MD5
63bed12de0ace4616f3ea579190bc2cd

SHA1
f93296a727d4f956914cfecfd465081cee7d6e35

SHA256
7e76152f0bdc2aa1b1ef5a9ecbe67dd3d1aa1b9a0dbaf43e7539d12d40a7a458

SHA512
4cbd6fda735d4ebfdcb3e22d21e4edc4881484ae92572da640c14ed5f911b58133c1d12759e47ddafd08deff04032e96b3f8963d1a70af2e65e346b1d3ac805d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\46C625DB4964C00323A8EF4C60828B52A454EBB4
Filesize
1.1MB

MD5
e0cc2fc284be381c732e7f1f14adf511

SHA1
ab1b375139f471ffef5f293f6f5b262452e646a8

SHA256
517862da2ebdaac3717c1ccce172de327a6e3ae692fbbc45e5165d22a03f107b

SHA512
e5a1ffb2d18b7c3df7bbe60debe32a2f7e4115573e828360785613d45214fe5dcaaaa2593af63f54b6d41f75b83190ab513c87c77b82cd06c6958371079ea3aa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\5AE6D89F9E02E65CE57A707F37A56F985F9BE4BA
Filesize
68KB

MD5
da9eb92f79fc12014446aa0ba5a9428d

SHA1
a5791ff045eb3c7b1db4904f3b805aa4a495abe3

SHA256
770efa53b5efcebfafdb403edcb71cb6244cc15b47e7767a424669e41633c33a

SHA512
e997aefff463312861af57de3912f596f5ed934f4138bbd9309b3b0802d7120e5346c39299192a7dcc9796f63b5177ef08ff4996b6123e922408b7fab0d05009

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\698C0B5F95A2F08C51202CDDCF220DBDDF7B9AD9
Filesize
60KB

MD5
3e148c0df50135d8d721b31775f683a8

SHA1
b17ed71d48a8199a7c2fe2d35a02210edff0ed3b

SHA256
7cb1cb48f126d6f96e3c2f13d04e78c8690baa2959a30cf99e7949c2a9f08226

SHA512
748521f7ebf03d88e226f424304af3ad986e30a059a7346bb936b674db76ea253cb2162dc9485dfb906bed487a86bbd417c8d22e877b8a4f581bd4c097b92147

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\6AC9BD0802E051FCD579CC69A96979DE29682F3D
Filesize
97B

MD5
4f21a9836e84c281e4fe17ca818841ed

SHA1
75426520cbb0f2ea2fe2d2d27b1b56f154be728e

SHA256
bd19ffd5edc32f99aeae5ab98fabbaafedf3b43b3fc6c833e2ce60b3db2d3776

SHA512
d9aa9bfb693531bf4d6f62a0736253165802d19175158672aa03d7eb954cb3428fccaf9de8129fb36bcbcfd659689d0bb0189e0d89a6aa02bb31b02bf4d68219

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
Filesize
9KB

MD5
a8883ba45eb4d62f264de7820fd4a5a8

SHA1
f624c23ad2e220cc0f137b822f79fd87ed5e9741

SHA256
b0826269bbcca7170987cc0b2911746940dcbeeb71680b2c5cf5f37d80c3b333

SHA512
80f63ea2f88ccc942212695e260d3b9e98b7d3b57827408a49ec3ce6d36ee8b8be6e88019991331fe7305b66c61c7c79e3baa1aeb0c77cf81003e6b465016444

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\971254C7341460E85C93D0821B91E9985A0B32D6
Filesize
2.0MB

MD5
d7f06a95e919b63cee7aad2cb63d046d

SHA1
7742f401827a0456044ad58d75cd4f0fcba1333c

SHA256
23007097642512465b3326fe50f99c564a715ef9480af28183050798aa6cf7c6

SHA512
b570c5998fd57106fcc14daaf2d1c03f72222d7e8751bc574facb15845066f5f4ea489cf3ce9e18b2a49176f34c35d671e59ffca39a64fc5c76fc03d0c57d651

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C
Filesize
13KB

MD5
74cd12b922bac446ccb10b531fac0739

SHA1
b9e512dd2eb36b50d0241a96c96b0a6fdf2c25ac

SHA256
d899efff036be2a5000ee3e5560ded9ba66d5451b059814e42985358f6245700

SHA512
9a93a782f8d6c108d5f810db284499a5157826c2334ccd913b5577518c4b6661e8009cbb22c5f14efc9e60d3addbc439ab47f016d119ccdd8381eba070996e85

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\D3A62BE1C3679B5D2A78DC2AD4441062088AE35B
Filesize
94KB

MD5
81a9d333abf05e6638dfc1d941264f91

SHA1
5da2c5a0e757c17d71c080ab110af3a586a1175c

SHA256
8447c339e91c9e16c68ebfeae4d13d1f3431183bf3f3367e3df1713bd7d45161

SHA512
09f0cf51aeaf653c9d12ef7a2f4120514436fe02a1efb9016b4834cb672a3b68322fa41d597af4504aedc4cc8d43f503dcd8608654abbece59cfd42333fd999c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\startupCache\scriptCache-child.bin
Filesize
489KB

MD5
04ff606f77db0c400ab528e396a0e95f

SHA1
f21fa1bb0d473e79cc7807a83558842533c45c45

SHA256
a7f11bb2182913bf957f0743a8280f6905b9f21d3a5d36bd173895f0c79cea84

SHA512
3e54cdc3d5a3423d92c13065a5bb0f97d084bae2d28dafd7f919104b2876d134398550d8cdb6998a5531437a7ac4b794ade7b2c4c71bf991a9715459f76cf646

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\startupCache\scriptCache.bin
Filesize
7.8MB

MD5
d5a976d6535626fca814bfc15ba99aa7

SHA1
84892b7ffdf3aa5e0d7925545b8cc7662159d3df

SHA256
429c9d3e257c46d0bcd5f4be2c4f7e0d4c029094d325a52cd3ba47a411b81c56

SHA512
e2b9366445dfaf6ad80cf4beecfc477f00c06e3f740e828803700ba3973c6d259ab34d7ec3fb7c2bdf89638edebbf69232108f7e420de00bd2363c1a35ce7573

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\startupCache\urlCache.bin
Filesize
2KB

MD5
de64075515d8b3159145bafbc14f1ecb

SHA1
b74187744421046431d1014ed5e083638ce256a7

SHA256
d68c7f6100b77b6f255467d28adbacd5d81c0eb64451503d1d5a6318b64a1362

SHA512
f1f41e37a30b7a120763eb3a23413f1fd4bd891853c46e175a3f1900a709b8cff0124d3faaba3b1289c9e30dbdf5e271eda440df005a91a9a001f1f29518b195

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\thumbnails\447c1d819532470f427483b5c2ad32a6.png
Filesize
44KB

MD5
3c7368a05887e0e7423246333fcbeca5

SHA1
daf07bd26ed68176d6b74423789af9974f2bb56d

SHA256
872eb33fcf7d72f8cfe65ab07663f4fc1c2621c3db597eb7ffb3f9616c5bf973

SHA512
f7584c7c8c8ce966509ad3b5d14c2188dc00e6ece36a29e198817249b277c2cd79d2968e2dfb992f03b083dc4b86b4916155bd54a7bedfe4eee7bb48bab140de

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\SiteSecurityServiceState.txt
Filesize
512B

MD5
1b13d1ab338ddcc52adc9d1a8c80bd3d

SHA1
8cfbb24047b62953343f449bcfa4c6fd80e2736f

SHA256
813de2a422134fab45db01569c85ec94933f83b049e7c201e9deddc0fe368c7b

SHA512
bc5ae79b843026d6fc661ff811fa2083ee4021ce4079f769863060dd214f4fb8a243b7d9e1ab138014b2619ac789c5ccd89cf5ae9508596ed66e72f5e1918d83

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cert9.db
Filesize
224KB

MD5
c94e7689067a57ebac70ef7c3d6dd775

SHA1
4b094ebfde471080eff3a1407c55b83dd3bb3f64

SHA256
c32dd36ee03742dbf4bbbcca0fd407d6f692026f07537e85ea4a90ddb342d6e7

SHA512
06f003d277d370e3adaddb5719335aa467bea809c01f73e5e7bd67f133996552861adc860ec831023f0a1223eb7e77bf5e9d10a44365a49c35f396c619206a92

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\db\data.safe.bin
Filesize
9KB

MD5
86cb05e6ea8472d8fd7adc1eb59d2820

SHA1
19eda56712492233284c9e1955202c1b5e2d152c

SHA256
c9951730521c994ac4c2cecfbfcfa5ca0ce23160fbb45ab05bf659f619aaf7a2

SHA512
2b6c918fb3b415d4286b0ccab558ceab9d0cc4497dbe6cd384aeebaf89cc15dbe8fcea1e5821bb5af9f29975703c6b5676cb5014925188b9f224538248b2c5fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\db\data.safe.bin
Filesize
12KB

MD5
f96d7ad6953f4c7293b7dd7efed01c27

SHA1
11526f3a2779534b8a72116c38087711b2e10617

SHA256
3104dc6c58a9165afc2b90c91833bfa7c98151ac2d2b5baefaa8071459f2dc8a

SHA512
3aeedf378da216545297cec44f521a24defe7656e2a26f07713ed7eab9f85d174e0c97716534d0d48f027215a43a4ecc34b46a6a0fb05b4f77135577450c09db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\ace70253-4a06-4a45-9ea4-b33422678252
Filesize
734B

MD5
0f08843e31632d860426c03a15d64642

SHA1
22eae9e20c2454ebefff907680bd120b88da8000

SHA256
aea84341ff4781430ae1c8cbd87542d95c5596fe81143111cb5fdcb0e3cb96b0

SHA512
ff9dc1ca1b40efdebe49e4e26169c3af03996033bb9a6b93349342a93451bc84d2d77c21f778377198b3aa7d3e75affa32e0f5cc3fc5545d25f59c64b61e73cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\b55b2f97-2bd4-476a-aafb-2a8774e9b336
Filesize
657B

MD5
1828b89a9e66f8c893815263142c921e

SHA1
b800b431736e5eb21fce264b7c4e650280a08b23

SHA256
566125a7488873382438edbe2d5dd4fb1992e44bd2141ded1ad7e47e19897d8b

SHA512
009569f3b529008128d370884783a5bcafc20d2fca7fa6b60306295f3fc50915512dbcf92701d8434a3535de68ee31fb7345f97ebeaad512e5937388f0a443ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\places.sqlite
Filesize
5.0MB

MD5
ec1fe51bacb0955d48ca00fd2aab0ac0

SHA1
1d832aea213a70974170fb54c89957bf653077b6

SHA256
c7fe660dc3b35008b011e11349e2056be965f17335a6629c3f68736d643b0b80

SHA512
40decf2ab6a0b614c5b19a64651bfa12e51865ffb370df2e5b28592121185477f71a497961a438c56bbfc1170a237baa95b87c44d1f7b70976d09192efa3b602

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js
Filesize
6KB

MD5
f3a71190f528b59edc1b41139dee78bf

SHA1
fb85949f536a576a6dc63df380e1c2bf40689333

SHA256
4f7edf4c2242eab013597dfc8b9863a314e5ab4b14addef4c667a429d92b74c0

SHA512
df6f5428a4b2e3bec9d37cffaf0d3b04bf6b94caab3ef5baf32417f51a05788f00ceabfdfea2671f8fa87d5de1d06100ac7d79b717ee17fa8da6a928d9b15273

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js
Filesize
6KB

MD5
051557b1f841e00008c790b422e45855

SHA1
d3e10baef07da7064efcac530ad6732ba28e73f1

SHA256
c1fe4b00f3a7974b39597a472d81bb5b905b7b9fbc6c4651c359176c848941ec

SHA512
bc56027df3b5c2ad6f6627ccd3aff9cbd416599dd1f48f606af4d274210b048d1b09e5c375081714ac3bd5b5e7efd732d2cd83936841bff62356125e5fbabdee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs.js
Filesize
6KB

MD5
d1e865999ed6f460e667ea81b1b213ab

SHA1
c84d6984115797ea44740fe03f63b43851ea4e6c

SHA256
00b8469288e300278918a1761e93454b4ae0feecb155037f663323bfc774365d

SHA512
3788e99d693e359d73f2ed00ef8bee84b53759ebaf1b6e408d115541daaebe74abfa9ad69d65ba4bb2c9576180d3dfde491a8406a575cfe1fd2b93e8a9ea6e4e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs.js
Filesize
6KB

MD5
abd207f6cacd779c65afa81842f7e76d

SHA1
4a027f0d5f9d04c447c831d226bcd6b5031b4483

SHA256
5ee5e29b0cbbd95b3a8b0492ea5fd1934641e85e4b2897c9e4b10f74cae047f2

SHA512
dff5c6c3111877710598dd287370df2d8bb0dc4a30df8ccc4e3aa2d7b6951e36bf5930adb36d1bebee3b5767a4a296e43c9ca6dc775c375a37bbeadb827cab9f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs.js
Filesize
6KB

MD5
3558fcb7b13e4f9e54c47a0b42b962a5

SHA1
629c0d84299bf51e3d32002eca09e9a6c6cd064f

SHA256
05440fd7dfdfdb4b5680fe2d23b89999a36a19f9fa27b4ddb4cf3dd232fbe6e1

SHA512
b5a0f4ec65514e12500a993fac14c4937e0c63f4ea407765adbe4ebe073666cf5392319b0e81c00f5b9737728ecbe5fbab78a46b2ad21be0bc4fc8891f3e3e74

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs.js
Filesize
6KB

MD5
3a509f2f1277b39a0a580f8ae79d62a4

SHA1
70552bb53769d6b33c7508e9d22b7fc3912580f4

SHA256
418f86164b3e9b330d05e270ededbb7486661026915691e582d255a46d1df308

SHA512
982c3795274d2d3bff97897afb3bf7bd07c3796b7f8e1decb97d37f5ae1dd3780a786dc5be2808901a84ade3e96fec84130b1896970cdf049723becdc89240d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\protections.sqlite
Filesize
64KB

MD5
49397db0486dc59d607907a086f40c9b

SHA1
08742ce9db9569062def08e99eea8470702feb7d

SHA256
890033ea279f13478e655150a823a5f84176d2f8f2ec3724dc61dfec775707c4

SHA512
fc8dad1ae2215cd96c41bb3e683670bb9138467677da46c19d1e58972775842a995b70123c22ea1efb659d043f5116d0c9dca422035a6646b35f81033c9f5f53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionCheckpoints.json
Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionCheckpoints.json.tmp
Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionCheckpoints.json.tmp
Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
995B

MD5
85029c2962d71b5583ff8190a8f5828a

SHA1
a95eb664d311c49f2be4812ac0b2cf5811c13048

SHA256
fa78f691dc98be0854aad655af3ab5c1520d706b2b0e3a7109825c818c1eec22

SHA512
07549051bfed3e2539319ee48c480888ceedb9e1c8192a3a14f402944d03a2d981549e03f75259a872b848e996190b00d3200fb4535ec8fca1faae7941293fc4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
2033aa6bf2a2ab0fb6fa9b35771e0368

SHA1
bb8a0b547f6f0d38d09946b651ca6d62bae551e8

SHA256
a1a140718acb6698b1921dff9299a9030fa417a2d4fcec224d667be994fa3375

SHA512
ed143a22543c409c08a1f609225ebb8edac6bc787c8f97c58d9d67120259baf13af5d55905326f6d719e5004dbc0d653710567c3fd159e526ba5487b76fe742f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
2KB

MD5
8dbfc8609cb9fe11c9862be91e69db88

SHA1
52b6de8bc94297925260cb163fa5e6a920a8f8e8

SHA256
c0d60c964a83e13ee2b52860f5ff1c23dca40ce4ed2bf2eb6fa19598d3be06f4

SHA512
7bcfc44f1fcc02774cebd7b9b1d3456f7c7ed7326a41edac948f6354c9680059229e29650eda33385b866d0a451e5c731fe299186d0bd792ab2496433771e772

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
6KB

MD5
457c44a534e2f735573b6e5f4469b29d

SHA1
39ebbc19118a5295cdd11f33461adad321102f59

SHA256
ef8cb7d9b4b45a380f255ce6830f5cb98843c216e616ebe82518c98d7272bb20

SHA512
5244b6d919c5a8764867496c0db3a82960963f2a3c1f0c3829b1f7eab6a44579bfbaf27b9c67167a38e7d9f4375f385233cac07addf16724be7c749a561571d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
c7f6c002299241cdff29af2465759076

SHA1
a24060d44e8d15e8aaaefc0bbc2a092c1b5fa096

SHA256
2aa02cb853ed5ae65e734dfea1131778d6659054e74b24129e9934f0cdba7b12

SHA512
097779b65bf345fc4cdc22d5397511e82fffebae5ae8dfc2148e7496308f0963ab26f8d7baaab77e32868aac707a33be8bdb07b85f3e028c41f4df2ed660f7be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
5KB

MD5
fdc3c2f6324e05d60b28014777a2b29b

SHA1
de68706694023bf34e717fe5b6f3570fc0b94eac

SHA256
162e6b7f8ebe48777921948c6e5475b3f24dbe5328b72b6e65354e4c502ae173

SHA512
35c90a65c3f8ea7dcf956fbcd3c18de969a05ef6cd4e22f060024614e6ef6f748a8a12941233d885f06d35292243a47f5f6c85a39cadf4f569d3a47a3d7b8a36

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore.jsonlz4
Filesize
638B

MD5
1d06f3cf009b002d643acab7f7c6342a

SHA1
dfa94d8bf1953a77da5423140777380bbdc0eeaf

SHA256
4ba411b31256e822b6152951435503a376451492c22fbefd814ed4b11ac68b7a

SHA512
0d8c11fee3ee265f557c6b59677b56de522ecc0df5adbdfaedb81862ba5155786301775db3700455dbad322549464d5ca69b1698bc4272e680c7b7e02e38cf23

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
Filesize
48KB

MD5
c022186c9a0dda367397057d8b1091d6

SHA1
f43a2a6e2d1df4798af1091260cf6052118beb8b

SHA256
2c0ff2d0de5cd8ec1c744d53cd0b34374d3c2034c6dfc73450bcf7ae25a8b976

SHA512
4de15349178cbeb4afb8e0edc87e0dc43aacf27cedbc89fd2429d94e3d0372219152eaf21e13dd22054c63137d34b3cbbffc1ea70ea6bff2d8a2dd8f3f7d6ed5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
184KB

MD5
2a63cbf78ce51c0440068e3ba2ded344

SHA1
70b11a53211e9ad87560fa504753a5d9bf70fd94

SHA256
ebfc01b9f245721e77db87781d8b300bd196ebc6445ce263c75a1a3779a87a00

SHA512
75a3eda13f63e8061c85362974e540353ccf1315a1be67d2e203c84dd6691e96571578484fee19b219e43c040a344616e6cf23a98e1fc3936c09a9a03fe5845e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\xulstore.json
Filesize
217B

MD5
58e240288763218d12bf235d34e5aee2

SHA1
89135494b57f590011c09668dec3b90d2c5ee9ae

SHA256
615f80e71dfde24711e7fefc1b7959f7592c5e5cf9ad0f3aecb4235b93187176

SHA512
caed2638902987aead199e73cffb90881bf245bbb616cb38c46b281d4aaaa54dc20a54e9bfe17a8d6e68847394c113fb7606e94b64f44ab0b52bf7846f26e936

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\memz-master.jwW3wtQK.zip.part
Filesize
17KB

MD5
4790677e05d72ef7429dddf35562bf4a

SHA1
4243d6ea53db7e8cc0c355e70d6cffb54787b90b

SHA256
319bf6087040d17b87f46cd05f5ee064c291ba9ca46e1910f28d1f4c57cb3d96

SHA512
a93c5f691938bc1bdd9ef20b975f0b22cf494543e7df82ec31838bf811552ead5cd855959be4e47186ee7de944be005030f52f58b9dc85e7cde719cb97b794e3

Download Submit