hxxps://www[.]youtube[.]com/

Analysis

max time kernel
131s
max time network
127s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
18-05-2024 11:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fc79e8a4aad365489d7466642563e60800000000020000000000106600000001000020000000057585d37ebc2cc58d1bd3b5688c2f62660fd09e52824122878f2d79a2f29385000000000e800000000200002000000033d642e0f1d84fc3013a5e5e80784595fa6b3b4e33c0a054cc930471df1297d5200000005e7085a6faf5a595bf996f6f5156248ea262357e50071423d18fa7f4d31114b640000000214b84e10322f810a244d73b3f5aa19ec1f0430cc0101509f0d66a7a13f158eb2906fd987fafdff4288b82b03ebc5b80e3027e9716ba18c6800ad8d7711c874e	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fc79e8a4aad365489d7466642563e60800000000020000000000106600000001000020000000bace03fb733c021def1a68fcde10663a6de176ffd6092580854691cbb114047e000000000e8000000002000020000000f92c130fa748d0470b47c571e9ddb242884d95a7804dc54e0ae5ac0d25e78b58900000000560f1ccd5c6471fdbd4ee284c62322f5129e168c067b1a9069e60bac1bcd1950c2ae582638da3007732d7f5a5d38c21bd118636638c0822a8d15581f10606144dedca86d842729608f6187c73b95e4f29eba646fa4142f7471b39cb6231ea421340d17230205f28e1520d4681801b469bc0ecdcf51bd4e5296626098f4883360f98f6e5c52da5ea3d57afdccc3d7166400000000036b6261b90cf193bd6745b96c2c765f5cef84ddbe63b13ffb4e5a6557982ba31f8e8803f77c16bea29ddb988e6c8e6b9f5504c300183a2473bb5ff581ca125	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 000c76f318a9da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1E4D3D41-150C-11EF-ACEB-F6A72C301AFE} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_Classes\Local Settings firefox.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

firefox.exe

description pid process

Token: SeDebugPrivilege 928 firefox.exe
Token: SeDebugPrivilege 928 firefox.exe
Suspicious use of FindShellTrayWindow 5 IoCs

Processes:

iexplore.exefirefox.exe

pid process

2028 iexplore.exe
928 firefox.exe
928 firefox.exe
928 firefox.exe
928 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

928 firefox.exe
928 firefox.exe
928 firefox.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2028 iexplore.exe
2028 iexplore.exe
2252 IEXPLORE.EXE
2252 IEXPLORE.EXE
2252 IEXPLORE.EXE
2252 IEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_Classes\Local Settings	firefox.exe

description	pid	process
Token: SeDebugPrivilege	928	firefox.exe
Token: SeDebugPrivilege	928	firefox.exe

pid	process
2028	iexplore.exe
928	firefox.exe
928	firefox.exe
928	firefox.exe
928	firefox.exe

pid	process
928	firefox.exe
928	firefox.exe
928	firefox.exe

pid	process
2028	iexplore.exe
2028	iexplore.exe
2252	IEXPLORE.EXE
2252	IEXPLORE.EXE
2252	IEXPLORE.EXE
2252	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

iexplore.exefirefox.exefirefox.exe

description	pid	process	target process
PID 2028 wrote to memory of 2252	2028	iexplore.exe	IEXPLORE.EXE
PID 2028 wrote to memory of 2252	2028	iexplore.exe	IEXPLORE.EXE
PID 2028 wrote to memory of 2252	2028	iexplore.exe	IEXPLORE.EXE
PID 2028 wrote to memory of 2252	2028	iexplore.exe	IEXPLORE.EXE
PID 944 wrote to memory of 928	944	firefox.exe	firefox.exe
PID 944 wrote to memory of 928	944	firefox.exe	firefox.exe
PID 944 wrote to memory of 928	944	firefox.exe	firefox.exe
PID 944 wrote to memory of 928	944	firefox.exe	firefox.exe
PID 944 wrote to memory of 928	944	firefox.exe	firefox.exe
PID 944 wrote to memory of 928	944	firefox.exe	firefox.exe
PID 944 wrote to memory of 928	944	firefox.exe	firefox.exe
PID 944 wrote to memory of 928	944	firefox.exe	firefox.exe
PID 944 wrote to memory of 928	944	firefox.exe	firefox.exe
PID 944 wrote to memory of 928	944	firefox.exe	firefox.exe
PID 944 wrote to memory of 928	944	firefox.exe	firefox.exe
PID 944 wrote to memory of 928	944	firefox.exe	firefox.exe
PID 928 wrote to memory of 1904	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 1904	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 1904	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2296	928	firefox.exe	firefox.exe
PID 928 wrote to memory of 2676	928	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2028

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2028 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2252

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:944

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:928

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="928.0.2060661636\1388057807" -parentBuildID 20221007134813 -prefsHandle 1220 -prefMapHandle 1212 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {100c3419-cb13-449c-ab39-5ddadaba947c} 928 "\\.\pipe\gecko-crash-server-pipe.928" 1296 10cc4858 gpu
3⤵
PID:1904

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="928.1.1812961706\239108902" -parentBuildID 20221007134813 -prefsHandle 1476 -prefMapHandle 1472 -prefsLen 20830 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddc5e149-c326-4373-a47d-58b4d766f46f} 928 "\\.\pipe\gecko-crash-server-pipe.928" 1488 e71f58 socket
3⤵
PID:2296

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="928.2.726942174\1715771270" -childID 1 -isForBrowser -prefsHandle 2080 -prefMapHandle 2076 -prefsLen 20933 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f37d2201-3e15-4558-a254-01e18dc54a6f} 928 "\\.\pipe\gecko-crash-server-pipe.928" 2092 1a289958 tab
3⤵
PID:2676

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="928.3.1853276247\487755269" -childID 2 -isForBrowser -prefsHandle 2360 -prefMapHandle 784 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1601d4c-dc22-46a3-b1b0-4b10d6345735} 928 "\\.\pipe\gecko-crash-server-pipe.928" 1632 e5ca58 tab
3⤵
PID:2964

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="928.4.773203891\218837386" -childID 3 -isForBrowser -prefsHandle 2864 -prefMapHandle 2860 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7fdb6621-e95f-4073-b566-9e63a584675f} 928 "\\.\pipe\gecko-crash-server-pipe.928" 2876 1bb65058 tab
3⤵
PID:1632

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="928.5.1568040034\602459614" -childID 4 -isForBrowser -prefsHandle 3740 -prefMapHandle 3736 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {95899b29-48c9-4264-9b00-f4f534679778} 928 "\\.\pipe\gecko-crash-server-pipe.928" 3752 1e49ad58 tab
3⤵
PID:1032

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="928.6.1477975144\60788786" -childID 5 -isForBrowser -prefsHandle 3904 -prefMapHandle 3856 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f74de608-25b4-4497-9038-bc3567191a11} 928 "\\.\pipe\gecko-crash-server-pipe.928" 3892 1e42d558 tab
3⤵
PID:2472

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="928.7.1426528490\1842858878" -childID 6 -isForBrowser -prefsHandle 4004 -prefMapHandle 4008 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {23a7160d-35b5-42a1-b6bb-679d948f7af3} 928 "\\.\pipe\gecko-crash-server-pipe.928" 3992 1e49bf58 tab
3⤵
PID:1272

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="928.8.960026820\577095231" -childID 7 -isForBrowser -prefsHandle 4312 -prefMapHandle 4316 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {00289fa7-c322-40e8-8999-27b3b9972806} 928 "\\.\pipe\gecko-crash-server-pipe.928" 4328 21f8f858 tab
3⤵
PID:452

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="928.9.252533763\538486950" -parentBuildID 20221007134813 -prefsHandle 4492 -prefMapHandle 2652 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {801c4589-69c8-4bcc-8f78-9bfe62ff2c60} 928 "\\.\pipe\gecko-crash-server-pipe.928" 4480 22661a58 rdd
3⤵
PID:1640

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="928.10.903606432\899405626" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4464 -prefMapHandle 4516 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5137c20-f67b-4eb0-a4c1-325962a52632} 928 "\\.\pipe\gecko-crash-server-pipe.928" 4552 22660b58 utility
3⤵
PID:628

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="928.11.121129592\962139528" -childID 8 -isForBrowser -prefsHandle 4768 -prefMapHandle 4776 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b5d4838-58c2-4316-9936-2355a1e3099e} 928 "\\.\pipe\gecko-crash-server-pipe.928" 4788 227bbf58 tab
3⤵
PID:1400

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="928.12.369137170\1660651560" -childID 9 -isForBrowser -prefsHandle 4900 -prefMapHandle 4904 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0aca7818-8543-432d-8c66-60cc5da31e93} 928 "\\.\pipe\gecko-crash-server-pipe.928" 4888 21c56858 tab
3⤵
PID:1140

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="928.13.1092871939\827015315" -childID 10 -isForBrowser -prefsHandle 4064 -prefMapHandle 4180 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e682d6b-2ff5-4734-b8c5-a7a85fa539b0} 928 "\\.\pipe\gecko-crash-server-pipe.928" 3840 22509958 tab
3⤵
PID:3884

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="928.14.1861732857\491033544" -childID 11 -isForBrowser -prefsHandle 4136 -prefMapHandle 4124 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b3308a1-0b49-43b0-8361-9142c6e140e3} 928 "\\.\pipe\gecko-crash-server-pipe.928" 4140 2250a258 tab
3⤵
PID:3880

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4f417e6d6af44f25fafcce56854a5272

SHA1
518eb48ecb578bc90a8790c65c4b844712d75949

SHA256
1539239637b823d5031e36788d01873003374aca8c49ac83489a54de385634bd

SHA512
eb03a44359431ceedea37eadcf6d83edd56e4514ef2db327c81900f9c543f147c2fc868224a971536a84fdfa0d2ed436e88c857d16a25606b0251ef70f0507c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e7bed3e80649f228c4c809c5d0c9f857

SHA1
4ebdf6e02dab721738c2a0c2f3ce545a38591691

SHA256
088cedfb789bd1b54b37fdc2e4d98194023884cb8bd24d814fb25b8d2d90f496

SHA512
ac40823f37a33e8a80255f6366c558127071c0197ef2e4ada43e1fb8e2cfcdec3ed980b3d76d8d6ee3271814a4edb91a3c1115e91303935c8d49e73abc27a048

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ca720d2b28d49bb5cc6ea03e45aa6e1f

SHA1
427618d0c1637d5ba7da505b3b62b5f6c5f9c25c

SHA256
e004373e76a1c25f3965e50e25f2ae8bd56e3ff2adc6a6fafec3aca815bb768a

SHA512
fded7dc491bc84758f8e5a6d6cd2719fe890acdbee3ebe9b0186f6b2b1c71d3eed1d7852b5710c1e2ea77506b7e5c6ecbaa86ba5f31d691edacaf4c94f6cff71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ecde218db0c6f1213cabca7b2a6fc242

SHA1
c76ad3757c5a958bbd51935f30d52b8a1c837f89

SHA256
a71f098992b88569f7ff7270e60ea9f22478d6f00c6018ef6bb059c7cb310863

SHA512
a8cec12198878387f576a2762dd349968605357db4040b82a4ce517fa0932b1913d3adb9c6045f45f0cd6f8bc0bc887fa8cfb28cd3312316f56a0cc928275f85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
3a270b2217a21306607243c08da35ef5

SHA1
8a858c5ae42c7c5efec522f3ad039d36fd38ad29

SHA256
7ec55460f3a1fb535cdda6bd11ec46d04791bb643f8ab09c2f3edf3eb766541c

SHA512
ddf2bb0dc626840c8871627f38396d7b67b39620482234485b7c5c402d5c924644c306dee0b7fe0a57da4f2cc4d748a0173e0c7bcd99f5c058cd542ad6973aea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
26b3cc2b800d209949bfdf5b4323ada1

SHA1
e7211420073638e95c98971119512841207df86e

SHA256
a907fc94c5313454bb1322ba296723a90cd377b7cdd8ad36a2d27ad48173d7fb

SHA512
bb39f48d4d782953be0def41f974136a9b75879a7802b22eccf85f166fcc1e29d4da4abc7fd7fbf97cd2ccd6ef723074bda1f238cb2cca65639f2f2724e6d4ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\92bocja\imagestore.dat
Filesize
1KB

MD5
22f51f2d604e22e965bc3145614df438

SHA1
54744097a35136f0a63fe37317524c68183cd9d3

SHA256
88f5906b57b2918c40b3802d0ca7da6b779ff420641ed921b76bc513233395d5

SHA512
c07defec3fccec57a8c66fb9b6c543800a5b54c45fbab8b825316e771a7c8cd8aa8bf9d5d1e608fe30d458f8730bab2821ba8118e19eb08f15978110fc869ec6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IFGNZ1XG\favicon[2].ico
Filesize
1KB

MD5
f2a495d85735b9a0ac65deb19c129985

SHA1
f2e22853e5da3e1017d5e1e319eeefe4f622e8c8

SHA256
8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d

SHA512
6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\entries\DD67B67FE13C58CD5F0CDCD62717D760AECB9C83
Filesize
141KB

MD5
1ca08a86239b5eb1b0d8df3da5fb2a49

SHA1
36f4f492514d7f6963b0ebb22cfbeba88d7a5dcb

SHA256
0ce54681ea9474777d4c9ccb70b8cb0428f55b6ca36b921e1cff093d625439c7

SHA512
4335c5596bc9a68829bb3b2a5933284710b987814352b6ac8ebe72c59ad9d9c80b254c4dcc72300cce9563dbf0ad1945a0acc07681be6d6b255bbaacd0fba06c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2733.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2743.tmp
Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2833.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF83EF977136F91731.TMP
Filesize
16KB

MD5
7339cb20ecdd4a04bf7e0e0119a61204

SHA1
16ede21a9f88bbc9c77fec93f24f7b610ac102ac

SHA256
80d94bbde324dfed74a6f8676b023fd9e8eca1170e029160b6a210f5931f68fd

SHA512
8e9f222086f380615d6f924879d9b992e5deac8500d5c1d99f1d63419b7dabe204379bddb1a132c2dbe2689a10a537538003633ff57773e22f4efb4748639b0d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\datareporting\glean\db\data.safe.bin
Filesize
2KB

MD5
83273fd56c6d04b150b61ad5264440ee

SHA1
7a309ec1e48812c641ad96cdf1d5fd79f25c9a35

SHA256
71c5dd9dff87efbfec9f831e021ef1d5eaff1aca6a4c840d7a184ee0c7fcbffe

SHA512
b1317f1dfe08563c232551ae02bd1f16256ff5e690bc30c4036f90d1900d3c9f7d751827250df88149abdcf806e91c88e1c93c9d76684673149f16ffd1c2f7f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\datareporting\glean\pending_pings\8b0c7011-6733-4b30-aaeb-d7477d13a2c8
Filesize
745B

MD5
6f7ab8879f97e532e836190af3c575e3

SHA1
42cfeba088386a84aa3c69824f0fbfec45e43131

SHA256
2ab37d94bb7a67572f4031f0998f8132b9dfc08d883044c88e8d0644e8739137

SHA512
2ecd81c90ef8d88b6f2a9a44c739acf3cb17b2069cebb22768bc36c94cf9a4d69b1d5a821e66d031f76fc5e89eb2ce2af299a0296639ca4a7a973ca646a95c43

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\datareporting\glean\pending_pings\aa12aa4a-8a89-4b09-9e78-abcdaff6f889
Filesize
12KB

MD5
1ceb8dd3a9be396f80fa199ceb0f613c

SHA1
d4e3b15746e52ba92e79345696f42f39a1f7d48f

SHA256
47a34dc81663e1ec33ccb5bf78421da44fcbd04f2d230fe4cf54abd62b05317f

SHA512
af8c5d3f331ed2fc7884094eb6c152608ffe43062472b0da3ce069eb5b51e0df4172b7b74a8f47ea04d922bd028adcc951f82876b4e81b0c16c6cfdfd6b6debc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\prefs-1.js
Filesize
6KB

MD5
961e051d1f22a3afc028e0341693bdf9

SHA1
88ed2b3bdb0a3daf721d70d1f22d95268bc63b76

SHA256
6be37c902f9a0bb2f21f546a546b5d10cb4623104a9178b25124cdf060992f3b

SHA512
4d538943fee1e32c99aa2d84e61aa34749c5e9fcdb145feaec498c86a572d74ac1099e5ed4e4bf26ba2912382ef6b992f46e6b2b9ea6101f4f9f1a2ac5d075fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\prefs-1.js
Filesize
6KB

MD5
3a70e0cd13f41077258098528b9d2785

SHA1
e86a2afcde3ba7de8c59ee63c4722e88d0dddd2c

SHA256
11e13c96c993950afadf6d8c627bf6da7ffdc1f22b1849b247d5ef65ed7469b2

SHA512
4eb21213ebadb79dab650325ae128d902ac4fd4b6a5ed832f361e0c71b51d90216839a417089147622b0903b4347d3ba461c3fb7e10fb2caf5a9f2dd954d5c0f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\prefs-1.js
Filesize
6KB

MD5
7525d47267e61d39c7c66897b1580001

SHA1
7bdcb26ce7fdc74a402b22ef9fd07332f2aa5e7d

SHA256
f224d53b456f2eda6848915d14e4b433735f21dd6b00ac58b4410854b6bc373b

SHA512
9173a4a335d30e5ac3d73dc05d6c13dc8bb9cce0dd3c8cfa6bf9cc877d047a78b374a9b7247122f0e9c38c928af743200ae320d041edab84e007a81f960fcd13

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
09caaaebcc93563c1c21ce093e9644b0

SHA1
ac66fefc78b562dc2acea73471799661192cfd2f

SHA256
f4cfb0b3c0b00073da1c9b8668505ca3af1a2a482c9e031054519f0dd19be459

SHA512
81e68f9d5fbf121aaaf8b09c311a03fb0a821cf404df99a47be8f906908bfa583d97b5c48ae59fd0239e3e776993be37de562025edca20dbf23b3710cb94b077

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
9b7da81e05044b3f5f078287ee8cf20c

SHA1
e75ee1b076d301cce840825f4b605b1f7dc63504

SHA256
32a498b72aa7c12fa2e7e84cecaef258572957d5e31818c8e9b80d4e65d80921

SHA512
adbd77f726d8ac027e31017858f0feec12c445e9684a8bd78acb6770b838ab9635145834abf38a8f76b76e74bd726513ab53f18dc2edcda6da8b4ed74deac202

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
698b1d09cf43aaea32511e0872e5d711

SHA1
392f2090b505a1f17c0039c31a5920d6f3a7a396

SHA256
a633ad27b5385c0a1e7b97249afb4b5bfb6a817565cd380fae58242df654822f

SHA512
c620616ff84a571953ad03f903524654b88ef8486a8ad4f78ce89008b35961c580f4daa69779946200cdb7285d078a83cf7f12c7e5edd1223e0e07bb4a3154da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\storage\default\https+++www.youtube.com\cache\morgue\231\{457f48bb-8d34-4fe9-9323-2aa328286fe7}.final
Filesize
192B

MD5
2a252393b98be6348c4ba18003cc3471

SHA1
40f75302fcbe4a8ac2e33a8d9daf801abc2a9598

SHA256
04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee

SHA512
07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\storage\default\https+++www.youtube.com\cache\morgue\70\{3f683456-63fc-4086-9a9a-3095fc836746}.final
Filesize
4KB

MD5
e0674fef5d766b2adb19f1f13bda5792

SHA1
7163e01f085c5c770cf0c76f0ad459ae2bae44d6

SHA256
88726bae4cdf1083d00c86a3a2322ab6e7bbb35d2a9f7209cb3e2b4b2dd6a51c

SHA512
d34c7ac186faea5cec72a84d3778ca104154c8f4fd87f24dd8576840a44758f754006b27059db971adc514cd87545529afedf5e76480952745e23ca684bf2d9e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\storage\default\https+++www.youtube.com\idb\3211250388sbwdpsunsohintoatciif.sqlite-wal
Filesize
40KB

MD5
6e27aafd49f0523e9de701193d959721

SHA1
c35f453c1e6867e9926057d400b5030cc00f5d3b

SHA256
e88d2c83bdc0a54996fc6d570ba0c663a991d734a58324d8288d4943c3c66339

SHA512
1c6eb7a9dce593eb3a0b20cf864bb97afc1b24b5c2734216fe07da3653ca586d4704ddbddca829b64154759b3ea241ce36b7b07d5d5f23e027d2a6710203b377

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\storage\default\https+++www.youtube.com\idb\354293982yCt7-%iCt7-%r3e3s9p0o.sqlite
Filesize
48KB

MD5
9cf04f84b25707fd64fa68b6acdf1f88

SHA1
5c2ac521f5d03aa9729ca98073582b6e5e5bc987

SHA256
94a1cb77a9ce8d74b13a4ff46f679c936a21f75c2e38579f37e2a5e84ea7beb1

SHA512
2c0b26ca160a7bb0ab2f90beba2f72f0b330624cdc01f4ddeec33c8d8b3458853a0ebf7d4ebd9aa0ddc6f1355f8f3b57cb6e60beacaf8b4fbddad1a685c37ebc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
184KB

MD5
24ef81d1d44aa87a83cf61c79193617a

SHA1
e6b8418868619ac3ff97c62a96e47e15aa069af9

SHA256
b9028ac5b4d8e6226dae0eb9592fe45c58c930342ce4c5dadd743c188ef9b465

SHA512
9e0de5268f5fcd0b8faad23dc0525c908c77f1f47c625d5a7029129805b4e34b5e28fecb2925b0eefd09ae7f809f3d97ff7926645a0e359945360e1a71529a0c

Download Submit
\??\PIPE\samr
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit