Overview
overview
10Static
static
3Debugs/AlphaFS.dll
windows10-1703-x64
1Debugs/AlphaFS.dll
windows10-2004-x64
1Debugs/License.dll
windows10-1703-x64
1Debugs/License.dll
windows10-2004-x64
1Debugs/New...on.dll
windows10-1703-x64
1Debugs/New...on.dll
windows10-2004-x64
1Debugs/Ver...le.dll
windows10-1703-x64
1Debugs/Ver...le.dll
windows10-2004-x64
1ErrorLog/D...1].exe
windows10-1703-x64
1ErrorLog/D...1].exe
windows10-2004-x64
1Libs/Extreme.Net.dll
windows10-1703-x64
7Libs/Extreme.Net.dll
windows10-2004-x64
1Libs/Injecting.dll
windows10-1703-x64
1Libs/Injecting.dll
windows10-2004-x64
1Libs/libEGL.dll
windows10-1703-x64
3Libs/libEGL.dll
windows10-2004-x64
3Libs/libgc...-1.dll
windows10-1703-x64
3Libs/libgc...-1.dll
windows10-2004-x64
3Setup.exe
windows10-1703-x64
10Setup.exe
windows10-2004-x64
5caret.xls
windows10-1703-x64
1caret.xls
windows10-2004-x64
1msedge_elf.dll
windows10-1703-x64
1msedge_elf.dll
windows10-2004-x64
1test.asp
windows10-1703-x64
3test.asp
windows10-2004-x64
3Analysis
-
max time kernel
174s -
max time network
147s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
05-07-2024 06:28
Static task
static1
Behavioral task
behavioral1
Sample
Debugs/AlphaFS.dll
Resource
win10-20240611-en
Behavioral task
behavioral2
Sample
Debugs/AlphaFS.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Debugs/License.dll
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
Debugs/License.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral5
Sample
Debugs/Newtonsoft.Json.dll
Resource
win10-20240404-en
Behavioral task
behavioral6
Sample
Debugs/Newtonsoft.Json.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral7
Sample
Debugs/VersionStable.dll
Resource
win10-20240404-en
Behavioral task
behavioral8
Sample
Debugs/VersionStable.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral9
Sample
ErrorLog/DirectoryMonitor_[1MB]_[1].exe
Resource
win10-20240611-en
Behavioral task
behavioral10
Sample
ErrorLog/DirectoryMonitor_[1MB]_[1].exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral11
Sample
Libs/Extreme.Net.dll
Resource
win10-20240404-en
Behavioral task
behavioral12
Sample
Libs/Extreme.Net.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral13
Sample
Libs/Injecting.dll
Resource
win10-20240611-en
Behavioral task
behavioral14
Sample
Libs/Injecting.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral15
Sample
Libs/libEGL.dll
Resource
win10-20240404-en
Behavioral task
behavioral16
Sample
Libs/libEGL.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral17
Sample
Libs/libgcc_s_dw2-1.dll
Resource
win10-20240404-en
Behavioral task
behavioral18
Sample
Libs/libgcc_s_dw2-1.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral19
Sample
Setup.exe
Resource
win10-20240404-en
Behavioral task
behavioral20
Sample
Setup.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
caret.xls
Resource
win10-20240404-en
Behavioral task
behavioral22
Sample
caret.xls
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
msedge_elf.dll
Resource
win10-20240611-en
Behavioral task
behavioral24
Sample
msedge_elf.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
test.asp
Resource
win10-20240404-en
Behavioral task
behavioral26
Sample
test.asp
Resource
win10v2004-20240704-en
General
-
Target
Libs/Extreme.Net.dll
-
Size
121KB
-
MD5
f79f0e3a0361cac000e2d3553753cd68
-
SHA1
4314bcef76fddc9379a8f3a266b37d685d0adb79
-
SHA256
8a6518ab7419fbec3ac9875baa3afb410ad1398c7aa622a09cd9084ec6cadfcd
-
SHA512
c77516e7f5540ecd13fa5d8cecfce34629acecd9b5a445f5f48902c9e823328fa9a6694ecaa39f5b6053de61c2b850c2d87df25357548afaad6ec37eb3e5e355
-
SSDEEP
3072:bdoECIgjBibgp2tBqL0Y++ruXqMG4ih3lbpMqc:bdoECIgUrG
Malware Config
Signatures
-
Executes dropped EXE 10 IoCs
Processes:
Setup.exeSetup.exeSetup.exeSetup.exeSetup.exeSetup.exeSetup.exeSetup.exeSetup.exeSetup.exepid process 6396 Setup.exe 4564 Setup.exe 6492 Setup.exe 6796 Setup.exe 5528 Setup.exe 6244 Setup.exe 520 Setup.exe 6604 Setup.exe 6612 Setup.exe 6968 Setup.exe -
Loads dropped DLL 10 IoCs
Processes:
Setup.exeSetup.exeSetup.exeSetup.exeSetup.exeSetup.exeSetup.exeSetup.exeSetup.exeSetup.exepid process 6396 Setup.exe 4564 Setup.exe 6492 Setup.exe 6796 Setup.exe 5528 Setup.exe 6244 Setup.exe 520 Setup.exe 6604 Setup.exe 6612 Setup.exe 6968 Setup.exe -
Suspicious use of SetThreadContext 10 IoCs
Processes:
Setup.exeSetup.exeSetup.exeSetup.exeSetup.exeSetup.exeSetup.exeSetup.exeSetup.exeSetup.exedescription pid process target process PID 6396 set thread context of 6212 6396 Setup.exe more.com PID 4564 set thread context of 392 4564 Setup.exe more.com PID 6492 set thread context of 972 6492 Setup.exe more.com PID 6796 set thread context of 5520 6796 Setup.exe more.com PID 5528 set thread context of 640 5528 Setup.exe more.com PID 6244 set thread context of 6132 6244 Setup.exe more.com PID 520 set thread context of 6044 520 Setup.exe more.com PID 6604 set thread context of 6440 6604 Setup.exe more.com PID 6612 set thread context of 5464 6612 Setup.exe more.com PID 6968 set thread context of 5324 6968 Setup.exe more.com -
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
firefox.exefirefox.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe -
Modifies registry class 1 IoCs
Processes:
firefox.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings firefox.exe -
NTFS ADS 1 IoCs
Processes:
firefox.exedescription ioc process File created C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$.zip:Zone.Identifier firefox.exe -
Suspicious behavior: EnumeratesProcesses 40 IoCs
Processes:
Setup.exeSetup.exeSetup.exeSetup.exemore.comSetup.exeSetup.exeSetup.exeSetup.exeSetup.exeSetup.exemore.commore.commore.commore.commore.commore.commore.commore.commore.compid process 6396 Setup.exe 6396 Setup.exe 4564 Setup.exe 4564 Setup.exe 6492 Setup.exe 6796 Setup.exe 6492 Setup.exe 6212 more.com 6212 more.com 6796 Setup.exe 5528 Setup.exe 6244 Setup.exe 5528 Setup.exe 520 Setup.exe 6244 Setup.exe 6612 Setup.exe 6968 Setup.exe 6604 Setup.exe 520 Setup.exe 6604 Setup.exe 6612 Setup.exe 6968 Setup.exe 392 more.com 392 more.com 972 more.com 972 more.com 5520 more.com 5520 more.com 640 more.com 640 more.com 6132 more.com 6132 more.com 6044 more.com 6044 more.com 6440 more.com 6440 more.com 5464 more.com 5464 more.com 5324 more.com 5324 more.com -
Suspicious behavior: MapViewOfSection 10 IoCs
Processes:
Setup.exeSetup.exeSetup.exeSetup.exeSetup.exeSetup.exeSetup.exeSetup.exeSetup.exeSetup.exepid process 6396 Setup.exe 4564 Setup.exe 6492 Setup.exe 6796 Setup.exe 5528 Setup.exe 6244 Setup.exe 520 Setup.exe 6604 Setup.exe 6612 Setup.exe 6968 Setup.exe -
Suspicious use of AdjustPrivilegeToken 11 IoCs
Processes:
firefox.exe7zG.exe7zG.exedescription pid process Token: SeDebugPrivilege 4528 firefox.exe Token: SeDebugPrivilege 4528 firefox.exe Token: SeDebugPrivilege 4528 firefox.exe Token: SeRestorePrivilege 3552 7zG.exe Token: 35 3552 7zG.exe Token: SeSecurityPrivilege 3552 7zG.exe Token: SeSecurityPrivilege 3552 7zG.exe Token: SeRestorePrivilege 656 7zG.exe Token: 35 656 7zG.exe Token: SeSecurityPrivilege 656 7zG.exe Token: SeSecurityPrivilege 656 7zG.exe -
Suspicious use of FindShellTrayWindow 6 IoCs
Processes:
firefox.exe7zG.exe7zG.exepid process 4528 firefox.exe 4528 firefox.exe 4528 firefox.exe 4528 firefox.exe 3552 7zG.exe 656 7zG.exe -
Suspicious use of SendNotifyMessage 3 IoCs
Processes:
firefox.exepid process 4528 firefox.exe 4528 firefox.exe 4528 firefox.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
firefox.exepid process 4528 firefox.exe 4528 firefox.exe 4528 firefox.exe 4528 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
firefox.exefirefox.exedescription pid process target process PID 1556 wrote to memory of 4528 1556 firefox.exe firefox.exe PID 1556 wrote to memory of 4528 1556 firefox.exe firefox.exe PID 1556 wrote to memory of 4528 1556 firefox.exe firefox.exe PID 1556 wrote to memory of 4528 1556 firefox.exe firefox.exe PID 1556 wrote to memory of 4528 1556 firefox.exe firefox.exe PID 1556 wrote to memory of 4528 1556 firefox.exe firefox.exe PID 1556 wrote to memory of 4528 1556 firefox.exe firefox.exe PID 1556 wrote to memory of 4528 1556 firefox.exe firefox.exe PID 1556 wrote to memory of 4528 1556 firefox.exe firefox.exe PID 1556 wrote to memory of 4528 1556 firefox.exe firefox.exe PID 1556 wrote to memory of 4528 1556 firefox.exe firefox.exe PID 4528 wrote to memory of 4576 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 4576 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 5008 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 2616 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 2616 4528 firefox.exe firefox.exe PID 4528 wrote to memory of 2616 4528 firefox.exe firefox.exe -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Libs\Extreme.Net.dll,#11⤵PID:164
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1556 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4528 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.0.256192670\538984355" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1612 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b35f99a2-8590-4b61-880c-36fd57152f83} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 1780 23a6e8f0e58 gpu3⤵PID:4576
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.1.180961114\1945428131" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca71ad77-579a-4a21-9b3a-87338ad9087a} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 2136 23a63872b58 socket3⤵
- Checks processor information in registry
PID:5008 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.2.2087785568\1872984519" -childID 1 -isForBrowser -prefsHandle 2924 -prefMapHandle 2920 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {da425ef8-7408-469b-bcf8-f6d424ebcecb} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 2936 23a72b9d458 tab3⤵PID:2616
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.3.75058371\1274503902" -childID 2 -isForBrowser -prefsHandle 3524 -prefMapHandle 3528 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {588b7a54-64ef-4c4c-8858-74085202e58d} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 3556 23a711e4d58 tab3⤵PID:3076
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.4.1741440085\1872824567" -childID 3 -isForBrowser -prefsHandle 4384 -prefMapHandle 4376 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {16fee4f0-de87-438d-a50e-a8322c386d00} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 4396 23a74e28958 tab3⤵PID:2444
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.5.1528660120\794880995" -childID 4 -isForBrowser -prefsHandle 4984 -prefMapHandle 4980 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ee51924-2857-4ee6-9119-7ba88374f0d3} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 4992 23a63865658 tab3⤵PID:3012
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.6.1931859016\1908959936" -childID 5 -isForBrowser -prefsHandle 1380 -prefMapHandle 1552 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {54dc4cbc-1439-4351-b0c7-aa0dd4b0d0dd} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 5116 23a75384258 tab3⤵PID:4628
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.7.786274565\341324183" -childID 6 -isForBrowser -prefsHandle 5252 -prefMapHandle 5256 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb5d4790-1be1-4786-b063-d72d21430f9a} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 5244 23a75384b58 tab3⤵PID:4088
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.8.1085262786\1446866004" -childID 7 -isForBrowser -prefsHandle 5612 -prefMapHandle 5616 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ca49423-c4fc-4ad4-8e26-815714b460f2} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 5632 23a6eb3b458 tab3⤵PID:3540
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.9.1319680788\1298330172" -childID 8 -isForBrowser -prefsHandle 9460 -prefMapHandle 10088 -prefsLen 26543 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1392a664-1eb6-4e51-ba6b-0df35821ec4e} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 9444 23a6ebf3558 tab3⤵PID:5172
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.10.1064870816\1452692527" -childID 9 -isForBrowser -prefsHandle 9364 -prefMapHandle 9360 -prefsLen 26543 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee41d15a-e458-4ec1-bbb4-e0cdd817cfc1} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 9372 23a77bce358 tab3⤵PID:5184
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.11.1961872403\381782839" -childID 10 -isForBrowser -prefsHandle 9480 -prefMapHandle 10096 -prefsLen 26543 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f5feec7-f0c8-4620-8cfd-b1b362df2d65} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 10060 23a77e0c758 tab3⤵PID:5192
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.12.166951869\1846538772" -childID 11 -isForBrowser -prefsHandle 9492 -prefMapHandle 9488 -prefsLen 26543 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b26e8928-156d-43c4-b455-2b317f9599a6} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 9288 23a77e0df58 tab3⤵PID:5200
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.13.169294894\63820366" -childID 12 -isForBrowser -prefsHandle 9492 -prefMapHandle 9284 -prefsLen 26543 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c480144-e5a7-41b0-a82c-6d7a46172017} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 9296 23a7818ee58 tab3⤵PID:5276
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.14.1850635965\405547875" -childID 13 -isForBrowser -prefsHandle 9296 -prefMapHandle 8992 -prefsLen 26543 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6674cff-67ff-4337-aafe-956d11d4f53f} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 9492 23a78479858 tab3⤵PID:5436
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.15.644725712\1453449888" -childID 14 -isForBrowser -prefsHandle 8920 -prefMapHandle 8924 -prefsLen 26543 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {311e8701-2156-455a-b94f-4cd5a43883b0} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 8660 23a78458558 tab3⤵PID:5444
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.16.1232460903\1468436626" -childID 15 -isForBrowser -prefsHandle 9020 -prefMapHandle 9016 -prefsLen 26543 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c913dc27-d2f7-4667-a0fe-fb8bceed30b6} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 8880 23a78541658 tab3⤵PID:5460
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.17.361382641\814551459" -childID 16 -isForBrowser -prefsHandle 8360 -prefMapHandle 8356 -prefsLen 26543 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb779f7e-73bb-4fe8-8dc5-77295e208b87} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 8368 23a78540458 tab3⤵PID:5472
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.18.1844974214\523259513" -childID 17 -isForBrowser -prefsHandle 8176 -prefMapHandle 8164 -prefsLen 26543 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {00819f11-7772-457c-82c3-ca6866c4e7db} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 8188 23a78455b58 tab3⤵PID:5524
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.19.1981872973\1651969631" -childID 18 -isForBrowser -prefsHandle 8140 -prefMapHandle 8132 -prefsLen 26543 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6845327-c0dd-41b8-98db-a87889468be3} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 8360 23a78039858 tab3⤵PID:5972
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.20.423606262\735696949" -childID 19 -isForBrowser -prefsHandle 9020 -prefMapHandle 9024 -prefsLen 26543 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4a5d91e-ffcb-4aaf-97a2-23f909a79b89} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 7828 23a78038958 tab3⤵PID:6076
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.21.672510966\731739775" -childID 20 -isForBrowser -prefsHandle 7636 -prefMapHandle 9020 -prefsLen 26543 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a54b19ea-d1ca-4719-b9e6-175e0b863a9e} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 7644 23a78b05558 tab3⤵PID:6128
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.22.1235135177\1499424435" -childID 21 -isForBrowser -prefsHandle 7376 -prefMapHandle 7284 -prefsLen 26543 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b255326-54ab-4791-bc4a-7a875d709841} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 7308 23a70034958 tab3⤵PID:6748
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.23.364325266\1305227531" -childID 22 -isForBrowser -prefsHandle 6884 -prefMapHandle 6888 -prefsLen 26543 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c06f80b-d768-4a6d-b8c3-5d8d26d7e44d} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 6952 23a7743f558 tab3⤵PID:7096
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.24.1488273622\1213081290" -childID 23 -isForBrowser -prefsHandle 6872 -prefMapHandle 6876 -prefsLen 26543 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5eb9d9cc-1cd1-4105-8a13-6c1a199bbd10} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 6840 23a77442558 tab3⤵PID:7104
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4528.25.89188524\1552483277" -childID 24 -isForBrowser -prefsHandle 6860 -prefMapHandle 6864 -prefsLen 26543 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cd7d3b5-b342-416d-a271-af8cb2dd2134} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" 6728 23a77440758 tab3⤵PID:7112
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:6740
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\" -ad -an -ai#7zMap20380:118:7zEvent251841⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3552
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\" -an -ai#7zMap32563:196:7zEvent294771⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:656
-
C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe"C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:6396 -
C:\Windows\SysWOW64\more.comC:\Windows\SysWOW64\more.com2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6212 -
C:\Windows\SysWOW64\SearchIndexer.exeC:\Windows\SysWOW64\SearchIndexer.exe3⤵PID:5504
-
C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe"C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:4564 -
C:\Windows\SysWOW64\more.comC:\Windows\SysWOW64\more.com2⤵
- Suspicious behavior: EnumeratesProcesses
PID:392 -
C:\Windows\SysWOW64\SearchIndexer.exeC:\Windows\SysWOW64\SearchIndexer.exe3⤵PID:5704
-
C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe"C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:6492 -
C:\Windows\SysWOW64\more.comC:\Windows\SysWOW64\more.com2⤵
- Suspicious behavior: EnumeratesProcesses
PID:972
-
C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe"C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:6796 -
C:\Windows\SysWOW64\more.comC:\Windows\SysWOW64\more.com2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5520
-
C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe"C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:5528 -
C:\Windows\SysWOW64\more.comC:\Windows\SysWOW64\more.com2⤵
- Suspicious behavior: EnumeratesProcesses
PID:640
-
C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe"C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:6244 -
C:\Windows\SysWOW64\more.comC:\Windows\SysWOW64\more.com2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6132
-
C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe"C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:520 -
C:\Windows\SysWOW64\more.comC:\Windows\SysWOW64\more.com2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6044
-
C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe"C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:6604 -
C:\Windows\SysWOW64\more.comC:\Windows\SysWOW64\more.com2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6440
-
C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe"C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:6612 -
C:\Windows\SysWOW64\more.comC:\Windows\SysWOW64\more.com2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5464
-
C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe"C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\Setup.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:6968 -
C:\Windows\SysWOW64\more.comC:\Windows\SysWOW64\more.com2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5324
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1011KB
MD50f5ac58d1141669520ef806a93e5fae9
SHA1945c698653906cf3e60ac78c85cb4a2912a5fefc
SHA2562b072860a7dfa494fa7d04118af241ba64f3170bfca69ac8845c79a00b308427
SHA5126c698845582b32fac54babd78c4d8535a7d05e390efe67474116cc784fa628cf880bad162b83c32b9512bce1ac72545057d071cea02127298d7a20e500424627
-
Filesize
1011KB
MD5e7972ad16195c335bcee7cd9b652bfef
SHA186e05c4252ab58a9c34f8961cc5328750d3cc608
SHA2569fa9f0ea2f212cc91a8c0beb0198bcfa6b398bafc8f45430c80fafde5a5bad86
SHA512fae13d207e0524be0f1a2db52651f7c063e682736ef5fc7aa8a15911e52f55308934473a6204f5ef091889a905667e51b87daceb3978cb72a4c245a323d6bb73
-
Filesize
1011KB
MD595d929e7afffa5f4c5ca88b200ddeee1
SHA1e31acad1067024420008da3c67b6a6795aaa47fc
SHA256ebc9c40aeead47b8581a7d911910e760a84cc8ed0d74f46f61e606eccb38f8b7
SHA512c6e9575c9cf9269b9330ac6dd80b8303a654aeb79a141a87c7e4166f4417f07af7ac60ea7b1b9cd2464270a0c7543e7e11b3e31b0e8556f0384c7ba1a8391d24
-
Filesize
1011KB
MD5b0cd173c78398f4cab4bfd12a1342411
SHA1ec79a9f2193f2061b013ce1961ea71a105a561fb
SHA25648f24858f713883c19969365abf7ea3bb91748cbe85461d6f36c020ae4c2cc76
SHA512d8c38dbe06897284d40f0f1e53be788d3fc42e62bd7aba0c627c7d54fb72d716052252668e4c75a84adb7e001e5d6fd67f55de9244ec28546ee6484168349ab9
-
Filesize
1011KB
MD59da9d0ac8f35d97e9f17c298548743ae
SHA102b2358c892818efa2907d6f37142aa13db44c31
SHA2561604a2730b1924a6d815257ecb939f124069a6a1eb3364abd6b253b42da76ec5
SHA512d3a29e99285d2209908932977bcdaa9d586984dbdf60ee6b42897a194a1835182b02eb3e2259d6fc4310844707d6142998c992b488360ec98e9ecd4767a4dbeb
-
Filesize
1011KB
MD57d6766c9e94fcf5b0d7b4acdcd1a4b59
SHA1b1624543cbe49b5ab1ef0f599905beef5f0f5d7c
SHA256f029cb8ffb51e52f3845ccbd74ea332e7862bfbf2ad68184d23e69d9cc1bc6bc
SHA5121df7f46125f2a6a0f7eedbef9b5fd31c5aff0143870ee058e879703be55ddfdde176433cbfbfa8ec41506f02c39b0e5aadb64ce90e7d3c1e79785cd27f6c50e9
-
Filesize
1011KB
MD5b60588953d80ab34dfc2d98ef6f36754
SHA1df9a81dd9edc4295fc17f234de456217a6df06e4
SHA256b689cdf07ad836e37e4141e67ad7ebdc9e40a9c7393f496caf729483a2c4e7c3
SHA512caab9b32e220497bd395899d810a4f0b06f39d05fa4675046672cfa9fed7434e3ee96f83cd366a37044e97a815c3b97757cf83c45fe17e486bbb28b6300e0070
-
Filesize
1011KB
MD54b9f903fc180be92071a58434b16cb78
SHA182b688d291d53f08ed134add4099b984f48eb7fd
SHA256bb47a145bffc3f4339ed3d7c51e0d15f5d5b801717c8bae484d9769e23029afb
SHA51257666a97c46bbcc228bab32f56ff2b17da8c9ba8103899c2c71da881f7c6cc961a9af0f9576eca2f0764f4f8c4fed70e7239686ea8ca799281d65a1af80e86ac
-
Filesize
1011KB
MD5f72207ce5fff942f68085656e52c34bd
SHA1568554a435216c1e7ddc930743c4a2b389208ed0
SHA25694532200d0aecf88eb2ba5098616125bb49e87e3521d23bb68fe302888c3da4a
SHA512ba063ec525b5117c960ad678782e53907a2b6de5b4f045223c23906d9282d2c55c8c54ae08452a2013de07eee4085a1fd06004e8a73dcc881e6471f37e48b468
-
Filesize
1011KB
MD5a3673056db6133ebf30054fdce0477e2
SHA1daa9d02fab70ed817303794a6d6cf484c2b1f63b
SHA256918701da909d7080d2a3a2ba234958319b763a258e78fed8f30e62ff0281f95f
SHA512c5d1ea3484ad9cd9651e44048a2af597332740c043353686e9b845dccb7fcc36af1342401e4f2075c4c86f05d3e2c67599bf9051d4f47fb2d4ca96653502cffe
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
Filesize
1.9MB
MD5196afb2cb100b0ee5ec126433ff9002b
SHA130d16e8ea4c76062f16d0b7fafbff72eb6d5a91f
SHA256f76f2ea7f4122d098595277a49adc77360164d5932a4efe76a1ec818bc292fac
SHA512c2b4c7cc0945af341374556a8030b749de88d958c869fd68cf3178da0834277030f7d3d205f09420d99af0c181b54d33b974a170875fc481464c60f4ca25e531
-
Filesize
1.4MB
MD503477e2970d9a74f2b451e4bbd955f83
SHA1f3881b739fb9a448875c6a8a8dd72af2221d8c3a
SHA2569ab10ed9f1efb22a1c2e8f21ea262da1677e4032c6050d560d6af24b28546f00
SHA51234b0bdcc87b071ac9a5b69109952c23e89ee5395273e4dea7deb28a5216184a5bedc9698cfdfa67187171cabe5605cc05d113d2c2730bbad739bb34c1a18a0a1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin
Filesize2KB
MD5854c3fcc98e6ed3906cc45ca65e283d4
SHA197fded75d17e99870bde19e1b7c10b35aed59da5
SHA2568f8bf3008ab01039f5ec48447487b5f37b2e245a5baa0fe227288c17545d26d7
SHA5125ebf42b2b6efdd01791aceda67140305d92ea836b9baeac3523e0a184af90698a67ad5dbbd92d6e0fbdb997a28d96a86710ab311dec2c6fbd7c35841f51bf71c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\46445c98-cc01-47c9-9cef-47e8532bd590
Filesize746B
MD5c0f575c8777d8875c53957f2c7724987
SHA1f44a4611578d30997559e974636ea5660678d30e
SHA256995e3a06cbea3edcc6431f3dc917edd4580d318f5d118b6b765efbd31c09db49
SHA512dd8b74b3e82f93fe462eec3cd455dcd4b73396c3154f00ed23dbf0a25365da078a95c8f730c52f99cf192c032d30391c6d05cb2e898b3400b796a798112aab51
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\58a70c74-6ddd-428c-a600-a31edcf1a610
Filesize9KB
MD5f6963b25bfaa91f3aa3b5eb471c65dfc
SHA11472a98fe9cf7e3ef94413dc0c5262e9511c9a98
SHA25679d340443ed78a1e1f49dfc1d07030a714cdeecb2a081cc86fa1179ce15fccfe
SHA51225c3bab648e855834282a2533afbcac390b87718b80602df112fffaeb0b9c17d72447d609e1c4258bbd3380d5bd64b4ffb6983e1af2f5b8bc62108bd250f5429
-
Filesize
6KB
MD567be1644149c54cd40b2bb08a83dc81c
SHA1ab211fc449bdc6faf70a46c731efccdf072e52de
SHA25664ee1c2991bbc84be21e70dfe8c53113d1ee759f10d0fe20b7ec17f9835a8b9b
SHA512cfc2fed1993e0d04157f40e3500a578a3c93e81dff892f2799ea7de9fdfbb0c89a445dc9497da20f150bffd6025abee9a8fd36c6243693b8aa6324d4fe0fd8e6
-
Filesize
6KB
MD56a3e5c7fd6c1231d28b689bd37957203
SHA1f65c743f3155c4fe09ab51bad714ea27761770c7
SHA2563a045a2b708ccb193758a66224be4252572efcd0222278d11249615776db2655
SHA512edaaba64117d77ad247966d69190e7f099baaf3bf06c81c4646f508fdf660f25199078c988e577e1da698e9e29abae5ff5947c307a1caf421a5560ae924b8e77
-
Filesize
6KB
MD597309eaa0ea36c0d9a9b9c9786dc34e8
SHA1b39fa882330fbcb626e8ecfc0edb365c32bed8f8
SHA25694946e039ded1d3e3ee4a5003fa73ffaa80f2a8620cb6614d267bf579ea93ac2
SHA51235eda972e57b8104618036ee8ab1267b64809e4298a4097b9057b42947b8fe85beeb84860c19f4aef138145b59f8af9e7372d7e0a56e9ec2c18ff577bc6df5f8
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize1KB
MD5ba328301b7664dee37ed4119de3001b5
SHA184d2aec34fd817a4b13e3ccddb59b2726187d651
SHA256a3a7b3209bc5dec24dc42aa322c10701c78ab335bca958c10f7dcacd91206436
SHA5124d98d2b76575c488c40ba3deed69d11710d37eae7329131a9583d8b3aef8908aababc87cc8db63ef968c8812882b43fbfa224f57fae225a8e07f42328b64f89c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore.jsonlz4
Filesize1KB
MD5cef221a08f9e5c2f8aef42ad66455b52
SHA1c7b32d8077b6f8dac852c53de89fac38feaca34f
SHA256776defccf4ffffeb0dd80708875fd92127871c4c4b30d79fbb3bd4fee5a51e64
SHA51202ac4a94f61bd312411e633751fa278e2209e88b8690d7bc7904cb673fd951ea4dd0a7dc474dc9a1b6af16af3de98da4bdb5aa2e2b183cb1d78fc65a15cd6b8e
-
Filesize
3.2MB
MD5ba2ea4ea9bddd1f890f3441959e7dc5d
SHA1ce98421e54a268f74f17fe0279726a17f9ffaf4f
SHA25675240b9609c102dbec6d1ada163a1bfdfe156f55dd21c5e614b3a60722d61929
SHA512fb952eeb92d736989409c6bcaac3d8edb96a262fd58dcf0f4ac18cecaaafd60929bb04c75bb1378485b9de099b55573740d0494ca7b7777f0a9c3ba99448de39
-
C:\Users\Admin\Downloads\#!SetUp_14807--!PassW0rdz#$$\0pen___files\!ŞetUp_14807--#PaSꞨKḙy#$$.rar
Filesize3.2MB
MD5415c085f378e65f59dfd6deae91cfab2
SHA14b9f3775fc9894c729f7fd535abbeac7db0702d5
SHA256ebb59cab1ddc68e72abd89054f79792f214e5fb3d5a094168930334a28a069df
SHA5127bda743ad7cbe740319fbe861b856fad2f555e5ac13f84722c3c5e2ace00e857cc4d42d9f61b80b70ec47c9587d62e8176fecc5207f22bb54ae9c14fa5ae4641
-
Filesize
1.1MB
MD5f975a2d83d63a473fa2fc5206b66bb79
SHA1e49d21f112ab27ae0953aff30ae122440cf164b9
SHA2566a2d3876003f6c68f824df4f0033564d8c230716908ba2e6c06ea1dd6d5f98e8
SHA5124af4ce56bf131432d488ed112f8858c1e1392d013c6ac0603f2fd70ed513091e35854c0f678efeab7fa9a551517c6b9698f40a92729112de4b852fa3c0c69d64
-
Filesize
779KB
MD54d4b5ccd0ff38d099e68792ee07c4a99
SHA1f529d6bb59e1edd6ee57b7ceca20afaa2272d157
SHA25690b7b1dbc330af1f1d80403bacb25b46506b666aa9182fef90aaec5d612507a7
SHA512b8113fef6c0e7dea4ad6615fa0a451e72f481d72691d9f4001196be7784df8620ea8b7c00456a546204e0540580eaa13a4bb7ed18ef90ba7a7022682573484f6
-
Filesize
3.9MB
MD5b37d0df4c44e4e1e9502f6b90adbd73d
SHA12164d4fd7184f2ed4ebb225f2ea36b84c001f7ee
SHA2560b16174a0a47cfcabf5dd427e56355b806467ac3284d5d55f66aa19fbcf91e92
SHA512f5fbb1d506835a4cedd2843a7ff1e1b750ad0c147730e9de521de0c1b67cece4ded32ea0bf153341f9fe6630febb7af785b117d4c49fdfe01e65a18fc450a265
-
Filesize
53KB
MD5012206c2a828f8687db2a3e5e878068f
SHA1ee75d067cebca73b982546e1d4c7c7cf32569e8a
SHA25642f229a1430516ca02825a0b8ead2aa296c1a1cd7e1b41165d918e6657fe4ac4
SHA5128a0c894cdf75f675b692a3e5fd0db278536c7b8044490fd1a83b47ca606996d9d36190017f33ff9874e0223dd6e2dbb9f5173c870d501e0ae57fbc2bb6ca323b