72eb0c9f10b891483ec7b7c789f539ba21311466df67a53823519d5f99678525

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21-07-2024 16:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

New Text Document.txt
Size

212B
MD5

e9fe97755cc3d74952f91f0e9596edb6
SHA1

fbac14832515633279dc7ab83b028fcfaa09d23b
SHA256

72eb0c9f10b891483ec7b7c789f539ba21311466df67a53823519d5f99678525
SHA512

da5f8c4d90397f25d647548dad61eafd98a3d269ce61239f743cb6bfcb5fb09732872f04db4a3e987678dc9cee96688e1df92c53b34d2cd90f7e4c80efedbff5

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Checks processor information in registry 2 TTPs 16 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\buku-panduan-praktis-pelayanan-kb_compress.pdf:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	4672	firefox.exe
Token: SeDebugPrivilege	4672	firefox.exe
Token: SeDebugPrivilege	2776	taskmgr.exe
Token: SeSystemProfilePrivilege	2776	taskmgr.exe
Token: SeCreateGlobalPrivilege	2776	taskmgr.exe
Token: SeDebugPrivilege	4672	firefox.exe
Token: 33	2776	taskmgr.exe
Token: SeIncBasePriorityPrivilege	2776	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe
2776	taskmgr.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3240 wrote to memory of 4672	3240	firefox.exe	100
PID 3240 wrote to memory of 4672	3240	firefox.exe	100
PID 3240 wrote to memory of 4672	3240	firefox.exe	100
PID 3240 wrote to memory of 4672	3240	firefox.exe	100
PID 3240 wrote to memory of 4672	3240	firefox.exe	100
PID 3240 wrote to memory of 4672	3240	firefox.exe	100
PID 3240 wrote to memory of 4672	3240	firefox.exe	100
PID 3240 wrote to memory of 4672	3240	firefox.exe	100
PID 3240 wrote to memory of 4672	3240	firefox.exe	100
PID 3240 wrote to memory of 4672	3240	firefox.exe	100
PID 3240 wrote to memory of 4672	3240	firefox.exe	100
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 1940	4672	firefox.exe	101
PID 4672 wrote to memory of 4244	4672	firefox.exe	102
PID 4672 wrote to memory of 4244	4672	firefox.exe	102
PID 4672 wrote to memory of 4244	4672	firefox.exe	102
PID 4672 wrote to memory of 4244	4672	firefox.exe	102
PID 4672 wrote to memory of 4244	4672	firefox.exe	102
PID 4672 wrote to memory of 4244	4672	firefox.exe	102
PID 4672 wrote to memory of 4244	4672	firefox.exe	102
PID 4672 wrote to memory of 4244	4672	firefox.exe	102

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\New Text Document.txt"
1⤵
PID:768

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3240
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1992 -parentBuildID 20240401114208 -prefsHandle 1920 -prefMapHandle 1912 -prefsLen 25755 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8b75731-8c8b-46a4-9e65-8722a4e108ac} 4672 "\\.\pipe\gecko-crash-server-pipe.4672" gpu
    3⤵
    PID:1940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 25791 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {84f9ca22-e4a2-48d6-a6b3-49d010cd7fae} 4672 "\\.\pipe\gecko-crash-server-pipe.4672" socket
    3⤵
    - Checks processor information in registry
    PID:4244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3180 -childID 1 -isForBrowser -prefsHandle 3196 -prefMapHandle 2768 -prefsLen 25932 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eaf1eefd-19be-4b85-91f2-a7a7228b9a85} 4672 "\\.\pipe\gecko-crash-server-pipe.4672" tab
    3⤵
    PID:4552
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3948 -childID 2 -isForBrowser -prefsHandle 3900 -prefMapHandle 3896 -prefsLen 31165 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e48a162-0bc7-48ff-8f51-dbf8a6173a0d} 4672 "\\.\pipe\gecko-crash-server-pipe.4672" tab
    3⤵
    PID:1032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4816 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4776 -prefMapHandle 4224 -prefsLen 31165 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76518648-1fce-4c49-aa5b-593bc053fe98} 4672 "\\.\pipe\gecko-crash-server-pipe.4672" utility
    3⤵
    - Checks processor information in registry
    PID:5428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5440 -childID 3 -isForBrowser -prefsHandle 5424 -prefMapHandle 5412 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6e1d00e-c6a1-48a1-93aa-c9a710f198cb} 4672 "\\.\pipe\gecko-crash-server-pipe.4672" tab
    3⤵
    PID:5804
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5572 -childID 4 -isForBrowser -prefsHandle 5580 -prefMapHandle 5584 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8344e605-fa1f-4d47-96b0-e61162e43836} 4672 "\\.\pipe\gecko-crash-server-pipe.4672" tab
    3⤵
    PID:5824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5768 -childID 5 -isForBrowser -prefsHandle 5776 -prefMapHandle 5780 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {783ad0d6-206f-43ed-b7e4-603f7d26cc9d} 4672 "\\.\pipe\gecko-crash-server-pipe.4672" tab
    3⤵
    PID:5836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6212 -childID 6 -isForBrowser -prefsHandle 6208 -prefMapHandle 6196 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c39f00ef-a095-4cab-8d9f-530b6ad771e1} 4672 "\\.\pipe\gecko-crash-server-pipe.4672" tab
    3⤵
    PID:2944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4676 -childID 7 -isForBrowser -prefsHandle 4668 -prefMapHandle 4312 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5041eb64-7b45-4033-acad-3282a416dc3d} 4672 "\\.\pipe\gecko-crash-server-pipe.4672" tab
    3⤵
    PID:5516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6568 -childID 8 -isForBrowser -prefsHandle 6376 -prefMapHandle 6460 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e83e48d-f070-4877-b38d-27b92835ec28} 4672 "\\.\pipe\gecko-crash-server-pipe.4672" tab
    3⤵
    PID:5436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6740 -childID 9 -isForBrowser -prefsHandle 6744 -prefMapHandle 6752 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca5bc3bb-931b-470b-afe7-859fb4179709} 4672 "\\.\pipe\gecko-crash-server-pipe.4672" tab
    3⤵
    PID:5528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5912 -childID 10 -isForBrowser -prefsHandle 5872 -prefMapHandle 5900 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddac9260-807d-4c09-96ed-3b99fee7403c} 4672 "\\.\pipe\gecko-crash-server-pipe.4672" tab
    3⤵
    PID:5216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5576 -childID 11 -isForBrowser -prefsHandle 6476 -prefMapHandle 5556 -prefsLen 27401 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f6fccdf-588e-47e0-a079-26ee5fadd082} 4672 "\\.\pipe\gecko-crash-server-pipe.4672" tab
    3⤵
    PID:5904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4884 -childID 12 -isForBrowser -prefsHandle 4900 -prefMapHandle 4880 -prefsLen 27620 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {90db9cba-49a3-4b59-9b9f-edfc3e65badc} 4672 "\\.\pipe\gecko-crash-server-pipe.4672" tab
    3⤵
    PID:2612
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7084 -childID 13 -isForBrowser -prefsHandle 6476 -prefMapHandle 5412 -prefsLen 27620 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16bf3eea-0a6f-4348-b96a-69704a4e180e} 4672 "\\.\pipe\gecko-crash-server-pipe.4672" tab
    3⤵
    PID:4920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5724 -childID 14 -isForBrowser -prefsHandle 5756 -prefMapHandle 5908 -prefsLen 27777 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ae0a83c-77f8-4add-bf47-7508769c5cbe} 4672 "\\.\pipe\gecko-crash-server-pipe.4672" tab
    3⤵
    PID:5728
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7272 -childID 15 -isForBrowser -prefsHandle 7228 -prefMapHandle 6452 -prefsLen 27777 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa95e742-be46-4770-abee-648a7f3d7174} 4672 "\\.\pipe\gecko-crash-server-pipe.4672" tab
    3⤵
    PID:5740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7312 -parentBuildID 20240401114208 -prefsHandle 7440 -prefMapHandle 6368 -prefsLen 30197 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b3b9697-5d2f-473c-beca-fe36c3699393} 4672 "\\.\pipe\gecko-crash-server-pipe.4672" rdd
    3⤵
    PID:5392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7512 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 7292 -prefMapHandle 7296 -prefsLen 30197 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f3c233a-7bdd-4698-84e7-5339b69bbab4} 4672 "\\.\pipe\gecko-crash-server-pipe.4672" utility
    3⤵
    - Checks processor information in registry
    PID:5456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1716 -childID 16 -isForBrowser -prefsHandle 4072 -prefMapHandle 3940 -prefsLen 30622 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44f15a75-c35d-43f6-8168-158a132c4123} 4672 "\\.\pipe\gecko-crash-server-pipe.4672" tab
    3⤵
    PID:452

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\activity-stream.discovery_stream.json

Filesize
23KB

MD5
8f75e029af918e8d69fee8488c2ef060

SHA1
b40905564323ab7e70ad391e22e98c269a838a76

SHA256
84b19f651da5dce4801ce8e280747f1158840edec18babf6f3981ba752a4794f

SHA512
022228a00b799d7dacf1938ef5ce05e8d574d57bf885a5fd99917c451484f6a5239836d307354965626032d97e2f2863b2bf3011df38313802014a87f6a6bbe1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\cache2\entries\006F12F7B8876E540B4E639ADF82A07F7DD965DF

Filesize
22KB

MD5
40d3702db5d6e2f8deaac11cfd1f69f2

SHA1
9cf847e421f604f520507dccc93ed5761845dd11

SHA256
5950d05afbbf517338828d882e69e6b17601f480e15d035f97deeab27f655703

SHA512
e53c77069be36834085a07ba1e890be3ab2ee7916f8089f0efa51bccde9c9b861db7dd0baf183207fce4ac82a07fb2bb7dbf8dda1386268170391c557a66f8c2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\cache2\entries\1994A9D96CDAF89A1545C8922FCEAA665BF2FDD5

Filesize
18KB

MD5
0b98a8956f488a7eebc3cc45055a53c7

SHA1
e71bba095d0db07c8322f0d16552f32c4a5ecb31

SHA256
00f998047819f8979b631a664ee90f39768b78e4046425d7451cc6410088db12

SHA512
5cc92eb7dd5ef096a918f671284e58d6cf80970ad0651b039259f04333d46713a79b40fd1f36007450717f8f9ed9447550da3deb74bc7915f553f576d3d2fb98

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\cache2\entries\455F07CD28B8D86CCB64E712AA9B4AD239EE651D

Filesize
20KB

MD5
bb5d1117e179f2b2140cae7cfd28c6d5

SHA1
0a7b3b92f1494c0f7b869c5da916292e94633545

SHA256
550d4ce16b48e0a0ae3bf257c49916b819a87d459da95020ef0976d2d35984d3

SHA512
60c6c782e1195a9785439cb9a845129bca34023d4417633f00620ff68bd0498f3a39dde89cfbbc770ea68ac0ea117812cfd8a266f9937f127b36a42d7b84d320

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\cache2\entries\5F19265C9415016912BA8D5FB8123A4E71EE5F98

Filesize
122KB

MD5
3c60aa88914a2505edf4ce735a030aec

SHA1
72dd2f4f682bd74d6a85b2be6eee162545bfb3ad

SHA256
ecef56cbe1d8fcf5ad735c3670ce41e30c67d80c026e046880bb99f7dc4f4f35

SHA512
d0426413877c0a4c9c81bace276c5725d815b7c90a109c8e2a38bcd7003aad0bb6ec67d216afb42064345cd9fac91077ab5401e121be98702e39c2f931902599

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\cache2\entries\5FE8005D0AD9E524647D2B7248F9E1F4F10CA34F

Filesize
24KB

MD5
834573ea77ca8c71e884c982683891e7

SHA1
051c87089ff892b00d2022aa4ca3753e210dc44c

SHA256
4e0a9d3ca3600c7b173226f7a0f5813089dae52151ef7489f129394b3e5bce3d

SHA512
5370d123d8f8de087d92fe9e8366b0bba53901358ff0c7cd72804ac4961f3b87b477561e48fd1e536a1906d196f84fbea5681a9430c2be30da01a75817c93003

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\cache2\entries\7D293771F42AEE70699F37D1D895EDB71D32B2F7

Filesize
71KB

MD5
0dd9d701b9d5efe8ad05879e01eb8a03

SHA1
dddf7e56f8579ac5d6feb3f14f77e075b025f06a

SHA256
25b8f716703018bca22a4d542041cd79406e5932b460f69a5afb9f6c48b984ad

SHA512
ac57c620f800e8d3b52da98e0d027f667246410274b265f82cb6f80ac4e06a976d95dc56bb5cb71c9f9955142396c7b7aadd8cdfffe02234c5c13701767a6927

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\cache2\entries\83641C23027221BE152D46711BC41D7CC45E8579

Filesize
54KB

MD5
8b3a0faaa25620594d06aec06d8490db

SHA1
a0c79cc1a2dabc9209fc77e5452816ccb44ae472

SHA256
5da821d9d2eb4a6e042faaf8129b1d0fdb70aad23891e7ed61359e04e0233a0e

SHA512
f192166ad3c68ff3a9414312d77215b27deb4f2146d68d271f7b37bd067f0961373b29274923a5986200e9dcb323b924209b316515256406ccdf40393f99ff54

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\cache2\entries\8BBEA21DEE22AB1356546675F4758A32E2589745

Filesize
55KB

MD5
50a67da397edc922d9906445f032c9b1

SHA1
5c4b2552dd7e5eb114340162996cae81fd08d792

SHA256
3f1eb37c9503c90fa0741080a718b48c9e6880b5c666f56918d2def2d07cad4e

SHA512
9eaa899e8c099bdd494faab5f096bbb5b2da8574fe613dc8e5151124792941762385f5dfda02b40c4aaa8baa48a08f64758a820f25fe65a880c9d08de388e6f9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\cache2\entries\9A2AFA8028602CF90323E89085C8FA4F41EDC27F

Filesize
13KB

MD5
665f265fbc3c79e66950e0bb456198f3

SHA1
a806ae23a9e42bf7d40a4d637f1ff73d60b94412

SHA256
5da68c8ce84cc4268602377a226b0e2f58a61311fb0783c9aa0b92e152737b13

SHA512
08eca82fdca342b984401009eced581850be9e93203adceaf10f49b845c3eefd6df67baa3cf11ea34ac4cb2793599cfd9d6dbe7633b1cc171648e384162b525b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\cache2\entries\9FF0934477D3EB0F04670AB0C5A852D8E1542EBB

Filesize
29KB

MD5
dc98e0f096afa4d9b18f8924a3ff9732

SHA1
ff0b6965e213358c8b84a7c328dc051ac759cd82

SHA256
ecd3222835d0d0980799a13b21d171cb615a68e6cea2a2974433972155777cc0

SHA512
ec967118d0f2653faa3664a1a48d7c10c1a51ec82f341a5c0f654976432527f4fc201828bc5296b9202a3cd40f75d5b7b8219e23cc51762d6b7d8a9042c300bb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\cache2\entries\B57E7D6107A02E8CF75A9F4F2C7AB1DFAE384488

Filesize
208KB

MD5
ac3077c864cc2c6285d3856775a4486f

SHA1
c1e1d2f6f775664694d6c6b4e0eee1c33410b8a4

SHA256
bd1aca751e00284f348985cde10a07c87210af39c69743f1bf90d6af079f095a

SHA512
a90cb93e4c9c6f55e490b453eecc133623aa1c5de6290365ac6d61eccc527624408699a5dd9752218ab0f89d76f004539134d15a30351bdfc3952cf95f34e1ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\AlternateServices.bin

Filesize
6KB

MD5
2eaaa9342e28c668eb2a6ac0750f632a

SHA1
d4d02f8065002a0b5da910acfdbb9325bebcb0f0

SHA256
efde64e02db8c142c30267b5170245f1b970ee6c9b4cde3c199b4063537b64f5

SHA512
8cb20dd1a31feb7a69d04bdc215d42b8f46a0709348b1425c89e37f4be565347319a5199047133c7d2f7578a10d1bc0a4d4e828fe645d79758858c0c973ff77a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\AlternateServices.bin

Filesize
22KB

MD5
c3a95503e359819261896fcabcbedfaf

SHA1
1c79a13e983abd71334301967c62b476847a8ab0

SHA256
65e3f700acfa7a5737b2c4844a736e196b93b330e02b5b2ebab5fd20040d5271

SHA512
2d75499c103a4c44c563643da091f28b46201ac3f6e2442f6048225cadea78065ba53c353f507ddae8aa49b7e2c45b1b55380c2c3886d2dca5f1d0f3e3ccdace

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\AlternateServices.bin

Filesize
23KB

MD5
f4ea39a5b1f96a050a00e9f289e615a6

SHA1
af165f82c14d02c41280e571b5689853c8b3f254

SHA256
943463b0349c9a43d3df450da212298842ddb737604c6c503c774c374c57bb74

SHA512
a3d1ddb37d8ee2c603672051d6acc35bdebce7c52df1777ab1a327a1d419eafe80fae9c2c611128763fdcf94857c3a5a36f106b90a03424a6363ee332c1e2f95

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
d0d882fd1cbdf1e7b75f6dca75335495

SHA1
8b750ed3dff7caa524d4e71d6349b06c7ceb6942

SHA256
efc1b8753cb9d1a42676b22e2f068750350d3405d1b720fc72eae2a5d0fda838

SHA512
cd1606bf33219c0d62eca51f4be06746cee5f9e6d74b55f8300b303cdb56d4dbaccc7cb804a4ca191c6c0c86f4b05d10315121157a80f541912dda9588a52ec7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\db\data.safe.tmp

Filesize
26KB

MD5
025878d6b4554c7b2a7b3ee77a921abe

SHA1
a212141837771ebf78e2c99ba7a99f039e0ffca9

SHA256
2cbd0cc272f785c97cd6747b954abd5ee43d547b7c41e3b7a14a89a4b882124b

SHA512
b7d5f40184c66d8052e39f363368782aeb2f58a2f714b09c8d9b4ba7a4e505a06c73cc046e2fd042db895ee88bfb9e68a987b325b188ca662f955feb7c939b92

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
9b466c7c96683150fcff082cad22d5e1

SHA1
f71056f1736dbeeb747132e18cbab93659f7ed26

SHA256
bd0560b52a52a7f9e978425c1efa000e9fa93155a374d64d592ae623b406a4d4

SHA512
6eec26d2a3b97e9aaf40f458fde298644b5b38fe19be7d006426fb216360517b153731594dda38cf3ec048d89cffd6f68efe52f1fd406419f133068359a06b51

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
739bf976fbaf8e8168bde617376e82bc

SHA1
6db65952f6858682f4c8c582c3dbf01133113b3b

SHA256
98cfba05ea5aa7eef0216b863c67b369cf4f602c4d04b7d3e66afd47b7df694c

SHA512
3b4b96e09f3ba97ac9a789b98adc02ae90effedffe65f774a67b2377709148ce0c4681cd11ea1f41ef38559b66612163894cc915564245453fd0993db2b8946e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\pending_pings\a5767197-913f-4c06-bbb0-de5222e80506

Filesize
27KB

MD5
b612227481270afb97b676f198c35418

SHA1
24a9b6f4f4b8138ff0d398ea97b8c50c3edad5d2

SHA256
4b7b845fdd37427522f0b98544826726131a025ed6a698b444a016402d6fa54b

SHA512
08547eae4086f9ae930a2a4dfe981b2ad4dfb91eb1520332efe065cd3934bebb080913811db310b5a2dee231b8cebb5f86ba7e8d092d9203d2d457acd6200f65

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\pending_pings\a9d00be9-d3a8-4043-b1a0-8416b9894c33

Filesize
982B

MD5
d7e0d43810657b7681731ff0a98c8eb6

SHA1
8aafe1b7fc8f3e14ca0a73060c5bf0294b64e312

SHA256
b16426d1ae0587c7fed98a486dc449438da85b92cb8b405603e1e9fe76fcc5f0

SHA512
57b2635a72e46f2d27a9d1c40cf2cf0601ac580f6237363a11891b36854a3dfa23262f4f9955fe2c6ada64a1ded3faa0fc9a5df093497ad689b34b72e58d9bbe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\pending_pings\c6e6e9b9-a483-49d2-86c1-d06abb9bdf76

Filesize
29KB

MD5
ef451a8d3e479633503a275df7b19d03

SHA1
ce041ec167b61f17aa3060c297a3ec00e736b3a9

SHA256
c57262beb672ddf786ba0d684f21981c2d4ce747057f521b081148907373309b

SHA512
a687d5f88e8354e225b728e3b45bcf016622a646dcec6545fffefe9f3f79f8c74c0e6b4162fa9b79ea63ed943708f05bc96d3324b4c048fae0a2238ba7e402f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\pending_pings\fb3eae92-171c-47f5-ac6a-03caa90e7825

Filesize
671B

MD5
e3dc8e955cc52d36726d14479df1b17c

SHA1
fe6fefbee6d7fc66994452fc6bba0c52a7af3679

SHA256
17d8c45ea1770ff6969a4fb3dea7aac2d1138f6c43b2d4e9ef1cd45390479b14

SHA512
889d627f4c96a958b28aed63bdb997265cbeaced9e4c8e1671cec8dc383952fb136bdc84d06fd8bdfcef8f6bcbead2f0490397e947a67e244d5b4d912975459f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\prefs-1.js

Filesize
11KB

MD5
b8b3aa6296ab0295c3aa1b61194083a7

SHA1
2e020ba03ff7342f60267e4a0e1b714d6069f37f

SHA256
600918fd46b3629648d9b0704b84344b3ad93c6ccdd9138144c77d20856bb91a

SHA512
3458714e2bafcff73e1655a9d894001f375c3f8bf38387ec9fb8e00fe2806acc2916e9bd7543f1c5c055a1d534e8e0041ad43bc2c12f800dbf16c333cce307ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\prefs-1.js

Filesize
12KB

MD5
0031efafc2954714487356b2a66b690b

SHA1
6dc4ff741d0db03c6b53788b77369b74f0175419

SHA256
86f4db381ed566f3f6dcf7276b90acf58b53b69f28281ddfa67a1886889499fd

SHA512
65649243fbb671178138898f42360c8e5d1d52dd038aa2bf32d63e65d199b45502e8e13c80326a1f6bd20426e3fe4e6e1635bdc585b576679e1ee30e2af0ec75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\prefs-1.js

Filesize
11KB

MD5
c4de52eb23a1ba007aeed2fc78d8db6c

SHA1
8f2d5922c42be8a348ae2f6410740199a155bab3

SHA256
edd3420d7a03a3eaa9e4f2ac95c43accb7035b335e9b3ce93bc613264c77069a

SHA512
da7ab213b61b07d8da6ba40524b18a273c0f5f58cb45504a8ae2e4027410be5137f55a7e404c53286acfaee673854b10bfe37776853ae273077f716f7cba6599

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\prefs.js

Filesize
8KB

MD5
11a6250e031c5c97d0a8ea9cae47b235

SHA1
2b3f7cebc3f08222ff59effced1f8832e17df01f

SHA256
8e0f19ce5958e166dcb4bf94bdda623eaa4f4e79e638eddfb3e9565d7169d872

SHA512
38658506d8357556a2b01feea51014faf242fbe5319118a2b15e50b27ee9f88cf438023359c59688735235b0a746739703ba4d0e05f49a69070527b3d0d4b37d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
51a56de23a9ce2d379dbefe0ed655f24

SHA1
0c2662a7aa479881db015d4bf2acabb9fb6a7a34

SHA256
d7d3106f28926c93a269648618f38382a885c778185c5e09ca7a92281421d563

SHA512
a9aafd5e38cbae60722817a407634a40d3331e6d806bc320cb22c722d156e1812cc49a76d22ed3b7b4cef4b606b8dff1dd6551785f5120dd2aca497590b54293

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\sessionstore-backups\recovery.baklz4

Filesize
11KB

MD5
3968d3333e51eaa103e395216820a55c

SHA1
2d44590fe8b335ecb43272175d21a0da4cb85403

SHA256
aff418fa7c683d23d992f036cb3683573a1136b3f07f89be9f2bca4f11b9f76e

SHA512
df0b33598eb80e8630f16afe66a1bdd9fcabb2aafa258e6e525b7cd041b707b723e70db507220fd768c0140691dccd9d3ababbcf884500c37fa933fa65dbb698

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
7b7418488b5251c20f5efa049b17b87f

SHA1
a2d922d6f4d39cdba4c0195cfc013fc70269b57d

SHA256
4edd6fa5eda79058f069098f117a1d193c25b4304424a8de89ccc5051f6b3b6d

SHA512
9288668caf2d45e11a6af040089a128442dffef0ad1c73cda73aab146e6eb5fbc054cd61f6baa34b7d1b46a979eda356c44171b36d9874b0aeb3d6231aeb923e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
732d243316c455d00dcacc3111d67136

SHA1
dd1414bdf960b3f684306b76f4e50fd08f5e2d05

SHA256
9a9341b1f0dae8fa978f21e7700afb9d7a03493bfd04a8489b961718f15c5d03

SHA512
b3106893be32e8d37d8b69466524d8b7ee2b41042541ee2258adcfa96acaef770b731bb3cd5c671ab0d01b42b1bcb6ec139c4c9383bb5af0d762d0676c758881

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
7fe9fe9a7a9348689e76fb6d6fa8c0cc

SHA1
4b5f05154009ba31d1315acccc6c15ab21f5050c

SHA256
7450eb4b899cd72fd6b98027494ddbb2df3ececbda630eefc0e340fe3d83ff4b

SHA512
b9f7bee4e12392c7190ce03573a22fc017dddedf4e559a29ab485f3cb32e19d278216df25933cf94721b61ca29292b43308344684f07b1ba3fddd6afed267506

Download Submit
memory/2776-551-0x000002DBDF270000-0x000002DBDF271000-memory.dmp

Filesize
4KB

Download
memory/2776-555-0x000002DBDF270000-0x000002DBDF271000-memory.dmp

Filesize
4KB

Download
memory/2776-546-0x000002DBDF270000-0x000002DBDF271000-memory.dmp

Filesize
4KB

Download
memory/2776-554-0x000002DBDF270000-0x000002DBDF271000-memory.dmp

Filesize
4KB

Download
memory/2776-553-0x000002DBDF270000-0x000002DBDF271000-memory.dmp

Filesize
4KB

Download
memory/2776-556-0x000002DBDF270000-0x000002DBDF271000-memory.dmp

Filesize
4KB

Download
memory/2776-552-0x000002DBDF270000-0x000002DBDF271000-memory.dmp

Filesize
4KB

Download
memory/2776-557-0x000002DBDF270000-0x000002DBDF271000-memory.dmp

Filesize
4KB

Download
memory/2776-545-0x000002DBDF270000-0x000002DBDF271000-memory.dmp

Filesize
4KB

Download
memory/2776-547-0x000002DBDF270000-0x000002DBDF271000-memory.dmp

Filesize
4KB

Download