hxxps://fastupload[.]io/ds5ITkusTf5zNDA/file

Resubmissions

06/07/2024, 19:27

240706-x58snatdjf 1

06/07/2024, 19:23

240706-x3z3qs1dnn 8

06/07/2024, 19:14

240706-xxlm6a1cpn 1

06/07/2024, 19:08

240706-xtmfaa1bmj 8

Analysis

max time kernel
166s
max time network
168s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
06/07/2024, 19:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://fastupload.io/ds5ITkusTf5zNDA/file

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\630 mod menu.rar:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
7028	AcroRd32.exe
7028	AcroRd32.exe
7028	AcroRd32.exe
7028	AcroRd32.exe
7028	AcroRd32.exe
7028	AcroRd32.exe
7028	AcroRd32.exe
7028	AcroRd32.exe
7028	AcroRd32.exe
7028	AcroRd32.exe
7028	AcroRd32.exe
7028	AcroRd32.exe
7028	AcroRd32.exe
7028	AcroRd32.exe
7028	AcroRd32.exe
7028	AcroRd32.exe
7028	AcroRd32.exe
7028	AcroRd32.exe
7028	AcroRd32.exe
7028	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
6620	OpenWith.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	1104	firefox.exe
Token: SeDebugPrivilege	1104	firefox.exe
Token: 33	4400	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4400	AUDIODG.EXE
Token: SeDebugPrivilege	1104	firefox.exe
Token: SeDebugPrivilege	1104	firefox.exe
Token: SeDebugPrivilege	1104	firefox.exe
Token: SeDebugPrivilege	1104	firefox.exe

Suspicious use of FindShellTrayWindow 18 IoCs

pid	Process
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe

Suspicious use of SendNotifyMessage 17 IoCs

pid	Process
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe

Suspicious use of SetWindowsHookEx 30 IoCs

pid	Process
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
6620	OpenWith.exe
6620	OpenWith.exe
6620	OpenWith.exe
6620	OpenWith.exe
6620	OpenWith.exe
6620	OpenWith.exe
6620	OpenWith.exe
6620	OpenWith.exe
6620	OpenWith.exe
6620	OpenWith.exe
6620	OpenWith.exe
6620	OpenWith.exe
6620	OpenWith.exe
6620	OpenWith.exe
6620	OpenWith.exe
6620	OpenWith.exe
6620	OpenWith.exe
6620	OpenWith.exe
6620	OpenWith.exe
7028	AcroRd32.exe
7028	AcroRd32.exe
7028	AcroRd32.exe
7028	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2820 wrote to memory of 1104	2820	firefox.exe	74
PID 2820 wrote to memory of 1104	2820	firefox.exe	74
PID 2820 wrote to memory of 1104	2820	firefox.exe	74
PID 2820 wrote to memory of 1104	2820	firefox.exe	74
PID 2820 wrote to memory of 1104	2820	firefox.exe	74
PID 2820 wrote to memory of 1104	2820	firefox.exe	74
PID 2820 wrote to memory of 1104	2820	firefox.exe	74
PID 2820 wrote to memory of 1104	2820	firefox.exe	74
PID 2820 wrote to memory of 1104	2820	firefox.exe	74
PID 2820 wrote to memory of 1104	2820	firefox.exe	74
PID 2820 wrote to memory of 1104	2820	firefox.exe	74
PID 1104 wrote to memory of 1660	1104	firefox.exe	75
PID 1104 wrote to memory of 1660	1104	firefox.exe	75
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2292	1104	firefox.exe	76
PID 1104 wrote to memory of 2596	1104	firefox.exe	77
PID 1104 wrote to memory of 2596	1104	firefox.exe	77
PID 1104 wrote to memory of 2596	1104	firefox.exe	77

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://fastupload.io/ds5ITkusTf5zNDA/file"
1⤵
- Suspicious use of WriteProcessMemory
PID:2820
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://fastupload.io/ds5ITkusTf5zNDA/file
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.0.719118170\659884061" -parentBuildID 20221007134813 -prefsHandle 1736 -prefMapHandle 1728 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cfbae882-48e1-48c6-b757-cafdb5df4595} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 1812 21eef8d7f58 gpu
    3⤵
    PID:1660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.1.465113283\737487431" -parentBuildID 20221007134813 -prefsHandle 2176 -prefMapHandle 2172 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b17fca73-800c-48b8-934f-08a92a464fc4} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 2188 21eef80a258 socket
    3⤵
    - Checks processor information in registry
    PID:2292
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.2.1679994485\1523295772" -childID 1 -isForBrowser -prefsHandle 2776 -prefMapHandle 2856 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6163736b-99f5-4ada-846b-6ec95b03cf59} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 2724 21ef39cfb58 tab
    3⤵
    PID:2596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.3.977504234\1398477590" -childID 2 -isForBrowser -prefsHandle 3572 -prefMapHandle 3568 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd8eafd2-a55e-4623-bab1-89461ec4404b} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 3580 21ee4862b58 tab
    3⤵
    PID:2964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.4.1578034698\1812059390" -childID 3 -isForBrowser -prefsHandle 5032 -prefMapHandle 5028 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7513d7c-776a-434c-aed6-c56e30a904d1} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 5040 21ef74aa358 tab
    3⤵
    PID:380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.5.2129609841\1075555232" -childID 4 -isForBrowser -prefsHandle 5172 -prefMapHandle 5176 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {38052d88-6da8-422a-a5ce-4d4583b83488} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 5256 21ef6f9e058 tab
    3⤵
    PID:4536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.6.1174862409\1708377425" -childID 5 -isForBrowser -prefsHandle 5448 -prefMapHandle 5444 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d89081df-6acd-4c0b-8274-0ad1b28bd362} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 5456 21ef6f9fb58 tab
    3⤵
    PID:2096
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.7.403224356\376463798" -parentBuildID 20221007134813 -prefsHandle 5680 -prefMapHandle 5708 -prefsLen 26249 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c66eea1-3d7c-4a12-b141-444a01dc5244} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 9708 21ef7ceea58 rdd
    3⤵
    PID:3796
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.8.766243587\1880541285" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5744 -prefMapHandle 9720 -prefsLen 26249 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {00b7aa0b-af7e-45e0-bf6a-749258b6f761} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 9692 21ef7cf0b58 utility
    3⤵
    PID:412
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.9.646644630\2140181862" -childID 6 -isForBrowser -prefsHandle 9692 -prefMapHandle 9748 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {44629c7d-c54e-4896-a342-c256d6d5a41b} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 9480 21ef7ceed58 tab
    3⤵
    PID:4352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.10.90002595\2099582850" -childID 7 -isForBrowser -prefsHandle 5616 -prefMapHandle 5424 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2253ca82-8d4c-4a82-9752-5185be23937d} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 9496 21ef8eb8758 tab
    3⤵
    PID:2412
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.11.821806334\1986970704" -childID 8 -isForBrowser -prefsHandle 9260 -prefMapHandle 9256 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cabec602-5fd7-4a45-a72b-deebd84c333f} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 9172 21ef8eb9058 tab
    3⤵
    PID:964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.12.693147345\848018595" -childID 9 -isForBrowser -prefsHandle 8908 -prefMapHandle 8920 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fda211bf-f2e8-41bc-9611-72d895e82505} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 8900 21ef8de1458 tab
    3⤵
    PID:1204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.13.1064851597\1777197606" -childID 10 -isForBrowser -prefsHandle 8780 -prefMapHandle 8776 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5217e749-eb6d-4914-afd7-47a4ed2f21d7} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 8792 21ef8de2358 tab
    3⤵
    PID:4772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.14.23508779\1033894674" -childID 11 -isForBrowser -prefsHandle 8612 -prefMapHandle 8912 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0f10920-ec0f-42ce-8bd3-1e465f3c656b} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 8504 21ef4c2aa58 tab
    3⤵
    PID:5096
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.15.469772320\1581906747" -childID 12 -isForBrowser -prefsHandle 5424 -prefMapHandle 5016 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8b2eebd-93b0-4d88-b897-781da983a23a} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 8352 21ef97f3e58 tab
    3⤵
    PID:5240
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.16.454735724\1711155904" -childID 13 -isForBrowser -prefsHandle 8152 -prefMapHandle 8156 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1607aaf8-584f-400c-a4ad-3add91d56f4a} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 8144 21ef97f3558 tab
    3⤵
    PID:5248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.17.704158097\1240234800" -childID 14 -isForBrowser -prefsHandle 8024 -prefMapHandle 8020 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d086f998-7f5e-47f4-8622-aca87ca9c19d} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 8540 21ef7c56758 tab
    3⤵
    PID:5420
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.18.1806084058\1685068410" -childID 15 -isForBrowser -prefsHandle 7896 -prefMapHandle 7892 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3df63770-7214-4913-8f81-f1c8267fefeb} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 3176 21eefba8858 tab
    3⤵
    PID:5856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.19.976890502\439017815" -childID 16 -isForBrowser -prefsHandle 3912 -prefMapHandle 3908 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8030f766-c273-423d-aa32-3855c730b9ce} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 3920 21ef73ccd58 tab
    3⤵
    PID:5956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.20.694674617\456051872" -childID 17 -isForBrowser -prefsHandle 7560 -prefMapHandle 7472 -prefsLen 26464 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {59256eab-6479-4d23-8e24-01451b78a2c5} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 7492 21ee482e458 tab
    3⤵
    PID:6964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.21.994363561\889130699" -childID 18 -isForBrowser -prefsHandle 3912 -prefMapHandle 7568 -prefsLen 26464 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdb4a8c1-9d07-4ece-bc87-320587bee683} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 4996 21eef8d5258 tab
    3⤵
    PID:6972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.22.149036538\1277412756" -childID 19 -isForBrowser -prefsHandle 7272 -prefMapHandle 7276 -prefsLen 26464 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86b1469e-e015-494f-921e-6af462688f82} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 7352 21eefbaa658 tab
    3⤵
    PID:6980
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.23.1520020260\516480352" -childID 20 -isForBrowser -prefsHandle 5056 -prefMapHandle 5784 -prefsLen 26864 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f18c1324-7ad8-498d-a25e-8376967bbcae} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 7644 21ef0fb3258 tab
    3⤵
    PID:6880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.24.1978476441\1469817798" -childID 21 -isForBrowser -prefsHandle 6984 -prefMapHandle 2992 -prefsLen 26864 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf3179a0-1ef2-4a07-92d0-3e4c39b27d3f} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 7156 21ef7395858 tab
    3⤵
    PID:6816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.25.1439783115\1042208778" -childID 22 -isForBrowser -prefsHandle 6760 -prefMapHandle 6560 -prefsLen 26864 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1cad57ae-969c-4bc9-b61a-93cdb810de0a} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 2620 21ef8f3b658 tab
    3⤵
    PID:6992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.26.358709255\1602700313" -childID 23 -isForBrowser -prefsHandle 4988 -prefMapHandle 7064 -prefsLen 26864 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8953c9bd-b79a-4153-b983-db6d0089fc0d} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 7196 21ef6eae458 tab
    3⤵
    PID:6508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.27.1736754503\1154840814" -childID 24 -isForBrowser -prefsHandle 6696 -prefMapHandle 6716 -prefsLen 26873 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a438c565-ddd3-4e53-adb6-1068453dd8d8} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 6712 21ef7afcf58 tab
    3⤵
    PID:6780

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4400

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6416

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6620
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\630 mod menu.rar"
  2⤵
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:7028
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    PID:6752
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E75D0A74F0DF67724A7EB2F937EF0A28 --mojo-platform-channel-handle=1612 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:6824
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=AFDA099FD6B2C8268CD59260F8F9ED79 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=AFDA099FD6B2C8268CD59260F8F9ED79 --renderer-client-id=2 --mojo-platform-channel-handle=1624 --allow-no-sandbox-job /prefetch:1
      4⤵
      PID:6892
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0F144E0EE61164B547A6221834FD5DC8 --mojo-platform-channel-handle=2324 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:7020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\22021

Filesize
9KB

MD5
b27ee23e38e13ba144d0a91703ebdac6

SHA1
b55051489e292c80efae7786f541fa0c4e7e9369

SHA256
4f156610d048089f7f1f495ff2d4356e298fda2f752b0e99829c03e7ceb0d6fb

SHA512
73d2982486777b556fc1e497f74c53ad27a48b5fe6052a4b464ec258ce6eff349318fd55bea46a1cef6c1001f9176959f44204708438383bc689b9d6357cd39a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\24232

Filesize
9KB

MD5
1c0362be9ee622e9ad0e2beb6d7a17d0

SHA1
0bbb290da919191b93b73469499cbb939bf41be3

SHA256
25078d192a9c344d4334b31d3f8836a4227c6ebbb26a77cd71484affc7ffb6c1

SHA512
f4626e38a3de824c913c778528f3c214d29d11637903a5af56a0aaf4561e96d0fd98b049f6a7d63656b78cc5f56e1595162f4562f88a8e5023f5d2f19bf48c79

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\4DABAF7EFACD377F68614B900873860C74399618

Filesize
220KB

MD5
b49fcdf6e3d0dde5298326332bd0c86f

SHA1
92db5463094b6ee7a278a65a8c4fb58f7e273883

SHA256
aae732daeba406c32a454b484ed19ac1cccfa4f43043e89499966d1a65bcc98f

SHA512
d792e168606ad0f4c00eb19fa8cfad702f251d81f9647cc659a09749a5092df9668d940945bd8bd9f3cbe52bcf827c7200c85b0080dc67b5ec1d583ee0322fbb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\81B3CB7B1E979F128EAE9FCCB54A9DE442690747

Filesize
15KB

MD5
ced30e2ded676131152759e8365ef744

SHA1
d41cd2f462245a42693aad915b685b6847fffe3e

SHA256
069117f2162ad8b80783b77b631c9d2c86fbb28989042efb502daec9a9cc60d1

SHA512
5b12dc4f3ed22857907917bc04be394b26c4869702d1637ba7fe24faa4d47ce5a1679aeee978bcc0e935f39616f7b187b73faf2331ec1f5d7d965b916d199ed8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\911E86104DF51D658EF06AB72B3ABC4F212AAB03

Filesize
259KB

MD5
222ff1e7dd40ee105f63917bb0408f05

SHA1
cb2017ef232f9498e69aa03f5f0567a7fd6a0363

SHA256
fb9a040edbe588c1790db299073332612f771320a8f64e2d33d9197efe2cb852

SHA512
5c5095dd23148df8ee7ed8ade14594034843b105d20f8746786f94dd0ef510aa1b4d81e056f96f20d48d57ed8341e8928a42ea0d872132411169343ce210a967

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\CBE8D62163D5EAFA0819153F3D80FE268DF76E0A

Filesize
60KB

MD5
4d797b8ad7db12d472d365c98d49a393

SHA1
5f308ce35370932fa6e6150f650559e44b66f952

SHA256
26215cf1a9057afca122e399009914b7e739789e186516817cf57f0e3e99b404

SHA512
98b1c14ddf9330af111a1c405c1d1a0b258f61c6527e331b49c310f83dd681ae19c9f8190271de70258f5b725afed19e888f348c7aea5a1c33e1b2495881a295

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
766cb4d3dc8488de5e7ceec39de8c687

SHA1
42406302694cab6be7111eeee7cd419c0372ec12

SHA256
abea3c9d7c65ce44ef907dd41077ffe09dd102d51dcc7b605fea54761bd0bea5

SHA512
b7b9829c26f93d185f7fb593a3b413403e0656dc7b67ccc9e7aba3095f9eaf94fa8db46aa60922e87871ab0059f2104e1224f14815a8b735ad97a095fef845da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\06609cad-639b-441c-8f33-287783f74d30

Filesize
746B

MD5
ff6851f9c631d2fc939573d3a5d4a9d9

SHA1
d4e00dc6d7ca8ecfecca3361b787d9344ef274d7

SHA256
c947aebe26d05b33932e05adeaf4640cdaa35acdd44614fbf660ba1828391e6a

SHA512
8a237b5cb17ba6a3c2afde7420ef77f6e896ff146798e24e5e794b97acf9b47812c1d438bf00c601be14058f5c3cc6026c7808a024d117f53aaf2ddaaaa4f4f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\7fd9c512-dfdd-4f51-b4d0-25dec947eb8d

Filesize
10KB

MD5
949d4db941ef5c6eee8c23e3fa669153

SHA1
0d1c5b677236e4dfff86a16937828bd2876783d2

SHA256
8af9136747a8f58a1b35b493619997407b347898aafcec53329fbc6652b1230d

SHA512
575bc36a2e3e26eeb92bc8da6910ccddcfebb33d4dd3c559596b1dee92bd4408418b893eba61f2d664f39c2e3f467f20de270a8b067f001f23b22a2b74031241

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

Filesize
6KB

MD5
4bc46eb4f13062b91c9bd64695fe8571

SHA1
5642368a0d09013669b2a0e4978b0ed6bb062b5e

SHA256
c17d7153b4f3da7eb5f0647a66238f44484458961ab031673b3158b25d29ad8e

SHA512
1dca6a430260e37f3f8832386165f0c916494951083ae30ef19c64e2400d66d069013033dc01eb826798303cad4c81e504047a493405e241e63b18cd3caf6dc3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

Filesize
6KB

MD5
e95cadda44c8eb661813d4ef5a8b761c

SHA1
19d48e862cdd905b97cd06c0cd662a8f3b333111

SHA256
c3eecd00ef65ca2e65197103807f7b59c50dd6bd85bbd03edf91d41d860b9429

SHA512
30abbeb05864794e937bb08eb1d71786c313620f65e1203c622afe763569b57ae95aa2bf6afd2bbb197d4dd6dd857ffbd1bbd6f57ce2061bfc82f7a745d8babc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

Filesize
6KB

MD5
cde0e6f93a864442af013c0e23f95613

SHA1
cec389c0377fe53480a7b63b9388c193774a0184

SHA256
a62530abab89b03deaef55b2c4e836a02002f05d0ecf5a07b2d702925da3bb45

SHA512
65133378bfba11b906474f4185eeb8488b3c3a313c86e26b2891657ae2970b3d60cbedd8a5e97686b26e72229f384e8389d8d929234be79257cf4ebadc16d041

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

Filesize
6KB

MD5
d6fbfa448ca59187fde92bbe403396ac

SHA1
345c0280d11a23ab2d2a5fdde0f386b5df652b3c

SHA256
e44c5568a6c83cf178c158fe26395a9ab9fc1566fc91c35aa73478269993e9bd

SHA512
da5d9fda995047fd0d94e8755018b0d6f017c04a488f99d007be104f147fff5516998ec28d94610f2684482e092660c3615ca5b1680b013ee5c7a9d8ec2ec751

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs.js

Filesize
6KB

MD5
7493a383c51893f69d79a4cc73208cac

SHA1
bed5f8fc7422b35e797030b5b2d7f71639d0a2e9

SHA256
116314394e57f24ffe9075ae800180fba8ec4db8a9bbbbaa42a99375f9cf6afa

SHA512
2be2cbcbe98d8bb024b575b4c31cc10b44b0888341eaefdb3b29d9ac75393e932a9091190b9bd793e276f87811139f9b986c63abe32da3deab383e6bff8e732e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
50KB

MD5
1932caddc8f875d19f74c9debe635393

SHA1
a850c7999a4020da73510f383c6998b5cb71c564

SHA256
e536d6852747f77403a93d078b311768e52de1f885fab6d9eaa2dd9dfbbdd887

SHA512
e95ae750450a6e6961255935573e72afadb4a688234d2ea6b88cf99c3700ff42b419fddc5f27409431cc1639409ce4f118b3f5bf0c7147f70a95ad49d4973dd2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
52KB

MD5
7294008fa78ada91652e32634beb50af

SHA1
990311ff54722a4f24697ae4de33c7db715220d1

SHA256
6b7dae4c5453fb86bbf5c2d2f40f59e3f2b9a79700d87e9899fe00acbf5f1121

SHA512
d8a6d1315cdba6f90821c6407c16d7ada671734452edc6d4e675d75700ade18849f729928c80717916fcd4c6f38f28991c54e5bac9e2b60370d991d31f1b1af7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
53KB

MD5
da5128b7558e999a2ca74ec511ba581e

SHA1
dbd1309c991bc1be52bf5ce64593429e8efb54b6

SHA256
431be481cc5032af7c6eadbf2c96c5bbb1f2eb0b4398035267c14079a0569560

SHA512
8db89fa48b324f050e89dc9fb162c53dc349b186cde29b5ed394cb83fd774ce3d4afe37667acd16523a5df1b9a9996711e174a78529d26768931de6eeab2b6cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
1927c8cd82c911d59c397021e84d13c2

SHA1
fcc236c42d24aa3f399b6aa9f490038159aee454

SHA256
179fad52b89c854760003bed68413e21a4d022232fb448fcfe973f6f6504e47e

SHA512
05b43236fcbf98044894fbf58ad74b8a22f5252541aa11e8f6e81986e20b00d356004eeebfb98cea6c29cfa66016486b38b36e2e02db5cb91c828abf1e0226c4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
56KB

MD5
be9be540a670c7c1cb24bb62837f5609

SHA1
f35c1edc1d06f7125cef242d260e5a73f6331df9

SHA256
ef6274d0fad15087e6031a9dc03ddde47782a49dc8c923e2a6236847b5f3f18b

SHA512
087c1e42c64a458c0870322d429bec96f60993f78eb1138a6ccfb877335a5cd12402637692a9c3ac8dfdbff9a3a7fa8a404881e9e0c7bfc4fa8f0b6b30dac3a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
49KB

MD5
eafa39701dac516fc0e90027a01498ee

SHA1
d14faf62c9b41219842e1523408d7b0ef9ee8457

SHA256
73350a7ed515093d3db2c3fd585b510396324e1e08dd7ed2d960f2d58a20c796

SHA512
702d280eacbaee9a34b5487e16dcc7ff3c1b1dbc0882af59e5cf6dc8f8f495782015b7744780095f4981f66aad7a6d76ce41d12ad8841c42ac8d09db259da307

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
49KB

MD5
c94d485f0b89e5eeb976ab5661782c09

SHA1
437c845180dc92e2ada4fec1e98243aacfb09d10

SHA256
a64fa3a1ff9294f60c5e4f79390fd70ea2ffdd7c201142d776198adac2bbbc6e

SHA512
2853d892feb6fd7b19030720b98023b698260c625eae3c7b2bef5394e13907ca04bcf6ab998485257c6e6306c0d9e5469b2a6ceeb63328ad88bfdd6e0295bba2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
53KB

MD5
4f47e36371907264be592b88e39f52f7

SHA1
ef0f07e285567993f0f79e78a3ee90b716df3937

SHA256
d03b77928b3e27be19f167993f0499184a2b1618624c2797f866b7ad526fb987

SHA512
288f6373612140d5f4ee080a41b174220ea2969534f7853c34721d546f095fe73eb5dbdae55b4e50df723aa7f1bdf1f2f01c6bfe6e9d1f727a79a0ec8f9eea76

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
50KB

MD5
f8ad42650fe73cf49bfce93767033180

SHA1
a6d4be00383fa51069d03a923d3d0e97527d9e16

SHA256
9677b6824b6994c1f7bb533ff650868c4dfbd2b9fcc01cee0de124640fae0acc

SHA512
a818e48d3206450422319e986325e4c72bbe7b2c6c6d04d8a5d297b282947e1a2295d7e715411a3dbd26c3577f54546df6b179299cdb52ef9d53f278e37cb666

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
56KB

MD5
dda3a9d6c9b3e0bc27c639382774dd9d

SHA1
90b3f9520aaaedd5548c44ffe2d9ac48b68e9f32

SHA256
28bb1d7935e6d302f3c585dd7849cea5936543c85d111331bbfdf908b3ab2e3b

SHA512
759eb8df2ed9cb81bcc20b288f7c9eddd67dbd308b331f95420e443c595c86f9f8d3031e6e8ad692c622f92cfa6b74eaf9ce166ebeac0e099d4696f664f9c75b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
53KB

MD5
ad2fbf385998ecd853f2968c60f22c59

SHA1
44658cb324e2e739fcee47b16d682ded0458c6c0

SHA256
0dd1fed30b655fbeeae7a8eef957ad912df48115594b18f6acd4a9bd32905276

SHA512
8c90b33edc739e5bd63cf78c528b82d3c12eec23fefd55417869b50a75dbb5be8090016ebcf7959b0e75e90b60452dd6060b9dbfcc11e3965e7f75c089243fed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore.jsonlz4

Filesize
56KB

MD5
60bd365c7090f338d2395a62a41b1380

SHA1
04ca9821c812df0ed1c57fe6723a0f385771bda4

SHA256
d6e44cbbdff940e013148cf0c06f1bc810883cd37535319ab059c9d54583b42a

SHA512
130c33f44e7c18b28a7704018d54863c311cb968156d8ac4ea252668425887209727408ffcdee8a165ecc4aaccc44f066436eedaf13b1dd12f924ad37931c14e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\default\https+++qcuxe.dwhitdoedsrag.org\cache\morgue\186\{61f6b1d3-ec2e-4a0d-8cb2-05a690875fba}.final

Filesize
19KB

MD5
ec08de4a1630a928ab05736daaa330f4

SHA1
444cefe5ac852b2924003e05c69db5529b1cab4f

SHA256
698b6d9e30f017a7a1e9371b9c021ab510d41dcc53d51339991072d9868305d8

SHA512
2c209607e5a13cc7de02b22655b984fb0c0bc28b7b7ec30eb66993f8f3e453218427566f9511e5533f7437a67a94bdb3b31e55ecc56930ded7f34c1b12b35d9f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
69cc4ce68ce55e681c368d219f32a10d

SHA1
28afdfa7d331fbb72dd993ecefea313f2799b446

SHA256
d4e13af44e4664821cf15715fbb0038aa5d3f03e3b7a15a7efd4745d77a4b8d2

SHA512
4b1a2f353f0d8e1efbd9f1deafc551fdde86bed7d32662d025640b67c3a9e71e0c635a3fdab10196eb32ef5870fb58a6973c8920c7f42adbbd537ffb18c399df

Download Submit
C:\Users\Admin\Downloads\630 mod menu.HylaBWAE.rar.part

Filesize
1002B

MD5
3345de78c0e438ee47a9d578f27d473b

SHA1
4e557bc7f6c1cace5ed2162851f527f2bf2b639d

SHA256
b38f70d208ab3e813cf4a20e1257abfc87a993c7a08ba50c5979bf77f22d73a6

SHA512
49584cbc74c4f9668e1e9010b1f4c6c4317ae8c40fc20cc98ed72833b02468cbfa3b8a15df0db3436f3a20191aca5aeb467b2d4ee37e523a0d432f1f307ff282

Download Submit
C:\Users\Admin\Downloads\630 mod menu.HylaBWAE.rar.part

Filesize
27.0MB

MD5
5f8420ef9532dda67f5ff6a0f1f8db3f

SHA1
f85b3d0eebf35045738e714ac0c8f715d2b8a7f9

SHA256
1038c42930c2378dda5d20862ea1ac57ad2bfac465587af2deef2b22261b12d3

SHA512
1fef160e4285282b9d9038dfb710abcea20e7b5f161bb8c3e15669d44f2a62aaa61f9676cceef6ebf0234df06eeb581ae39b4aa7d01ff12e203486a13b3211bc

Download Submit