hxxps://gofile[.]io/d/GfflS3

Analysis

max time kernel
598s
max time network
678s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25-05-2024 22:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/GfflS3

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 7 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid process

268 MEMZ.exe
1588 MEMZ.exe
1748 MEMZ.exe
2948 MEMZ.exe
2372 MEMZ.exe
2312 MEMZ.exe
1828 MEMZ.exe
Loads dropped DLL 1 IoCs

Processes:

MEMZ.exe

pid process

268 MEMZ.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service
T1102

Processes:

flow ioc

245 raw.githubusercontent.com
246 raw.githubusercontent.com
247 raw.githubusercontent.com
244 raw.githubusercontent.com
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
268	MEMZ.exe
1588	MEMZ.exe
1748	MEMZ.exe
2948	MEMZ.exe
2372	MEMZ.exe
2312	MEMZ.exe
1828	MEMZ.exe

pid	process
268	MEMZ.exe

flow	ioc
245	raw.githubusercontent.com
246	raw.githubusercontent.com
247	raw.githubusercontent.com
244	raw.githubusercontent.com

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Checks processor information in registry 2 TTPs 9 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_Classes\Local Settings firefox.exe
NTFS ADS 1 IoCs

Processes:

firefox.exe

description ioc process

File created C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_Classes\Local Settings	firefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
1588	MEMZ.exe
1748	MEMZ.exe
1588	MEMZ.exe
2948	MEMZ.exe
1748	MEMZ.exe
1588	MEMZ.exe
2372	MEMZ.exe
2948	MEMZ.exe
1748	MEMZ.exe
2312	MEMZ.exe
1588	MEMZ.exe
2372	MEMZ.exe
2948	MEMZ.exe
1748	MEMZ.exe
2312	MEMZ.exe
1588	MEMZ.exe
2372	MEMZ.exe
2948	MEMZ.exe
1748	MEMZ.exe
2312	MEMZ.exe
1588	MEMZ.exe
2372	MEMZ.exe
2948	MEMZ.exe
1748	MEMZ.exe
2312	MEMZ.exe
1588	MEMZ.exe
2372	MEMZ.exe
2948	MEMZ.exe
1748	MEMZ.exe
2312	MEMZ.exe
1588	MEMZ.exe
2372	MEMZ.exe
2948	MEMZ.exe
1748	MEMZ.exe
2312	MEMZ.exe
1588	MEMZ.exe
2372	MEMZ.exe
2948	MEMZ.exe
1748	MEMZ.exe
2312	MEMZ.exe
1588	MEMZ.exe
2372	MEMZ.exe
2948	MEMZ.exe
1748	MEMZ.exe
2312	MEMZ.exe
1588	MEMZ.exe
2372	MEMZ.exe
2948	MEMZ.exe
1748	MEMZ.exe
2312	MEMZ.exe
1588	MEMZ.exe
2372	MEMZ.exe
2948	MEMZ.exe
1748	MEMZ.exe
2312	MEMZ.exe
1588	MEMZ.exe
2372	MEMZ.exe
2948	MEMZ.exe
1748	MEMZ.exe
2312	MEMZ.exe
1588	MEMZ.exe
2372	MEMZ.exe
2948	MEMZ.exe
1748	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

taskmgr.exe

pid process

2328 taskmgr.exe

pid	process
2328	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 37 IoCs

Processes:

firefox.exechrome.exetaskmgr.exe

description	pid	process
Token: SeDebugPrivilege	2344	firefox.exe
Token: SeDebugPrivilege	2344	firefox.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeDebugPrivilege	2328	taskmgr.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

firefox.exechrome.exetaskmgr.exe

pid	process
2344	firefox.exe
2344	firefox.exe
2344	firefox.exe
2344	firefox.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
1260	chrome.exe
1260	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

firefox.exechrome.exetaskmgr.exe

pid	process
2344	firefox.exe
2344	firefox.exe
2344	firefox.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
2328	taskmgr.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

firefox.exe

pid process

2344 firefox.exe
2344 firefox.exe
2344 firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 2216 wrote to memory of 2344	2216	firefox.exe	firefox.exe
PID 2216 wrote to memory of 2344	2216	firefox.exe	firefox.exe
PID 2216 wrote to memory of 2344	2216	firefox.exe	firefox.exe
PID 2216 wrote to memory of 2344	2216	firefox.exe	firefox.exe
PID 2216 wrote to memory of 2344	2216	firefox.exe	firefox.exe
PID 2216 wrote to memory of 2344	2216	firefox.exe	firefox.exe
PID 2216 wrote to memory of 2344	2216	firefox.exe	firefox.exe
PID 2216 wrote to memory of 2344	2216	firefox.exe	firefox.exe
PID 2216 wrote to memory of 2344	2216	firefox.exe	firefox.exe
PID 2216 wrote to memory of 2344	2216	firefox.exe	firefox.exe
PID 2216 wrote to memory of 2344	2216	firefox.exe	firefox.exe
PID 2216 wrote to memory of 2344	2216	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2648	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2648	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2648	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 2452	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 1340	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 1340	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 1340	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 1340	2344	firefox.exe	firefox.exe
PID 2344 wrote to memory of 1340	2344	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://gofile.io/d/GfflS3"
1⤵
- Suspicious use of WriteProcessMemory
PID:2216

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://gofile.io/d/GfflS3
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2344

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2344.0.1450921797\1137427334" -parentBuildID 20221007134813 -prefsHandle 1252 -prefMapHandle 1212 -prefsLen 20600 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4427eaa-2127-4a57-adda-5a4bf9f0248b} 2344 "\\.\pipe\gecko-crash-server-pipe.2344" 1340 10bf7658 gpu
3⤵
PID:2648

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2344.1.118078733\1101288669" -parentBuildID 20221007134813 -prefsHandle 1516 -prefMapHandle 1512 -prefsLen 21461 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1bc300bf-e11e-41d6-8692-d2681dfc364e} 2344 "\\.\pipe\gecko-crash-server-pipe.2344" 1544 d6f858 socket
3⤵
- Checks processor information in registry
PID:2452

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2344.2.710815949\62300306" -childID 1 -isForBrowser -prefsHandle 2336 -prefMapHandle 2332 -prefsLen 21499 -prefMapSize 233275 -jsInitHandle 784 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {60aa5b8e-2ef4-4925-b991-6a8d8ec3cbae} 2344 "\\.\pipe\gecko-crash-server-pipe.2344" 2348 1af81b58 tab
3⤵
PID:1340

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2344.3.1482025385\830729635" -childID 2 -isForBrowser -prefsHandle 2784 -prefMapHandle 2780 -prefsLen 25956 -prefMapSize 233275 -jsInitHandle 784 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba0c3c9b-05eb-49bd-a26e-245383967c95} 2344 "\\.\pipe\gecko-crash-server-pipe.2344" 2800 d62858 tab
3⤵
PID:2736

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2344.4.1917487676\1253451978" -childID 3 -isForBrowser -prefsHandle 3716 -prefMapHandle 3336 -prefsLen 26050 -prefMapSize 233275 -jsInitHandle 784 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a678d794-32b9-4897-9c11-f2ed23ec6fff} 2344 "\\.\pipe\gecko-crash-server-pipe.2344" 3724 1d022158 tab
3⤵
PID:1532

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2344.5.1962626519\1386736199" -childID 4 -isForBrowser -prefsHandle 3908 -prefMapHandle 3812 -prefsLen 26050 -prefMapSize 233275 -jsInitHandle 784 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {da46a6b7-74da-41c5-a9f9-f16f842b9e22} 2344 "\\.\pipe\gecko-crash-server-pipe.2344" 3924 1f3aaa58 tab
3⤵
PID:1604

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2344.6.2120316451\144574161" -childID 5 -isForBrowser -prefsHandle 4040 -prefMapHandle 4048 -prefsLen 26050 -prefMapSize 233275 -jsInitHandle 784 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {556ac86f-abb1-46fd-961f-3249de283d2a} 2344 "\\.\pipe\gecko-crash-server-pipe.2344" 3964 1f3ab958 tab
3⤵
PID:3068

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2344.7.822822384\883757388" -childID 6 -isForBrowser -prefsHandle 3600 -prefMapHandle 3624 -prefsLen 27948 -prefMapSize 233275 -jsInitHandle 784 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1711fc3-b33c-4213-abe2-c3aa7b9db4cc} 2344 "\\.\pipe\gecko-crash-server-pipe.2344" 2708 17e98258 tab
3⤵
PID:3004

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2344.8.381517649\2099352140" -childID 7 -isForBrowser -prefsHandle 4320 -prefMapHandle 4324 -prefsLen 27948 -prefMapSize 233275 -jsInitHandle 784 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {08f86746-1898-4859-9bcd-d1f6febcee23} 2344 "\\.\pipe\gecko-crash-server-pipe.2344" 4312 144d0258 tab
3⤵
PID:1192

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2344.9.868179198\2092552709" -parentBuildID 20221007134813 -prefsHandle 4600 -prefMapHandle 4596 -prefsLen 27948 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd57f477-82cc-432f-99a2-4ddfb672002f} 2344 "\\.\pipe\gecko-crash-server-pipe.2344" 4612 13529f58 rdd
3⤵
PID:1720

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2344.10.2095298705\492717893" -childID 8 -isForBrowser -prefsHandle 3912 -prefMapHandle 3872 -prefsLen 27948 -prefMapSize 233275 -jsInitHandle 784 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6b88262-8a72-4aea-9d00-ee8596887561} 2344 "\\.\pipe\gecko-crash-server-pipe.2344" 4784 13e48f58 tab
3⤵
PID:1696

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2344.11.227076421\1624126526" -childID 9 -isForBrowser -prefsHandle 4860 -prefMapHandle 4864 -prefsLen 27948 -prefMapSize 233275 -jsInitHandle 784 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ad79864-34d1-425d-a108-92f4ac59d3b3} 2344 "\\.\pipe\gecko-crash-server-pipe.2344" 4848 13527e58 tab
3⤵
PID:2700

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:268

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1588

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1748

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2948

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2372

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2312

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /main
4⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:1828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6909758,0x7fef6909768,0x7fef6909778
2⤵
PID:2108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1096 --field-trial-handle=1308,i,749177677503935260,18355363373701892449,131072 /prefetch:2
2⤵
PID:2928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1424 --field-trial-handle=1308,i,749177677503935260,18355363373701892449,131072 /prefetch:8
2⤵
PID:588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1268 --field-trial-handle=1308,i,749177677503935260,18355363373701892449,131072 /prefetch:8
2⤵
PID:2704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2156 --field-trial-handle=1308,i,749177677503935260,18355363373701892449,131072 /prefetch:1
2⤵
PID:1484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2168 --field-trial-handle=1308,i,749177677503935260,18355363373701892449,131072 /prefetch:1
2⤵
PID:2780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1076 --field-trial-handle=1308,i,749177677503935260,18355363373701892449,131072 /prefetch:2
2⤵
PID:2400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3184 --field-trial-handle=1308,i,749177677503935260,18355363373701892449,131072 /prefetch:1
2⤵
PID:2116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3588 --field-trial-handle=1308,i,749177677503935260,18355363373701892449,131072 /prefetch:8
2⤵
PID:1884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3712 --field-trial-handle=1308,i,749177677503935260,18355363373701892449,131072 /prefetch:8
2⤵
PID:3032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4116 --field-trial-handle=1308,i,749177677503935260,18355363373701892449,131072 /prefetch:1
2⤵
PID:1760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1020 --field-trial-handle=1308,i,749177677503935260,18355363373701892449,131072 /prefetch:8
2⤵
PID:2928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1900 --field-trial-handle=1308,i,749177677503935260,18355363373701892449,131072 /prefetch:1
2⤵
PID:1456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4252 --field-trial-handle=1308,i,749177677503935260,18355363373701892449,131072 /prefetch:1
2⤵
PID:1488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4220 --field-trial-handle=1308,i,749177677503935260,18355363373701892449,131072 /prefetch:1
2⤵
PID:1700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4160 --field-trial-handle=1308,i,749177677503935260,18355363373701892449,131072 /prefetch:8
2⤵
PID:1352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4216 --field-trial-handle=1308,i,749177677503935260,18355363373701892449,131072 /prefetch:1
2⤵
PID:2500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3492 --field-trial-handle=1308,i,749177677503935260,18355363373701892449,131072 /prefetch:1
2⤵
PID:1120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4020 --field-trial-handle=1308,i,749177677503935260,18355363373701892449,131072 /prefetch:1
2⤵
PID:2968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3832 --field-trial-handle=1308,i,749177677503935260,18355363373701892449,131072 /prefetch:8
2⤵
PID:1504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3816 --field-trial-handle=1308,i,749177677503935260,18355363373701892449,131072 /prefetch:8
2⤵
PID:1040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3664 --field-trial-handle=1308,i,749177677503935260,18355363373701892449,131072 /prefetch:1
2⤵
PID:2216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3752 --field-trial-handle=1308,i,749177677503935260,18355363373701892449,131072 /prefetch:1
2⤵
PID:2992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=2720 --field-trial-handle=1308,i,749177677503935260,18355363373701892449,131072 /prefetch:1
2⤵
PID:3004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2712 --field-trial-handle=1308,i,749177677503935260,18355363373701892449,131072 /prefetch:1
2⤵
PID:3044

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1900

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2328

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize
252B

MD5
56710b24500b58d862e4b052ad5d9aec

SHA1
860f8239a93ce8a015db43d9d92d48ff80aa414e

SHA256
336e8a074e01ca5dc1f6f9dccdb19755edd21b6dbcdaaff3e271f0ffae608a64

SHA512
078cc496b95b44cc87c1a3483375abe32828b3f69e6287ba7cae911c9b55a13e0fb01fa1144d28478e218d07f3ac57555fdf166126f41f172127f487e5a53b0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
84158d2455e3af1cacfe09ced372f3a1

SHA1
44da682e2b65842e8ff59ef4c52fbb423624b81f

SHA256
acbcb44b5ec741f477b792cba8dda1c7c0498d43cfd4883532d86e20bcadee03

SHA512
6fb77a9c713a211a6233b2fa4acc57e79e5c95c7c6e219d1c9f59ddd28042d44efc4c6d3895b084892a588d593fde8d2e8560c849b75bb29e2e58756300e894f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
29e8628f2e04dad6044abccace54aaa1

SHA1
1f1e6a59fc8d215304ddb317d8cd3d261c5c7fb8

SHA256
43c2ae8495ac5ef026b5db2d3e22f136bf056d6e58f99316f9c7667501e5e50c

SHA512
935af6c2325927dc2c0ac47372878203f5aa7308d59d8dc84339d732d491d7b73ff9851cb6382c3c456729cf33ad5753020aa4011c835c299cd03f7fb2a1ab65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
06c71999f4f37633bbeefad334c72185

SHA1
844c5b99aa550746bf5dd43af06b487ae21912c2

SHA256
7609a6dba8a84fc9da0f96416933835db8d729649387631e780d6bb5d9b56928

SHA512
b85b4a6e935966bae9e90e7395e2b4fd6bfbbfc0def888848b6d10abdde3b9dc11d2e8bc860961b6f110434c23565aad8646fb1e4f55b2c4a8118f690361df6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
7374c60bed487bcf610f7cdee831ed5e

SHA1
ae98895ae97bd803c47bb32397e2b3b9a389fe29

SHA256
4c8746975a0c7d2eadfea4adc7a8cad17cf169443c0296ba4d2471c65cbfdbc8

SHA512
1dd559e61fa61d5bc4e8c0a19b7d08d0eb92f917fc2dbb8cf9133d18da9ff7b59fc414f54a7e8caa3956c46f9dabdb37040c21d2f32c606698d4724f617605ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4faedca1fa4e69dda0dd476f208e467a

SHA1
9df0b3b584e37aabbf7b43c2993a26098ce0180e

SHA256
1bdc00a77cc64ce1ba8c743a8849f9dd04c2a04257e57321049e90878e190973

SHA512
baae6061c67e30bc28b5aa28424b46b9201576cf03503e105c849b5ec8fb1ec88203f2bbecf73bad9455f634262821f2bd83727b3002fb3c349132883a6e08ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
5bed615d0d7031886e7294da0fc7ee4c

SHA1
d5e6eb35e236dd5d5ee0abc59ab9b1d0fed3173a

SHA256
db94e0d0a11bd25d7461ef729cf97a4467aff830562d6ce3198473c8ebe3d3cb

SHA512
990e1db2986ed6a8fad9f23476719effb11b11c6f45bba33f0865c648dbdae7443142a67c17bc747894030c9770cc0bf80db816ef6b0b2c6e5dc80793ae78ec2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
cc60a630cee9745d7c9bc41294bf1db8

SHA1
6cc4703f9d68d476e7cce87a0a16ea0e7ecaa9d7

SHA256
883fc2298eec49dbb020efeb3e338ec4a9bc89e96af7eca4d31f15fea9eeff1e

SHA512
a4beb1fb9606d18e4042107291912dc8db5f4ff73961257500976aa79752155c9be9664f58fa381f829dcbdbeeaac53524e40f5a2aa8198fe90d5adc81f27ed5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
242B

MD5
6f355f853a052840277298941486bce5

SHA1
a175da942e55749b3ed4417ed2fa15440c6f3814

SHA256
8626e139cd64ba69007d1896ae6737f7407e695c2928a9dbecc641235e6469d6

SHA512
bba327df58119bfbde6274451808acb7963143cd787da762defe2a4a1c0f743a78f444a52e1665dffe574c4d9b7b685d8b8cc444bd3528525dd5e845353baf54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
Filesize
69KB

MD5
0ed8278b11742681d994e5f5b44b8d3d

SHA1
28711624d01da8dbd0aa4aad8629d5b0f703441e

SHA256
354730711c3ca9845bf98ec5dfb58a16e50984f9edcf0e8f432742326334f8a2

SHA512
d296ab1f1b418b125f09598ca6645d984a1cf67092a914956b8879d285ee35521b408363b47da195de79086e3be3ed9b1709bc8f9cd2e32d5dccb720a010bc8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
Filesize
133KB

MD5
2b4ba8c3d2dece31057235c60fbabc0c

SHA1
f0ceb959cc574728eca15c6193dff7210e65cf55

SHA256
0f500babf80deefac6a1900f675ff4b8b1c055299e8e321e670a869776f17793

SHA512
c32fa1d9061551fbaee36118dfaf8b69dfee3213dc5acb17ce791c6396e5f4011f090a739dec547df1b4f5cc984b4a7e88045719e1a30bc4e8589203dd6015dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
842B

MD5
b0d8646316f484162b796d8df57540e8

SHA1
9160d2d0f76a65d05b2551785d01df5d0c6ccd04

SHA256
00ff37e6945e25e2fd8764ab3ffc8626e2c1c723fe6eaf21a76687b49c813c97

SHA512
91c5745d4ae3087e1cb4863fddcd90f63d0e103b833df2cbe63e5f0912024fed8c030c08e002e5694cbee1997ca99803f422081200b49132c2a9dc1cad24c2f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
200B

MD5
e795acac6ace13cb9abd0624b4f69270

SHA1
b496f20c031549fbf0e7f55d37204ccd9cc75ee1

SHA256
98fb718b6b1d8235df9c3cdc6ed5e8299ae2148efd146e032df4c011434eeb44

SHA512
0040be09f742bc249417627cc64542054255bd66486ad24c96c5f5a5fd76f446348d7d27e257b0b71dc6bdee9f4dc2b7890762b3b322b21340ac2cd3085ea766

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
200B

MD5
773493a3eff15b6405d09dd97e056f13

SHA1
3cdfa5221fec2f7ae6fab9e57bba9e5ea57c96fb

SHA256
9bb7efddd8db2d2beb283d79c3d5905982a350527b51a1217dbe2ff34379944f

SHA512
5181a386a89da843d0926493df15b3566a378d7a9c3e8df2d63a989a07e2fd1b351aeeaeda7d2db12c96d1083ab2422bae8055f27bf33870eea1308df644fe96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
ae3254810dc09d74f1a9538e0b5b55b2

SHA1
46ecb7d054d9a046e4cfbbd135bbabf7632a4d03

SHA256
6ab981242871430624f29336c098fb72a1e13d4394969d39431f1c88161f670a

SHA512
9ac9d5d709fbf3d6a29d3db8a8a5623ac4eafca641d03530b793755cd3eaca83bd079ca2e8d2ac43b91a32bc1bdcf213979e37c15d665a5aa7d2d3ed2bd65243

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
27b13f13c5a25c1583ff2cacb581e8ac

SHA1
11d47a249053bc7fe62d7503f3ea8b27027ec1a2

SHA256
ff802aa3a01f702e82f435cc05947f71b278520dc85f6852269d8a1a3e73aee5

SHA512
f5ed58d8f4a9a3e73301760207e0cff6293a4d3e09f962d1928027acad2fa59ba8b56bdeb8214708f66d693265379f8d9fbb370244f06a85a2c9c57d5638a315

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
8e363edf2db7f92561067016ccec9385

SHA1
d5450048456322ef19bd221c63e042c0a6c96d84

SHA256
53e38f4b5670b5eb2a81c46ff45341d4cd66d9393894358ae53b4435246300ad

SHA512
203d68aa983a01d6b0c2164b1dd38d3fa982c8010dccb5d9317e819ac5889ba4fe37c413a618a2660609c4650c12798bfdafc9a3c2b96099622fdbc27b5190be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
d0c26caf7b584bc179bc20937ad863b8

SHA1
e88dae544d70ab663cbf75c53b79023562c8582c

SHA256
15333172d8e9c607e2f075b2ac644af5b548c8299f3dc5ae9c72ae5d83487235

SHA512
8ea6670bb4afc56bcda01b55aff521b072f66780ff33df28352e454d7bc788ee23295a58718160d7df1a280377bbd0bdf64c9cdaf7a5be6b83f14cdea1c4dd0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
88e235550bfe7cfcf11d7a79610f56dc

SHA1
9eb3075726a3a01cb4326a9321315b8d1bd7dd4b

SHA256
a101bd9af13c81d4715d9911b04f9a47cfee5ba8cdb5558478e4b84958147425

SHA512
0f8d8cda8af9ebc53fbc16927a0cd9a9421e62f97fcfbe12197e575c07cbfa54a3bb8672258f5f9ad2b1ec66880fc8ccad3c0bd28881ad6d67e40fdd765ff99e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
0debb6f59744c2292dd15064d29e3922

SHA1
09d24d1de166f04e902006bd6c16cba90ae53c76

SHA256
89a60ce08a3fad42fe6a75f99f1890c09bf8002d744a366199eb59ca288e8dbe

SHA512
689744071bcbe02bc0aa2674e2f33c09cb99a96d343aac98e0bebae2289f8ed41a7c05ef32eb026c10b111eda57248efbbbfa1f29ec29e264ae4fe8e34a72d76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
145KB

MD5
a2af138fc9c88b4c3c54788decdbf36d

SHA1
7977f54b114f434a3ecd04017a3f80942af631e0

SHA256
ef1d331e893ccaa7c1141f6c65cc61bee319e3178782e528777c7ace40d1d219

SHA512
caa16ee8c1e28f15874d391bf1d47f16fd99f888af1f41eb4dd03a58102158cb917625fbbc1a61e9053200d3b5b68acbcccbd37dc7c1ee8dbe9807131b0e74e8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lf4jobx9.default-release\activity-stream.discovery_stream.json.tmp
Filesize
30KB

MD5
03821a7516c6e0ee2bd5c98e992ac6a9

SHA1
45403d6409fb37351a9c4bfba4eb50bc54ae0377

SHA256
72dcbbcfe04646e5a745ae1136b713b255ea03f52342fc9869a53adcbdf4f158

SHA512
3cf676cb236d9b19a2a8307c610a71df2b86e35ad64f32d85fbc7f3c56f3ff84f4b966a63bc1e4aee1e63ecf344be9d88542fea8dd05a04074a6080c38950e2f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lf4jobx9.default-release\cache2\doomed\6095
Filesize
10KB

MD5
e5fcdeb8472f4d93ade347fcdc8a282e

SHA1
5b8846bd02d3affd4fdeaf35d116f8be484a5b1b

SHA256
7afa1422b75c7f9c1b2cb84c1a45660feed327ca0c14239cf2a8c27f5ab2d423

SHA512
0b2b87f13b5a7b3390ec5308a95155131566f26f629114c342c89384d1de7b9adb5515dc1620459e3fae548939c4aff76c26b72b909c50f37a45f3663d219700

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD197.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
7KB

MD5
684b36da4bef701dbf398a4cb3dc3adc

SHA1
0784729275020c9f4efe4a82be2d0f54b493b07f

SHA256
55388b340594df651b89e9685a3449025bc0070f147a4e219fc21c07f2306a9c

SHA512
33ee4ea8ac35039b20c73faa9bcfb21bff2d422b70ec9db4358fd68841ef831426b9e2db137ee934b37b5c8b021c71a764ed2dbde3d7cfcdc814850810c5ac7b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\addonStartup.json.lz4
Filesize
5KB

MD5
35860b7440797fdf92b6b343858fae39

SHA1
62c24f43eedf6e71b226f0159dbbfeecc152f47f

SHA256
fa8d0fffa1b53a2ef40a65da9e28fe04dd91f053f4784f542714e60b4290f498

SHA512
5ae3d1a8279ae0fdf7954c3cf2279ea9c525e36547c4ed92049f741be6bd46bfef82b40763c7d01e0620dcf356fc9fc45b12be4dce319d4d9b354f6fa15d1a69

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\bookmarkbackups\bookmarks-2024-05-25_11_mUDMqzp9jbRt6ySnwvoA3w==.jsonlz4
Filesize
941B

MD5
20be0665130ed556da4834176282d8d9

SHA1
2e90b493924bd112c82dca176d8ecf30bca37f4f

SHA256
d19af3cc7ff4ff9d3debfdd830d6009485c59b9018e3f72da8998c9398475df1

SHA512
f982351d34fb751d3e4d130a0fb08e4bbfba590ba9fc889c85b20f4b604f652073becd30c68190d30717904ff753f18c060df03a5fde0d663a0dfe3722820a19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\broadcast-listeners.json
Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\datareporting\glean\db\data.safe.bin
Filesize
2KB

MD5
57b90c839d186c01ad6ffd58102a60a2

SHA1
d5bb38bc11f72dd4a0ec9c818264c000c9b7f5b8

SHA256
a6aaa7e66c20c6554b260616a26479a45203ba7ce615cefee0502578f7c4adea

SHA512
069a0e0b6f915228e933b29b5c3f2f3354bef4e55f63b5b0fef9dd30c55a5e99c03b66b675002070565518430480fbcce53c0596706f7d1ac6e7e0520430621e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\datareporting\glean\pending_pings\4f21a18d-c3d8-4ec1-bec8-27019599bece
Filesize
668B

MD5
7d7e4cd2da4108b6d1b8434061bbc419

SHA1
4ce019b60ee2ed967bd68e80cb024ba18053a6b2

SHA256
b6c2d90e8f9e5f63b0f55f7686a146fa7ceb9220f3095cd661f750ef37ef0e6c

SHA512
22a6469648eb639608ca96d34b8889fbdf7181d7104a991564f0ac51e0c4e949d74dc99bce396c74a8126e0dcd53dc0368f9a23d6a69b97f8420bf39d8a61aab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\datareporting\glean\pending_pings\5c159f68-fc4b-4149-b0b8-735884861c12
Filesize
11KB

MD5
e60aa24359c5d718fd2c40f85be9ed1a

SHA1
d5148a6eb1610c63a0f9d58b9e5edcf66475f2fd

SHA256
7b0ce5ed219394dce3798b54dd2658aa084018436b03520e6e4aeb2596e4a190

SHA512
e8c2ae2b605581d551fea884c9039151c0075ee5d6fafca5f60a8820c938d724edf5249c457842bc945126169d138f9d5f2e2812550686f06eb63c3f2ffc3e5e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\extension-preferences.json
Filesize
1KB

MD5
0bcf208899396bcb6e659783268d3b67

SHA1
89b0cfdd4f7bfc36e9263cff6432080429a3eb49

SHA256
0013ff84e9c5a777f6f161b7cb6bafcc3fe1ec554300e97be2361196af214c21

SHA512
f45d7288b84b08c977d55ef0de766aabab0223f027b1ee6cbd2e29f179d4e6555a479c13abde15a73b1335b37721a17c32135ff3f8ea04323d6e9a68e1c4ab24

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\extensions.json.tmp
Filesize
41KB

MD5
e2b0c120ea79099e6c319df4c3fdacaf

SHA1
79cb2c8c05c127d2cce85bfb601aea1a7b51e6c2

SHA256
59bc53e3bea5669cc8983c7cdada3586a13538887d657200fbe446e242100951

SHA512
d426c9a1de30537c31fe2a36ad3a46ea8ba7fc5c8db0c748bd4ec51ad60e6a3382360e1acb87b2f7334ca2a674b58d78af8fa28888f560456d6187f1b6c7ae17

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\favicons.sqlite-wal
Filesize
736KB

MD5
e48cd455059233dafd16dcd71b0405f5

SHA1
2f80e2bef008aafa8ba555161af4235db1cf4268

SHA256
ed22f2ba5ddcc3b0caa061221d8550540e26bc49296a1fc92ed15ebb8ad29441

SHA512
22f26a53170a4e7eec4261d38af50ea956a09254ba8315a82368f79cd240e5c75176c068433c772cd8dd012d06eae4bf574c54c62528f55be88ce0a6258fc376

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\places.sqlite
Filesize
5.0MB

MD5
4813c1792034d224f32bf442b9726b47

SHA1
ebcfdbc35ffc885c58b4a89648c539fbfc9cd80a

SHA256
1631d9d7cadda9e3a1a249ec810abc624b85d676a5a292c8a342a1482264814e

SHA512
638ba29a4cf98461f0fa92dd598d19c6c607d783bf95831c9f7eca7b19c14ff3c4d882bf859971e16aecf679eaca75ae7d8397c446254c5363e2cee49fe6daae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs-1.js
Filesize
7KB

MD5
dd6c551cf0f03baa70ed4b9797c715a7

SHA1
09342ab22ac2e6a333bcfc6e174977c1790a6c9d

SHA256
23d7f19cffcb8a2afce702e2f6c2a6bc608d1b7e8623419a0d9aa7087d1e289a

SHA512
c402feb0926ab6bcf0f7385473ed2ddceb1104cd4a6ebcfa02c49374f1e21ee81ecf09072026e811c9d7c4d592339cb330b2ed10da31b7a959829029a6328f2f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs-1.js
Filesize
7KB

MD5
a878c6e1c25df598ae731576f2265e5f

SHA1
fa1a0ee5eaccaa1141859d56d0efa2bb212c9418

SHA256
9635a169bc522ac15dd0d1296a26be278c2f275f0b6c131c519fc0dfa5ac5a72

SHA512
63fd980eb21785da02b66507b6efb7554bb184ff8658e317768dd91152aec8a3238de080bf9242477b04f1cfd1e52a15b2ddccbb3884cba85f5cf46ae38dc395

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs-1.js
Filesize
7KB

MD5
2ea5ad36f6bd539f4150360cc7939ae0

SHA1
1226c00f20ed2bcdee8bf354311d3e17a5dce0a8

SHA256
dd58ecbd2b60d160c46648bdeb1f726a2325ee5211d3f90e3a91149797480262

SHA512
c020aa3a43e28399d09e318f2833af2789f05d3ea27239da11dd53726cc52b0e1f3bf7f80d67ab6fc3bc0053aa43c3cd8440b90e7ad26dbf097238f3b39c5b9b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs-1.js
Filesize
7KB

MD5
857e895301aaf79a43b5c56adeb9e419

SHA1
809a59532f911969ebd8425b96451554a4214512

SHA256
332d721c260b8bc84e53933c90c36f3d8bbbb0677bc2d48bca94f9aa1f78c112

SHA512
c2ce943454fe628628a9ca157aa5d169eae4a8483e49b6188063959a9da3e635ccdca0f9c185d914a74d1512f113cbaae979efe9415b2474c7a7aa3cb303dfc8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\prefs.js
Filesize
5KB

MD5
4ed3029310452eca1f78026a0f1aaf94

SHA1
849f425667cd4293418af4ed231931e25f1e6327

SHA256
17dd730ad556b9c6205fea6e8388ed3d38d6247550f6825715d211193b36f480

SHA512
a97553935e517fefad40cca266d88904d1ae15e6d22bb48bc8d74e4b20f1872b17b52f5f606862bcaee6668a1c482abd2609baa5e903192b9938ccd91a62c6a2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\search.json.mozlz4
Filesize
299B

MD5
e4b66478ecde473b6d9c95d7a4350d37

SHA1
cf125f3ec9060bf59a3e4449b0fb151eaad01c5e

SHA256
4510c82fc9289533b0dbaf0a2a70a45589814c06be7e9adc395100ff18d5fc73

SHA512
0fef6926821a19f686d0291db9e7efb1a60cd6d13d94d4cc6fc3eeb06be3807d697debde0a5a264b430d449482bb26666b8273c7342e99d592e9b516027c086d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionCheckpoints.json
Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
5KB

MD5
ef845b43c665b085f6600bd03df69613

SHA1
fbd64468f68ea7672a55fc1021b29b43122142ae

SHA256
6d68b0817210c3c7ea28401c53fca0125919fe1dd7220c2450b98345a37435aa

SHA512
1495bfba70681f147222fab6bde1222c70d21c004ae1a638ee044ec996d99c544c362692a36bdeef4fcf47642eb39ef034dc65f53ae1b424317467aa57c9b552

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
8KB

MD5
d77363829f9daf535fc15dc801d0dd80

SHA1
81dc519d477baab64326b0cb276f0468f6f852a8

SHA256
67451f0d64a3c1a96ed65c5e22f79e4ff8ca8caaacb37f62fab92eb55e5918e2

SHA512
fdab4ca67a0598a75c1fe9ea5a2d4dc251acd924b1ddc7bc56f8e5d26bfcbe6cbf281f5c1df85c8d113d3d4cacf843c0ecbdc9c4e33798d660525b209314fdea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
5KB

MD5
cbe2f4b5b5f63c946315edbdd2372197

SHA1
9ccb91cb12bde2dd8bbaf2617eec4a104c20c1fa

SHA256
dc7b4746ac3a7de793cd66d00cdec4d5de2f55e1f86607cb2bcdaf2cd2f632a8

SHA512
f060bb757d44898210f52f7e3e2fd2f3cf4a793388b7e31a6955c5004f013475747f1dcf7a50f7bece56dcf5e6bbda8e474ea69c4bee4c0b724e78a36b061621

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
8KB

MD5
2ef20879889285fdbea9549ac3986053

SHA1
4bb45e6ad768451d187a83ae6eae12a1abf948b0

SHA256
4cb09337ae98443db2cf233dd44c23eec1146a0991317511a18611e7ee2f1896

SHA512
ab4b3f5b2157aeeb7d4d9fff299b0ad034e0ef745f2e68c0fae3b9f0eeae3ec62a22e79d2c97b5ab5e8b9b4226be70354526f2904b72b8d43401b32e8a6f3a20

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionstore.jsonlz4
Filesize
9KB

MD5
b2741f7c5b826f544ab1d50a8bfdc947

SHA1
586dbaaca719950410b8cf4865943b6f5364d53d

SHA256
6d602f18e3d6b0ac3204009639fd945d320d82c7efc9341c7b5678c71505b7b6

SHA512
464c6c9664649df4cb8c38a5897b19717af43b6ebddcc16569df6578bf175f6e8e4fd3bc4395e637eb79cce1135a8d490a1f810b1db252b5997764487df862c1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
Filesize
48KB

MD5
cfdeed9871cf965680df75552bb5fde1

SHA1
2e68317970b06b26c3eb9b998a1d6dee3020603e

SHA256
2f6d6bfe9f55226fa44e44aec1681cfb3676fd91494798a509feca8064747120

SHA512
9ad6e10c41eb75330d54f3376e66b0697d2da1195198c75c12810ed5a4ca281e69984ea5a3dd41f6fab4d4bb46e1cebd34e2ef891878a638954ee3c88a27bb7b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
176KB

MD5
297117cbf4ddf46736a0d044fde642a1

SHA1
53ca7a8a5a7144a8a527ef4d0984c8705d33a2b4

SHA256
0da7ca6ace999bf4baaff958c0cc01d1e1995c0d2d0e114ffac28a02bbc8931d

SHA512
5d46b4d379c6af519637101d0859d96b6a7a07d63d8128c8281608b2d3d530d502cfaf4a003dc8c255b85d3d0dd7571ffafa542a2c860dc26fe28c756c93bd99

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
184KB

MD5
c9defa822ff6fc810766ee417738bc4b

SHA1
c39ecc77b4dea4043980407df169eeb21990c679

SHA256
d9258653fb70cdc1ba02272e0518866cec07aca811d09552377e4cd6e8781d76

SHA512
49427a4916e8bfe6066bddb3533abe09b704a6947dc1c1c63399f2ae1b2b3ed9ea9da9291f08ba6cb160448835a4990c4bc116d95e678d390466bbd2d33e5fa5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\targeting.snapshot.json
Filesize
4KB

MD5
1f987685783345cc2962185f05c89ed7

SHA1
d6f87b38683144bb065926ee6dba58d02d447bf7

SHA256
d8555156b7bfbe458381572ed9caf92f7a9537db3b511cd96a7857f820e97b33

SHA512
15c464ab6fec205f78dbeec7c2f9e6a945c1771ca83d534de26e9166786837a477008bf68a8628b4d21237778e63042fc39eda7fc05c32f92b2e7ebaae1d9e84

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
\??\pipe\crashpad_1260_GAWZSDVNZLCGUMZG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2328-1073-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2328-1246-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2328-1247-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2328-1240-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2328-1239-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2328-1192-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2328-1193-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2328-1188-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2328-1345-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2328-1349-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2328-1187-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2328-1164-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2328-1148-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2328-1149-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2328-1124-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2328-1123-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2328-1087-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2328-1085-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2328-1077-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2328-1076-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2328-1075-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2328-1074-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2328-1072-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2328-1061-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2328-1060-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download