e7110a8d8fba913c5ced90b38c669d01eea27b172b1e1c5792aa0e911b76ef69

Analysis

max time kernel
1049s
max time network
1019s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 21:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Discord-Token-Grabber-Menu
Size

292KB
MD5

3fe7e299add3d4c18f484b1d8204def8
SHA1

d19b8a97df4ecd248c771eb94ba2a1a6f028fee7
SHA256

e7110a8d8fba913c5ced90b38c669d01eea27b172b1e1c5792aa0e911b76ef69
SHA512

702b56aa68a68db312ca2d5bb875f4b9fc6e9e893b8fab363a23864b51faf8be36fe30b7c7c668449454e70208ed3017e44f207ebb9d67a367c4dc8599db7b73
SSDEEP

6144:Sko/l2n9dH5M2vkmLbOCl8wId9RI9+vZJT3CqbMrhryf65NRPaCieMjAkvCJv1Vc:7o/l2n9dH5M2vkmLbOCl8wId9RI9+vZt

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 22 IoCs

Web Service

T1102

flow	ioc
189	discord.com
172	discord.com
181	discord.com
97	discord.com
143	discord.com
151	discord.com
168	discord.com
188	discord.com
95	discord.com
96	discord.com
173	discord.com
179	discord.com
183	discord.com
94	discord.com
150	discord.com
152	discord.com
153	discord.com
154	discord.com
169	discord.com
178	discord.com
142	discord.com
149	discord.com

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
612	firefox.exe
612	firefox.exe
612	firefox.exe
612	firefox.exe

Suspicious use of SendNotifyMessage 35 IoCs

pid	Process
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
612	firefox.exe
612	firefox.exe
612	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 2728	2740	chrome.exe	33
PID 2740 wrote to memory of 2728	2740	chrome.exe	33
PID 2740 wrote to memory of 2728	2740	chrome.exe	33
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2540	2740	chrome.exe	35
PID 2740 wrote to memory of 2588	2740	chrome.exe	36
PID 2740 wrote to memory of 2588	2740	chrome.exe	36
PID 2740 wrote to memory of 2588	2740	chrome.exe	36
PID 2740 wrote to memory of 1916	2740	chrome.exe	37
PID 2740 wrote to memory of 1916	2740	chrome.exe	37
PID 2740 wrote to memory of 1916	2740	chrome.exe	37
PID 2740 wrote to memory of 1916	2740	chrome.exe	37
PID 2740 wrote to memory of 1916	2740	chrome.exe	37
PID 2740 wrote to memory of 1916	2740	chrome.exe	37
PID 2740 wrote to memory of 1916	2740	chrome.exe	37
PID 2740 wrote to memory of 1916	2740	chrome.exe	37
PID 2740 wrote to memory of 1916	2740	chrome.exe	37
PID 2740 wrote to memory of 1916	2740	chrome.exe	37
PID 2740 wrote to memory of 1916	2740	chrome.exe	37
PID 2740 wrote to memory of 1916	2740	chrome.exe	37
PID 2740 wrote to memory of 1916	2740	chrome.exe	37
PID 2740 wrote to memory of 1916	2740	chrome.exe	37
PID 2740 wrote to memory of 1916	2740	chrome.exe	37
PID 2740 wrote to memory of 1916	2740	chrome.exe	37
PID 2740 wrote to memory of 1916	2740	chrome.exe	37
PID 2740 wrote to memory of 1916	2740	chrome.exe	37
PID 2740 wrote to memory of 1916	2740	chrome.exe	37

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Discord-Token-Grabber-Menu
1⤵
PID:2924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5c29758,0x7fef5c29768,0x7fef5c29778
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1292,i,12927021154357028651,9567936916610394805,131072 /prefetch:2
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1292,i,12927021154357028651,9567936916610394805,131072 /prefetch:8
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1552 --field-trial-handle=1292,i,12927021154357028651,9567936916610394805,131072 /prefetch:8
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2252 --field-trial-handle=1292,i,12927021154357028651,9567936916610394805,131072 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2260 --field-trial-handle=1292,i,12927021154357028651,9567936916610394805,131072 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1308 --field-trial-handle=1292,i,12927021154357028651,9567936916610394805,131072 /prefetch:2
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1356 --field-trial-handle=1292,i,12927021154357028651,9567936916610394805,131072 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3600 --field-trial-handle=1292,i,12927021154357028651,9567936916610394805,131072 /prefetch:8
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3772 --field-trial-handle=1292,i,12927021154357028651,9567936916610394805,131072 /prefetch:1
  2⤵
  PID:1544

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2704

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2812
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:612
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.0.2119263768\437649149" -parentBuildID 20221007134813 -prefsHandle 1240 -prefMapHandle 1224 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a45464e-0594-49de-81af-2458706f5cb6} 612 "\\.\pipe\gecko-crash-server-pipe.612" 1356 100f1058 gpu
    3⤵
    PID:1560
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.1.1302133806\1265191715" -parentBuildID 20221007134813 -prefsHandle 1508 -prefMapHandle 1504 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0819bb0-8ed2-464a-ac14-e496e667b372} 612 "\\.\pipe\gecko-crash-server-pipe.612" 1520 42edf58 socket
    3⤵
    PID:1808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.2.631764559\1158936970" -childID 1 -isForBrowser -prefsHandle 2020 -prefMapHandle 2016 -prefsLen 20966 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {828a73b2-2354-4133-81d1-1ce91ef7d585} 612 "\\.\pipe\gecko-crash-server-pipe.612" 2032 1822c758 tab
    3⤵
    PID:2752
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.3.1526799975\1732163523" -childID 2 -isForBrowser -prefsHandle 2480 -prefMapHandle 2476 -prefsLen 26151 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {319d9cf2-9bc0-4195-af1c-0a2dbe56beeb} 612 "\\.\pipe\gecko-crash-server-pipe.612" 2492 d69658 tab
    3⤵
    PID:2396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.4.2115121610\1985468676" -childID 3 -isForBrowser -prefsHandle 3004 -prefMapHandle 3000 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3f16267-dbfd-4050-b110-844514fe2a64} 612 "\\.\pipe\gecko-crash-server-pipe.612" 3016 1bbe6958 tab
    3⤵
    PID:2724
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.5.274767646\613059517" -childID 4 -isForBrowser -prefsHandle 3828 -prefMapHandle 3824 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f6ba8bb-e8f8-4e82-8d09-3aae383dce18} 612 "\\.\pipe\gecko-crash-server-pipe.612" 3840 1d563b58 tab
    3⤵
    PID:2572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.6.370218366\677426064" -childID 5 -isForBrowser -prefsHandle 4016 -prefMapHandle 4020 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5f859cc-d969-46ce-a1cd-e217a8e82800} 612 "\\.\pipe\gecko-crash-server-pipe.612" 4004 1eaedb58 tab
    3⤵
    PID:1956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.7.1642981769\100847221" -childID 6 -isForBrowser -prefsHandle 4088 -prefMapHandle 4092 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ee8944b-0507-461b-acf2-752cfc8298ce} 612 "\\.\pipe\gecko-crash-server-pipe.612" 4076 1eaecc58 tab
    3⤵
    PID:1084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.8.33720373\605656965" -childID 7 -isForBrowser -prefsHandle 4436 -prefMapHandle 4432 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d21f7add-80ff-47a2-afdd-86fce8ab93da} 612 "\\.\pipe\gecko-crash-server-pipe.612" 4452 229ae058 tab
    3⤵
    PID:1916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.9.327274144\1156583885" -childID 8 -isForBrowser -prefsHandle 3916 -prefMapHandle 3924 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d723ec9-a622-4f72-8540-5961c6a34b28} 612 "\\.\pipe\gecko-crash-server-pipe.612" 4404 1f111658 tab
    3⤵
    PID:2144
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.10.548902229\453210582" -childID 9 -isForBrowser -prefsHandle 3068 -prefMapHandle 4272 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {28dd11c2-ab90-4d97-932e-0e128d26c3e1} 612 "\\.\pipe\gecko-crash-server-pipe.612" 3044 239a2158 tab
    3⤵
    PID:2484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.11.525311914\415402904" -childID 10 -isForBrowser -prefsHandle 3304 -prefMapHandle 3300 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed723df2-0812-4716-a965-dba5884e4a16} 612 "\\.\pipe\gecko-crash-server-pipe.612" 3064 239a4558 tab
    3⤵
    PID:2272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.12.471538121\1936205439" -parentBuildID 20221007134813 -prefsHandle 8584 -prefMapHandle 8580 -prefsLen 26531 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {576d7687-42c7-4285-b52e-dd954cac9328} 612 "\\.\pipe\gecko-crash-server-pipe.612" 8572 23b2a558 rdd
    3⤵
    PID:2008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.13.2127396391\884888970" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 3896 -prefMapHandle 4268 -prefsLen 26531 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {844fc637-3c79-49c7-a59c-6659419cf7c1} 612 "\\.\pipe\gecko-crash-server-pipe.612" 3888 23b30858 utility
    3⤵
    PID:2124

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0xc0
1⤵
PID:3684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0816c9ce918b0901_0

Filesize
19KB

MD5
c3ad5d414098a397a1405fbad0fd4344

SHA1
6c3a8b028625f05fc4180b7561ac8bab96cc8fd8

SHA256
0548dcbae20705105cc117d08c4de01da4b19cb166cc7e3281e91d6df42b3500

SHA512
ff235c0e67e75e2076507f8904777f3870df267f4a1f31a1e8e54169697fb1f399899d46c082b1bac6067adbd8d9ec226d54eee5bce1a0889fe095776c4d0d30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\738184b4bb16e32c_0

Filesize
2KB

MD5
3f0e8aadade823b3d1d8efefef8a222a

SHA1
cb27bda5e5c31dcaa74a663f8010e5d3331efbaf

SHA256
9c41d0240ba90727ca5b8c441aa6a13a282fc69ab642cb5bc06f5775b13d4cde

SHA512
d5601fc2f11a0395f6a8b36edabf7ed6b91504274db57ca05da114ce602126f0390b3c28efa02faed1a17e8a8b82de90e9f26e53c6e30d37f6113d648d06cbcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8609822ba3b8d876_0

Filesize
339KB

MD5
689bdd495c106c1bfc9e5abfe76e7356

SHA1
bce63629b93118158eee9fa9bc763ffcc729f2a1

SHA256
8f090307a8eaa9f570349431359cf7aeb54b1b17d8195099e55714529504d101

SHA512
c0d542e744ae29cd626d0afa8c90abc8105f916de42e6b8e62980b6875fa769febada37c1e59ce9c779df33321152a4a90fff5204d6c561a8a6190302a948274

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9cf29ce7723ebdc9_0

Filesize
280B

MD5
198ed5bf74c90de098fdc1cfabc9ac9c

SHA1
280d08e5dd59222441ca780d9b08d31612ea7aa7

SHA256
fed87cd23d1ce794b31135b2b5e2cb4817de3235b030aa873ed71ce1bdd0cd81

SHA512
0b9257a992fb694f679ea26be3488ca356bc151bb1000cca0c06b5319ea10a183106181406bfca0022132d49371c5525acb86344026d7eeb40410750592ca7fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ec5ea768045d5c65_0

Filesize
289B

MD5
26ad3f0274638161b543f2bbf3780e30

SHA1
6118b328e9dc58c138639e495d9197596c485500

SHA256
07480e92a43e86e06f5c00b302a4546f938d4bff7bdc9d989afb4410b1d541cc

SHA512
76e7eedb1a4fc1458efbe31c388bbf2ae5757bb72d51c4b2f99ee93e2ccdde0e748bd9f51d2443e98686e4489a0758773f95f29bb2d214e330fe0f6905b1c077

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
4bb5f01d2c2ebe6dae4a3713dcd3b983

SHA1
dccf46c6efbee14d2e0f9979f1e7894824d9d0fc

SHA256
34ba8753311f63d497cae269b34ca31cef886558c55585647f5a28e5ba21f278

SHA512
2e69f9923b4a2937ef06b1c69c5d365d7e26db20a3d20e9e371f2c275864263919fd38d8feb4730330fbcaff9cc8422b63c027959346baa2f5b18dcb1b67dee7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
fd0c4a271aee6a38527e7bb37ec4a87f

SHA1
acb4e6a50a49f2dfcd67b0576cd45093bc2006b1

SHA256
6ef50c1827587f3d6a4de68a855b0331b25193e9df33fb4a3348e43d24de5ead

SHA512
753fff7e4579f0f46785ff78bea8743bc61915f0ebad8217edb3bf1b1c43627bdb787253fa420828e6f9dc68b3a72ad195888a8981af67276668e3f0c5ecec7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
be3f1507e00034e453fbeea23df56290

SHA1
e79b4ff750104fd41b23990f93bfbcafc7a8e0de

SHA256
7b58a45544c63228e193056be8e521fdc8970239e1398bcc94ace5237b043292

SHA512
1ab4821e6c9361a979baf2bb34a014efd31716fc4a67d6551eb3033bfa6b90a50bb64d39606c4101ab1adc93c93d5be7d282e16a78e7ae0c0620fba044b077d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
fd0e278d7b1acde89364ff4223b83674

SHA1
1904e9d6b180bed8201dca7416c8951db9753ace

SHA256
acd012733a12d5a33c5925b3fabc6b46ff89b7be18354f88904e275e1e4704af

SHA512
77f25c9b8eb51598e59f103f5368996c7998cb12531c26769a0c7f93049b8f8fe0d86e1872e0f7895d45a7396fe702b70e570fd5cc79d3382aa089b857183879

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b0ca3bc0464e8f2b17591d4a047e9e85

SHA1
ba867eb6210b4c80eaf9a95261b9802968205a07

SHA256
fd3861ded04c62d472cb842018f62a73ba63ff74adf57bf8b250f8359b8f18a2

SHA512
a52772c420fae6c1d52b1125c82d1c76741d989c5dd7d43b198a2da51c63430b94008ad1eb529f89958d4c70c2711aa576b919c9d3f4c733d9f9efcb4bb40052

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8f2ac5a8dd5dc5ff4a78203d456e1151

SHA1
f5a39b0e357d13469a3d7d94285169ef151f06db

SHA256
db91b111f8be1e13b0c03f1132ac00db86b306bedf8259086ddd3c51154bd7ea

SHA512
6bf72a86191da602a34e17ff4e80465aeb077cce3e551cd3e4f9ba12b2e1f7cc5dc552e53c5d34d99ac11b277d2d957fdeed1b173627f6a37770532ce4e67e2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6eb12e6ec421eedc02de61425c905d37

SHA1
6ff248e71783282c529dc99d929c1d17d65c1d84

SHA256
b6772f6a72a79dc5c4a8f3353a6ca28316b1774874f5491eea21ee50b3220cf5

SHA512
14528427f195e5d6e66f97505db2f090d5b30919dcd44e62f206874c430f8db9a52a3cd2a4c42c450bb030c8ba0eaaba158740418070d3a458bc1aa1d718341b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f039ea37-901c-4399-8225-f1a985f7165d.tmp

Filesize
6KB

MD5
6468feba8c0a5abf0047ee095deb8a9a

SHA1
e0fc919debbbb0ef6caea642cb1e2e53b6f3cd4f

SHA256
8723b0b7ebef80dd0454ffbeaab244219f77dbee071bf6bb89e54482af0a9892

SHA512
105a81c4d552b97dc9b08158661ec07f60e52e2f44cb7806d14a6552ba3467e71db051451c624bb4e7efea920315411ff8f2e7a5ce50df7c673eda822d1022b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
307KB

MD5
6ad82040aef240414a51a1a9f362beb7

SHA1
078a71345480620f0b1d1eaf5bb74816b54bbe39

SHA256
b66219b7db699d852b1bb43cdc3d16410ac27d689bd4a639b8679bc7aa376a13

SHA512
660cd012c549da1cdb140aa428b6b7b9725bba73495c97859c54ca1c1b6daa2dda604a1020b606952c56732640fd3d55ae4a06e956fbe9418bee47e525ad2a9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a0d55f30-906f-4932-94bd-5d7bd8e9cb8d.tmp

Filesize
307KB

MD5
6c98eb6943944ddf691aa15757a53c55

SHA1
a41d1898ecc26a7d6f8881124bd6b583336baae8

SHA256
5b9806e83dd46367d5a4c5505617af07473e44161bf810e17eaa45111cc299cc

SHA512
4c9208d70ee2714410275383724ea4ec2e7f5faa7cd7ef927ee8c3416a19052e5fe836ae760ac19924c4932604ff4ce45cef78596763ce8ab6e72ef20876deb0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yrxx2hps.default-release\activity-stream.discovery_stream.json.tmp

Filesize
23KB

MD5
cfb1285e17459f5a5d01a6151d177c05

SHA1
5b73b625504fcc7264a0d64fd63b4eabf19ab1e7

SHA256
d765662137c19d998765a36daaf58a66760486cbb262f10d73b0fea1a1113ee6

SHA512
8ed244620c90ebbb219d1865ac3d1f750e297eb96985fd7ef1440a7aaebffb5fdea8f6013918ee1dc70a6a0bdf53e728d42911e8e80d87afb693bda5bc5164ac

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yrxx2hps.default-release\activity-stream.discovery_stream.json.tmp

Filesize
23KB

MD5
32df9eb5d8e431b9387c6b2500f59d20

SHA1
6fa3898f678d297cc7deab59d24615adb8bf07db

SHA256
c9b54bd867f5966cf6b1246323139df9caa54dcad9fde7b81b7c7efb8ff3ca6c

SHA512
4712dc2a87bf154e9c492d6741e2de579c73a67bfb5d215cc01ac4287a28490f89f41da908c9b959ad5db724b45f8855c47df03dee83e0d1dad5fd0481873088

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yrxx2hps.default-release\cache2\doomed\12942

Filesize
8KB

MD5
be7b2a7179d34e4ea4ce35f796fbc533

SHA1
6cf6c7fe16e9a76c6c0636cef0cf350ea0f99b6a

SHA256
ac8d8a0f614078a6319abc73e2291710b0698723d726cd8dd1d59e1315e0184d

SHA512
5122c070b39aaef40ed75edfe65402f1d9dd003b5c801ba844d2f3465fc112300765a3deaf50d3720512ed5cef0c9baf8fca43fc32b50fe6c2377afe0e92d428

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yrxx2hps.default-release\cache2\entries\2528459AF548ECE4E1B7F96ADB87EE7052DAA2AE

Filesize
13KB

MD5
dac3274fe68855a2aa3daaf2f4f48608

SHA1
76253fbd79d9337a864b6a82e8f62413a1b020d7

SHA256
9db701869c6e839fb93d102d2605405b0aa142dedbe8220f8f13b8472e5aba03

SHA512
d528474581ca321240fa045dfab7f13de64434462ae263985ea250ded820d59195b754d2bc20ad3fadbecc1855dc7c151302963c0aeedfe2a8ce039b57bd7b4b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yrxx2hps.default-release\cache2\entries\26C5D9858055F0D3E69990B155924D86E0637444

Filesize
13KB

MD5
0ea8f0a1193ca5be565c95ebc880af9c

SHA1
1c988fb81a9c63a888e1e91d436b4ce2b4b3afff

SHA256
b8a2d5a1285812b6d6faeb5f091025b5809e1a79628aa1d3c38e48a24e23b822

SHA512
08cec95b7536dab02aa3e14a9b60f29695fd8ee3bed892dfbbc931ead08d8ce7908083564bb6ae54a283b453f70a58f7e325a3427f2a74e61c816b5fabd03d1c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yrxx2hps.default-release\cache2\entries\2FF8C31887058253F13F976E4E235E94C623292F

Filesize
22KB

MD5
118c7ebd3c638954f61e8709a51663b6

SHA1
11bdd6524a23ed5a6301479066be995843c4b078

SHA256
bc004ab91be69004627601f14e632c6fead1f4eb78426c920dfa93cf241ebf56

SHA512
dfb021228523515ccaeb21bea685a6b89955a01f57f7fd754b97cbb31dfe89b9bb5edda16bcb35beae043cdde0583d44619d6de22e17d1044d4b363cf3a9d5e9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yrxx2hps.default-release\cache2\entries\3C037406957C6A3957979D98A58F5D96FF6B1489

Filesize
39KB

MD5
6939cdbbb624a1136d43a58e6cc27cff

SHA1
9c3a1087ae4056452158e9a6e23b1dd2714d6870

SHA256
3aef0f4448f5270239be20613bebc73b883b8af3ff535a027611e82d6ee79671

SHA512
9777c9fa3480a521686b3af575ff58700e8f492a1610bcf5b2aa284c4779dc0b7519492c881b616c02e055df56a7e9936c4eda24ac4824e59d4086155e7436d9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yrxx2hps.default-release\cache2\entries\4C8E9E441693963E668EBB3DE7FE61F3A78AB2DF

Filesize
303KB

MD5
a79fccc2931cb8cc4a1357c73a796ac9

SHA1
cb05cf4ff77eabaca462ec604b206b2cd381a558

SHA256
fdf81f17492b1ca818926e080dea624cb3e6d92e894e584e7d6b761602e94058

SHA512
c56b234ee2312111b9c3ca8852b715c92597e29d3092fcd042cc5f19b62d2455672c8acec94b47099aa456f785ba3fd9d0abddce99ebceca02b498e0651432f8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yrxx2hps.default-release\cache2\entries\4DC60FA41DF86908DD58DCFA76475468DEFF8FFD

Filesize
12KB

MD5
b3a30133de03a2b94a2eeb21a3672718

SHA1
92c8cfb55951baeb5e53f4f5451cd4d1acfcdd3d

SHA256
b50b71f35ed5ce58df5f3fe176c51703196b44a4cf59bbac0bdbb0fddb0c4622

SHA512
c5df87bb988c168552b3d32bed261fc0d1c212b4bbc6ab4ce0e16edcd0a0282f793a9f2e71fa7098cefad427bb60de2cecea0c30e58c0fcdc3ada54dbc5658ff

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yrxx2hps.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
15KB

MD5
1434a99d0cf1ceedd2a571e8410a776c

SHA1
453569a51b2e2de13528437825a3be0001680f94

SHA256
f39effdd55c57f2b3c185cb9ee92795ade7a16b70ac886b0a580a2c259aa2b3e

SHA512
0be86d05c49bf8eb95ae65b56021d25aea61100d2c41bc94f6645c4278702b3025d81fa6ec41eb0dec8abae8dc8fcc805bc8cab7730f301d850c17702884b2e4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yrxx2hps.default-release\cache2\entries\8CC739CAED93182FBF8553BE698BC6A3AC58C615

Filesize
14KB

MD5
3d8826c6a8c077baeec55633f72cb60b

SHA1
6581225f9ceb68d374b475e67f0498821d47cb2b

SHA256
117599619fd021c188f7789ed7e48e430317b83aa4245ab18bd60a63b8750866

SHA512
0bd87213d7a3322cbcfb86ef44f9103e94c3c5cd44de0b3be5ab5a60ede40f9f98315171a355ef1c6cec38a3d89bb44082a97a0a6f3774c870e55dd68f1ae610

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yrxx2hps.default-release\cache2\entries\D730CA398E0FD308A82018862D156E21C6F32BB6

Filesize
15KB

MD5
e2e2ab0c601b63fae99f21ef983b1dcb

SHA1
387392ecd24b50f47e52c8ef443075f3baf03ce7

SHA256
44c6bc1b26ce628072ca5f9dd965335dde273ffc4c2323ed5e26d9760e3a1920

SHA512
76ab7d8dfd2ac536cc5480fa3a3bf555c056f9b5d0a14255975b5e7756cd873b59a9496900ff9b18a136a413861288f3a11ab6675a3a0b8a733c7f914b489411

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
18KB

MD5
9863bb1c53fc8f0c96939141aaeb3e2e

SHA1
803e9e557f8021b482cc847debcc941b220f55d0

SHA256
43803daf498e76211cb5a615f9a0e34fe571c780a237cafdf922b4f79f7ac974

SHA512
3cd2e5898d37a0575c7fbd96534c781285484f82a3ae12711de124bdc80a90c888eb7d5257c74625e8351e18de9fe802d6e96b011935925e700991a009dc37a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
82d71a6ea6cb31400bb5c9a5d902985a

SHA1
2a2f129a65f90e92c210f3e97d02508f364186f6

SHA256
71e6970fa5b820647dcd91b3581ab1930f0f0162776c03ed94668256eccecd3e

SHA512
eadd8cf7162d606be7f7db4b67fa6b4dbb53086c06d08d5fdbdbd6b7591e126f4a75e35a85d1907cc6fd39688bea575a534233abcb6ea21602ac9181adb6e46b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\bookmarkbackups\bookmarks-2024-07-14_11_CbmwIF9owvsCs8vtVFuz+g==.jsonlz4

Filesize
940B

MD5
e4eda0553a9a2b8ddd9d4a1d368365a2

SHA1
78c066fc1716b0cc7882ebfb1b3eec6373aa7246

SHA256
c325c54478a203494578b723200002225ed06b3905bb9596cb8d657372ff250e

SHA512
65a16309c4bf12f503ac8a88180f269ffd949743f7c1ab6139c89d6d11d6313bdc05967c74dffb759acc8e550604531e0334314c526f6355adda4f290ea1603e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
1a5bdb1fbb977edd28a1e25de91b0bcc

SHA1
e32fa398e134d0c4433718ac62236d1dcf52872f

SHA256
8428feeec6dd5ceab7b1d929c7ed218dca3a595eae598d59498d4b634b6cc508

SHA512
3b0338c64a244478388be07a4477aa0015aea405478ccd5cbea4da75327307c0b3f775c6e80e12c050b700da17e5b19980e06ef0433984aef285fc97eb62bcfc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\datareporting\glean\pending_pings\7b872a3d-c231-4b55-a687-2a6b1f070fb7

Filesize
745B

MD5
f51c48de174c9fef0bd1f6a08bcb9f73

SHA1
cc347d0298500571a613bdf12d638663a4f23846

SHA256
547a829d2ecb7acfd5fc54a27bb027a222c72f87f2758f2d23c0f39a9518d1b6

SHA512
2f5ebe77e084ff222b8d01de05b04ead752e2ea0c4063c6984993c18156799390c567ce0e71932df8994215497a2e90de890c414c64a1328ad96ff9a2604057e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\datareporting\glean\pending_pings\eab57046-ffc7-46c2-aa54-9cfb5de67956

Filesize
10KB

MD5
c199d471df155f354e04fab7e88b58b2

SHA1
8b3dcb16ac15ba7583efb48401478bc1639d334b

SHA256
63def85e31eff8492b0cb09014de4f13436e601bde507e19b090a6dcc997504a

SHA512
7285c66378111b23de36326a201001a947d5fcae681ced1f39cc6d6ba502a12bed3b41ecc0147ad6a503f142eb67e554c8d1073a9dde3ffaafa48f3d854687b2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\prefs-1.js

Filesize
7KB

MD5
0551719202cefc0e9a8c1dc1bc03f9ed

SHA1
39596e90ac77210e26db240c9a412a9f7ca24a84

SHA256
3aa1efe69123bbb019b0d2f57092d1b6800ae02bcc94f2f286cc076d21992ab6

SHA512
8e9ecbfb5620ae4d63033867009d541bad96a1676916c4543e5d2c17b09b48da7a01b32c4f2788716f677166f0435cb03e74585e675fd25bf06a6f98879a3471

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\prefs-1.js

Filesize
7KB

MD5
8ecdb62f58a6728ebeb52f4f519eed9d

SHA1
4b698b8056fb71eb93ac227f5c7798cb635a5d1b

SHA256
c07f7272d84a4e831d873273d441121dea488e961d13bd2e98c426253413954c

SHA512
616b745d95ce09f1a76b1a90462582bd8b159c61791490f132bb15d30675960309a59030a3232357c5975d4e8a62e5153fd5e17ceb2498d6dde366ff78fe5105

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\prefs-1.js

Filesize
6KB

MD5
927cce46d5f5a8f0c6238caa9427345c

SHA1
27086de61a331a374d4c20b64ddbea3079caea38

SHA256
2bbdefa303ef5fc63dd09509d933d515fc785268833b4a97b419be0e404765c1

SHA512
24b488a5d97f66b553eb2d3fe380e487e7d9db349922d9e6cd508cf8fd602bbce98970ffc9bda9fe75ab68fc0bc02a8ef20e9dbbd7df79715a38c946375a5367

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\prefs-1.js

Filesize
6KB

MD5
11f94db036713f867316af11e0acd0f3

SHA1
8c89ed4e29dbd399ac44b0bfa740f65cc60e481c

SHA256
c2d73aef324b65f18a19126970cfc5dec5296a1529b8acee10ab66654d2f34b9

SHA512
0644801c3416d274e63b0da8aa8f760dd37d6d4404abdb7a68fec8b945c8ae3a65193ea05b3de84eff954707c340c9ff185f57afdc620577bfade640e5cff20d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\prefs-1.js

Filesize
6KB

MD5
00dcbbc6730c9b59540c5f4ae74658eb

SHA1
b8e241eaf56a369eda05b0d2d38d6fbbc0659c78

SHA256
5c562e1e07294e11ca2a742589bf17876e12cc15ef13ce2ac11f1789b4b2c859

SHA512
9299b7cc905d8e72ba52584e8854d9aadec8421708679276d4a1e283b376e6f4d5a31963644eb9f143dafaca108eb78ea697ca392fe748106ebd6394470574d5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
cbc41d8ead57ee672d622223170cdb49

SHA1
86713c233bf97699905072b5bec5d62dc361c122

SHA256
de1956560da0e98592619b7941115d6ac3cdde67251ef9e22f2ac33f16c7e4e0

SHA512
392cc24acf33dca6edd3ea51b8f2b27f6f5f3f694c6faa0d315f1a3568d9b0515cc377d4bdf2e18517e3be50fe2c1fc0982a111e082379335a3f2f727e69c5cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
574a46f8a1eed6c28e7b6623b4c6cdc0

SHA1
7199bf727d07ca3c2307c9c87f255a3ca3e837cf

SHA256
9123fa1bc2a238d8ccc40f6beccc5d7216965282eff4b429d0a493eef3e980fd

SHA512
b80544d8ec36fdd162f8db9863cdde4033660d3f5f7b7d5c3add01fcbcd4cf79a6eb7e9be6be0ea7801597fbff9e08fef655fbd02c3cb8876351fc6ebfeea90d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
27KB

MD5
59281072083c3b35e130dc49a309c030

SHA1
25270f1fb2058f44c5c28f3faaf887854f76aef8

SHA256
7240ae16d44b634728eb88fa0f07d74978ccc563bb7cc8ba41e5d4603d6d7692

SHA512
0081631cd01eca8da92960bc89fad1dfb2168a28cc45a99a401e4e35122ae8505d9657c82a2da2bc7dda4ba0417179e7cefa53fc28cf6120433721d196ad0ed6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
12KB

MD5
fe5693887257913100cb65e00fb19fb3

SHA1
1659142250cfdb135780fd088cc3992f20e79a17

SHA256
fef12f51978d3974677974a0beafa629d5e57c23a4644ff3341ed62ac3c0b16f

SHA512
16620a87c853d3fed60eb1df2bd4f8d12663e6cc6731f4501fb74bccb5134186f5012f85ad77f163c73b621bc49a3788a7b7f796c2b67e613975ad9306d78f4e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
26KB

MD5
c68978df390724a63cb5100e2e2253bb

SHA1
a5e09471fd14043b3e3de9c871b02df473d17ede

SHA256
2ac4a992ebbbb6749735f8b6300082dffa5ed62065b6ba244821b227aa76fd95

SHA512
4d361b629522a57ffe23f921facb7a68fbf49646d64ccce95819033d12288d37b919453e621a2ed460c80269478d1fa9474a69c4d423336c131003367bf20568

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
94713225f7120a5ae090876c0d5674ba

SHA1
3f2598db0657fbe4cd4474d055d7dcdb2b5dd251

SHA256
7a803ea3b222e096c2fc52236bc7764070686495efad8a0642de5551de68f8ca

SHA512
055329413843efda19a1bb7f75e4baaefda7f64ab647c15efc05ad87c2a71e3aec32a201a93ddb3ad5070c2e9bcb1a846c54c2fbed445a4d0158c4d5b9dc18a7

Download Submit