discordrat | d0edb846b44e046fee8fea55dba1160e988ccfc947cf51fbb2803ded90268d19

Analysis

max time kernel
152s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2024 02:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RobloxPlayer.exe
Size

78KB
MD5

8f3d0d4044ff8cc1d847687568c91e14
SHA1

fd9049e0e5c074603b78a2aea228b75e4ce6c099
SHA256

1c7ffa12df8fc6b0617ddd3e7bf89582154156c803ca2b2df7a6073d43e13dc0
SHA512

afd8aa0948e588de2bb7d44687afccd5da52e613a06a26bbec862945a3cd1a80423b2e1929256bce23e92bac5b09f27e436c1223583d4507c6782da3d46760e4
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+cPIC:5Zv5PDwbjNrmAE+QIC

Score

10^/10

discordrat persistence rat rootkit spyware stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIxNTQyMjc0OTk4ODg4NDU3Mg.G8QiY3.e2k047pCmhPxBH-tdaOfxVTB1BY3dSfZIT_sXY
server_id
1201970766531530822

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Downloads MZ/PE file
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 33 IoCs

Web Service

T1102

flow	ioc
199	raw.githubusercontent.com
448	discord.com
776	discord.com
119	discord.com
327	discord.com
741	discord.com
50	discord.com
148	discord.com
200	raw.githubusercontent.com
539	discord.com
768	raw.githubusercontent.com
147	discord.com
775	discord.com
810	discord.com
760	discord.com
85	discord.com
230	discord.com
346	discord.com
809	discord.com
79	discord.com
125	discord.com
248	discord.com
427	discord.com
774	discord.com
811	discord.com
61	discord.com
449	discord.com
740	discord.com
785	discord.com
49	discord.com
320	raw.githubusercontent.com
786	discord.com
236	discord.com

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	4492	RobloxPlayer.exe
Token: SeDebugPrivilege	5008	firefox.exe
Token: SeDebugPrivilege	5008	firefox.exe
Token: 33	4144	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4144	AUDIODG.EXE
Token: SeDebugPrivilege	5008	firefox.exe
Token: SeDebugPrivilege	5008	firefox.exe
Token: SeDebugPrivilege	5008	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
5008	firefox.exe
5008	firefox.exe
5008	firefox.exe
5008	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
5008	firefox.exe
5008	firefox.exe
5008	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5008	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5008 wrote to memory of 2688	5008	firefox.exe	93
PID 5008 wrote to memory of 2688	5008	firefox.exe	93
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 2500	5008	firefox.exe	95
PID 5008 wrote to memory of 2500	5008	firefox.exe	95
PID 5008 wrote to memory of 2500	5008	firefox.exe	95
PID 5008 wrote to memory of 2500	5008	firefox.exe	95
PID 5008 wrote to memory of 2500	5008	firefox.exe	95
PID 5008 wrote to memory of 2500	5008	firefox.exe	95
PID 5008 wrote to memory of 2500	5008	firefox.exe	95
PID 5008 wrote to memory of 2500	5008	firefox.exe	95
PID 5008 wrote to memory of 2500	5008	firefox.exe	95
PID 5008 wrote to memory of 2500	5008	firefox.exe	95
PID 5008 wrote to memory of 2500	5008	firefox.exe	95
PID 5008 wrote to memory of 2500	5008	firefox.exe	95
PID 5008 wrote to memory of 2500	5008	firefox.exe	95
PID 5008 wrote to memory of 2500	5008	firefox.exe	95

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\RobloxPlayer.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxPlayer.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4492

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5008
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.0.1405386525\949665800" -parentBuildID 20221007134813 -prefsHandle 1852 -prefMapHandle 1844 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {14675cc1-b707-40c2-9778-0891c1b9f743} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 1972 2bad8a08158 gpu
  2⤵
  PID:2688
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.1.799099091\1079540725" -parentBuildID 20221007134813 -prefsHandle 2316 -prefMapHandle 2312 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b70ed00-fca2-42fa-b7b6-6b2a91b69e9f} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 2344 2bad7545858 socket
  2⤵
  PID:1228
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.2.1284863639\1121990144" -childID 1 -isForBrowser -prefsHandle 3104 -prefMapHandle 3100 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0da86e12-f474-40d7-b6a1-3eb07a2f37c6} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 3116 2badb995658 tab
  2⤵
  PID:2500
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.3.1856488554\1118102147" -childID 2 -isForBrowser -prefsHandle 3564 -prefMapHandle 3544 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f30ff155-dc61-43a2-8aa4-999084016227} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 2316 2bada1de858 tab
  2⤵
  PID:1240
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.4.2135807297\138680115" -childID 3 -isForBrowser -prefsHandle 3608 -prefMapHandle 3604 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d5b2264-4fb9-4d86-82f4-3131d6cefc10} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 3620 2bac3d5b258 tab
  2⤵
  PID:2608
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.5.1197804460\546944117" -childID 4 -isForBrowser -prefsHandle 5004 -prefMapHandle 4956 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {733358ad-01f6-41b8-ada1-f125472c0a4b} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 4964 2baddcd2858 tab
  2⤵
  PID:4292
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.6.574375922\314467356" -childID 5 -isForBrowser -prefsHandle 5016 -prefMapHandle 5012 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {669ff3ea-4263-46cc-89f6-7088aca1db1f} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 5028 2baddccf558 tab
  2⤵
  PID:1604
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.7.652936528\167008958" -childID 6 -isForBrowser -prefsHandle 5176 -prefMapHandle 5028 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33e543dc-d16b-48fa-a271-c0566b82fd8f} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 5164 2baddcd0158 tab
  2⤵
  PID:4328
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.8.1792668156\1042064995" -childID 7 -isForBrowser -prefsHandle 5884 -prefMapHandle 5736 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af224b6a-c1d0-4f68-a370-61dfbbdf4d6d} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 5892 2baddc62758 tab
  2⤵
  PID:3952
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.9.1182298143\548455456" -childID 8 -isForBrowser -prefsHandle 5416 -prefMapHandle 4968 -prefsLen 26646 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9e0f3f3-7a2a-46aa-a3b2-a209faf9df87} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 5296 2badb90c858 tab
  2⤵
  PID:5588
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.10.2104330775\1209583857" -childID 9 -isForBrowser -prefsHandle 5388 -prefMapHandle 5608 -prefsLen 26646 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ec225d6-ebb8-4bf2-8fd0-cc1fd7534946} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 3676 2bade820158 tab
  2⤵
  PID:5636
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.11.592402046\594021814" -childID 10 -isForBrowser -prefsHandle 4548 -prefMapHandle 5172 -prefsLen 26646 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6cccd998-f79a-4fa4-bd38-eb57bcda3c2b} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 5252 2bad91d3258 tab
  2⤵
  PID:3100
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.12.842866883\1948926298" -parentBuildID 20221007134813 -prefsHandle 3640 -prefMapHandle 4980 -prefsLen 26646 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {25c78588-6754-44ce-b5ae-6f9490d18e66} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 5092 2badfe47858 rdd
  2⤵
  PID:3592
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.13.1691606301\467324740" -childID 11 -isForBrowser -prefsHandle 6288 -prefMapHandle 6192 -prefsLen 26646 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {48d0c833-abe0-474a-a26e-0dc1dc3ac9d7} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 6276 2badfedae58 tab
  2⤵
  PID:5688
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.14.671481484\326014630" -childID 12 -isForBrowser -prefsHandle 6036 -prefMapHandle 5888 -prefsLen 26646 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {53fb88a6-7105-47c4-9092-6890de3e5cf3} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 5028 2badf8bba58 tab
  2⤵
  PID:1056
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.15.575230555\749062158" -childID 13 -isForBrowser -prefsHandle 10444 -prefMapHandle 10448 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec2f84b9-76d3-4072-b226-578bf5729e6c} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 10436 2bade822858 tab
  2⤵
  PID:5292
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.16.986323902\459035742" -childID 14 -isForBrowser -prefsHandle 10156 -prefMapHandle 5644 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63ff50c5-75b3-4a4a-8df7-c17589ad6a74} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 10144 2badf95f658 tab
  2⤵
  PID:5260
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.17.1001994635\812604781" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 10156 -prefMapHandle 5644 -prefsLen 26725 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {625256d7-3b6e-4ad2-973c-16bee874ebc1} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 10420 2badf89fd58 utility
  2⤵
  PID:1820
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.18.343130661\1080302595" -childID 15 -isForBrowser -prefsHandle 9844 -prefMapHandle 9828 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f288a4c-ae71-47db-9988-45cab963c64e} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 9824 2bad7545b58 tab
  2⤵
  PID:4004
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.19.1059199574\330563122" -childID 16 -isForBrowser -prefsHandle 9624 -prefMapHandle 9596 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ac2bdd3-cf38-4817-88d9-5cd199081d12} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 9632 2bac3d60158 tab
  2⤵
  PID:436
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.20.913112202\920942426" -childID 17 -isForBrowser -prefsHandle 9240 -prefMapHandle 9236 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1c5ec22-40e6-4f06-a45a-190ffa23f4b4} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 9248 2bae0060558 tab
  2⤵
  PID:5572
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.21.1053123557\760449134" -childID 18 -isForBrowser -prefsHandle 8992 -prefMapHandle 8948 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44bb62d8-0915-4e4a-8367-8a6678dd94a6} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 9060 2bae0849a58 tab
  2⤵
  PID:6404
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.22.1368414253\1964509878" -childID 19 -isForBrowser -prefsHandle 8992 -prefMapHandle 8948 -prefsLen 27204 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {360f819e-246e-413b-8da4-6e51e1a9fea0} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 8792 2bae1c7ee58 tab
  2⤵
  PID:6776
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.23.858815724\239018504" -childID 20 -isForBrowser -prefsHandle 5428 -prefMapHandle 5444 -prefsLen 27416 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {599597a0-1aeb-4dac-92be-4d4101080788} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 5508 2bae35b5358 tab
  2⤵
  PID:3276
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.24.828243925\1778771845" -childID 21 -isForBrowser -prefsHandle 8476 -prefMapHandle 8472 -prefsLen 27416 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a6c03eb-c53d-40f5-b292-27154e90f372} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 8484 2bae386f658 tab
  2⤵
  PID:6840
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.25.1448503874\1764489037" -childID 22 -isForBrowser -prefsHandle 8212 -prefMapHandle 8216 -prefsLen 27416 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aabe538e-bfbb-4945-8c30-6194f144b6f0} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 8300 2bae3870e58 tab
  2⤵
  PID:6860
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.26.2147475180\839766700" -childID 23 -isForBrowser -prefsHandle 8332 -prefMapHandle 8852 -prefsLen 27416 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0667c7d-78a0-4003-8491-8ce16fd4c899} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 8052 2bae1eadc58 tab
  2⤵
  PID:6640
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.27.1844734657\82987674" -childID 24 -isForBrowser -prefsHandle 10408 -prefMapHandle 8300 -prefsLen 27416 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d30aa5cd-183b-46eb-9c25-04a417779441} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 8044 2badc7ba658 tab
  2⤵
  PID:1068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4480 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
1⤵
PID:5896

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4b8 0x4e4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\10126

Filesize
16KB

MD5
8e2790df1689c0c7dabddd0c12342d29

SHA1
2475ccf6b1040fe7cde1962bbc3d5722a6cbc015

SHA256
b4dfe23285f951e1268a8ba171f8649657108a38eda1bd699a289e917f6d059f

SHA512
41f876269220a440e32afbc4dfd29d51dcc94d9daf732910e671804198ed36623de374bf0c5646e6fe093bdc66dbfbb566e5af189698ade15931ebe494ab8959

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\10223

Filesize
16KB

MD5
e327b7f4d7363fc19155d8edd08c8295

SHA1
3c86beed71507393509940722b9cb1ef5acde85d

SHA256
4a5429e6aa40f47ee9d1ea1e307ea4d49e45b762e303380470d5142416da527e

SHA512
92cf170ab9a98db2259c0728940f07e37d0b22c735c8a5993fe85c2dba5b2594f9ca6b5f91c892c23d1c7a320b931759d8bcbae6c0698c6c217989d0816f831e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\1520

Filesize
10KB

MD5
f0db58696a272567f6cdc3fc9991be6a

SHA1
8b991b522dfbf2e442490a883aa28f06c6bf1d39

SHA256
9dcbbcbb2b6f27e4f10592ab3a38df676f279613ea7ec13d12a26b1d0710947f

SHA512
1a0401cdbed11373ad3e8734e519c1d2864961971635f2ddfc45b5c0e7acd0f70958619be0ff2f0c29043bf190ca011e1d402149815899c098d81047c4228bef

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\15613

Filesize
16KB

MD5
9fb1d751ce9998ea0c633724e48430c0

SHA1
752a2e5c75c2bba34f89a6dd5dbc29cf3fc113f2

SHA256
e2077ba8ee3abc6f7c86cdfb1638cf16eeeaf3746f08748021a079a1f63f7a60

SHA512
08d60a8d9efa50fe4e2f21a08bedcd620748482204366a591ce988d06dae52657f9d587b5cddf5b5381da35fd9c1384671b69e2158c33f315058c19275285762

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\16495

Filesize
7KB

MD5
3b19115c794815634cfc38d3b5b16352

SHA1
628781d1d48f9c4f1382c224963839c5e879f64e

SHA256
de38f9243b6e492db893d5a93668d44492d302eb1c96b32ae80a280a1508307f

SHA512
be7035be8461506460537b36f7d429a4b58d79a3822634005c47e9778f8b4ddd006e789bb4e886a1705eecf72bb36c16e6bd361e3fa842f534401a0967222604

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\16812

Filesize
16KB

MD5
80be7b63f7a8d0450d823b47edb984ef

SHA1
b418a1284fb5f2806c2ae47edb39f55850c14b5c

SHA256
ea6af26cbd7f97fc4eb20db1f069da20ffa86f2610f87a36f4aa0b9806496018

SHA512
08e315d2d4b618e07d6b91ce8dec26537da34eefb1d900c106ba439e4681cb6d26b00e4e717038c167f74aa569d2668b560418d038e08fe5fa49319bc9d87158

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\19741

Filesize
16KB

MD5
f8d2dcd3e6e8962f5832007a401d50a5

SHA1
f32115dfe4e86166174ff742c112e6ffcb0d37a1

SHA256
4415cfb9e9d79a626be770f5e3bec0f393d8d3ca2b39332a77f12d2a21847bf7

SHA512
8b2746eeee25e71cdf07004af5bcdf2383e67f2ef4c37d8f3a58881b33a3e0f958dd982c5b5a9747cf8540a34de02e9d1c3ba5712636116d22b6ac25ab5a1ec4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\20000

Filesize
16KB

MD5
62ac05ed75140781eaa2acc57745e3f5

SHA1
059c403d7f613793592b4c1659e5a03feb08f107

SHA256
408afd9dd6d1697debd0bc342ff662cf97e95658d220c76d53dcfe60cd8359a1

SHA512
8e4dbf4da68273ced20a29dc9c9ebc2d105e4d7193c2986a54357676927ac09289ae2f67744d5e7d99db64692eaee699be0b2aade67d35831d97751b081c73be

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\21858

Filesize
17KB

MD5
9334f4eade7fb43147b1dd0c8baf06a8

SHA1
e1461dba58a9711d2812e21a411c7afd0ad9b95a

SHA256
2254fa58965418f15418056e8ce8fb69be6e4505f7c7574ea0a4968b5630127f

SHA512
5c7c54cd03676a3640cbf115cdd2d620c2c402af6d6044862e028ed319e01503a874680080641aa71bfdc4adb151059a78f35bb02bc3d57f2cea03647080cae9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\23231

Filesize
16KB

MD5
77ed478a680356b936b7644b2af101e5

SHA1
d50ad088bdcc4715acef2e1ede2229afb234dda5

SHA256
1288d5572d43479cebbc3d9368eecf1329157f1733719e3e39a18214998eef9b

SHA512
4348238d93bbef01fe048e039f0a953dd3a28cc32e5b17d25b4592a701abe13c89249527921370898e691f8c7ec02e928fb562106f99f860454cfbbbf3de4147

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\24675

Filesize
16KB

MD5
60d59f0686ce34de8b9730a0aa075c30

SHA1
c63a4d6d83d55f35d23c17076e1817ce407244ff

SHA256
70ede2fbf7aa8999d25928e764abe814d4756dbf25ad5615094a450dac74780d

SHA512
0009084795be1eb9720c87960c3b0f69ee7d357c12037e5453761039fd19e809d4b2cb4da2b7025f71ec93d93bd7fe278f3d432539d8fd172839f08a6ebdaf8e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\25205

Filesize
16KB

MD5
de13f0614bde249299ffb30b0096f0a1

SHA1
36d732a2fc439166f8947eefb4eeab28cf93cda4

SHA256
5f5d135562fc68a19a627e2e72968c3a45877f89d0dda4ad7b16c170601e946e

SHA512
8db03da97c08763dc00c3ecde465413bf62448ba045914bee014699cd0b4c9563f36ff6b5a29d47403c82a333159feb0e04e780b40623fedd6786bcb20db4f15

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\2659

Filesize
16KB

MD5
01f5c55538dbb2a0f272e4ca688765fe

SHA1
c5bf4351592c364f0b35047edb0f92489bd0b2c5

SHA256
77305298b9653c01c45b598420c8099a698d71528607f4bfe9b667f710093dfa

SHA512
150d08973b760e305da11bf35fc4bf352779f50c237c788dc6583dc019793bc8840ef9d33229fefb7422052cdba0a21c670b3563808c79d9adbb81e80245bf5b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\2702

Filesize
21KB

MD5
4174a4ae66416f04365c6d02bf14bb4e

SHA1
d0c11290036998536e4a3fc4c8ff7747993dc8cf

SHA256
147c8cd1c7ef7e6e3776b7c44ff7fe8f214f859ad160fe6db8034eb936e830db

SHA512
bc80028284599b53aa9e4d4b31b35257be67ee011c234b80b2b5b5595e2534e9b7d8967e39beccd8669792514d3d614f37e5ef7e4463a20584bdfca404bf0115

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\27816

Filesize
15KB

MD5
a993206c209d63e26790b54237a69d38

SHA1
2e7fbc9eef6778b5c029ccf82b60d79945830bd8

SHA256
35183cc757029bb8cf08c1386ee915f6c6fcd99b00b091e62ec4e6d081d4765e

SHA512
54a162b42aeb604fa1db2073874e422853c5444e5da9ca15e61df9a99fc25729d466f64c0b0bf88b999d99fa6f2bdb0bd31576befe2964c9d1c66aa219ea460c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\28683

Filesize
16KB

MD5
331f58c2d4ac19bc6bba87c185c0673a

SHA1
c11852b5cbd06504bb69ed96e476715f9ed16db1

SHA256
4208383e653ac107f3d4d55263bab1907b3c3f28b1ca4f3a2e75afa765ad1f87

SHA512
1f09f8f9625feef4cb6098391bf71c30099b19c25047f504cc4adec9e75a57d01c9e67883e2421f3f9b811b045e16f772eb9425f1259eed2498e9f350f7118f7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\30211

Filesize
16KB

MD5
ea2c8934262c1a541aff6750a0f792e0

SHA1
0c88b06a6bbf89741d13b93ea7be628c767103d8

SHA256
80dbae08dbd4713605d8ff7305d68f13463fe1215778eaaeecb5bf6798da415b

SHA512
ea517bcc390ad717ec804c30d413ec7d61daae9275c5a42e76eaffdf71a253625a28526a448b4fb3ed82ef50f08d7c6bf25fabf5edddd498cf23d05ed58f9fb6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\4802

Filesize
16KB

MD5
786faf3bc9891bf8c01c52ea6e73a8e1

SHA1
d10794d52f086af4c4cca38e62edb8fad362c1a4

SHA256
9421cf26e10ff6885c225079c20f688ff26c08721cda163d2df9a1798d78bb37

SHA512
df819980b96569a2c7dd032f5b358ff55477baba039f0b1e26f1ec60d609bff69f9d1730d5e8778ca1093b7a5f3ef040c4f692f2147ad5577e490dae1bf08af6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\5112

Filesize
8KB

MD5
7901442e6accfc3bbfbe6b109793f90f

SHA1
c780c64b6ba30cad24b62813ef071a4ec11af11d

SHA256
3508d437d4a1cf92c1d93a21dda5bb05df53829ac74867ab2f056d138fbf4b8c

SHA512
085e5116b217202c23572de58785a66c11948a53095794dcbc9c75641d6abb65d7cde1d65fc3c599e536d1a2758fe36961809ffad1abe7b1f04d7b6666c02ceb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\5305

Filesize
16KB

MD5
6c652df14a14b60802553a8d5eb852d5

SHA1
0d7fb19cdf3cad887025c77cd78109cd3c0409b7

SHA256
8ecd8a482dc6793f0e2837d363c568d79837b83b6cabfc36b01742f7ce261ec8

SHA512
5191a05833240914d7e4e5aa6e21abab8c37ed394faf713d54412afc867c208acad52fb865a00e26a24a751ebd0d4b639cbf20e961a06de537bb63573bb67e53

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\531

Filesize
16KB

MD5
cfa179b0304234849a340ba79a5a5e71

SHA1
3ee161280720a77e81bbd0af725d1d0796a92ed1

SHA256
b72cdb7c8ff9f806628645d25ff8a9897a8001c612115b1af6ffb165aaeffddf

SHA512
02c21a1177d1876438aba82f6f2f7841e1b75c6337317a0b850a0743a2f2a4d86643428190f9c04507898694e14bb249e36d9bbdc923d79defd49adb01fe11bf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\5418

Filesize
16KB

MD5
46adcc88006bcb79908cfa190f41a2c4

SHA1
f8bfe576266d5efe667fff87a4db2d77d4522b2c

SHA256
599c110a741fbd215f8c40ac561bb9d21acc17e0c9dd628319fd010e4b26a071

SHA512
6dbb5c25fb5ea8d56524db152c7a36a507813a93cd864e4ed50696d593d996a169d53ef648e431ffd8d9744b4d4106057b4b36498fdfb86d38161c9e3ef600f2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\6566

Filesize
16KB

MD5
0ed45635572b9a661dfc64f5743625ef

SHA1
6d6f466c0be6a7d486e5818325df2cecc278e703

SHA256
e47e2f9770ef7c830ddbe5ef9ff602b5c5452e3529d12def610ca6b1fce27ee6

SHA512
db0b76e8bb7de26535cba910bda43b20b2feeb5d2127815398a1300911cffd22582896a0389bc81cdec30b46961bd894307dda0483fcda6403a32112c4d54f06

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\9801

Filesize
16KB

MD5
a503a20590166e52ecb2782651af9431

SHA1
59e3fdf3df3da55f189315cebaab363034c25850

SHA256
dca592ea356f5c5633c677ea0f75a49343f9dc4b0c9ca7c6d9cc0cfe5da4aa67

SHA512
ac89b363e30e5d95044fe01c6a3b1522fc28604569a06e498341e51209aaf5660cc612054ab856ba608b44088387644a9f512d95255f16db8b108322cd28bbe9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD

Filesize
33KB

MD5
c83db706f1d6dea9b4bbe0fea314a980

SHA1
79bf7f5a1330b612acf881b6a9543a1a5c86d70b

SHA256
946df81d4cbd2d74234118f216e866ab5010ebbff54ec96d5fc7aae2d3544193

SHA512
948181ee99ac1a9c1e6e7d9331c6d8adf1cc1ea6c1807bd58941df6fbedc7908ef90f2f8ffc728ccc326de84e68031f2550268e88c2955ce11e1acacb8f83871

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\AE001A6BFF3D85EA310E93A0AF3C440D134ADF82

Filesize
97KB

MD5
61dc0c642055cca999ce4ab96faf59a1

SHA1
ee980a127a247631dcd666e8f609639813b07ff7

SHA256
306a157730f37d6294d5fdefa68812fbb554ef882befc0464609d9e817e32de7

SHA512
2ce13a6c185aa9ed01c70e5b628a031b2366b5664f91433f6348d55b2c21123beee40af68229b7bfa20eacdf16937b261e81493211335a229784842f2f003deb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\C312F2B0D66A25FD8E03470F585EC35B2B34704A

Filesize
31KB

MD5
271d6219150090f0a6b22ab52311933a

SHA1
b52b1a7f2ee84413342bcd35d8bf27fbe2819368

SHA256
f376a2e3819c3a070bcd5b4f531f980c789b4ce36aa249781946854203d1fc8a

SHA512
d5c38555f30560eaf2aac8a779c52750200439eabb2df8a1ace3952dbac8946767cc8113ce731452c0e0b83bb5218da83672fa1e122cd6f0d0c91a4f21fc54f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_DC3A09C9CFDD4813A4BD9D1E726D9912.dat

Filesize
940B

MD5
ab97cf9f1f816f306b1e491be67d434e

SHA1
d371a83664ae7785de50d035c29726d9adb3637c

SHA256
264255babc1de5288d15b74a671c856f3bd3162baff78ddb2fa11888ab4d7bf4

SHA512
04a90abbc0a17878d0cee18c9fce3c198890437dd0a49a97c3410e38b8f7bf02cc053912c4762329236b1e5611cdd0df704050300ee8140d5984856aa1632a06

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
a938566e5df133660ea432d368efd838

SHA1
86c5b66111a785abe6c116d3f66995e6dd51d8e1

SHA256
e614cba43ef081ca407018282c59842acb7e94944a9e4985b36d8a4b9e6661d4

SHA512
82c27f6e0034b98ea5a87a5389296fc489efdf74955c5874d31b8a6b70468cebcfa773abec707780f56234f9edd0678802c1c093024ff2e04410594d77aa10a9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\88efa495-54b4-4fc6-975f-e3e97f8ddf2f

Filesize
734B

MD5
6173107bea453f471b7b3c073533fd1d

SHA1
000f1156fcdfd3e86a77c361c796f153a943fdf1

SHA256
41136043bcf2a6bd5691304586a317820906e76f07875223b3ca373e0ca0b51a

SHA512
a4cf298fd5ac4fc0061bc6516fed80c685eaadb3d395d165d4bcf50a460442a4cc552bcda76ee108cd7e47977c1ddfd4b8649bd6501caee70202896464001dc0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
f65fc5a2e58f51454591c663266862c7

SHA1
cbad8d8348797529a0dc8883694f759d4592cd01

SHA256
2b06ba93717cb6067795b0da8c2af4d7b19697c7dbb9374017932f6dd3144940

SHA512
e4e409e7b13e12169ca93484bd89a025eb7872fab9bb17cd5011cf9adc718d89998b2337559b490dd607d23912bba17b4a8b4b33d2a4e54a8a3a27165045a5f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
7KB

MD5
905d4384adee42efa81fa67f1a6ad91d

SHA1
9ac69d610d3fa59836519451416872f0a2de0884

SHA256
602a54d8696142abe73fa7b42614ef62594196259797ccd73ad587e97ea6e273

SHA512
1167c1f69678f7633aadaa882ee58ea7c31c5c5d5fc235f5ce53f087ef4afcf08c231bdaeb571bb90258fac5a3aabe4e9bccb1f9c0622b21184b24b3ad3d74a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
966c39d4c97706becf6aa4fede166fb4

SHA1
01c9dd7d74550e16ff30fe8ef620e8fa8f6c15c3

SHA256
1a719d8e08dfcd6f58441a9c3483133a006ff68837217dd6eefa5cf311335ad4

SHA512
aff78b6954363c837fabc26a8da79d6fc3cd024b7c6681483f4a4488b996183b599d1264592720db89d2adbe8cd2a62a6aeda58aa3cf7c97c11d27e6ec2e0fac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\serviceworker-1.txt

Filesize
180B

MD5
f239b63acd5ecce1ea1eadfee8233a92

SHA1
7181285956c781d40771c8bde63b5efc44e96a29

SHA256
b8e6b0cc9d37061c63e50890a0c2b240e2944c2908faa3283f57f8d15022a0e1

SHA512
11508c4646239887f5c4c07acbc50bc2be079ed841342f379831d0569ecba3d944d98392c592cb6cd0eea28a8c6d617065da082b6074227ac188260c168c7411

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\serviceworker.txt

Filesize
165B

MD5
77b271983144d593909ddc4b5c679bf5

SHA1
044d3335a4a44a3c7ba626325eae933c1ad431ce

SHA256
bbb6981dc2fd4e46e7d2d2ed5662dc4d38c8d317b1f3139b5adf32109e347159

SHA512
d61ca122c48b341d14b08471e96ef370810ac99098f577b520f94fa9164882b188f1f0b6b60e240669573d8d52bb79a7fdb18d231d8f5d45bd6c133aa1815c47

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
14KB

MD5
6466809da61fad625f9adb04fa457572

SHA1
5e8cec115ce71ed409c7704862c352737bef03fb

SHA256
f6eb84aef30d775596700cf213d7623d1226ed0b677b3fc2ee327497f72998e7

SHA512
04c8138182ae7223ee84720a959466f45d3a30d8fe7df117e63c957933d51712b07475999883a08dcdcb6515f0e1b466abfc5296a5b232e983f8df8f44bb97be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
15KB

MD5
f2ea346dae65cfbc72d6e32c0bf9285b

SHA1
813bf721622757370a037e3de183cd42e55fa316

SHA256
c0f83a282d6f273991dfee584692127ec53e586078876c7c32fb7a63db511668

SHA512
15c9b0a2a875d98bbe4f5a678e7c1e3ce10005e3e5fd0b4c74917cfb660d1c517523ae1c6dc6fdf07a6b6161640dbdb722dd41c81ccf74c88a6c23f40bd25397

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
76ae42d2c0fa0921eee10202fd59d94f

SHA1
efa275d9ec2d7d50bf1f4a15ec931c26d825f324

SHA256
3ca3669c662a447edd8820c06bba9b9e2ae276efa123a132997311d5e463e0c3

SHA512
7281031fc978493d726541497e10edb0ba91e160513f632adb313db546043f91eb6ff60a688eda7ed0c7b139256263176fe56dd358ab42183304890dc80da78d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
e812b364a7d6f24fd1b99bf0aa6323b7

SHA1
a11f5f22d8ae703c5c96cc05975bb7c0a9dd257a

SHA256
215da1e7946f4a8956be46ff052e2bc9c0314bc6732be35e0b5b48d05999656e

SHA512
31c840a3378ef99d36dc8531ae48c99736275490b68298abeca46e8b7e8159432ed157193cd040a7d4a2ffb93eefac7b3b6f5312f1d2ced9ec554014b7bb8036

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
106fbcc9fca59ab2cd1decf61fd44dae

SHA1
3c689aede9bc226a3bcfbaae032535772c9be9c3

SHA256
5569b98be74ddbc998236c6642ff9f8b073bf02ba622f39554dddfa431c33c3f

SHA512
5ef69cd16980e0af3751d09a6257807ec715d27208731bdd75a6c2ee57fff4f87095a3881460e28359e63d676a8ed053055c883c224da16fa565522287a06ec9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
12KB

MD5
2cfd21cf4903ed8b23506da7f986967d

SHA1
fc6d8866f451a8d2cc70ea834aaf7079c72b1823

SHA256
5d032153151d092b4ebbcf833dbad2833188f27365d2dcf618205425306cd102

SHA512
09a0ba54085c4eaff911aa1041ee11e95410bb7e9758b0fd0fd9c307b689756b2ca71063c7e9ef2d08c2fcf8d996a67f52442114a422e6c5d6cf1705ba125067

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
2b8e841e325e7dbd400a4d164064982c

SHA1
f29c8c10c39e4203ba6ef559956f7990e7550963

SHA256
06f828d08c2ed60636113ccd2e07b47bd09d34883d09d704eeafe4441fc1c3d1

SHA512
5389c73e0a74ebdd508aafb9db752e9b3d3094b32e7d3949a0eccbeda8bdd77cf57a345318ff094e88d5d878af6099bf925da43e6c407af9d1ae30a89795ae4d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
15KB

MD5
e2f996b0eab50cca26abb27087bd4c9e

SHA1
10a8bbe7e6165a98c184f7107c96fd6894b6cf2e

SHA256
9c7ceb76d99f4cf4f63dafe6a5b0f2bdb2cc0c5840ab5fc5e89e03fedaaf62a6

SHA512
7ea1dedde90192a211bad6e4797caa3a587694dfe45dee390fc59b2df306e274acb86c07c71111e98d70685b0e3c0adca04f5a46ba947da59092753256a6e9f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\default\https+++www.se7ensins.com\cache\morgue\98\{176f5c1c-f9e6-49fd-8e37-d6231b5af962}.final

Filesize
2KB

MD5
81c542f8823ebd1002b023a3abf06fdc

SHA1
c9014514e5f46ab23daf73f11b02141715d056cc

SHA256
9a8a674170fbf6af1939cb9f75b6432b45e196fe48ca171a76ee1217515fff17

SHA512
9bb97eccf14dae0cbaadf46a6a6e7171b316982be029f8c5c8f9b6e5986c9930ea04dc66424b50f2c05dd3842ac880d8efcc1723a8eb7776e395929f92d8cf65

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cgoogle.com%29\idb\2171031483YattIedMb.sqlite

Filesize
48KB

MD5
203b77107c44528b058f73812db9099b

SHA1
43cf8f0576cb7fcf9307d0bd9321853f1e3d440f

SHA256
27bf66bba0e34f6efe770528c3c62f74eb20a5997e9fc366f7ea9824a82bcdfa

SHA512
3cae8c58f4d1ae5511be82bee6f7d30aae006f3846de5c154c2d844e3a2eef0205cb152cf82050395998fb8afce8fb074cfe16289389abb0a7818702667f3112

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
b01efd0877d8bb4a5d754d6d5a5922cf

SHA1
6dfaecd4219afbb206185171c64c777e9c73ae21

SHA256
ef1ebedd446ce18b79317f09953ff8a6069f92749188b45945567c315388aa90

SHA512
6f5fce89b6dc7e6979fdb01493c0811bcd55cb945d7665cd9a23e93419a5aa28207b3f614461103f04b0406741e8020c35252fda5529e41e3e918e42fd89c086

Download Submit
memory/4492-81-0x0000020027350000-0x0000020027878000-memory.dmp

Filesize
5.2MB

Download
memory/4492-588-0x00007FF9EA700000-0x00007FF9EB1C1000-memory.dmp

Filesize
10.8MB

Download
memory/4492-1078-0x00007FF9EA700000-0x00007FF9EB1C1000-memory.dmp

Filesize
10.8MB

Download
memory/4492-545-0x0000020027CC0000-0x0000020027D6A000-memory.dmp

Filesize
680KB

Download
memory/4492-160-0x00007FF9EA703000-0x00007FF9EA705000-memory.dmp

Filesize
8KB

Download
memory/4492-582-0x0000020026E20000-0x00000200270EA000-memory.dmp

Filesize
2.8MB

Download
memory/4492-0-0x00007FF9EA703000-0x00007FF9EA705000-memory.dmp

Filesize
8KB

Download
memory/4492-170-0x00007FF9EA700000-0x00007FF9EB1C1000-memory.dmp

Filesize
10.8MB

Download
memory/4492-10-0x00007FF9EA700000-0x00007FF9EB1C1000-memory.dmp

Filesize
10.8MB

Download
memory/4492-2-0x0000020026B50000-0x0000020026D12000-memory.dmp

Filesize
1.8MB

Download
memory/4492-651-0x0000020026B40000-0x0000020026B4E000-memory.dmp

Filesize
56KB

Download
memory/4492-1265-0x0000020027A80000-0x0000020027AF6000-memory.dmp

Filesize
472KB

Download
memory/4492-1266-0x0000020027150000-0x0000020027162000-memory.dmp

Filesize
72KB

Download
memory/4492-1276-0x0000020027180000-0x000002002719E000-memory.dmp

Filesize
120KB

Download
memory/4492-1-0x000002000C510000-0x000002000C528000-memory.dmp

Filesize
96KB

Download