8ab80af10e8063f6b66e654349e917b51aad056982d04d96b2a630225e4e3f9d

Analysis

max time kernel
392s
max time network
383s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
20/04/2024, 08:25

Sharing

Reason

Machine shutdown: "{\"level\":\"info\",\"time\":\"2024-04-20T08:32:04Z\",\"message\":\"Dirty snapshot: /var/lib/sandbox/hatchvm/win10-20240404-en/instance_0-dirty.qcow2\"}"

Report Analysis Logs

General

Target

=).png
Size

65KB
MD5

b1be33503e5d168d48399bdfc5ce1886
SHA1

c5f760e8e6ed4b38c4e52b71214b663863129e1b
SHA256

8ab80af10e8063f6b66e654349e917b51aad056982d04d96b2a630225e4e3f9d
SHA512

012d2731be324a9b9841cba73b6abbb06b760611aac5ccb4e0a992140a877d6f71d37d635101432a71cdf51bb9189a398e43aff49cc45f473c5af72158933088
SSDEEP

1536:55WXRIGcTewcWmYagCfWsgAYWXb/8c87xUVoF56MX5Jm5gz:LWXRXsKWmYUf7gDA/8V7xUu5P5Jm5Q

Score

10^/10

evasion persistence trojan

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, mandela.exe"	Mandela.exe

UAC bypass 3 TTPs 1 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	Mandela.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
201	raw.githubusercontent.com
202	raw.githubusercontent.com
204	raw.githubusercontent.com
198	raw.githubusercontent.com
199	raw.githubusercontent.com
200	raw.githubusercontent.com

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\mandela.exe	Mandela.exe
File opened for modification	C:\Windows\mandela.exe	Mandela.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
5880	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings	firefox.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\NotScaryFile.rar:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\ezyZip.zip:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
6840	Mandela.exe
6840	Mandela.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
6840	Mandela.exe

Suspicious use of AdjustPrivilegeToken 15 IoCs

description	pid	Process
Token: SeDebugPrivilege	200	firefox.exe
Token: SeDebugPrivilege	200	firefox.exe
Token: SeDebugPrivilege	200	firefox.exe
Token: SeDebugPrivilege	200	firefox.exe
Token: SeDebugPrivilege	200	firefox.exe
Token: SeDebugPrivilege	200	firefox.exe
Token: SeDebugPrivilege	200	firefox.exe
Token: SeDebugPrivilege	200	firefox.exe
Token: SeDebugPrivilege	6840	Mandela.exe
Token: SeTakeOwnershipPrivilege	6840	Mandela.exe
Token: SeTakeOwnershipPrivilege	6840	Mandela.exe
Token: 33	7080	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	7080	AUDIODG.EXE
Token: SeDebugPrivilege	5880	taskkill.exe
Token: SeShutdownPrivilege	6840	Mandela.exe

Suspicious use of FindShellTrayWindow 12 IoCs

pid	Process
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
6840	Mandela.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe
6840	Mandela.exe

Suspicious use of SetWindowsHookEx 49 IoCs

pid	Process
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe
200	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4912 wrote to memory of 200	4912	firefox.exe	77
PID 4912 wrote to memory of 200	4912	firefox.exe	77
PID 4912 wrote to memory of 200	4912	firefox.exe	77
PID 4912 wrote to memory of 200	4912	firefox.exe	77
PID 4912 wrote to memory of 200	4912	firefox.exe	77
PID 4912 wrote to memory of 200	4912	firefox.exe	77
PID 4912 wrote to memory of 200	4912	firefox.exe	77
PID 4912 wrote to memory of 200	4912	firefox.exe	77
PID 4912 wrote to memory of 200	4912	firefox.exe	77
PID 4912 wrote to memory of 200	4912	firefox.exe	77
PID 4912 wrote to memory of 200	4912	firefox.exe	77
PID 200 wrote to memory of 3204	200	firefox.exe	78
PID 200 wrote to memory of 3204	200	firefox.exe	78
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 2324	200	firefox.exe	79
PID 200 wrote to memory of 4428	200	firefox.exe	80
PID 200 wrote to memory of 4428	200	firefox.exe	80
PID 200 wrote to memory of 4428	200	firefox.exe	80

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\=).png
1⤵
PID:4772

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4912
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:200
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="200.0.1152599493\1429597769" -parentBuildID 20221007134813 -prefsHandle 1712 -prefMapHandle 1704 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {203fc2ab-61a1-4aff-b86e-86b76ba7603b} 200 "\\.\pipe\gecko-crash-server-pipe.200" 1792 1857a3c3458 gpu
    3⤵
    PID:3204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="200.1.1909252321\1194219327" -parentBuildID 20221007134813 -prefsHandle 2136 -prefMapHandle 2132 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {080747b9-719a-435c-a7c3-4a09a0fc614f} 200 "\\.\pipe\gecko-crash-server-pipe.200" 2148 1857a2fa458 socket
    3⤵
    - Checks processor information in registry
    PID:2324
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="200.2.310817137\1231775080" -childID 1 -isForBrowser -prefsHandle 2856 -prefMapHandle 2852 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a93be66-06ef-454c-9ddf-1acace19407c} 200 "\\.\pipe\gecko-crash-server-pipe.200" 2868 1857e697158 tab
    3⤵
    PID:4428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="200.3.1289846449\1219402542" -childID 2 -isForBrowser -prefsHandle 3204 -prefMapHandle 3124 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5820e406-66c7-4b76-bbfe-0f89e75a8dde} 200 "\\.\pipe\gecko-crash-server-pipe.200" 3348 18567f62e58 tab
    3⤵
    PID:2884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="200.4.1663503257\1768683961" -childID 3 -isForBrowser -prefsHandle 4012 -prefMapHandle 4024 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbcaa89f-bc82-4716-b4e9-e7d0e2d7129d} 200 "\\.\pipe\gecko-crash-server-pipe.200" 4100 1857fc4fe58 tab
    3⤵
    PID:1560
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="200.5.1442470286\1348646331" -childID 4 -isForBrowser -prefsHandle 4928 -prefMapHandle 4924 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {85ded14a-2955-4f2d-8ce4-88d793c6825d} 200 "\\.\pipe\gecko-crash-server-pipe.200" 4940 1857fc4fb58 tab
    3⤵
    PID:2588
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="200.6.1412722012\941680266" -childID 5 -isForBrowser -prefsHandle 5080 -prefMapHandle 5084 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {477bf4eb-a3da-47d6-b8c3-60e08d7335c7} 200 "\\.\pipe\gecko-crash-server-pipe.200" 5072 18580cb6f58 tab
    3⤵
    PID:2584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="200.7.1016280503\2140908835" -childID 6 -isForBrowser -prefsHandle 5196 -prefMapHandle 5200 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ce44a57-c831-4586-9ab1-21d42d756b1e} 200 "\\.\pipe\gecko-crash-server-pipe.200" 5188 18580cb5458 tab
    3⤵
    PID:3404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="200.8.498567798\152986939" -childID 7 -isForBrowser -prefsHandle 4584 -prefMapHandle 4592 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d18f8ae-dcd6-43e2-b300-cead60ce0e8e} 200 "\\.\pipe\gecko-crash-server-pipe.200" 4564 1857a2fb958 tab
    3⤵
    PID:1444
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="200.9.1512924876\535392030" -childID 8 -isForBrowser -prefsHandle 4996 -prefMapHandle 5012 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {132c1944-45ef-4af3-9839-4afbfce127a8} 200 "\\.\pipe\gecko-crash-server-pipe.200" 4984 18580e84358 tab
    3⤵
    PID:1360
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="200.10.401629502\1885913484" -parentBuildID 20221007134813 -prefsHandle 4244 -prefMapHandle 5620 -prefsLen 26503 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2bc5654c-473d-4224-8e37-c82eae7e7568} 200 "\\.\pipe\gecko-crash-server-pipe.200" 3092 18567f67e58 rdd
    3⤵
    PID:4116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="200.11.1567076707\1826763278" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5876 -prefMapHandle 5880 -prefsLen 26503 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {abc4bbaa-0c02-483c-b08c-a21b42d17d43} 200 "\\.\pipe\gecko-crash-server-pipe.200" 5892 18581ef2b58 utility
    3⤵
    PID:4132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="200.12.1696823232\1568231994" -childID 9 -isForBrowser -prefsHandle 6056 -prefMapHandle 6076 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f1e7e94-baf0-412c-ab6e-38446249ef4a} 200 "\\.\pipe\gecko-crash-server-pipe.200" 6092 1858376b458 tab
    3⤵
    PID:2812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="200.13.143066681\1449796988" -childID 10 -isForBrowser -prefsHandle 10192 -prefMapHandle 2632 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {529f202b-7117-476e-8e11-c74c3c384f57} 200 "\\.\pipe\gecko-crash-server-pipe.200" 10184 18583797458 tab
    3⤵
    PID:4860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="200.14.1817465658\2103562852" -childID 11 -isForBrowser -prefsHandle 5616 -prefMapHandle 4752 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {20a7a5c8-fb7c-444e-9a78-57e7cbea87b4} 200 "\\.\pipe\gecko-crash-server-pipe.200" 4704 1858376d558 tab
    3⤵
    PID:5228
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="200.15.1521444386\234616855" -childID 12 -isForBrowser -prefsHandle 6232 -prefMapHandle 10236 -prefsLen 27499 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a89067f-f931-41ee-ba7b-5c98ae6f51da} 200 "\\.\pipe\gecko-crash-server-pipe.200" 2560 18580e84f58 tab
    3⤵
    PID:4316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="200.16.1479953709\37893677" -childID 13 -isForBrowser -prefsHandle 6188 -prefMapHandle 6256 -prefsLen 27499 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e7b4619-6c81-4b5d-95f3-7c4385757920} 200 "\\.\pipe\gecko-crash-server-pipe.200" 4980 18583a13558 tab
    3⤵
    PID:5692
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="200.17.250155304\1495559513" -childID 14 -isForBrowser -prefsHandle 9252 -prefMapHandle 9256 -prefsLen 27499 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {17d6ad49-6a4c-4af6-bced-33c105e1f8a4} 200 "\\.\pipe\gecko-crash-server-pipe.200" 9240 18587114f58 tab
    3⤵
    PID:5484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="200.18.1517692624\57711410" -childID 15 -isForBrowser -prefsHandle 9076 -prefMapHandle 9072 -prefsLen 27499 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {760bbd96-d84f-4971-bf95-14e05fb37b0c} 200 "\\.\pipe\gecko-crash-server-pipe.200" 9084 18587112e58 tab
    3⤵
    PID:5500
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="200.19.312754958\1374674158" -childID 16 -isForBrowser -prefsHandle 8896 -prefMapHandle 8908 -prefsLen 27499 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5893bcd1-ed30-43c5-8ec5-73d4b535431e} 200 "\\.\pipe\gecko-crash-server-pipe.200" 6172 18587928158 tab
    3⤵
    PID:6052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="200.20.692775132\240660975" -childID 17 -isForBrowser -prefsHandle 8636 -prefMapHandle 8632 -prefsLen 27499 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {64c0b5e3-b96f-4c5c-a7d6-067dc2edbbc2} 200 "\\.\pipe\gecko-crash-server-pipe.200" 8644 18587928758 tab
    3⤵
    PID:6048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="200.21.720123617\942499311" -childID 18 -isForBrowser -prefsHandle 10216 -prefMapHandle 8576 -prefsLen 27564 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {902d4d7c-cab8-4b7d-9670-852029ff141b} 200 "\\.\pipe\gecko-crash-server-pipe.200" 9904 1858257e558 tab
    3⤵
    PID:3432
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="200.22.633078997\994111956" -childID 19 -isForBrowser -prefsHandle 4644 -prefMapHandle 9312 -prefsLen 27564 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b944af6-84ce-419f-8092-11192cebca6a} 200 "\\.\pipe\gecko-crash-server-pipe.200" 6128 18588697058 tab
    3⤵
    PID:1004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="200.23.1630098419\436336782" -childID 20 -isForBrowser -prefsHandle 2544 -prefMapHandle 6332 -prefsLen 27564 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {79b14a3c-f2b8-48ae-8ed3-3f7b60142b11} 200 "\\.\pipe\gecko-crash-server-pipe.200" 6224 18588695e58 tab
    3⤵
    PID:4456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="200.24.1731851513\2042686517" -childID 21 -isForBrowser -prefsHandle 8176 -prefMapHandle 8172 -prefsLen 27564 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0acb7b6-16f2-4a0c-b1cf-1ac15c1eea2f} 200 "\\.\pipe\gecko-crash-server-pipe.200" 8184 18588698b58 tab
    3⤵
    PID:2888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="200.25.2109198224\1502030514" -childID 22 -isForBrowser -prefsHandle 7992 -prefMapHandle 7996 -prefsLen 27564 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c751335-3b54-42d5-834d-7c06e2f87a1c} 200 "\\.\pipe\gecko-crash-server-pipe.200" 8000 18582a18758 tab
    3⤵
    PID:4388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="200.26.484373179\507811019" -childID 23 -isForBrowser -prefsHandle 8160 -prefMapHandle 10284 -prefsLen 27564 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8313de39-f23f-4ac4-807c-56b2e6b3b2a1} 200 "\\.\pipe\gecko-crash-server-pipe.200" 4332 18583799e58 tab
    3⤵
    PID:5764

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5732

C:\Users\Admin\Desktop\Mandela.exe
"C:\Users\Admin\Desktop\Mandela.exe"
1⤵
- Modifies WinLogon for persistence
- UAC bypass
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6840
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /k taskkill /f /im explorer.exe
  2⤵
  PID:5868
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:5880

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x36c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:7080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\12220

Filesize
21KB

MD5
5b37b2878cae120b38974b9144a2f81d

SHA1
0d28e7bce7430b359530f2011282a12c3af5d009

SHA256
94a30f58379b6de66ab2e427f8d54a3434d67084001f6de89720a13e819a9965

SHA512
d7a1e32eb9586b7ba6447cfd25c0aa800126a20fbaaf14a274e99d473f8ac344cfe7e6ec4562ea960e2b8701c1d875ae84f1eaaa90e9e76038dfa52c1f80e842

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\12620

Filesize
15KB

MD5
09c7037a09d28d4ea1bd769b2079405d

SHA1
266cb0d9fd3f89663aa3577766b5d26682cd4ecf

SHA256
9f35961033b97935d1bfa60fdfb12ac3898ba610a4aa49d86c3a3c7a04a9625c

SHA512
4a02455bf38c1408f69ad5a1ec50131276134ccfc6e4828beeb8c5ddfa866a1e3a4c614f520a5759cf371cc294ca90471dd801a3dc71acf53372068cfa802e3e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\12668

Filesize
14KB

MD5
c76ffa27fc47006a5c71b0611a400c2c

SHA1
b04ee7b8535b967c3f7d35a0ea7cd6cc19da90a9

SHA256
4bd2cf7afff9d0063bd7c19577fa17648728a5f0b903f757ab24239045e68875

SHA512
0a9a4f5b7a035de60794c032b8489eba64984a5a5bbd2674d85f329fb8011c69664895cd6de8a80911fa26bde4f21f7bc9ea0ca5cd50b410b877fc0f444718c2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\13604

Filesize
21KB

MD5
3fa6fb7fe1b704290d30bb4443dd02f1

SHA1
88eebbd58a082251ae9532d660acf1ab1389d6a6

SHA256
cc4bd6be011514046836242592005344b0f3c7963102c510ba7af8c09887fb25

SHA512
4c54bc360681d12593201707cf502215c7b4642232b2841aca583a3add66feef20d785d0faebeadbd8586edfbab344bdf807d283574bd1f5d1b9eeb3f4397d5a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\15149

Filesize
9KB

MD5
9b65c4cdbdf1d8bd961b8fa461e426a8

SHA1
7862c01ff296f24d6025a6b28ff8c72d7a5e41a4

SHA256
1d40b28f05909a8fb8804aa036e5c41761233f8f13fad644fcc461cc7cb0a4d9

SHA512
ef858ac36bb95050623def52359a32d408262a8f53f97086ef536e184a2426f6f27c42ef00b7c623301c83de25eb81ac06fde51d5804c7da4ba652f44c06effa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\15362

Filesize
9KB

MD5
0c0ae0e14ec35a18668db834801aee22

SHA1
98698093896dcda5e6f5d0a5323e245af73e2c7b

SHA256
a09a8e907802b086a0cf3b339ffeb1babf680e9fe91fdf45481a3ab4f2056f41

SHA512
3aa33e47022568db2379d88ae3237052ffe4a73c9bff0486d2350fba850760302dad21b2c6c8fb6908fd851c9303128583a714f51b233a769b9b8ef3d0d665e4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\17927

Filesize
45KB

MD5
ab2a4d0858fcc76b14230a41bf62e3d8

SHA1
123c973cafeab783fc24d0c32ec3d6b9e3ad0ac5

SHA256
c053054d3a94fb9abdfed3f2f297c84dbffc1b02e530c2481fa354c67f0b63db

SHA512
39ca7b82fd77b64abbbc4728757c0bb98baa33427cdcbefefa666197d2835ff37d61324497917558b9d6c563f0cee26d11efe1322e6df5ea2d47ecf80bd962f4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\18713

Filesize
14KB

MD5
53db9fe7794c51f26e9e64934b210f59

SHA1
65ca82ca125f10e4e296fe02320cf2e34876f0c0

SHA256
e0f575127b204d7e9e494c796d6db02c07a20de4bf470384de3c243bf48885df

SHA512
6895017aabc36ab613109f5775518b8e14d16265edb3b6ff3b7c1ddfd8828c8445b79fa3c2f131080c1626d4c67d3b5aa74021fab2499e169e03185e09626c09

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\18937

Filesize
10KB

MD5
018192973378e6bf919ae3e7aa63df37

SHA1
5bf6ab2c09c0f3edf9f2be1e0a6850ebc6b59776

SHA256
6129cda8fdf9e7f00940c1e1cbfa28a04aec1b691a223689d653afa54946dff0

SHA512
79dc73426b0191f1951da12d6421e9fa6699b60841b69c1e70c67c1625421e7a68ad7e793a8a8e6266390a033e6085e4ff2c02b7dae5f68678477da05657dc5e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\22549

Filesize
21KB

MD5
82befc8da01681ee21847ade5ec0032f

SHA1
8ad8470abd2c8f2274a00fa44782ab77d8f3a5b4

SHA256
c4848b2acc06b338051dd91a5e710dcbca3a6c702b9fd9b20ba2b19cdf67d1ee

SHA512
77ceaec09991356b34a197cb483d96a5abb0a08daf3e5217c0136764a9138b8b8a72fc560f618be2bf839d6e3dbd6989e96c8e85ca61b5282133ae9d539dc41d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\25972

Filesize
19KB

MD5
bd892b4700bc777fe8ec385fcb3392c0

SHA1
01049ec5fe10431badeaa5c9a6e0e0e9fb094e67

SHA256
98b34cc866e8092d99c638fd96dae8b081daec526423a060d5b8bb3aedd85e92

SHA512
39262860c599daaed28a98f328b70aafa1a07ed5cc610cf9d5861061ebcde18d0fe1fcdec694adb6332ea539591354ec4edb381b092145817eb4918811c8938a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\31102

Filesize
9KB

MD5
7c015a3e304d62be398f0ccaab6cf084

SHA1
a97e18b4cf3c396affba88eb1c77eaaac610efe1

SHA256
507bdcdae4b508f66d6e6d5b54c4564c2b0f9ff6bb9e16801e9b637711de3aa2

SHA512
4fdf811e72af524aadd6578e55fd7e0ad911fdd665501d43f9f7ed8b2f5278aaafd614a1048df66f600d2e54ffacfe0b46169ee7c4aaa58f69edf330a89d6426

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\32229

Filesize
9KB

MD5
d7e3cee0bb0f45d4ab4b96c48d7bf5bf

SHA1
485ec11d2f2ae4e8250df90683b77434d890db85

SHA256
810fcb19d4d3657a26679b23fb1c85044913386dc5eab0f354698c34c84af969

SHA512
e7a1870f20dd77e399ab1650d4909130839aae2b7bb5044c2699be44640bbd8aa34a9cb654a3df5d57ec12c940d414cb4047a570ea09bdfd517bd32214050a1f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\535

Filesize
21KB

MD5
3fd64b83d49141c32c6ec12fe5be73c0

SHA1
051957cb9dd6063f7921b400f6efa9963045e4b9

SHA256
6fd53658cf0c61a20d1e2153702c43c61d857719c7e64fda6f01a5dcc8b040bb

SHA512
cd3274465d425fb43667f6e6a8a7a345eaf1bf0328d78a130a9e761f034377ae528fcf0031803faf81cbb5446a9147633390fb3fca060c28652a161318e4bc2e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\5575

Filesize
15KB

MD5
4842f7506f596dacc975ecbe060feeb1

SHA1
230116504f4fb136c684321eccba5c983eb238b2

SHA256
2f7553f11fd1e0f2a71cbee9caadaaaa9fcae9124904deb3269be7fb111551da

SHA512
4c31a6c8df485269aa8185468efeccb9182bd93c709de8af0703c18b41eac995569b5048fb428cb6833b70650d84bf445f37c7c24e1cd9a2d2e1241b1d46536c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\15D110973B675A3959C048C1A844A2000695B978

Filesize
96KB

MD5
cc094bdd1af54c09584ed67ac2fcfea2

SHA1
b14c87f1a9ffd16ad31475f105ca2f2f6a259db9

SHA256
b96d1a1112160897d894127b477922d723207b71d8402cddb68e358506f0dd9a

SHA512
ab2d5bdd7b77526975ea01aea6cb1eec06170f1433cc4329a1ae4a12f49a8a6013e34ff76b66fa5fc6961cdc1cd922f45b1490ffeafed3a3b37f530d3f54da05

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\18671CA875A0AE0687C8A894A132056D4FDCF652

Filesize
107KB

MD5
35a58251ed5d1d6bf3e84d44aad7195c

SHA1
e429864c6ac4d60f07ceeaa4c5f7a82465086f76

SHA256
8bdd6e4171001c1351e3c92a463a8e2fee0ff0ea1fd363200cd8036fae23fa36

SHA512
7c6ca10ec0375bc40389070ab79bc9158716f6b1d5c5571d1f62363c711381394a1765ed6428ad7d1a63b5566ab87d493cc72ba5a3a258d958a9b7017a54e183

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\1A590FE603A2F2A2263425B3A398D076B3EBA246

Filesize
2.0MB

MD5
d582c0cfe77fe660e455ac896cad38bf

SHA1
75ff9a3ffb68be4f0472ee04a7276e263f6b3f16

SHA256
a22689096a534cfb34cd4f324f874be68fabfb33c552828a28fe7c0d2819d5b1

SHA512
4eb0c944b94180a67d9406377edd7a3c6a47ae35ced7964c8994ecbdbab5367d8ac3cddf45776074ccdb50febea799c62347610a581e1fad4e069d3d0dcc3bfe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\265758A57862C39DEDE111BA7971C6AEB77F3520

Filesize
1.0MB

MD5
774006e58dea8a8e620a6177515b8ff1

SHA1
afa113c31dd8091fdced70e77ffedd184e7cddf7

SHA256
835fbf94a58927cda096002d4750e6fbb9435374bf30ac43d693b29291727408

SHA512
2b72c51192b7c7a300e7e945ad0a732ccc1d95b6126147cb9506aa0b53e72897d00a276ff82be4ab31567b264f06a47139be7a07bb8777d58074437f5f80f0c1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\3C4D37064D4BF7B1338C5FE086989AE657598661

Filesize
134KB

MD5
7a947ef5b96cdcbe20fcdd0396e75a74

SHA1
ebad0a1b5a22706cabbdc2480b3f0f8bbcaaab65

SHA256
2f2f7887a74ac9e363f4c3c6eb15888edb21a11f5fddddaeca99760069ddcf39

SHA512
720024f009b3725ce44217c474e97b94d63115e809cdbdb24e1bd173e81cdf9940539a35db66528120e7ea89c53597273bdc7eb6623162cc3740eb31bedb51fb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\42E1E0EBC51EEBAA43335477EE37682948B52F49

Filesize
717KB

MD5
94a0cd836e9520a9f83d4613ce25507e

SHA1
2394cf9f1e84f62202ee2b6cebfeaf5ec09434f1

SHA256
3adaa33122df4517511f445a95d41d8a61fda7a330f638f47725562ddd5c4b6a

SHA512
9c118fcac25b1061347ffdcc56702658b1f8a6533900ee6d40ad3e56c3e9ba72873a1fe8c47df294347191eaa5d27fcaa4b3c6abbce9c78b94ae2beeb542fae7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\6764E5C6EE36F49322DCCC1C276953C5AB19C757

Filesize
200KB

MD5
07303b56c821e35f8993781c459f1b02

SHA1
c81243180bb361554065b0b0aeffbba73090eb1e

SHA256
d5f51389333d1db35b053edb94bcf756a0dfbbe97b46f3635e800748743515e2

SHA512
76e50187a6bfe0912070be6f4c4f3f6a82d131c58b2884f21d27ce7898b0987e5d9d182c2f3eab2ff136c6fa50bae106f56589bb823759793d64d39a0be6cab3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\6F22AB92E0A1FCFB566FD979461F69E170CA42FC

Filesize
107KB

MD5
0ea82cb173211493cf4007caea7efbd4

SHA1
db2f2d8e4256a12debfb55e0d62f85236be68343

SHA256
372d287c0ae610ebd9e8b7502896393d73bfc318185cd419260f8bbabd76a8f2

SHA512
aadbd17119937c74f0974f31bafea13d4bbcd01655d7f4eb08a03c64146d3193bf22acf9f283243914f0875e7d05ed97702d08705d3e4227476a4abad1ee54cd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\7D71AACD2E434DB3B4ABE20692F92238149067A0

Filesize
115KB

MD5
08f4363cb7da96d5dde1ba4d784ff621

SHA1
3c4095e493e8a04ec0d6891e93201ac7d32de795

SHA256
47ca6ea23a69db3eccbd50346dfd00bcee89655b12020efe24be18793d2d738e

SHA512
f613e03e4450bf683efc5987e5316c464c35f4ffa276ab442d6dc8e5ddaaa4fc4e278607343161964f833238f967699ea3464241b9b7a4eaa11af96da0d00080

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\9FF169560BE33AB42C411CA1B14C30D56C5D412E

Filesize
135KB

MD5
2df78d36e09ca076999d5f3d63957904

SHA1
dd2ca3dba7e838d77f9e2f24cff64594c7e5ab2a

SHA256
6c4e9ec102ea00de556576555394a5c8f69989c84f8cfbd1402819adc7f18549

SHA512
35610eb430389e764463f21190907ca24db7ad859d08331574e231b9e6296e216223f84bfd2fce7381066d017e98337f517242465facece2d72a31a790c4902b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\C67941130D7A12802253D0914D618D324EC29C69

Filesize
20KB

MD5
e3ad466ab4e452c45cff1b415cf84905

SHA1
0cd35a7605cf2e900b619c07e25558ad18c7900d

SHA256
5178315644e53118050df54b4a65dd3d1063ab631caeeadadc2445c07deb7d31

SHA512
2eb363f33c0ab8782170ddd814b3e96cbe9b86552938931d4918738abda1e2eb741906a2f1b2d26bd9dc858901bab5161bedbf439cf796ae57c68a56bb07dbab

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\D7CD5CFADD93AB65F61D0176C059C0DEF2F719E4

Filesize
14KB

MD5
d66d0746fbf55a24405193160108305e

SHA1
210b55b633a3c73740ad38abd4b5923e9c59602d

SHA256
3ef866ec24dfad698f320b5752029ab0dacad126a4ccf7c2b6ace96c28cda290

SHA512
3b69b5f7ba2cfe5df572fe9908111be8648a38646606cf039aaa20105d5ab1f6efbbaf0ae55b9a12f9a4fce2cf80975b05f2231969540609e20f80f67f23b7ed

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\ECABD20BE3C5BB94231F6BAF27B49E35128AD310

Filesize
121KB

MD5
6ca60a0271f56c9d6e0c31cbb72ec0ad

SHA1
e536b84ee199edbef25e31dc8ba0db3fc0c0478c

SHA256
7e3687b112266a75196c339cd0ff5ccd4fe32e4a687a7ed35e4aba1929f49be9

SHA512
241592f9ea9cb96a14530a564e03a8cac8706e1c2061328ab5b610d17fc82a0c03a73972c5c875fc495a96cb7d3148e0b6b6fbb3a757503cb7665f54e11a5559

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\FFE639119D579A384CC93F4FD3487406CEE66CE7

Filesize
18KB

MD5
54a5507b829a3d06e6e64b730244360b

SHA1
1b1656e79fcc6b9e2aa4a8fc390c1666aa8192a6

SHA256
a18d9a349c837161d0fb8ab0ce2f2ab67466dd0a424c43570483d7ed4e7b6e72

SHA512
8cb979713124aea95a025a2486d95711923ec18195d84862e0bb8cfad01abde8846f09c9684ce1a5adfa7c63ac7bdf486b75c08f50e230ad1d1d44f9cd582e57

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
15KB

MD5
83ff08911f4c34a90449bc84d0dee899

SHA1
19b90c48fda7d825145873a230fe87ca8e3be86e

SHA256
3ba378b537a45dcf45863914170d323c929aa7de280131116bf750fc4f195dbe

SHA512
4e4b01644d001d0e87c270980c76c5b955e13e8877457b8ec554cc5769393cdede2bac7af79c67b8ec865c9a85bedcf38ac926ebb979c0ddc7c0b2c8eed086b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
05dde532b2bbaa2180f73000008b8b14

SHA1
fc9bb92158b4189ca5c34606e3ec056dad31b33c

SHA256
96997021772feb21f6b40d03510d301cfc883d361405e5171f5ee1574574cd11

SHA512
616fdb9826bfcfb8599283af446d779df161fbf877e5a9dd4eb62aaf1caafa56d88f906607709c41de7ab7fe5434300f4e033377ccfa61b771aa2aee41a99b18

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\26364568-931d-4068-9dc8-0375c182deef

Filesize
10KB

MD5
9aa168ebb7f57480139ddeee1313656f

SHA1
05ee9cb4d19b88ed08156df03e4b58848cd2b72b

SHA256
f30441a9d63859e9156eb5d565dd399af0e8ecd1f9eabd6e306740854d967267

SHA512
32dece8539ba1287b204476cb66f5cbc7805ca728572f7da406f0bba134b986ca82614a8ddff181bdc2aa57c825464634a893cca6639e1a1222d0bb05a5beb90

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\4de2cbf5-afbf-43cf-b2e5-53eb81cac8dd

Filesize
746B

MD5
47c02bb340b02985d468ccb5c711bf2d

SHA1
4137ae97f959e91760fac14ebfbc1edf490dcc59

SHA256
d0948bd2134e8ed0c95d997be8b86032869d0892947732dea45e98f456457770

SHA512
7fe405b55b6f199dff4d7200a8370e94eaae478ef305b3c5d9b809f8a7ce825610f4169e969478814892cd17c66780cdfcb3c78b9dfa036f14219c215ae50abc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

Filesize
7KB

MD5
9a3fec35d43dcb11f2223e956c911572

SHA1
96ad83fda9aede191c4d18a42e67c3145edb7c3c

SHA256
ae41ff1763248d64654e49a5525c52f79281ec206fc3fbfe8cdc06220cf96fb5

SHA512
a977d88c2e191f6aca80259ea13667adc29c4f79c4ea2ba6bc330fd581b0584ae8109299def604d47165f5732070196a6ec1751ab5386318aeb2be4e93b26c70

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

Filesize
7KB

MD5
ff73b9648f33b578fb7292c367f99b3c

SHA1
6b8454dd8502e557b1324b68e24aea5bf8f2c28a

SHA256
bb859487a456fbdefeab63e3a508996d976bdc4714d6756dde1aa4846fe207fa

SHA512
a5081143f15a9aaa38137ee701ccf6a0b2a39ccb85983a93a421d611f84e424ec3d9c27bfe93fe96912ec939cef2968041f492c1875ae47e137384e9d2660cb9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

Filesize
7KB

MD5
0888ab2169824012584e6bc8cef9469d

SHA1
7f45cf4bc2da7de29ffc89e12ceebbd86737b635

SHA256
cb044640e9d823d2d8ec1cc41734865d9d1434cab720cd496f36d299c5caf357

SHA512
7f6a9fda99d31169fd59863e3b7a5c41038beae8019a1901547dc00d06ec757f973ddb9201d93e2d7082d779a084222111dc214b1d1a19fbe396796ba6f918cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

Filesize
6KB

MD5
369dfd2bdf82743f42acdc2b6f79c07a

SHA1
6c0641257aa02fb9aad35be72025ed3ce243589a

SHA256
b6d8f39fbbf443e71191ce6a4dd3d6802e7f17a7587b238c7923c3ff5be1ab6a

SHA512
8c73bfd5c345d4006c5af95375b82fae8925d10e0538ae0091fdad43fe843731fcc6421a8925f6e3ee6dd2a877b503be159ed9d7e004063a4fca7365a9d37024

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs.js

Filesize
6KB

MD5
3dddbf28378871946418145c7c3fdcbc

SHA1
b2d6663863ed8c2b738f9d462c00c085b7b8d6cd

SHA256
7526e3ef54939c337e46ed9bc4dec5845af4d5be695ea5817ad712836c9ea7cc

SHA512
97eb101d1404093a4c70e7da61c60020c0735c1053332cef2b0918e24b122a9173eb9e2ce6423f7398634063f5e8d5783dc33a74318ad7054210c09e0df889af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs.js

Filesize
6KB

MD5
6b677120ce5ee4a6c996cad3f024af53

SHA1
d871730b48d0ee68329f07aa5daa847ed6ee0981

SHA256
0928ecf3d340a112325a904ee3576749f6741a41a50a3000863e7a8052c9f87e

SHA512
fc5eaa1d558df56977dd0a43c972a46073690afbec773f64aa36feb1b01c02d68c960cf2a8ce383e513b75dad25dadf6171867b6e3313e4fc9eff1f66d2f84c4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionCheckpoints.json

Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
dffa6508509e90f76529914063c08b40

SHA1
ae3b87817af5d581ebda4cb23e519e81e8ac2921

SHA256
7418d54b8ea1a6e5b1b40d89212392d1a298514bd213c650e9ddee47d8122211

SHA512
86b1b8f218e9a40b618eaaa8abc382761f39d8e32ecdbcf1932df52b1215e5d21242ed885447a41b57db88dd5910a685b629a70772468edd626209a8ac0c1684

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
05300a6372a2d2f4ce161d79ab86962a

SHA1
55ada1385bd94f2b1ca9920954e0c53d400e86d4

SHA256
f6e827efaf6475580c420e4d8fc5a0213c2ea2ba22d4ce472a46067e83bb6c30

SHA512
9fc87f5027ca89adea7501cc1122031049423742c2d4a2a35d50824680bf1f368228fdc17e5a7ac3e2d2e15e73cb94b299c45107899448d1ec7b8b922512c00a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
dc76d266a9b731d5b98ffe77d7abad40

SHA1
4248c92d560619d4c5b9e8589392053508d3a320

SHA256
121d811b881d89705edaf2f2398c45dd13209ae6f625b6c2a2ea4db624405784

SHA512
5e21499e16d29d38086b2a3c76f17a381652585c45e6ebd7f8cf48ffda090e05cd60792522dae5c1acfdd8f5b7bb894b8dcccbfb3b674241cc7eed73673281b8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
eade115ac39f42243f685354d68026b0

SHA1
58bd2e38390810bc86ae848e5f0340ad44209f62

SHA256
00743fc1e2b987a67550491003c8050d55c75e0993553c6a36d50df4a913340b

SHA512
df197641e7694ac3761c7a5097da347eeb7caa85b8e348c5fe202caad1758f0e824d1d2465874e9fa7aeec84aa20e3b27b8ca5edce5d30297b4a959f3a4c4f87

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
24812aba946e5ae9fdfe21626edb5963

SHA1
71eec3fb25152abaed253fe0baf8a29c474168fd

SHA256
7885d86582a60db1ce75c29d639d125264a26cf0c3d1683a83196b62cfd3cc6f

SHA512
b2bcbd52376776c485cae60fe6070a9bb05b5793f2cef49a2105a8479c4eebb407fc83b73b34376d1d4f138e2bc59842186a986e195833f94c43d09a0e4d654d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
6ead2b5659ed53323f430fdb8ea7add7

SHA1
8b001428421c06256fe4d6cffc1f8af2365963f0

SHA256
7fb151e82061e433bfff95780092559ba2762330222e24979fa7037394be777d

SHA512
1c933b8f98678efdb207441d96ec3f75b7ba884e88b4dc18d9dc85d1b45be8f0b21fdd149c10197d7291b705fd6b494cd6262e7e18e45e1a7e3562115c8b944e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
a474660974ed63a90bcc1263a3ac7179

SHA1
f351ff1299b3f36481ff14e7ee2e2c54d7ef8240

SHA256
c6b2edaf7a050b010881bcee82e4f8fee3344a41146a9721bf45e6ca22def484

SHA512
1856b18b440648f4a36a2807c47ac6ef902cfa454586a5eb0153547cc91ab88ad4369f7e8b990a02b9043ce37c73b3cc4945e0e953a54d322117e9f4a653f98a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
60400981ed4d0ab49d1bdf40f61eaa99

SHA1
79f6191a50c529a93e19942fb7cc27ce41d5daad

SHA256
078c2453e73d253ccda29dab697fafea044e2f2ecd8992298dce0100cf20cc65

SHA512
aef101092faef0bb61945998d76f9a218501bd1436ed708878165cecaa96349b2a0149b99815ebe2bf9f289eea5cc5934abdcce3546b732465aaf3207942845f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
655692971d8c8676dfafc49a37045b19

SHA1
393d05f510bee8ef7ac95a37778a4b1d1708f0e7

SHA256
39b85215da54970e2af9ba3f536de3a3182fdf8a443c1812a0e450b7014c39e6

SHA512
6c2b947abb042d83d4fc47488eb07f780d1df0297310c7626836ee3aaac8b2ff5103b9e8102fd8ee411506772c43f232f605e1fde0f761a9993ecc06e2267eed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
94e8c2ecfb208e58f115992dfc4bcfb0

SHA1
02a960681edac99721e4c73b1584b98158cac620

SHA256
88399f1d36bad81196622835c7460dd5c4b93fb109a34a771397754393ec0348

SHA512
fec4ddda69c75a852fa570e252bb202658f7061b52ebed897193d74139c25c7491b8699cb697cfbc794476a2380d8d5e963ef70efb235f95777a30d5e699dc0a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
982e2d220fb3f0c3605c31c2d12f3cc3

SHA1
18eb5e5c232184e46fe2688e57ee919172937be1

SHA256
71d9184a15ec13fa5ced38714bdb34061550cb26e69b6b6d1a67a24e952712f3

SHA512
2d877166696569d9131e42c0215d4bb084a7269700cd84652ee37ffc89296425e1acf7305493046e40a4910ab881c8a84d9ff20bd34ec88e08c9104a9917343f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
59bd4481c3beebfa62435e3eeae6ddd3

SHA1
e4edbfe346262c8ca60a6ea6b5596fc60cd2f037

SHA256
6d5f6757c9f3d86edec2e3735df6f2f025be8f71672cffe710a1db0c1dbd84ce

SHA512
38a846fbb1f703f27a34383a1b3b3795289f0676edad121a453207cf688e30fda64125f5012ea62bdd1c82d41c485c03ed75b47e987f267ec8f635253eeb62bc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
381f58c730c0b01a97416f49d8b23fed

SHA1
e34e613111d5b21b469c2434ac2c2078f3918887

SHA256
425a6464130d9e31513bc9dd9d40c259e8a82a642ce91763671cdeee293b9f05

SHA512
3b7887b92379411d46a6bfbbd6e5c87c44eea456b4357b5fd1f2873443d634a5ed9c0feeab3ce43a7f6f561f3452685750c9998941e01ba96ef340dc00532b41

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore.jsonlz4

Filesize
9KB

MD5
fdc0f56dd6f7ab00479a535b7bcfb2b9

SHA1
e9fed8d8a024cbd370f1cb8ae295097d36e612d7

SHA256
c7f2b08427ab2104224c4d13af62866c565ec544dc6c4799c79010d3dd708bce

SHA512
788de5b76345fa5a0b321d96eb45b7032a7e13e8e67e936f97b7a25bdf02314affdf6f06dea8e9ff3a0c2e81ec1375bcfb3c1ac8db55504caeab0506d51d577f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\default\https+++www.youtube.com\cache\morgue\125\{625e6513-e754-4d98-8d7d-96deb236067d}.final

Filesize
4KB

MD5
e1a753df936d39bb82a9090f4f828a41

SHA1
8b28f33de9536ad1910d669575718ab55f9d0da0

SHA256
e3f8260d84c1805033bc9f7f71c343f9359b483a8a7fa563034033e3397afbb0

SHA512
90b224251f37f418fb5ccdd89fee35856dc659c6902040515d810dfcedbf872cf2d9fc1890a1e3ef6fb945a99f76ab8e4dfe00f40d4c7522e16eac8137cbd398

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\default\https+++www.youtube.com\cache\morgue\50\{f35e7fcd-60ac-4620-ac62-ff21d5658032}.final

Filesize
78KB

MD5
707a39f3107b60c93c36ede3f5b19168

SHA1
c0da2d5953518682eca0d8e25456edbdb6876752

SHA256
780714b8e53c7f6889478ac83bd894453f3afbf5a551e7b62ddc8399bb0eac43

SHA512
7ce2a2982df85b330080ba28ba60eba1af36ada9f43ef32550dba15cb284d703ef5010e55cebd9e54f067ffadf39f0749aa679ffb384aaa9012cf8833a7b0ce5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\default\https+++www.youtube.com\idb\2267156426yCt7-%iCd7b%-dp5r2eef.sqlite

Filesize
48KB

MD5
a5e3dee75a70a4b1d0b22d9ad80a4098

SHA1
f7750d887c18e0706ddb68c56da1090d45e4448c

SHA256
f0b0036cb514ec7e603a6a1f60ee735807a5134dd9de67bd076dd4445700fd8f

SHA512
1fc7f72540a9491798bd5744124d67e7a8284bd9b77d05a9b02a7b21b0ae9a046348445abd194db0fd0b4c315ae46da10ea0a6f82a9499e06fbe685db430a0d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\default\https+++www.youtube.com\idb\3211250388sbwdpsunsohintoatciif.sqlite-wal

Filesize
40KB

MD5
a6213cc48aac146a2d163bc40203952c

SHA1
1fb8e74da17db88ed7f9680cacff06ba3592795a

SHA256
a79c6e22213d976593d1efbe86abbb4a699f99d70f7b293e8ea2513a7dd889f3

SHA512
351ac3e4033e1e55886d819b4bdf09fc948f88ed9455f12673969c516e8dc6b85607e420bbd119ff663ae436f89f2544adae59238df4e3cc094bbd6769303091

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\default\https+++www.youtube.com\idb\4189109034LCo7g%sCD7a%tda5b2aes.sqlite

Filesize
48KB

MD5
447a5137f8ad1403384ecd29b4803380

SHA1
eff2717a3fb545bf6f93131e6eb80a1731c0c6be

SHA256
1e36c079de0036d41d3f2daddc2f46d5dffedf23b86eed43c48089054a06c643

SHA512
2f5dc521791aa8a54790b4a841e21909d5ef8324a0ae6a725c3c329cafd9464f746a5f007a3ff6e1119476a64f6177c46b3a65251e95550ffd47b7c633f5e2d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
6b0a80c305b2e5179c0a2650c0846fa2

SHA1
19057fa98631859f2c4139dd1cbd648f925bd90b

SHA256
ceee3956cb27e4f164640d91c9b25326a8ff730a6bc62bbaa3f2e61b31ae702a

SHA512
49eeea0f954df44eb5bf7707d0746214cd079659fd97ffa4a61c9b04191429f1354163d9c4bd4be5caa6d112e676684332c38a2525ffa7ca41f011561b36e1f7

Download Submit
C:\Users\Admin\Downloads\NotScaryFile.0_Rx7vAT.rar.part

Filesize
15.0MB

MD5
b8bf0843ebe241b26bed3860c60efc73

SHA1
1aac5609f43d051c6681f3baebca971a8338085d

SHA256
f9b46e6d9b70e52141aaa716168e8209f093a979d52b388db85d9cc34f604997

SHA512
f697109bffa8f9339cd5ab637276203712996cab94d13de0eb160822bf9ddabdf48c5603b67b0718c7571421ea2c39bc78ce5ef875db5d71cf923ace99ddfa4a

Download Submit
C:\Users\Admin\Downloads\ezyZip.IKh3KP_e.zip.part

Filesize
15.0MB

MD5
6e7d956d7f02e817e26f425705d297bb

SHA1
c01846e45b4c82b741f6840323e0396cf8631e66

SHA256
f3e8e6c57a54a7c03cdaaff74d82415a8a0a9206d6fb6f8381c6c17092122e07

SHA512
dd8ca8e6e16fadb4f6d6c9f5272bd9b2a3c9d27f23b04da1e32b3f72c20791ce2304f13af159bfd00cb084acc2862705a6bc24b15acc1deaacacbab1f12fec9c

Download Submit
memory/6840-2985-0x000000001C280000-0x000000001C28C000-memory.dmp

Filesize
48KB

Download
memory/6840-2987-0x000000001C2A0000-0x000000001C2B4000-memory.dmp

Filesize
80KB

Download
memory/6840-2982-0x000000001CAC0000-0x000000001CAD0000-memory.dmp

Filesize
64KB

Download
memory/6840-2983-0x0000000002660000-0x0000000002661000-memory.dmp

Filesize
4KB

Download
memory/6840-2984-0x0000000026740000-0x00000000287F2000-memory.dmp

Filesize
32.7MB

Download
memory/6840-2980-0x00007FFC74EE0000-0x00007FFC758CC000-memory.dmp

Filesize
9.9MB

Download
memory/6840-2986-0x000000001C290000-0x000000001C298000-memory.dmp

Filesize
32KB

Download
memory/6840-2981-0x0000000000F70000-0x0000000001EA4000-memory.dmp

Filesize
15.2MB

Download
memory/6840-2988-0x000000001C2B0000-0x000000001C308000-memory.dmp

Filesize
352KB

Download
memory/6840-2989-0x000000001CAC0000-0x000000001CAD0000-memory.dmp

Filesize
64KB

Download
memory/6840-2990-0x00007FFC74EE0000-0x00007FFC758CC000-memory.dmp

Filesize
9.9MB

Download
memory/6840-2991-0x000000001CAC0000-0x000000001CAD0000-memory.dmp

Filesize
64KB

Download
memory/6840-3018-0x000000001CAC0000-0x000000001CAD0000-memory.dmp

Filesize
64KB

Download
memory/6840-3021-0x000000001CAC0000-0x000000001CAD0000-memory.dmp

Filesize
64KB

Download
memory/6840-3022-0x000000001CAC0000-0x000000001CAD0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads