hxxps://github[.]com/FailedShack/USBHelperInstaller/releases

Resubmissions

08/05/2024, 23:10

240508-25zbfacf8v 4

08/05/2024, 21:14

08/05/2024, 21:13

07/05/2024, 20:34

05/05/2024, 21:55

05/05/2024, 19:37

03/05/2024, 01:17

02/05/2024, 23:32

Analysis

max time kernel
519s
max time network
523s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
03/05/2024, 01:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/FailedShack/USBHelperInstaller/releases

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-293923083-2364846840-4256557006-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeDebugPrivilege	2692	firefox.exe
Token: SeDebugPrivilege	2692	firefox.exe
Token: 33	5892	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5892	AUDIODG.EXE
Token: SeDebugPrivilege	2692	firefox.exe
Token: SeDebugPrivilege	2692	firefox.exe
Token: SeDebugPrivilege	2692	firefox.exe
Token: SeDebugPrivilege	2692	firefox.exe
Token: SeDebugPrivilege	2692	firefox.exe
Token: 33	5696	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5696	AUDIODG.EXE
Token: SeDebugPrivilege	2692	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
2692	firefox.exe
2692	firefox.exe
2692	firefox.exe
2692	firefox.exe
2692	firefox.exe
2692	firefox.exe
2692	firefox.exe
2692	firefox.exe
2692	firefox.exe
2692	firefox.exe
2692	firefox.exe
2692	firefox.exe
2692	firefox.exe
2692	firefox.exe
2692	firefox.exe
2692	firefox.exe
2692	firefox.exe
2692	firefox.exe
2692	firefox.exe
2692	firefox.exe
2692	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2692	firefox.exe
2692	firefox.exe
2692	firefox.exe
2692	firefox.exe
2692	firefox.exe
2692	firefox.exe
2692	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3824 wrote to memory of 2692	3824	firefox.exe	80
PID 3824 wrote to memory of 2692	3824	firefox.exe	80
PID 3824 wrote to memory of 2692	3824	firefox.exe	80
PID 3824 wrote to memory of 2692	3824	firefox.exe	80
PID 3824 wrote to memory of 2692	3824	firefox.exe	80
PID 3824 wrote to memory of 2692	3824	firefox.exe	80
PID 3824 wrote to memory of 2692	3824	firefox.exe	80
PID 3824 wrote to memory of 2692	3824	firefox.exe	80
PID 3824 wrote to memory of 2692	3824	firefox.exe	80
PID 3824 wrote to memory of 2692	3824	firefox.exe	80
PID 3824 wrote to memory of 2692	3824	firefox.exe	80
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 1656	2692	firefox.exe	81
PID 2692 wrote to memory of 3700	2692	firefox.exe	82
PID 2692 wrote to memory of 3700	2692	firefox.exe	82
PID 2692 wrote to memory of 3700	2692	firefox.exe	82
PID 2692 wrote to memory of 3700	2692	firefox.exe	82
PID 2692 wrote to memory of 3700	2692	firefox.exe	82
PID 2692 wrote to memory of 3700	2692	firefox.exe	82
PID 2692 wrote to memory of 3700	2692	firefox.exe	82
PID 2692 wrote to memory of 3700	2692	firefox.exe	82

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/FailedShack/USBHelperInstaller/releases"
1⤵
- Suspicious use of WriteProcessMemory
PID:3824
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/FailedShack/USBHelperInstaller/releases
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2692
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1904 -prefMapHandle 1900 -prefsLen 25459 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {04216729-20d6-4fc1-a668-2108b40afa03} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" gpu
    3⤵
    PID:1656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2408 -parentBuildID 20240401114208 -prefsHandle 2384 -prefMapHandle 2380 -prefsLen 26379 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {544a7107-c23e-45eb-abe0-d52ad64e8962} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" socket
    3⤵
    - Checks processor information in registry
    PID:3700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2920 -childID 1 -isForBrowser -prefsHandle 2988 -prefMapHandle 3104 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb66b659-739e-436d-9747-316d93d436b0} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" tab
    3⤵
    PID:2372
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3828 -childID 2 -isForBrowser -prefsHandle 3312 -prefMapHandle 3316 -prefsLen 30869 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2c576de-edf0-499f-b8ab-8c2b45bed651} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" tab
    3⤵
    PID:1300
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4512 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4480 -prefMapHandle 1124 -prefsLen 30869 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3064332-2829-478b-93a0-5e7f2587122b} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" utility
    3⤵
    - Checks processor information in registry
    PID:2860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5580 -childID 3 -isForBrowser -prefsHandle 5572 -prefMapHandle 5244 -prefsLen 31079 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c87945a-bb18-45df-92bd-1303b4bb2e5b} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" tab
    3⤵
    PID:1068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5716 -childID 4 -isForBrowser -prefsHandle 5756 -prefMapHandle 5760 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1fd537e-465f-47bb-b0f2-634672fded4f} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" tab
    3⤵
    PID:4764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5916 -childID 5 -isForBrowser -prefsHandle 5924 -prefMapHandle 5928 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a227c69a-f0fd-424c-947f-ad440e75796f} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" tab
    3⤵
    PID:3824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6104 -childID 6 -isForBrowser -prefsHandle 6112 -prefMapHandle 6116 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {838beb97-4202-4605-83d4-e271db9058fa} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" tab
    3⤵
    PID:3884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5924 -childID 7 -isForBrowser -prefsHandle 6460 -prefMapHandle 6452 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fee1c16c-164f-4fd5-a162-d86c5de5c092} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" tab
    3⤵
    PID:4960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1572 -childID 8 -isForBrowser -prefsHandle 1440 -prefMapHandle 2744 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8399b5b6-68be-4e79-9836-a55d08d7f25d} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" tab
    3⤵
    PID:3256
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3536 -childID 9 -isForBrowser -prefsHandle 3580 -prefMapHandle 3584 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a723e497-105f-42ae-b045-7a78e57d9bab} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" tab
    3⤵
    PID:2884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6744 -childID 10 -isForBrowser -prefsHandle 6752 -prefMapHandle 6748 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64830cb5-1ac1-488c-bf0a-48d37e2a590e} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" tab
    3⤵
    PID:4848
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6944 -childID 11 -isForBrowser -prefsHandle 5928 -prefMapHandle 6896 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ffe2103c-9e63-4dfd-8969-bb50aa9644ef} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" tab
    3⤵
    PID:4568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5520 -childID 12 -isForBrowser -prefsHandle 6948 -prefMapHandle 5100 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3d7fdab-0b2d-4c84-9234-715677327d47} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" tab
    3⤵
    PID:3708
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7248 -childID 13 -isForBrowser -prefsHandle 6160 -prefMapHandle 1448 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70a37d3a-315d-49f6-820c-ab6b2738e920} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" tab
    3⤵
    PID:712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6780 -childID 14 -isForBrowser -prefsHandle 7380 -prefMapHandle 7376 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7769b593-3f3d-4566-874e-5da6c3ee30d8} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" tab
    3⤵
    PID:1344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7260 -parentBuildID 20240401114208 -prefsHandle 7588 -prefMapHandle 7684 -prefsLen 32711 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc431756-6f23-46af-8da2-741afe2dbf0c} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" rdd
    3⤵
    PID:5784
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7584 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 7556 -prefMapHandle 7560 -prefsLen 32711 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1de129e9-b3fb-43f7-9357-97e2abce7d63} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" utility
    3⤵
    - Checks processor information in registry
    PID:5792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7956 -childID 15 -isForBrowser -prefsHandle 7944 -prefMapHandle 7952 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9935596a-15cb-4d6d-b257-14cce118ef83} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" tab
    3⤵
    PID:4916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6648 -childID 16 -isForBrowser -prefsHandle 7064 -prefMapHandle 7060 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {952caaf9-6a51-4261-befc-6754ac0dd5c1} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" tab
    3⤵
    PID:5800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7476 -childID 17 -isForBrowser -prefsHandle 7488 -prefMapHandle 7052 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed13cc53-65d0-49f7-bef2-ade971f8464f} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" tab
    3⤵
    PID:5284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8136 -childID 18 -isForBrowser -prefsHandle 7080 -prefMapHandle 6980 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d985298-d210-4da6-abee-af42883cc4fc} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" tab
    3⤵
    PID:5308
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6988 -childID 19 -isForBrowser -prefsHandle 6816 -prefMapHandle 3108 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {46e6a00b-8d54-4163-95a3-89e788a459da} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" tab
    3⤵
    PID:1752
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7340 -childID 20 -isForBrowser -prefsHandle 7968 -prefMapHandle 7096 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {478eb9b7-1127-4837-8cb9-08d6163a3568} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" tab
    3⤵
    PID:5444
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7304 -childID 21 -isForBrowser -prefsHandle 7252 -prefMapHandle 7232 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d263305c-c55e-4145-82b3-42f87fe2462b} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" tab
    3⤵
    PID:2828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6028 -childID 22 -isForBrowser -prefsHandle 5756 -prefMapHandle 7504 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {212bd5c8-4a61-499a-87be-36f5b02e4636} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" tab
    3⤵
    PID:5908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8144 -childID 23 -isForBrowser -prefsHandle 5020 -prefMapHandle 3140 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1a90de9-407d-4d62-81b1-c9ee2d935707} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" tab
    3⤵
    PID:2280
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5548 -childID 24 -isForBrowser -prefsHandle 4188 -prefMapHandle 5224 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f359db4-75f5-44f7-9e12-7d816c66b15d} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" tab
    3⤵
    PID:2688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6952 -childID 25 -isForBrowser -prefsHandle 3116 -prefMapHandle 6784 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {586fc58d-b802-4831-9651-ededa7360d5d} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" tab
    3⤵
    PID:6136
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6812 -childID 26 -isForBrowser -prefsHandle 6636 -prefMapHandle 6772 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e7bb7ca-94df-4eb1-b1d8-e6e0e6538d50} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" tab
    3⤵
    PID:6092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2960 -childID 27 -isForBrowser -prefsHandle 6188 -prefMapHandle 5536 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e785e79-f9bb-44a2-8f00-0882feab42cf} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" tab
    3⤵
    PID:4664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7368 -childID 28 -isForBrowser -prefsHandle 6668 -prefMapHandle 4132 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {19766694-3fa9-4b7c-a9fd-91ad7bcd8505} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" tab
    3⤵
    PID:1912
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3336 -childID 29 -isForBrowser -prefsHandle 6352 -prefMapHandle 7408 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {14b3a8d4-3167-4fca-b512-074e7b04f0ac} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" tab
    3⤵
    PID:1860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6480 -childID 30 -isForBrowser -prefsHandle 3220 -prefMapHandle 8300 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7b33c95-82e5-4038-83ea-43789f7b9210} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" tab
    3⤵
    PID:1404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3980 -childID 31 -isForBrowser -prefsHandle 6800 -prefMapHandle 6604 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10eaaed3-aed9-4450-8334-de74a83faeee} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" tab
    3⤵
    PID:4040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4208 -childID 32 -isForBrowser -prefsHandle 3136 -prefMapHandle 2804 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ad7095c-6c8b-4475-8735-bd7bb635757c} 2692 "\\.\pipe\gecko-crash-server-pipe.2692" tab
    3⤵
    PID:3952

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004DC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5892

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004DC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\le59fmg0.default-release\cache2\doomed\15102

Filesize
15KB

MD5
9aeb3feb8c76176979867543315403a4

SHA1
d99a531a7a2b888a1e608a2582b5d3beb4658224

SHA256
756744ac90c5880f76c64b841a189f797ce3a82d3c0dccf22bd9df33cdf10bfa

SHA512
4950b82582153d25c0e3a5ac3e9e2a26b81a32646929b18472d69702ac7d1745193443d2f7c106e071cc8499a3b98697b7fd88be7f7ccc6cef817cec0c6bb14a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\le59fmg0.default-release\cache2\entries\055A36E833245C4F6B718E573CA1DCC7119B2B21

Filesize
208KB

MD5
cda9bc532e99843c367672c1401642a3

SHA1
b77902358b2a5d9780b4a159d396c0c81dd3e3f5

SHA256
4ed2f0415d5d0164fec6323aa575dc7dca52d76b8ad17eed74826264bf519beb

SHA512
c78371e1f9bda8bd9e2e1dce034ff962ae8ed0af461f2e4e3e60592d0b08c254a5b074673423c85c516d0c77fdaa233923393610f18d66b0684ec09e16cc27d5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\le59fmg0.default-release\cache2\entries\082EC1066771C5B64DE864FB61E47AF62F87AF3B

Filesize
139KB

MD5
aaa114b28ebfa1b6eb40920a82d09b77

SHA1
143fb25d022ad86b38624f9ce0efee99d117adf6

SHA256
e5038dfa6369b9b780f8d50dfa37bd8bc8392ac27cb372dd620e601450bcc607

SHA512
c6c9c182737b4517b59299d4735bef49529718853e74c877c5748d8ed2dc3a7872ebf79331a4e97cff04fdfacc37adbb2e0e90d34d7c2dd308716889a1e2f0a1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\le59fmg0.default-release\cache2\entries\08CDEDDA33D4160405733A03A28ADF5CC84877A4

Filesize
419KB

MD5
6c8c7578139221abcdd27a7439b876b9

SHA1
b33b92bd1267b17c9e8e1874249d7cbea5f8f312

SHA256
19ae15f2939869f5d7346b8ee99d4c83c4da39cfe6bffbe7ef674431401ae214

SHA512
47aa9f14239862b2944852743ce862d2a05fa2494512694985e07ae8dbb4b4da9771367b35cec98b7b9faa4e2b88466e469b6d612077b94403bf6bde5ae2cc2d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\le59fmg0.default-release\cache2\entries\180FE553D55B63B770DEDDEE6C74EAE90D55FC02

Filesize
19KB

MD5
352375228fa6cab4cd23afd154a8f9e2

SHA1
0fbf21aa4f31d9a86573443badff839811540eeb

SHA256
6625f198985d380abd28fcb274b3abbedc27e40876a0cf8f12abfcb0db082b02

SHA512
67d40fab5455010692ccc17ec9f003f5e9d1bdafdf3ba17493833f2e7431a153bdb14816390e28f178a0f9fff683228a619ac6c5042fa60e62bee274e28e043f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\le59fmg0.default-release\cache2\entries\27466C8703BE461147F3F8550E1AE7F3282AADD6

Filesize
14KB

MD5
2b41960783f6c285dd1a62be9ae270ed

SHA1
c54c2a6a3c3e6d55ce2b48ac5a94ad2df9ebdcbd

SHA256
78b1ba7e0e67cd49f6a891b673f42463cb868159a5674a586850761315fce8ee

SHA512
0de0ead47152d18758f8c2c78d8d3002c4db6096cb307f961e08d5afae5e70f65e6cd780863c8eb306f668410c23d5a4cd0f35aedeb8ae32a4342a1f4262201e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\le59fmg0.default-release\cache2\entries\4609F0B589B1CA8BC897929528EFF9689951C2B8

Filesize
518KB

MD5
fbb780a6adb68818585e9f52172d4a14

SHA1
866772c5582bf8a0683d58e972bd208934fc3451

SHA256
6cd26533106358dd862a4bfd8ce7d0c75b5014f01bbb5482f9f919ba787e2628

SHA512
16779acb7ba0cd66301b50088aff8c83a3eb76f5d26ce0c23e6d970bfe33016646bc6a8b63c0418d4613b3b646bb878b4b2f273c7e701a5c9e6886d209757d34

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\le59fmg0.default-release\cache2\entries\4DCDB86815E72425A87E529966E01559CF0A69B8

Filesize
44KB

MD5
5cfde0d08039674e7857dc55d86ded0a

SHA1
4464b6b57b6be7bb8cd3ac8d61df548ee5d7c4e8

SHA256
25d5059b73e389830fd1f29018af1389af037dccf6d9a8c2c9289d9725a5f2fd

SHA512
ec34d06de6fbcd8003e36683e2d81e603c24c0438ac37c212d83ad7f1128e6a0a9d7525542b0d99e8933301528907eb17ac844fdcb336f4827f8045b28104e37

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\le59fmg0.default-release\cache2\entries\55AF9C923FDB811472AF8772ADCB07C148D9A621

Filesize
25KB

MD5
5e6b004d6ae230344b098d95085631b8

SHA1
9cdb5b575a78795cff757329b1eb049abd407764

SHA256
00418795e41b7ef434f002651f24f4e0a5ce7e0f2626e78228cfd6817c1bb71e

SHA512
fa3dbe38c359787132bef648658d5518fb86a4a894ee7207fc770e88e70b400374159e3e23b8fc5603a941a0a14ea4d3ebbcb68a6d399880221fcc51348c40d3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\le59fmg0.default-release\cache2\entries\64E197B4D48F71CF91F98CD9CDA16207875E746C

Filesize
22KB

MD5
c4c7b3537a1fa2879eae791feea8db03

SHA1
6bda38ff0c1f456b72cff2b8b6d2b5e65f051fec

SHA256
5199dabd094f0b9d3cd6af0cfdf338b8d7bf22504e0f0988c2c13dc0aa7100f3

SHA512
b449c9d4babb9cfa533d5aaae792961b7a1fe68d8de5c3fc5a1d9df79c790c6dbbb59926488c41527965cb644c82d0393f0edf3db1c06805fc3bace3599f8dfb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\le59fmg0.default-release\cache2\entries\663E63E943617BACB000DDC0C21829E3DD403CAC

Filesize
96KB

MD5
caaa6ef44aa8286cc258a8081f0adfde

SHA1
49b976abfc5cc1da9ce0cffe9755b2ef1894d6cf

SHA256
f4ad7076f1614b153080a5829ac5e0cb979b81bf44b7ea0e662f1c0274c02e38

SHA512
efa407547c077ed3803771b8e8f29127d8ce0c92e91b77aa2a886ac4b84055c238db40be1d81656b953cd4b6b12ce5e9ae83f3dac9a6c1e40e8864a8dd843b2d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\le59fmg0.default-release\cache2\entries\AB6024929F8CB16694994B811B8E9D81EEC3DC01

Filesize
129KB

MD5
da5617cb74499624eb01838c7ed375bf

SHA1
7a8b1bb805c315829786ce087bb9acc52ff4c381

SHA256
23c550d5d8b6e535ac2f1a0bbea6b85c6ef5e02226cf04a57a13eef48e887c4f

SHA512
670b088105fcd228b2bd74ada11cc4a5b48ae5560d7c5565fa66b590fd2264288d89ab8b8d45406b756bf9eb69af61e4ccef62f81fd67052b435238b11763134

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\le59fmg0.default-release\cache2\entries\ADD529399B3568C914D205950C059AAEAFA20A52

Filesize
442KB

MD5
0596d889877c09d0df44300dda44fb49

SHA1
140f38c98cb7fc187e0fe083ba4273eccad5db5b

SHA256
4bf188236506ac0676054ecb3ecd8eb08b1e99cb55b66e91c3fcecf8ec9058b8

SHA512
c3094113d825bef65f4711b1eb0dba6043d53d98921a8efeafd38ab7ef48dcc1ba16ea9e068108feeea67f9165617e906d98bbd2bf760fee63e73d14822048c6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\le59fmg0.default-release\cache2\entries\BC89B01DCC65BF4C1A27D42AB3781AEE6854541E

Filesize
19KB

MD5
d8fe26066c9c85a798f1e929148fc458

SHA1
adfe6cd4b126841502c6ed05d0a998e0de6f1b4b

SHA256
8cd82b92b46ab7b6386b0ea8debe703d3c2e792ec361cfdaa072471038a493be

SHA512
611c5c0bc8496708f0ef1544ea43c08835cfe7b33fe8f5d2f9a9e68bc9b61d6fcace3f7c16bf380b4623ef5a1adc0af4fda23331c2765585721f9a641bedf12e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\le59fmg0.default-release\cache2\entries\D72810C710FE6224B89004A2ABBBFB9C9C538177

Filesize
429KB

MD5
45c4dc20dbe1aafd99cf846354777428

SHA1
3d8da871a653061236d17f6d19a3d2182695772c

SHA256
81a4103027c7cdcd2618dd9eee79dadb72e34f60d3207470db2c45d11ec1db1d

SHA512
f3085a726e117bc73002b030ef9fbf0acef1b83e300d7a9f27ac5c77fe4e30b40427a002aa38e04e03090bdca28e469cd12d221ad4673f850b5e208ccc841e82

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\le59fmg0.default-release\jumpListCache\74bmgHjpmRLoz2XuaS2Dkhb95aeI_7BDSTb_mKDjZ9E=.ico

Filesize
5KB

MD5
eff5c340f66629c70ed83c309d8e5d47

SHA1
9b1185a033654aad5cc2fee20e0a295b7aec61aa

SHA256
0f4c93cefd611e295802798bbd285b8a00e1ad332c352e4e79d3ff3ed55a95a5

SHA512
02456cb55d74793fef4bede9f16170b3e1a3ff751438f51f27b22c9b2bad660291d7c7234c476eac79c6edeaacca215e6d0a648bd76673468d25130b261a435e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
ceb7d6f7eb60ca06fdc76ccc964804fa

SHA1
69fe27252cf06cfe67c8d9950ee78c690d0c7d59

SHA256
b696b22b056168bb5a824946bfa3475fc746f21f691d3afb64390d60618e36cb

SHA512
75850f5a81f9901c10d749c56492a31b5651040bbed07912acf2eef6eec4f68eebc83abcf08951377b4b700f76e79770313d0f40a5439f0ebc6096245003675c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ZDC5MZ5HG0I2ZDFYC3AJ.temp

Filesize
20KB

MD5
805959b222b333eeae9ea8be9698185a

SHA1
cf18fe080a2b0ed2c7ce7eea9b56a7cc1d7620cc

SHA256
abc50653096beaab2d4b2b2d589e88dc27fae39ef19e02bf4a23281293e1d2c6

SHA512
07ea215c955421738b28800e3239d23f1ec2d0b719db78c741f20b326926ce18cb249559b9870125da9e169da5d21854c6e98ee208698720e45fbc9d9b398e0d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\AlternateServices.bin

Filesize
7KB

MD5
30d9b6f463ee505abd4bab1bee26bc05

SHA1
9b67d34665d791047bc519b9cf13b17a7296eccb

SHA256
1b720d7641105b4dea92e626eaa46eae2314bf209b1343273e698d15c9508ac2

SHA512
2d2c220d2eb98f64a89e1b013af305586e9472512797d95af94f3e33556fde1cd1c5455b9d6e5dbc666453c4f3a6778644d31b4e561060d260759608f9017264

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
21KB

MD5
52a0d1b43b5a43737299ad9f8c2b0c5b

SHA1
fa6850656a558282fcd39d1a12113c29986a21ed

SHA256
ab5c29df2f1dd33e02514d760167b8ee7ce6e7e406037f7ac9458398e2c1bac3

SHA512
1a4c36d84db0961af2c37dbffa23dc0eb463b6d30255a6a355a7376d872aa8fbde3cf7fd5d6581d26bef6d0a7e0a4613b23abe3139c5711e5a240dd21caa44ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
111KB

MD5
de5b3a60872c09a5fa7db1fa26ef8c22

SHA1
db35cc8dd030e10d79db0cc6c01dc8d2a2108523

SHA256
454aa76161053dfe60092c292ad453e38c113a338ecfdbc39a09f55eeb7043d7

SHA512
f3ad30eaa08a58c5ab2c1d7c6fc417ce7484c6048676eae745ec62e48a3e481d11ffce332baa887d808f535ce3e7420bb59ca01005d53ae58689bd6012afe22d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
110KB

MD5
eaa52790e1856ba7de885d7c58ec2a65

SHA1
60f78d5907308e7a2b3792e1a1ee3213e8609731

SHA256
48e3a8975cc601651aa6072fc5bdb1a8c3e04382ed28f39d3aa21f76060db92b

SHA512
ce3fe583c3b12377190884b1955e6b1b8ca2f58785ee0e591d7dcc3cdf0b5bfb3e7344d9dbb529bc483ef5119ef3ed8ad790fc424fad09a4b7dce9bde8b7fbb2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\datareporting\glean\pending_pings\6f7f0677-d716-465a-96c9-1ac57647cb4b

Filesize
982B

MD5
38cbdb27eb5a42449e1e94e1333762a2

SHA1
a83e4eb0710fe9544a0809772904338ae6787110

SHA256
d4510c640718f98fa442f19884441b0d8443228c6b89a8f53bae21309853e0f3

SHA512
c03b59be00efd13935f0f23cbb6889e6a7b85ac14c7c1dbd92be16cd1f4dad4426c57da8edea1acafa2b243ec07ef5a285e4ba0449714ae21f07320afefa0b27

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\datareporting\glean\pending_pings\9cb8a9ab-7bd1-4c63-8aae-b51987d871dd

Filesize
34KB

MD5
491903967deac5f2ee08928a3b55ccf7

SHA1
03e84d240e272545004f2e367875e3e5b1f70364

SHA256
8f3b95c85581c60be698e9e651f12dfae875991b5d2cf14d6f64e4e40f07d727

SHA512
e7397da8ebab1fb3673ea269586aeb3bc0cca3d876ea82a243dae8bf3b20d4a689995b1aeb0eec98989028f9695b9727f274265ec80a297379398074c0b0521f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\datareporting\glean\pending_pings\ba0e640c-aa22-44bf-a4d7-d3aeddbce75d

Filesize
659B

MD5
a780ad952c4404e6db8724b2f2fb3832

SHA1
fbfe6c8dc5df068dbce8da9d46fe710b9ad027aa

SHA256
f89f4d9f723219d5e19da91aba1464750c4bded56b24c5d73b9129c436fbbb05

SHA512
30cb39236c386873cf3b7f118dc3b1bf1479a7d8ffe5506a326c809c472595625fe5ab880fb5731f7bd34305cfabaf1ecc6dc0b8c593c8c8b333dedfb1571755

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\prefs-1.js

Filesize
9KB

MD5
8d8f22d718ce568f5e8b8b824c06f06c

SHA1
b341ba83b17e474542cdb50280a4e79c8082ee44

SHA256
862bb626b0cad65ef42d5ccaed719c130a7b47ceb16e6d7f349cb110eb84c564

SHA512
187a0201353dc23ebd7ff6d762e7dd5552563ca1c600921a90dd30ebc5b2f219cc3a54681b536b7dff98c7d6809d59d9c8d9586cccaaeaa3ead8e4c1f9d0c0b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\prefs-1.js

Filesize
9KB

MD5
6d521859f1e0e2f52d3c99f7dbe458b0

SHA1
008a3d1720b8227cf25a019d9e83a6f50288088e

SHA256
efa6aee4273f6c58677571b8b32bad87be964e4891f90e4b43069ba59a96df8b

SHA512
382f49557ca35989e9cc177a6f7e60eda17b62a21b234faf16482ba84d3f4a2968cb58cc6ca19b385909af8e5d2b437ad48b0de8e1efa8b39fb80ba2168b499b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\prefs.js

Filesize
8KB

MD5
92a6e6d3d7f2a2e291138576640b6c3f

SHA1
ff147c6d384d92cd9c5ea467718ff1c3d4eff873

SHA256
78e9ee369cd78d2fd9e450df340ef7bd72694d5a25157788cbff179e2b7f1fc5

SHA512
56f51c4e4c09839b41b819a6ae504cc2aede9871b1b728cc18c3e7822aedf3794b0d43d6502ee0b6ee519246ac28b393cb4b1349213d6a0bb5f6fa551cdd1e71

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\prefs.js

Filesize
8KB

MD5
9b54e18159010a395f6954b108fe98cf

SHA1
f4f59abc6933b0ce0367d073ad479146dd90dca0

SHA256
23b92a20b6181683d5f6bd2c40f0c0f805b9d2d96dec93456f532d92163e0219

SHA512
b4997acad9eb93d9c005b8102f0a5fb5a12884166626b0c5c8a50b615ac150b4c6a8620a2a2f225689f1830546a3727c035544905363ab79931cb3cb2b320347

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\prefs.js

Filesize
8KB

MD5
2f53088dfac4f3b4f127c3e9f4c52eb5

SHA1
8b88bac99b790cc8e855c74586b482051583e739

SHA256
f2ef18c9d0ebcae28829d8901790bce790ce33dd5c470dc5ebebe4f93a901578

SHA512
662cafed19de459ad7ca61be742d36c6fda1d4d62df41094fa3271dde1004c30ff13cbbdbfe160e79692690155d99fea79e25f33adbdb67b02835d96ed5f54b2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
3ded2d644f7fe05fff570d5d77a3adc6

SHA1
40c88a821d28f112f219f4e1cd9f4c601bb0dc78

SHA256
66705794b79a4eb6fb8f99f7d1fb167a62e73fd30179c57fae91c58b0f8b50c6

SHA512
271958a58bbfe0117b2409d2b1ea9b08b3a35399f143373a5fc40887b9964d2c367558c43c14266af6182d9ecfb27e85398932ae940b955a87ac09c9e3792774

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
d3f144f3dc07173c1fedbd0e862bab52

SHA1
e77da23e57c09d814fc3b02da2c9c13368157cea

SHA256
7f79f37d8a1d67ce480fe2ac1bca6a166691ae4d69c5bddd63c6f24856c46bf2

SHA512
31913d3ea7d3e67e0226eee8a9b8591d427f59885ca61e09c2c654a10e13a1cdf0b1f3761252104a0efb126425cfe1ee85c99b88aaf989aece9808194c5f4921

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\sessionstore-backups\recovery.baklz4

Filesize
18KB

MD5
0edffb6f452c5b46cf346eef56dd6f42

SHA1
14f4b7c30eb19125b760e2873638cded15d21a3c

SHA256
cbf9bf80bae0b23ce505c56155483fd1425e989160183bb807cb6d1fa426a0d2

SHA512
abf54fb8241fad95420807759aed6ab3bcec50c6b9070bc4295ef59cb46a2fbb9cbbff274d2d351c8640b4d4edaf5b5ef723a5dd0128a4a5e99da9e540ed147d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\sessionstore-backups\recovery.baklz4

Filesize
80KB

MD5
3d74e9fb8267e21b9d8db45bb17bc8ac

SHA1
c4d93838bfcd1211bb16459a7ba4e9bcf601bc6a

SHA256
8431754e9ecac294ab297f3cbd6b662491d2209d2af17a3ca03ef4783bc10b93

SHA512
f39a2dd5a71f83a2dee3345523fd3e6e884e4f46fdc59b039a0011c87693eeae2f85cc6a15b7cd79842b4cf8b19f81b4bfbd2b9ee7c5a3c6928a42f12f8c85b2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\sessionstore-backups\recovery.baklz4

Filesize
85KB

MD5
06ea67658429b027277f6af93406eadc

SHA1
b8f9ccb2cf3fc4e071ce86b670ed09964a31c9ba

SHA256
d81a2b08b0975d3a22430b3747d8cd734943b12825a0e63a52244902afa3bf26

SHA512
163a6a5dc4f9b729ce80a06fbb88f0c72090cfdc91fdef4cf00786f1f7b7692cfa14195fd844af55126fe9ffd0434b8e93fb4658f525d168e673b171222a142f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\sessionstore-backups\recovery.baklz4

Filesize
104KB

MD5
7eacab357de464f9c66415be5400ccb7

SHA1
8f490df59c5fd46ba43b22573a7a9637d9a69e76

SHA256
515ecb2e95e0a979eaaf678458ab177165f531d2fa98fc6092cd132faf4e816b

SHA512
62df0a3a4ae42d2d2999e80782b54f2a9553cf47706b904a6c244016a9d3c81cecdab1ba773ae9f553d023a23e27f2cbe6aeadd57fcb3e567fb10354b93b4884

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\sessionstore-backups\recovery.baklz4

Filesize
108KB

MD5
7946b39042ede7780dc56690f0205663

SHA1
a400d0337b1e57a17df9b66a47556b4b95280b90

SHA256
73259de375c073e7e3cda6fab0b574220f87c6d8bfd82d5b16b879a962e5da46

SHA512
c82eb8704e6d7626ce247b7aa2461b48dd6b4675512eed2d1d6770f430582fc8544d6ae61d52488189e2bc3c2b784c4a78aeafd8499381ccb5409415716f7df4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
6939300e5f72ff77e0de7a5b1b81939e

SHA1
f3ee2fc922f01e028d2227a42c09a96e9f54dd45

SHA256
8cd6454d1055bc9937be0ab0a18a061f9c39da8a6d42ccb6730356cc5183171c

SHA512
d33371205fe663585df1f87a353ffb508c0797ae60392ba90820cb4b6c473c77bb9ff64d36fb3d89078961950cbc7bec8d1948dc35a7c5a33f86218660e0ab7c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\sessionstore-backups\recovery.baklz4

Filesize
17KB

MD5
b645b68a4d7d57c4eaf3aee7bc105d8c

SHA1
f403a35d2449930b8589dcd24eb9d71a037fab41

SHA256
c7a4ab0cc8049b4112639792e12a0f5ae8ed6b5a4379a303f4dd79709ea84a99

SHA512
34bb938d735dfea531600d3d8b1525a13d3a900fa672985c92758c9f09b40494df476b6422e86c74e7d9d5b331ba16af6fb66c6aa39dea8aa85c97f72c8db03a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\sessionstore-backups\recovery.baklz4

Filesize
15KB

MD5
61b1d2ba90b60d9fa1f47dc0d976e32c

SHA1
c844b604a1642b4535ea3539eb2a0c1d6010c3e2

SHA256
9098817b3705fadd4df8b63ae81b1a60bf31c2b2eebd4e8490753da868f17ac7

SHA512
ed4ca6662a37453d7392c707b20aea4ccd611f2581bc5e6fc2a574a9b23b4098789564bc5bc280eac10dd812f87f1b47e0f89b61690d89d4303f20dec9120b0d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\sessionstore-backups\recovery.baklz4

Filesize
85KB

MD5
3856a510b57e1db835b87200580c525c

SHA1
e7896a1c2b6b953598e416916608bb53ba1cc821

SHA256
987de7a1c274cb0cfb266bf9fb08820d91601847472cb2b5d57b14cb39c3cb56

SHA512
bad7546af6567315046979b1d8b4c40c45922519ce221e874ef5497b0442778c9dda18a488ac1c32bfb2ed4a1a6200df307feb3a90373efbb363d8da50eea6c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\sessionstore-backups\recovery.baklz4

Filesize
82KB

MD5
34176cfb8c9e6f38aedb6b95d3077baf

SHA1
9dd8f3efafe8e2024397831f392e9377769ad91c

SHA256
1ffd2b302666ccbee9b711cc306d528b0bc969aa5e4b748cc367403203800344

SHA512
13119d83a906aa0ae6a84d9e411836574274eb8f1fe61f1b58f160f533f105741249d14098b1a584ab67e0a72557eaf556fb04889afad78703a34c5f89ea715f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\sessionstore-backups\recovery.baklz4

Filesize
108KB

MD5
006dfaaa965c13e897e34e83f3d41a4a

SHA1
ec5cab2cecf7b72429d06796f0ecef1c7b984b22

SHA256
116674b5ec8d83988bf62c21fc9b55ae0f3a49640b10db554f4e797130744a2c

SHA512
6762c4e0e0d833acfbed0186dcbb8e3d25436b7c8f3566f8a31117f14026985fb5861a10b523320b4d8c287f8ce26a3495d918188c04026842e04b050f87e0cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\storage\default\https+++cambaddies.com\cache\morgue\20\{67e2c134-b4d9-4bf5-8601-cc6f0bef9614}.final

Filesize
25KB

MD5
95b0a3654b750cefdc53d3799b5febe6

SHA1
9a4a87b6200fcc63fc2988d914f5d90f4d06cc31

SHA256
7bde56e5ebef3afaeb0bcb13df6c16c1903531b5e65ec902c0700f12a79b2602

SHA512
945fae6e1748bdd18532f9d28a2d4762bdb9df5a640dbb9f2a311179bab2d2257257b31c7796c1cd474d61ffd56fb38d0e95f26b46921cc49fe0f7ec1567348a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\storage\default\https+++hitomi.la\ls\usage

Filesize
12B

MD5
e4cb9d7ff2d3b68824b4ace92111efe1

SHA1
632c20d120e704fd71546304b0175e584345a6a5

SHA256
0c7351cf2d562dcb48a1ed8f8c62a47068e75ed8e8eacaac68f64002484cb8da

SHA512
240cfc180a750f0eb7af9e3cc7d715d344bd010d790b1049ffb626f8e65605dd61476be3c11731a71803981a86e407cdd4ee441e0bd52ec6a662a0de9a0c39d4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\storage\default\https+++hitomi.la\ls\usage

Filesize
12B

MD5
d476ad6b1734df083324cc57f721ecf1

SHA1
73b0eb2e53f524faac6f784b5df30d220e68f6b8

SHA256
8e754bcbf50603bd1c6864ee945e2c2e4f3349c13d63d845d59d756bb5903abb

SHA512
c4500d21b311142bf61fda37b07ce1562255fff2beac3acf845ba18ff5d40825896bff6321c47a04f40bdb482e64291d20cc1419c7fc33764c9452e1f72d38bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\storage\default\https+++hitomi.la\ls\usage

Filesize
12B

MD5
e8d1362ff7521706c96852d3f27c7325

SHA1
f72af375f31412bf75ca67eaa187a6d2b9cb8436

SHA256
b77e07fba12b1810eee2b254182312167f0cf7d9d401770e9b272646e5dcfc39

SHA512
3ff96a7e7aee8172c120d636d07db755540a0536b43eaba5f36b7c1f2c22fd9ce715d992ae951ba5fe33f6d34fadc7514540cd3f1a232bb2679d1aaf20b2ae06

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\storage\default\https+++hitomi.la\ls\usage

Filesize
12B

MD5
32ca9a89ad50798cdb870d9f1bbd7ee0

SHA1
b9055affbb9bd3a6f49a81ddb7df218db00a044d

SHA256
31ee9cdecb06d39c2e3165e5c2857dd335a1d577e0adb458fc4b034799142f2a

SHA512
48c8cc68e5697548183157b546af7d7a29e2e6c0045a0087a91677032092c131b185d2b1a16b592b7c7709b134aa1e4b9801beaa93af4e2366956d90bdb23c3b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\le59fmg0.default-release\storage\default\https+++hitomi.la\ls\usage

Filesize
12B

MD5
1c14777e13d95294bcbb7ec3779ca57e

SHA1
57c72600d7b34cc4adfe12871b3fe54711b3d5d3

SHA256
64bc1cb270084903587542de964170d875e0505cbe224c8d007f1838f93df46a

SHA512
0b2a4291372de6c7e38e599e904040f250dc164925995da0f0983e35ab01637da59e1783c530ddc56bfd5b6369973a9d594ad0c7678567f4dad89b9133835de4

Download Submit