Analysis
-
max time kernel
1049s -
max time network
930s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
02-08-2024 13:56
Static task
static1
Behavioral task
behavioral1
Sample
ftah2.ini
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
ftah2.ini
Resource
win10v2004-20240730-en
General
-
Target
ftah2.ini
-
Size
48B
-
MD5
294ab38e0053c30b7ed63a50c3170480
-
SHA1
cfa378923e848f5ac5a7782c1c310ad195ac1bf1
-
SHA256
4fd167e871391b6593cc83e9b735b8ecbb067afda8fbefdb2f4fd4c91f9d5a9f
-
SHA512
41f96ea1d9421fd653a8e5e60defb5be0001caf687cfbf4bcd7f8242d385fca202888038bce42271d291becca8e1cbe5e142857f87634ceeabbe2832f82a95f2
Malware Config
Extracted
darkcomet
Guest16
127.0.0.1:888
DC_MUTEX-4C8Y0GM
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
JyJGPjcioEiq
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
Processes:
compiter-exe.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Users\\Admin\\Documents\\MSDCSC\\msdcsc.exe" compiter-exe.exe -
Modifies firewall policy service 3 TTPs 3 IoCs
Processes:
msdcsc.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall = "0" msdcsc.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications = "0" msdcsc.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile msdcsc.exe -
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
-
Disables RegEdit via registry modification 1 IoCs
Processes:
msdcsc.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" msdcsc.exe -
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Sets file to hidden 1 TTPs 2 IoCs
Modifies file attributes to stop it showing in Explorer etc.
Processes:
attrib.exeattrib.exepid process 6544 attrib.exe 6436 attrib.exe -
Executes dropped EXE 2 IoCs
Processes:
compiter-exe.exemsdcsc.exepid process 6640 compiter-exe.exe 6180 msdcsc.exe -
Processes:
resource yara_rule C:\Users\Admin\Downloads\compiter-exe.UID6sCcv.exe.part upx C:\Users\Admin\Downloads\compiter-exe.exe upx behavioral1/memory/6640-1114-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6640-1194-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-1232-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-1260-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-1268-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-1288-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-1297-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-1299-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-1309-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-1310-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-1332-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-1374-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-1379-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-1397-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-1433-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-1474-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-1575-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-1600-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-1681-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-1726-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-1754-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-1809-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-1828-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-1830-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-1912-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-3340-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-3403-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-3438-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-3454-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-3463-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-3495-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-3496-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-3497-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-3525-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-3528-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-3561-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-3563-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-3624-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-3625-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-3653-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-3657-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-3683-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-3689-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-3698-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-3720-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-3729-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-3738-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-3739-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-3769-0x0000000000400000-0x00000000004C7000-memory.dmp upx behavioral1/memory/6180-3770-0x0000000000400000-0x00000000004C7000-memory.dmp upx -
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
compiter-exe.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Users\\Admin\\Documents\\MSDCSC\\msdcsc.exe" compiter-exe.exe -
Enumerates processes with tasklist 1 TTPs 1 IoCs
-
Drops file in Windows directory 2 IoCs
Processes:
SystemSettingsAdminFlows.exedescription ioc process File created C:\Windows\rescache\_merged\642584412\1068689436.pri SystemSettingsAdminFlows.exe File created C:\Windows\rescache\_merged\3060194815\1209253612.pri SystemSettingsAdminFlows.exe -
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
Processes:
firefox.exedescription ioc process File created C:\Users\Admin\Downloads\compiter-exe.exe:Zone.Identifier firefox.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 7 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
attrib.execmd.exenotepad.exeattrib.execompiter-exe.exemsdcsc.execmd.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language attrib.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language notepad.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language attrib.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language compiter-exe.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language msdcsc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe -
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
firefox.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe -
Modifies registry class 1 IoCs
Processes:
firefox.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings firefox.exe -
NTFS ADS 2 IoCs
Processes:
compiter-exe.exefirefox.exedescription ioc process File created C:\Users\Admin\Documents\MSDCSC\msdcsc.exe\:Zone.Identifier:$DATA compiter-exe.exe File created C:\Users\Admin\Downloads\compiter-exe.exe:Zone.Identifier firefox.exe -
Opens file in notepad (likely ransom note) 1 IoCs
Processes:
NOTEPAD.EXEpid process 4780 NOTEPAD.EXE -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
msdcsc.exepid process 6180 msdcsc.exe -
Suspicious use of AdjustPrivilegeToken 60 IoCs
Processes:
firefox.exeAUDIODG.EXEcompiter-exe.exemsdcsc.exeSystemSettingsAdminFlows.exetasklist.exedescription pid process Token: SeDebugPrivilege 4724 firefox.exe Token: SeDebugPrivilege 4724 firefox.exe Token: 33 2892 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2892 AUDIODG.EXE Token: SeIncreaseQuotaPrivilege 6640 compiter-exe.exe Token: SeSecurityPrivilege 6640 compiter-exe.exe Token: SeTakeOwnershipPrivilege 6640 compiter-exe.exe Token: SeLoadDriverPrivilege 6640 compiter-exe.exe Token: SeSystemProfilePrivilege 6640 compiter-exe.exe Token: SeSystemtimePrivilege 6640 compiter-exe.exe Token: SeProfSingleProcessPrivilege 6640 compiter-exe.exe Token: SeIncBasePriorityPrivilege 6640 compiter-exe.exe Token: SeCreatePagefilePrivilege 6640 compiter-exe.exe Token: SeBackupPrivilege 6640 compiter-exe.exe Token: SeRestorePrivilege 6640 compiter-exe.exe Token: SeShutdownPrivilege 6640 compiter-exe.exe Token: SeDebugPrivilege 6640 compiter-exe.exe Token: SeSystemEnvironmentPrivilege 6640 compiter-exe.exe Token: SeChangeNotifyPrivilege 6640 compiter-exe.exe Token: SeRemoteShutdownPrivilege 6640 compiter-exe.exe Token: SeUndockPrivilege 6640 compiter-exe.exe Token: SeManageVolumePrivilege 6640 compiter-exe.exe Token: SeImpersonatePrivilege 6640 compiter-exe.exe Token: SeCreateGlobalPrivilege 6640 compiter-exe.exe Token: 33 6640 compiter-exe.exe Token: 34 6640 compiter-exe.exe Token: 35 6640 compiter-exe.exe Token: 36 6640 compiter-exe.exe Token: SeIncreaseQuotaPrivilege 6180 msdcsc.exe Token: SeSecurityPrivilege 6180 msdcsc.exe Token: SeTakeOwnershipPrivilege 6180 msdcsc.exe Token: SeLoadDriverPrivilege 6180 msdcsc.exe Token: SeSystemProfilePrivilege 6180 msdcsc.exe Token: SeSystemtimePrivilege 6180 msdcsc.exe Token: SeProfSingleProcessPrivilege 6180 msdcsc.exe Token: SeIncBasePriorityPrivilege 6180 msdcsc.exe Token: SeCreatePagefilePrivilege 6180 msdcsc.exe Token: SeBackupPrivilege 6180 msdcsc.exe Token: SeRestorePrivilege 6180 msdcsc.exe Token: SeShutdownPrivilege 6180 msdcsc.exe Token: SeDebugPrivilege 6180 msdcsc.exe Token: SeSystemEnvironmentPrivilege 6180 msdcsc.exe Token: SeChangeNotifyPrivilege 6180 msdcsc.exe Token: SeRemoteShutdownPrivilege 6180 msdcsc.exe Token: SeUndockPrivilege 6180 msdcsc.exe Token: SeManageVolumePrivilege 6180 msdcsc.exe Token: SeImpersonatePrivilege 6180 msdcsc.exe Token: SeCreateGlobalPrivilege 6180 msdcsc.exe Token: 33 6180 msdcsc.exe Token: 34 6180 msdcsc.exe Token: 35 6180 msdcsc.exe Token: 36 6180 msdcsc.exe Token: SeSystemtimePrivilege 2828 SystemSettingsAdminFlows.exe Token: SeSystemtimePrivilege 2828 SystemSettingsAdminFlows.exe Token: SeDebugPrivilege 4724 firefox.exe Token: SeDebugPrivilege 4724 firefox.exe Token: SeDebugPrivilege 4724 firefox.exe Token: SeDebugPrivilege 8080 tasklist.exe Token: SeDebugPrivilege 4724 firefox.exe Token: SeDebugPrivilege 4724 firefox.exe -
Suspicious use of FindShellTrayWindow 6 IoCs
Processes:
firefox.exepid process 4724 firefox.exe 4724 firefox.exe 4724 firefox.exe 4724 firefox.exe 4724 firefox.exe 4724 firefox.exe -
Suspicious use of SendNotifyMessage 5 IoCs
Processes:
firefox.exepid process 4724 firefox.exe 4724 firefox.exe 4724 firefox.exe 4724 firefox.exe 4724 firefox.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
firefox.exemsdcsc.exeSystemSettingsAdminFlows.exepid process 4724 firefox.exe 4724 firefox.exe 4724 firefox.exe 4724 firefox.exe 6180 msdcsc.exe 2828 SystemSettingsAdminFlows.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
firefox.exefirefox.exedescription pid process target process PID 192 wrote to memory of 4724 192 firefox.exe firefox.exe PID 192 wrote to memory of 4724 192 firefox.exe firefox.exe PID 192 wrote to memory of 4724 192 firefox.exe firefox.exe PID 192 wrote to memory of 4724 192 firefox.exe firefox.exe PID 192 wrote to memory of 4724 192 firefox.exe firefox.exe PID 192 wrote to memory of 4724 192 firefox.exe firefox.exe PID 192 wrote to memory of 4724 192 firefox.exe firefox.exe PID 192 wrote to memory of 4724 192 firefox.exe firefox.exe PID 192 wrote to memory of 4724 192 firefox.exe firefox.exe PID 192 wrote to memory of 4724 192 firefox.exe firefox.exe PID 192 wrote to memory of 4724 192 firefox.exe firefox.exe PID 4724 wrote to memory of 4316 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 4316 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 1448 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 4396 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 4396 4724 firefox.exe firefox.exe PID 4724 wrote to memory of 4396 4724 firefox.exe firefox.exe -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Views/modifies file attributes 1 TTPs 2 IoCs
Processes:
attrib.exeattrib.exepid process 6544 attrib.exe 6436 attrib.exe
Processes
-
C:\Windows\system32\NOTEPAD.EXEC:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\ftah2.ini1⤵
- Opens file in notepad (likely ransom note)
PID:4780
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:192 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4724 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.0.384087087\1288727050" -parentBuildID 20221007134813 -prefsHandle 1740 -prefMapHandle 1732 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {099b3258-d043-434d-8d58-7c79e2e83076} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 1828 2235f4d8458 gpu3⤵PID:4316
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.1.632074488\2011915710" -parentBuildID 20221007134813 -prefsHandle 2172 -prefMapHandle 2168 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65fa47c8-2832-47f3-983c-f0b51013e9d0} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 2184 223544de758 socket3⤵PID:1448
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.2.2086363052\1768514108" -childID 1 -isForBrowser -prefsHandle 2876 -prefMapHandle 2872 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c000cac-b1d3-4154-92c6-08fd620b6c5a} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 2888 2236369b658 tab3⤵PID:4396
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.3.758631740\1856561325" -childID 2 -isForBrowser -prefsHandle 3408 -prefMapHandle 3392 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5c2532c-ffa0-4a6f-8f6a-0bff84efc20e} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 3460 22361c75158 tab3⤵PID:4176
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.4.303336043\334538388" -childID 3 -isForBrowser -prefsHandle 3932 -prefMapHandle 3928 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b911834-917c-438b-8225-4f94476273f7} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 3924 22364d73058 tab3⤵PID:2132
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.5.765473305\787451003" -childID 4 -isForBrowser -prefsHandle 4916 -prefMapHandle 4912 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0cccb564-fbce-4922-b6ef-437a23e1ee07} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 4836 22365bf8658 tab3⤵PID:4148
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.6.1517676030\526204014" -childID 5 -isForBrowser -prefsHandle 5052 -prefMapHandle 5056 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f858119-2740-4c3b-a215-c8d396d1c7a1} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 4936 22365d40858 tab3⤵PID:4212
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.7.777692790\1154665339" -childID 6 -isForBrowser -prefsHandle 5252 -prefMapHandle 5256 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {94e4f316-dd1e-40f6-8038-a3c1815ecf4d} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 5244 223664bd958 tab3⤵PID:4232
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.8.853241690\1219432804" -childID 7 -isForBrowser -prefsHandle 4916 -prefMapHandle 5728 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c59114ec-a468-4062-8c9c-f16e81f47246} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 5816 223685af658 tab3⤵PID:3008
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.9.1218274131\1664894082" -parentBuildID 20221007134813 -prefsHandle 6116 -prefMapHandle 5900 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {907db794-8600-4da7-b59e-a3f6c1e5431c} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 4060 22362524258 rdd3⤵PID:2800
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.10.125321251\280842303" -childID 8 -isForBrowser -prefsHandle 4456 -prefMapHandle 4464 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc45d306-eaae-4c9e-9051-ac7a5c90457b} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 4504 223674f2f58 tab3⤵PID:2128
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.11.791663523\1933215243" -childID 9 -isForBrowser -prefsHandle 5404 -prefMapHandle 5336 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e57aa84f-056d-406a-a28d-4ee6c69b209c} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 9552 22368eac558 tab3⤵PID:3332
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.12.1939168423\1221411282" -childID 10 -isForBrowser -prefsHandle 9404 -prefMapHandle 9408 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1f2ca61-fae9-4e48-bae8-4be5820965be} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 9512 223675fc158 tab3⤵PID:5176
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.13.582673751\103800954" -childID 11 -isForBrowser -prefsHandle 5804 -prefMapHandle 5800 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0bb50c46-3203-4461-8e7e-ccb0c73c672a} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 5836 223675fca58 tab3⤵PID:5452
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.14.628915855\1240781882" -childID 12 -isForBrowser -prefsHandle 9200 -prefMapHandle 9192 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {660058f5-3ed8-4495-8be6-5059638771c5} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 5916 22368d85858 tab3⤵PID:5460
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.15.855100887\1469006588" -childID 13 -isForBrowser -prefsHandle 9252 -prefMapHandle 9404 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86218135-7f42-4bb9-9336-7924d257bee2} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 9324 22369028658 tab3⤵PID:5468
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.16.1473782237\1256056244" -childID 14 -isForBrowser -prefsHandle 8856 -prefMapHandle 8848 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7f0672f-431e-48b3-abec-de42af1c027c} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 5788 22368d85558 tab3⤵PID:5820
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.17.632196454\413167470" -childID 15 -isForBrowser -prefsHandle 8872 -prefMapHandle 5604 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {50a3dfb0-cb8a-4de5-97fd-95eabc6bba04} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 5828 2236ab4da58 tab3⤵PID:5756
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.18.1703535944\114156375" -childID 16 -isForBrowser -prefsHandle 5604 -prefMapHandle 5612 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {13986b97-b9c7-448f-a947-db6fdf99ed30} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 5720 2236ac04a58 tab3⤵PID:5380
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.19.2107536084\794227174" -childID 17 -isForBrowser -prefsHandle 8452 -prefMapHandle 8448 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {00d28b19-1038-4123-907b-e954b6bfeea2} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 8460 2236acbc558 tab3⤵PID:5388
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.20.1162235535\889735754" -childID 18 -isForBrowser -prefsHandle 8256 -prefMapHandle 8252 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c34acf66-e405-4c5f-8380-e529ddf3f06b} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 8264 2236acbad58 tab3⤵PID:5392
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.21.379425881\828797504" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 7900 -prefMapHandle 7904 -prefsLen 26503 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eeb6b7c3-e07f-4849-bd88-fb535f22cc45} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 7888 2236b46b258 utility3⤵PID:6124
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.22.1493771613\500008606" -childID 19 -isForBrowser -prefsHandle 8212 -prefMapHandle 8220 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1307e916-e771-4797-8069-e97b49b0d59f} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 8256 2236b531558 tab3⤵PID:6088
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.23.566931709\2077692390" -childID 20 -isForBrowser -prefsHandle 7652 -prefMapHandle 7648 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {54d23e3f-ed18-449f-a0bc-c041161f56bc} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 7564 2236b531858 tab3⤵PID:6012
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.24.998174892\1711789170" -childID 21 -isForBrowser -prefsHandle 7760 -prefMapHandle 7660 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9cc76f3c-9f58-4c8f-815e-3bd2165b76fd} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 8252 2236b532d58 tab3⤵PID:6016
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.25.287304780\1836692878" -childID 22 -isForBrowser -prefsHandle 7660 -prefMapHandle 8720 -prefsLen 27190 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {66a9d59f-621e-4586-94f5-9a01c62540d4} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 7324 2236bb62858 tab3⤵PID:7020
-
C:\Users\Admin\Downloads\compiter-exe.exe"C:\Users\Admin\Downloads\compiter-exe.exe"3⤵
- Modifies WinLogon for persistence
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
PID:6640 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k attrib "C:\Users\Admin\Downloads\compiter-exe.exe" +s +h4⤵
- System Location Discovery: System Language Discovery
PID:5156 -
C:\Windows\SysWOW64\attrib.exeattrib "C:\Users\Admin\Downloads\compiter-exe.exe" +s +h5⤵
- Sets file to hidden
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
PID:6436 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k attrib "C:\Users\Admin\Downloads" +s +h4⤵
- System Location Discovery: System Language Discovery
PID:6176 -
C:\Windows\SysWOW64\attrib.exeattrib "C:\Users\Admin\Downloads" +s +h5⤵
- Sets file to hidden
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
PID:6544 -
C:\Users\Admin\Documents\MSDCSC\msdcsc.exe"C:\Users\Admin\Documents\MSDCSC\msdcsc.exe"4⤵
- Modifies firewall policy service
- Disables RegEdit via registry modification
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:6180 -
C:\Windows\SysWOW64\notepad.exenotepad5⤵
- System Location Discovery: System Language Discovery
PID:432 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.26.916545928\2009477405" -childID 23 -isForBrowser -prefsHandle 6636 -prefMapHandle 6676 -prefsLen 27442 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c1ab47f-70db-468d-9f22-65ba96c15d73} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 6628 22360d3e858 tab3⤵PID:6164
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.27.1231457895\797388357" -childID 24 -isForBrowser -prefsHandle 6712 -prefMapHandle 6720 -prefsLen 27442 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5404d1b4-ffe2-40cd-abc8-106e61822756} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 6708 2236420a258 tab3⤵PID:6908
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.28.1118508753\123956514" -childID 25 -isForBrowser -prefsHandle 6116 -prefMapHandle 9356 -prefsLen 27560 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c7a7392-cb93-470b-9f0a-bae60b169318} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 5924 22364209c58 tab3⤵PID:1616
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.29.1214005987\872167259" -childID 26 -isForBrowser -prefsHandle 9220 -prefMapHandle 7064 -prefsLen 27560 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {138b31ca-2855-4d36-baa3-773b3b7eb353} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 7612 223675d0558 tab3⤵PID:1252
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.30.1473033321\1993916465" -childID 27 -isForBrowser -prefsHandle 2820 -prefMapHandle 3204 -prefsLen 27560 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {05723ff3-6d42-4e32-8b32-5e0d460457d1} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 3492 223673ca758 tab3⤵PID:7272
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.31.1790226171\758836168" -childID 28 -isForBrowser -prefsHandle 9992 -prefMapHandle 9996 -prefsLen 27560 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d410dbb2-fbd1-480c-9d19-76e50030ac6a} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 8560 223673cbf58 tab3⤵PID:3500
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.32.1799160752\2004554957" -childID 29 -isForBrowser -prefsHandle 6488 -prefMapHandle 6480 -prefsLen 27569 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb3438c7-648a-4ed0-803d-c37f7ccb54d9} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 5728 223641a9758 tab3⤵PID:5972
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.33.513512162\1220493681" -childID 30 -isForBrowser -prefsHandle 6108 -prefMapHandle 7512 -prefsLen 27873 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {70868df2-e21d-4ae3-9362-f46e58d7f511} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 6232 2236797e358 tab3⤵PID:4488
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.34.913666541\286011698" -childID 31 -isForBrowser -prefsHandle 3080 -prefMapHandle 9980 -prefsLen 27873 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7cf94bf-6c5e-4d38-8735-4bf64c21da94} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 9640 22367448258 tab3⤵PID:6860
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4724.35.861478643\341762033" -childID 32 -isForBrowser -prefsHandle 9236 -prefMapHandle 6164 -prefsLen 27900 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {577a0463-f827-4e94-b4d6-4a7e5e72253f} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" 9912 22367cd5d58 tab3⤵PID:10136
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x1e41⤵
- Suspicious use of AdjustPrivilegeToken
PID:2892
-
C:\Windows\system32\SystemSettingsAdminFlows.exe"C:\Windows\system32\SystemSettingsAdminFlows.exe" SetDateTime1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2828
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /01⤵PID:7316
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:7452
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵PID:7992
-
C:\Windows\system32\tasklist.exetasklist2⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:8080
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD5df3827dee69562c6810fb359fa377ca3
SHA145af9e843d3b9d4572b5a6f8d3e79d581c501a3b
SHA256edff996fa77f6870699d55a73ce70b1e068296f26cbed9c3999bae1fb9ed1153
SHA5120b252b82830a9acafcfefe618461e639238be881b94715955dd7554c9e0a3db360b6178b0a09f85ae152828bf8e13dc883587909f2c500e46290f6ef0de1e0d9
-
Filesize
9KB
MD5b48ce1b958c3db4611074cb41908fae6
SHA134a97cf3ab3fefa11d9967749f348cead48dce1c
SHA256dca37fcbd4f48e15f8e6222b6358e0d6b98d5d599dfeea4a9fd02207d83b82c0
SHA512f08a371fc327ed8d547b311f29acca2e9b608dba7e5b563775e3ea1f1a96248cb90a501158ea3fb2ffa4dcab8e77799cfacf0b75941cc5fef585f58130b87b1a
-
Filesize
10KB
MD587fbfbece403fdcac29603d552afae20
SHA15c36d079ccdf8f279d2d86b619cc0969ff0eaad2
SHA2568a6f40d93113be188fcf6621b79af622091bc0c6a4238b9b6474b7a9eec8edd2
SHA512b0c7ea8de9ae76134d30129fcde71bbaf6b8c2c70bd1827e6417d434fc81ca06d4d44f404c221deaed434d3a9a2a7c78f6ffaee59720f6183b7793e44c78f7cf
-
Filesize
15KB
MD5287617f4447d6fd693c8cd0bcced21c6
SHA13ab8dedce13a300c1f879d7962cae49a4eb86d1a
SHA256a4adecc96c4069a0b094900176441ec53f7f23a67ec9710e973386acc56106d1
SHA51255453e4a7463eb216bb571b4b6e6d367037c93b4981aa1dae4dd70e0d96b41772e3f6c4077af800619e93741e1db0cd7cc5d09eaa18cde589abd1226917d3cd2
-
Filesize
9KB
MD550ba8576aec157b2d0b26aa4f038f45d
SHA12caa429bb0722c4fd9425d406e5b710b325681cc
SHA2561ba84cf5118f32096a9db9763e3906afd7c0a2cbf660f602df451f534edf3bf7
SHA512fdedf66d06839a8702aa254480f13a3c5a37962bd62eefd931aaf1708678c9f525d969652640f554e08a1130ebc6dd13cc792da59cf82486d46aa9e7c2a50702
-
Filesize
9KB
MD5f45ecb433fe5140363f8a28c06bd94a4
SHA1976d76e60a878d8c70caf96696bfe63c4e5744a5
SHA2567c769c5dff98375930f47c703838e0075c9ea1a246940080793b09a4eb0b3ec6
SHA512ad41324da46625e4a01da7f10aa314f1454f4436091fd636843f6355e3c6bfafa291faa2e4b944e40ee40669b939cba690401853fdf628419e65c7201188983e
-
Filesize
9KB
MD53c3856b0411dabb1a286e0f4ec587bb4
SHA1db4cccdf23cfe9b04fa1df1ce346f5211bab2f76
SHA25669c86ca28359e825b56e93b8430401f199925564019133afa732969653f9b75f
SHA5121cfa988cbf5a7d88003b423c429a1a6fcdf402340ca17b06ed11eaf7dea21658527475a68a49e65c3c2db7646bc73e606dd686b060a0d2212c0cbd4d4fc59cf4
-
Filesize
10KB
MD546ebf04d2deb613ebe9a92e0e11bb2c5
SHA1c768a1f4f7232fe3a9aa339cc75bb8ba056ab1e0
SHA2569a67a5f715c10ff15e7f16ca213d8f666591be1eda3878dc9ba5b127de17bd22
SHA5122dee1097af8fa95e8f4b1eb68a7daffa619fdd56e63080b649090c2055928a5ee1f1b3567a03684e350534f1cec5aeb229ebc3f2089c7e4024b32ce165739f3b
-
Filesize
7KB
MD5f6e449b179e39b9834dc73b176e11e31
SHA17226b85b29889991236ced34346045c414f147e5
SHA25659ba13ee34da48a321e8512b97181d36282d73e49738d2d8d4dce93932153ff7
SHA512cd15815a61f66b09441ff95b2796e3e37c947c27195200a19be23a33102fe9334f7d8824315b906edd5bf2691d9122107babff11489887a6058e7345238ea798
-
Filesize
11KB
MD575a92821063d1ed75846e6e494a2ddbb
SHA16b48d020ca73af03fa5a360f3ae39691807f4095
SHA256f51e2b9646f74edf8ce0d6e7843f87265c594045c90c7207fb5d943d0523d764
SHA512cd6fb53fa504f29c0c8e5a49dcd6f97e6e40bc90652e4f05f3bd0406ac8d8eeabe83b56085def9a9967402b981370f762547dc25fb3642f9bea41b91cf68fda3
-
Filesize
8KB
MD5bc7583beef5654ad733af66b3a209d8f
SHA163769abc2adca049ba79620ccead49a448538dd0
SHA256f6518e6c6442e7c09103a6f2ff2e93da9ea363ee554946b49b77643ca0c3e88a
SHA5129af459d8d87c66336a8e1cf51047406b6c49698465c0dbc9eddd2101a46bacafb7438470285b05df0a554098e2390c9044ec7d78e74aa6af874c471617eb3587
-
Filesize
8KB
MD5923f8d575368cc5c7afa451448990ea2
SHA15e0399b2a2ae7731c8e62433f8d6bb113c8587ea
SHA256c66063cc049b144688475f4269727b8448cf2420308089706dd00e0c3befc555
SHA512b5b315f09cdd4c78c8b544ed6121685348964e5c02e19d153d5184708dc515fa621ed8f0840d2870bc04cdb4de37f6e13f716e9cbfe10fe43598faa9cc6b647c
-
Filesize
72KB
MD59d9af0103f4c0f1b5535b1477da00988
SHA18e561773d88c95114b8ccb5a657535e18684b2fd
SHA2560b7d284215aa9667e8e32fb8c91a7824da6377919d15ad8db7a502553d7c8157
SHA51218a829d13fdf338be0c8c0bd982ab281d12410dbd227826b7b3e6402a867f2bfbc76f6d3dc797388a7f5c01a70de953a86148443fa81284af9d895615977e12b
-
Filesize
9KB
MD542cf1718301e7a01b7000fdc0511a818
SHA1838fd32ff5c12a131e086f79f9ed44ac21d34e47
SHA256183246c6e0e304815e0fc3efacc0830a43c043556d48b756b9c92288d11f6e9c
SHA512f3bb759419adae49ed4976420e27dcdf0ed22760d198ce09c0f3a71335fea7aa880997254572ecd529aeb89742fc75b690fabbc51417785855e6f85dbeed181a
-
Filesize
14KB
MD59077115cad6318b6d59738d954984f89
SHA17bffec8f557c8e5a84e49b6ed17b6c983596adb3
SHA25672a5aade597272409cca3443650de83b52f36abf58eaadc44ad34bafb30498f1
SHA512ccf382c881572605659367def714a38b77ea829b159fcd550d247b4435f78e6ce72c1302eea7fca5d4fe7bc70efa07b39343ff487d74c40f19366b26a71ec32a
-
Filesize
13KB
MD52dac8a6321d66a0dfaeecdb6b0eb7523
SHA13b2e9c7e3fd7702791d5664cec7ce51b4425ed8c
SHA256d9eb27e45c3553c1938e3d542780a927334f2dba08539feca8bcc2fae6e9428f
SHA512032853833ebe4c56cc26657392732ffa0e262cbf5553542301cee2d666d0716082bfe6cc155a7a2d81c65df9d4ee129a263a69493ab2b60ef70de134675b511e
-
Filesize
8KB
MD5ea7e29b1c5672cefb9469f2bd6a364c7
SHA1c5df4ae4a5a7d7ee1171df07723e5e2c328db898
SHA256045de930603fd760eae4686cbdb6d54c25e950ae36fd3980c2de17e1ad0d43cf
SHA51216edc8add4c94455a627867760c33c814c4d4490c470a02ea54233053691add3b20bbf2d0a1e570ef2ea2834c595db61b50089f3bffd7f80a64f6ff29afe4889
-
Filesize
31KB
MD5a456eedd58b8456f4e3960f903556765
SHA1b608e031b96d24986cbc2a77065ba7902e5d7a87
SHA25644427a8a4a4b7df28ad7be18815489fe7ac2e33fc03a4a0095aeb2347d65c003
SHA51247fbb89a1e1f4e903415cb9798eb960de0c8116cdb9537722089206ce08ec3b6e7368f613536270ffb228dbaeff90967911a97c1193735043d8c45d35922a916
-
Filesize
8KB
MD504905b3fa805625da831cae94afd56bb
SHA18f71cf53533d587b6861c2e7137fa262d8ad89a6
SHA256271dac918ae18144943af75589e14527a6dd5635a62fdfdddb700bfe1e4571dc
SHA512b5117e0d727f0663834cf3988f6df19c467dba4067329fdb6e6bba7cfd43ac28d7f2743b4360c148dda0ecfc3b156ce6737c783f092f3ef7c47489a63be841b1
-
Filesize
8KB
MD5c13c08ca8ae43500539003f7612a96ab
SHA1a1ba3c5b3d0d2d3eaefb05740c9d431297a5ff21
SHA256485171854724661fa706301ad1479b5704c2e75da7b05e68014879a14c74ef7f
SHA512ed8656e42222a14813e158badf5f07e60d92c02682016c7cc092f61e4cfd7163931d91e8f9c7ceb3325332d1093b4901a520e4cb53cfea49565c1e4f42c16a93
-
Filesize
11KB
MD5ce3fc5c1ed0b8e45f67cdc5e226c24ca
SHA1ad3c8ecb95c7a617f41513656b50dbb2446fa764
SHA2567f9b72e8a4cd387eb2437e84dbee80ac4b531f860f7dbf3f514d22aeba449c66
SHA512b5d52a05ab634e83e242070836827fcbba8c4d506f66c1e92e2f003d8cad1ef42181f87c78cae16e5bf597f7b7d6384b2ff83b1efa140ca1466a55d2f8fe6628
-
Filesize
11KB
MD5cb02d3b9c72056c11a7dada8268f5302
SHA1848d6db6be6151e85e9d068862bb4673f6092e39
SHA2565525fcfdddc54365816ec132157b920d0be5b08f5ca58231a49956bac11af295
SHA5121dd48ca86a5a8001ca605dffd01e4c3b46da7487ae26843d2401c76a6f6a2b22c7e0ada35791be15d06e9a214cdf8b4bdf0a0203a4622d6d2a06375c46c72470
-
Filesize
8KB
MD5885ae8b3567a8157bb14d44ecc172d5a
SHA1ab73c62b78c8c973b77996af4974b2ba2c3477ae
SHA2565a0d5b2e9d455e414a913a49299403dad7d671648f75bcc2b73cee5bce06b295
SHA5126e29228b32670dd36cc776fdcd524b61d87e0f5a87f1b2a38159cb4684397c28b4f62890573d855d02ab45e284d08f4cdf5f1a4a1ed33b95eecb444d0fb04e3f
-
Filesize
10KB
MD5097bb387ae9635df047af98ac81ce86e
SHA1e4a4baa9d36e6e0ff33faef407b80fffb5a20bea
SHA25633ee3d9d281f90bcdcbac3dcd8787c7b81ee7aa3afd65f370b8a754cc6ef57d6
SHA51265c0e5545fab94b21256c8e34c51b04cb90bb32018f1c31031d034d081b68e677ddd41230adaabc86dcae5872062fc7d875690dfcc7607701db8318eba947868
-
Filesize
8KB
MD541d53805362ec50864e7ae5810567fc0
SHA111d681f80929e94fa44fac9b299708b1757e79c8
SHA2562df89e7d627b41dac0ae289c749c86c2b9ade1b33dc72657a935d26038820f90
SHA512b9f1895761fd871233ca34e5f609ddf0d7bbc7839564269e3ca8801c74f0ebf332c922bcfedda498be98252bec2bbf0bbc2fc9e5916d38c24c912929e20e596d
-
Filesize
9KB
MD58a1f3765b9967c64943a61f0ad053149
SHA15ba586c9bd5b3190ee83ab1b3b68cc22653c0e3d
SHA2566548099a678c057e6137d5498e247463c852d3fd774e30282eadb1657fd5edcc
SHA51289202f566229ba009caa17c7e419197934c192010cf140de24bd8572a20218310f3ea83e9d15e74d40f96c6edec51ef37dca5ce9f144fe35bafe1de64df29272
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\08713436ADC02E096F9869AC5D056CEC9B8F4135
Filesize34KB
MD5d1dea0346b548dca0646362b0e86db8d
SHA1d8574d3fc7c969c645b308bbb8533912cb587f7b
SHA256e9e85e91738ba5eb368cdcc8145919804babfbdcd150d5c23152c076523924ad
SHA512f13a54b9487e65e671c95b6836df0c96da725759d2409ebdcd876e8f36c13b8548991b687d17b43d807b4784f99e74bfa7a86a875388bac695162d5b9c667c77
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\1319ABC368F857B1ABA47AFDE8EF69EB1F9057C0
Filesize14KB
MD5d00a5ff82e59e792d8a7fbebd6afbf16
SHA1c9f496bb6875dca7436c8d3749a6c77c41774f27
SHA256ec216b7354e921924a6294bbec0e11a655a2b5cfce7b29a7bfbb133ee2b406ba
SHA5122c41d0ae17402bdee528c737ee61bb69306264348d90988567d3ed3eb5638de3fbe392dbb9a5010961a873f29b17c8a399fc17a2e693e16736f20a5e4ad1d11f
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\147D00250DCA55E5C5D0DF8DE08452FAE49E84AA
Filesize29KB
MD530bd538dbd4d3c6386db2707f07125c9
SHA1ddb2a2dfdc46165b0b9a63ae13fc00cff1acc872
SHA256c15d5ad20bd2ef7b172418a96d0396ee96b74728596686e8ff44c676766ee660
SHA51227045a19faa86b0f28cdb02fad533b9a307dbb3e1f1c67236781cf69b983fc57cc4ada8661f3db88646a2f8a62aced6cfb03d6378bced97c9bd13c703b0bbaea
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\199EA3BAEDB0FCC68E06F3F0F8144E65E55F4426
Filesize24KB
MD5784b730c3342b078d86743de6cc24e8e
SHA1973e82c90f045742813422788a8ca25128fb565e
SHA256c773814a8a5a4eda7d61701314a98d650542a812814ae2bdf862c7a90db0f34e
SHA512ed0d982b486a51efc5878b9805d74ba78dc519d77d607fa454c495c484f18d73c4f13d898d302d4897a2eb306a8fc4ce09affa3145ccb58b6d6e7fbc82067264
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\2622F90B7DFE361347C3245327DE5D3141BC670F
Filesize24KB
MD534a2f3d77e7c2bc40df3c6616237cf89
SHA17d17cd3d22ab05f8082ccff9e96cfe2e8a8b7d7b
SHA256ae1a3957808fdcb87bec11d5e2a35f1e954442721500c5390619d8740f9ab0a3
SHA5122fe9b203fc05da37e7d1f587e0f22ebc56dfd2cdd38a699b0949fc6de0304bfa3cb7a8e7cf24fae4edb9a4bf9b3c522b36dd95965ec1658ca3159e8c7c43ad7b
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\2AB0ED3D72F6842459296C2654AB13217682D975
Filesize100KB
MD55a878c3541fb92fcfcb34e7ec23285af
SHA1a3aa5bbc98dd30312728ecfb6a501437b15fc9f5
SHA25619f5356e2639943ce29862540940c967baae00d903a74b5e5e648d9450f1c205
SHA512e9de6ee6e740cf3c7561507e5970ba4f0873a1f2e8210c91fb653458a9edb62fd7e279ad446468e48fae05ebef487dbc497fcb35aaa42099982f5d16c46fb919
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\31ACEC1D58BA9248D525E953C5804F46CBD370D6
Filesize120KB
MD5195f01394c18b4ec554691a6de9f194f
SHA17f2d2820fc9589ecaea93f864bbae1a4004316ad
SHA2563a7e52aa18e9cc02d7eac41b32a28584d94123e2bcbdbd8f1f7794250997e698
SHA512aca1df1a1c64ce064003c3ab772b67cda4658af83d0c3172ebbc9b3b2ddec38853f5b5648e1dfbef4b30f9dcaab169e0753f6c6fda6834391baed2420e3791ac
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\395AED75AF0D9007FEB643CE13F7434987818A89
Filesize17KB
MD5d29a924527929d62e953810095e0ab24
SHA1073ad232d22f0729ab42b76f5c67a9f072d99b06
SHA256ff248a398ece987fbf6e62bd9443bd377b5c6243fb2ba19fb23c410e86b82ec7
SHA512a7375128d05059a4096b2b4ac378ea9bcbee02f8ab340543e49180c48bcbea8a4a98fa8fd3c01035ade00e2b22468b3ab2309b84ff8471cfe48962b70f9d2c06
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\4F1CF4C62111596B9000DAE6E8983F42F8823111
Filesize35KB
MD538f9b21fd570460ed0220d96126fa802
SHA16305dd2497aaa1e5a252e4225dee0ae547085900
SHA2565482e59bf80be97e6f8341bcb7fa706e8d8ca1a6776c1ba209cc185191ae20d7
SHA5127d68bee5af4c59783487b061e185c5ecc317760daff8f011decc298026242a55d688a464df96b6edc81fd44889790a623b1f7c4300219973bc5822f8a26b7c79
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\513EF9647CC170C0340E85A19567EC546F93C6BA
Filesize85KB
MD567ba1feef6de7121f5d48ecd10621766
SHA17e1df952eb750a28ea7c744767fd3451a02cc922
SHA256e5b0490d3a23cc6d15afe59906461aba21d3e65ae3de341edff7cb147cb5c184
SHA51261dd2af04aa1920868b24fc24b4a9f0bcfc6f736bc078fba6cdb733401620f668d3944b1383a678585600e753cf733d64d1be345923a66bda5e4c97f22d8b2ce
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\54BE58374655C3E89277B3F0A4079B76B81C3F46
Filesize119KB
MD5406f3cd46de3a4db5d5b0b06ced2c537
SHA11d0d0ad8697b11753d0d2ceb320da3ee0c41b31f
SHA256e7371a94cd6c8ed25ddb621e895d08427177c17e5a316edd00ab67174fda3427
SHA512916e56fc6394dfd7a86f59e4fd78a25d4798b83126a9bd76ece852c9bcd42e93ec97b2daef8bd98234ed19ccf5a24b0f116e6241924f43ea25743c97dc32ee46
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\68DEECF308E411870B2ED5B7FB4ED8330A1999DF
Filesize26KB
MD575e8f23c380269997abc333ed0118016
SHA19265e9f97f81705c3994dd6a146ea5c889ecc0eb
SHA2568c3b3460390c3831aaecb549c30cc068103c3ccaa2c456a8cf180d7735ecfa86
SHA512628357ff963c4462df352a1befb3feefb4a8715d8258544397e58c6f987c692a5c6e2c2cb38be47a08c622100c9dca35e397ed4c6ef1dadfec8ae30a187830d4
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\78319ABD4DCA69CF7BDE6B1B9357388F5C982B7C
Filesize86KB
MD5d7d58a6f28456775099207ac2b95e2be
SHA19ffd6ea27a3ec91f18f87c1197e050c8c0fcacff
SHA2566e11933dbb181df1c39cba63161c85f344570a63fb03dee179306d6a3e6895fa
SHA512b45071383ccb5a4ea25243ce62845febaf71877f0f603b62014fa43ced322a830d4e2e18916024ffb000602c5130bf7d27fb1fa81154a86fcc4cc82d556d1b88
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\83818C42966876DA76213DF7CD67475A9F5D172B
Filesize23KB
MD570daade17b8894a19d307231a635832a
SHA1d3a9befbb7901e060dad22beee0ba3b1b11ab99d
SHA256111984375b2f78bbd38f4fe56f864ef5bad92667b87985a91201759ec5987332
SHA512823a5688e3ab934241de11e4dc8e61d33f195556a78a050e54339cdcab3b472527ffa23d48d719bb4b3fa9ca356d05bf93842f6be68100469cf247f0adaec72e
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\89BB40F49E7E00C765F29A69EF816077B2452FE0
Filesize48KB
MD56f0efbdc7629e0021e5fd042d44e5c91
SHA18985ea91c5449d3d252ea2a8f42613db98adb990
SHA256d19966fcff46ec103ca421ddb8a58c07caf1fd87f5eec0e0ee8530979efbd2f4
SHA512b115a343be7002540723a32163e0deee832966cec97b0c359020ba9c22c5417761a07568f1865bcc5f606873237cf4c77b0427927b09dbf1e901e8581f20ca48
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\94C57BE607A7A420BB5B1001A50BF0F2782883EA
Filesize83KB
MD53366abcb59e4e8c38b4b8378e14b1449
SHA1c276430646669f33a17d1a7e3b35d5b770a8f5c9
SHA256d2e108f13104802656e9853794f630f61c7b1e18017ab1affd86c8d61e7334a8
SHA5126aaf95b03ee16b4c3b3c6d1ed2a6afeaec083a45d62d765626ef40e97533d83ca0a85ec64bdbda04877d01d673a2abb340bf77b974feaf99bfe0aeff680195e7
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\B16898CE86D7BE4F60E8482A4AD97AD942B76C66
Filesize139KB
MD525c974b87ed3c02dbbcf9cf6ed62b1f0
SHA1775cf55e30fbca5a80b0ffc80a6c33b0cdf79a31
SHA25603c2bdc8cdbeba32d524ac1ed0542404844149950f1e10351c9af6852b3f4f47
SHA512a7c1a00f4657d95f32ba8771d43b3630599dc4f8d0d5768cfff6ad8ea8b330654131edcdd1d6a5e44f56deffb0c20e99a57337046243cd3b736ac2fd26668d14
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\BDAE003C615AE932078842DEEF77E604CE3CC56E
Filesize29KB
MD5dc8a17361bdc1ccde288faf71cbba761
SHA18263bbc8a88127cf3a376acdf9fd13d1a2f89121
SHA2564d749bb578b8cf0fa167fca5fdc83e83c95e976c638225f0fb8c112df53e6396
SHA512c7c846d438918a0f355ecb33943944566be473750ab1dcd3d3ae3cf6a54b6d4a63a363209df5004562c9199e3c1cdac0983d391b5162edb2fbe641ce2c103bbd
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\C941DBD419649B820658FDCD20C966BAC6540424
Filesize10KB
MD525cb5b7640055bd65affe903d30c4547
SHA1ade0eff34003356f0b22b03e405770e669ef78f8
SHA2561362d4cff006968b887e72a4a1225fbac1aade82823f27fd74bbc36e16614172
SHA5129db94744d810148bff9f70710a57fd45ac90128c21ad9f7dff8f4445b46d14e183e26b2b6c10ab2ceb04f4586c8ac6086bf078b4766730c1c0a8193d5b36ad36
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\CD1037DDC137C9DDF5719727987F48DB950A63DF
Filesize35KB
MD55b4bcc257a9b224998350319390ae68d
SHA1298ce9e229e67da1effa8ee83fd80589417d52f5
SHA2566a87639d485273bedcb63e59057a798687af7d430f3c68fefd596ee320e1422c
SHA5123b5cb1aa78f8d841d13d7bc6faff807636668de5587f01dc2f41c187e80ec5a16dba17103a5702b4f6c60d23b5a820cacc56c6c1ac893714a3033240c4b7627b
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\D0852DAA2C88AF3CEE6AA021E2767B7D4738089F
Filesize44KB
MD52488d9045c11aedcb2a3418db9e4d967
SHA102572283da2797694257f173cf41797963bfaf23
SHA256b04e50c080ea253805e41996e5aca116193d5fcf93c0c5b388a9342c3458781e
SHA5129d72706380641b165a24115cd3ef5d0a24eb4a65f2bf58b2ceef85526c0b959bd71d5459482c122d3eedd638676ea07e07eb8db45c820c9cb7cfe823af778143
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\E0421EDE2603EB97999D970719E1C23168CE2D8F
Filesize16KB
MD59885553ace1309ef3cf11b8eca445b17
SHA17fc983709fd61e603dc4ac1a43350266cbcc47c1
SHA2561e52dcfc1923cd34406efe09264f3a7472eda35d44df3a97e52574605a00d58a
SHA512ae069a9b64f6993385d96c8b09ea6cc61595bdbd937ac7ce78453cd4acb457886a647d4c7aa863ad091866f210af88d9431fe99aa7785ad3f376d7936b9f68ec
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\E8DB77A830E35053BBC08E465672C806C90B4D0E
Filesize38KB
MD5934388ef0527c2afebd3303129afbe09
SHA1bb49b6422d32a384f081fd113a94bf99c86e97c1
SHA2566a56677811b8845807bc35ae56bef1a579de7cc88b3ec5591b8417b11df43d8a
SHA51285572ec740eb432749e86f832374e79b64048d4e0c21c83349c5e5ff2400f45fc80561a3b9ea1ae807735813ffa2e2458006770b313332fd13fd597483d79c48
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\EDA34B5270C592C18984B2A3EF601B71AC2CCCED
Filesize204KB
MD5b601d6336c66bf838d5dba7e88996979
SHA143f3ed5f9cfa3d16cf4d9a2399d988568d85a6e1
SHA256d200cb4ffbbb7929e0ef5ee6bc3ed034c33f4384bfbd35bb4220601f457c1258
SHA512dfd15b9a5cb19e1b75f16f1e0446283a00a974e8030b859b3cf8655d613f7d9b288003002dbb9207781cc90c21a4be73e936882b3cd7794b8d28ff3dfc106bce
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\F570A4D66063D54B51865667B82FC4AE65733E89
Filesize56KB
MD5dd430305267a91f67056b512b75c2320
SHA160a73ca5440e6a1f1c613d29f1026e4d49f5573b
SHA25659ed4d6ce3159055b1ddefa85b8382f2f3335a5f9c8474f0678a4e6e1a79958b
SHA5127f8abd7461fe0de742dde9e4ddd47af84a34b404501a75971015ab334c20e28e62899f9ea54965da18d3436524a21cd12fb708cbc636c95703c118c3d863329a
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\F75D5F8BDD87C317868E1FF4D44D0FB45407DE06
Filesize33KB
MD5d28b523a39f337dd409eac03a7fbdde4
SHA1cecbebc0c65a1ed307ab9c3acf4e29bc922f99af
SHA2563bd812bbf75d15390937ea7d1a002b2d1f4e9a1002c7d1feb4bad83516fd57e1
SHA51212c27e4968ced19470c70669385e59b7c465b10c67b4bd69a8b29eb843136b5fa1a499dca34ba74728fe6378a0d16da9b924f3672c528887c9ee1b67d432e4a2
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\F99ABE0BC8DDB023B60DC1797DE2F080BEB11A59
Filesize138KB
MD5c5a485c12f84b38d08a23a8f3f540dbb
SHA1039855c9fdb8568dfe344a738e568a16cd1cbe8c
SHA25640df58dff38f4bff554cc92a63c7af96850fbe7c44bc92e8d96c9029ca124dd7
SHA512e362acb906102f2ddddc77b2a3a1a4def0dbfe5b15a73b17cdb6587c66beb9c11b72b2f3178813107a201f88881383718bb6f89e1fe398e20ffb5ff2b04c4e22
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\jumpListCache\bdS8LNp2kI5xeMY4yFb8Kg==.ico
Filesize421B
MD5dbf33c11fb236301c1e4f5504d838ab0
SHA13fa9186c776b2dfaf9684a50ae0dc97844e9e6a8
SHA256eb75229a7f4bf75f34ce782151850e309cc4e71113bc09925c2dc1d1ba4e7d01
SHA512ad1d6fec2c9b29007b3e4011d75c38997bd7d326ad091b3199ee95241a9d58159e82b9d36a45ea61faed9731d22b4ad5b2310e3b44cd8e0d66394795324d49c9
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
8.0MB
MD5a01c5ecd6108350ae23d2cddf0e77c17
SHA1c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\UB11CH4G55MFGPDF5OM3.temp
Filesize17KB
MD50559be79c535fbf3c3ae99502da79cf5
SHA1b20bcc4035d5346f08e9fd77f10f66e8ba83217a
SHA25694de432fcff5e56a215eb88346b5f5f7d7dbe96a56d183a01569f73bcc19efca
SHA51269fea1876b08ac612f9a17c67dd12218df31d0e00bde3f4ecfa7e8e2ff3957f6077ddfc133859e408b6e389da0df75ef7dbaf25885848797ae1e9a02a34b7c50
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\SiteSecurityServiceState.txt
Filesize372B
MD53ef9526112089c9dbc9cee39f5c56f73
SHA1dc6206c0027235f6ebbfaa5479b25ac7d612bb97
SHA2567caf6ee2f45446e5ebab45e5f311979742fa017819da69a01cec8552d550fa18
SHA512a236fc2908ea787472f3bc8644d0c74448a501347d0763cd41d79a6f5b95382f29ca99767cfa2148be32edd772f21ca730af2929a71848c82e480acbfe8f2ff3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\bookmarkbackups\bookmarks-2024-08-03_11_MaaMR8mhAQTbCgvsLumwIQ==.jsonlz4
Filesize945B
MD5838d93fe7f64f4f752cc6aa88379ef54
SHA155f0a2bd40fd96e3a319f886a58891fd9d416c0b
SHA2561b13e0ebb1dab164edd26588e55ea99c9909f18c56c9a3478937d96719d9a54d
SHA5128a4fddabc8792bc2fdc4868e1873f415614c3dc08bbb50272b64fbab124b4516ab0e3be04f31cfb8e02e7b653bff231053208d1638dcf0372439dcec71d33f00
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\broadcast-listeners.json
Filesize204B
MD572c95709e1a3b27919e13d28bbe8e8a2
SHA100892decbee63d627057730bfc0c6a4f13099ee4
SHA2569cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa
SHA512613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\db\data.safe.bin
Filesize2KB
MD5c6dcb6cee1f7b937c26e6ca950645547
SHA1eb3f329c48771d4de3fb700b5822ac566af481de
SHA256f174f548272bf2383ec8d9c3a05e64b0df748f0784702a601b910990a1a411cd
SHA5125548312d1d847e4a8de9da5dc0a3fc671b89fe6652a1193c996ddfbe8e8d2613050b33d4532517e19f16f9131448e602819925471b39c5e81f8f39bc7f776618
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\31d68aa3-7ad3-4c19-9fbc-a1bbce681ee4
Filesize746B
MD514727e3c4d88c1dbbef5a26508d97b62
SHA1ed85ab1e1a4f32ba3f001bdc05bd1aa5fe9553f9
SHA2561a1f8091d7cdd456ea72ea2a4ad6699b832d531a902cf1cdf8d9b042a7c60a7f
SHA5129a2ede2fe2e97e52b30f9f400e1e6e5c7286780245a960694f874ab401d7e9637a6f96812d170674c94cb18d098748416ef6b76fd6387465fa2c3dbce6c62a5e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\87b997f5-eaf0-4aac-a933-4e60e4c788cd
Filesize10KB
MD510d6518a75f8705d509a0c82a595bdfc
SHA1b29500d527ccc7a4ee75eea1df15af513002dd65
SHA256486c813738cc2ced9aa34dc687d34baeff10f078fc3f0216b9694fed127591e5
SHA512aa3d257d54e0acbc8a0fde4a28a468bf5810ee197f997603e8167515083e537433e85d4b2fb791d528bbd4fc0a58aa8ccb56f3ebdb4beafc028e6aa5078c09ee
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize11.8MB
MD533bf7b0439480effb9fb212efce87b13
SHA1cee50f2745edc6dc291887b6075ca64d716f495a
SHA2568ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
6KB
MD511b73194d104f760569a8597fd1860e1
SHA1280f8761d001d75c71ac0b692d782c2551bcf3fd
SHA2568996879d5700815bcd42561a780efdd37cff1b1d5102fa09f063f55d09857540
SHA512a4576b607b88a4c8a219e8c02e5ba0a96baf02d19929df59209bb8974a3c607e9b007f80a95a4e3ecc0d06c9957a1d2de70c25816c0746e5dc101b6bf9151c1c
-
Filesize
7KB
MD55d962ad3ba35ad85bc1ae2f08930e6a3
SHA1947e5ac36ed926f4b8894d6c4f0216d24c472e1d
SHA25637788b46110fd9368d042eb2df3b32ae2463fabde576ed182a22d7e9258e014d
SHA512f98fe648666dc33736225cb2d06a98109124384a03655d30ecf23b8082c2e5b38107c82ab163061a9e2cf81e878ad0d98deb35b969beb1d51301f54630e27cd8
-
Filesize
6KB
MD5220e18392d20f5a0a34b69079d05e3ce
SHA10af648b0a3ed4d931bd9d595fe22d3f1f2dd902d
SHA2567b3fcd48b5682a48718b4dce8453e5cf6d51b11336861ddd5a6a0f10e62d1526
SHA5128fc3cf9cb72a6f204f35563f19dcbe3973ece7e76d7c43cac69462d1aa95971bc7e350a2839183a3210288ced6d06b3de31623d9a3d7d3778ab4f8e135412ae6
-
Filesize
7KB
MD5739ba1f9b13f0147d4ea444885909a86
SHA1c74afa45a8dd37c00d3694c964784a2580f74de5
SHA256631445a0d12d2ace8f2cf3ec25e7f8ac8b91c51a0e8f1c3825be92316472ddcb
SHA5120b241c8566fc5b831b063f5c0a553a5a7a8181643439a3fdfffc25cd84855c8ffbe3f41a777926ae0b01fad9f3639c6c063e5b924f75d5f61fa3f175eabc286a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionCheckpoints.json
Filesize90B
MD5c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA15942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA25600ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA51271ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
Filesize3KB
MD50a311cfae206496dd942ca903d71bc2a
SHA1039cc4910314bfc44ba1f35f110730420a44b894
SHA2563fd4f5594a8312647dc088270fc646b11996ad4b6949a0cc488195ffaeb30d2d
SHA51270bca351da761b6c09100a504943fb9e1d7ee7f66db397c8a87624465ecf6935bf8ac2ea412a6b76f9a51e419c59473b0f571c8cae7b80a771e4b8396e4c834f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
Filesize1KB
MD5610b003ae4158e2ce60ef8ac90853953
SHA1ab0d2145ec6ef67424667ebbb0d11db07f2f2712
SHA2564f6f3b503d6edeb879e6fb06818ae0150ece90c28cfc3505362f9f8effa48947
SHA5125557ee891d7547432c4292d92c5f4abe9eb03d5d11a7c139303ac3916b73ec5bd9e1472aada34d30ef5997db6e66f702c35999d98f315d4e6553c3d5930a50c7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
Filesize3KB
MD5fc255daeaeca834fc136e9f69ddd4bbd
SHA1b8b93c9e73a75c926e9c16ec0ecdbaaefd1ca311
SHA256c056803d0c660438d920a05a3c68c0edc4ab06a199de740828669ea1c3dbfa2a
SHA512b5bad35998f4ac6d33669ff1a98bc703ae66dc0fa5bc30d3e8f9480db54eb1e7e9654412f3cc8d404deeac6645073ff4c32a5c8fdd2306a80a549900c33c4a9b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
Filesize3KB
MD5ed003e68cb92fbca5e727899d9f7f446
SHA1d686786ec6566e169c4911d249c076fcb1b80140
SHA2563b4d434ba26cbb9872223e4a8507293d5d9356923ec1dde5d6c038bc6ddb8c66
SHA5124acae14cdafa003a1ca8195c75f5a54523d7e93bb78ee9e2f9d62c5c879eef56f9ce5f2bb8f13db04057919de79c30b0233e4af6b9c833e77cd61a40c1e08619
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
Filesize3KB
MD59fdad87c4dbeb5efe5b36aa85955ed50
SHA15688b745bd408aaf77016aa8bbf175d41be22609
SHA256e185f132e095cfcdeced6cfa141a08ed5e527a139d0fa47ce6fa2bd1be82ca87
SHA51263865d5f3a7bfc6436068cc7e2241fc290d8be045ab8bca1c2c21a854b774ddfb41e061c1cbe30f4963ad9abf7ac6fc40734d1e62359be92219d772ff4f4e00b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
Filesize3KB
MD5639e2a43f1be34abea4ecec78138feb7
SHA10f071c64f0cc4f9ccc8bf59432cad46bcdce1d6a
SHA256ff9818f5773d81ce0c11081dd7847992c329d2ebf708cc029249266b21308978
SHA51244c8217a0959c152c4f78c976c59dca6e2f05846bc7d784079d8f9b33975018853174d2102cb1dcb85cecd4d1fa96dc32ab4069fc45a69f3a23c04cac5b9f0af
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
Filesize2KB
MD5d944c73694045766e0148b2986613965
SHA1d68600700a0e0a36f135a68b0a8aa427b9682b28
SHA25615ad24060ca4c14739847cfc23a65077271e77881a2246b1009f2676463bd79a
SHA512b92c823ad10fd6ed48e801a48e5cb281eae85162b5a91746572bd54104726c1599bc2b3e5b6edc9db307fa9f81937caf121fac417308deac45d08515030f759d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
Filesize3KB
MD5f9c0a089ec2da940438f2a7e722959f2
SHA1ce720f9de2f85c0189879feb8492441a34e648e6
SHA256e9ac4fe10f0031709ee98f052ff5a04fbba85ad6e83945a84995f9f141138d85
SHA512cdb9a784e52168509fa6376aa2e30d22c6c4ed6a5dfa451adfcc4389249b05ead0c5cab039c8acbc0944f86b7f384d19fd9ab458decdce22251a6bc501f258d1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
Filesize3KB
MD5a631b40a8c92be4500fa0e4371c08fc2
SHA1c080409ebe5a9928aaa6b9b2e373c38b6f81a8cd
SHA2565ef3ce14bdc45adf252911adbc11fa296d7cce6e7ec98453a0fbe8e237c4a86f
SHA512891acedd765e8efb15ae26f43bbd02d0f13d0435dc5d4007dd37471014850de7f28010fce395fd70b044bc7d55f7b1894b811e85da96b71cdbf2c0c5f03646d0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
Filesize3KB
MD5de05e0e8dd137a1ac2a44f5fd28cd95b
SHA14e9fb53754f9c19c9fd53d3c782f7a256d619770
SHA25645cd3167c12fc532cfcb9a5104654d2fb14efb142c19b9ba8cec48aafb9856d2
SHA51202b84dd8582bbbb748f60b2054601f06df9c18c02747bb1473601a1667ebb59c7147c33e9cd2a52fff65d677e519e660dc9021c816aeb14f43c32475f01871a1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
Filesize3KB
MD58f0ad9c7d89a924a9e055a52daa79e39
SHA103ac039ad0e8468a1a1f0eaee93a8f75ae912b31
SHA2568908e9cdf327d4cdfac1f1dd5f342a6d19f47f4ccccb4a947ac161137f684bee
SHA512ea98e33a830603340cc840f626894549367c38a1d55f0b75b490a235335172362b0926cc4d13f0fcbb9ef66b4cd6e6807a9c4cda34718b9fa25fa23b600d4092
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
Filesize3KB
MD54ff7696209e06752ead595d1ed17212c
SHA1a5f3c6199e94e52c425a1e67be9edb2fede31d7f
SHA256b3d2691a1ff5b40c2d4230c0f7d4dd414b46697fcd7cfdaff6d5066d944ea146
SHA512fc9b88e3c7f9d2900f656fc426c593b6d507939bb78dd2571a2bf3ad42ff869a58b5deb79d102572cc24ef1070d587a00c8cc40e2020024e5280245d867b67c7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
Filesize3KB
MD5447b36c88665bc5eaf18a3005ac86d79
SHA1aff6a9032d02446cdcd2a11c48c76cd9c0050c3f
SHA256371adf035d93250e899a79c16d7ad9cdc3fd9e5ca1404755645ee63e610739d8
SHA512987e50e38cbb11085faf15895a962645ce131ff4799d602d3df2e26eef9589cb0b2f33d7b26938edabfe8bba594a9550f1822e5aa3bc1108df2e0f9b61da5485
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
Filesize3KB
MD53d5850de86641de2d9f2cbe803b2c0e9
SHA13ca4c66e426dd941af9bacd2f8f623746e1b9fb0
SHA256ae400a57d231310785418272cc0259232284f864336147038b908c3a9339e9a8
SHA51240a4856cfc7174cb67f48e5dc77968c8fe4fb0594609c310d694ddd834f24b0fb57556c29ec6402a387821d4d25c0b3976cccaaee3d45229f6db9db8e74d15a3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
Filesize3KB
MD5256232fa0fcd2848461fcf8585b2d317
SHA1f431c6a0b2db0edc148a2bb197bff6d6268e9854
SHA256e9691bfef566bbfb4e83015557e0994e620cc069f5ed187ff2a40cd6f3e0390a
SHA512653e9abae7066526e5eb3ff020647fa70de9dc1157a02485b56fe26ffd77095db381bacf13ad0da993af294c0b216259611b789cd39192ccfd0d6ddb434103be
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\default\https+++gamejolt.com\idb\2926346687feisraebbaatsaed--hte.sqlite
Filesize48KB
MD5085a09954ca7b28d2016ab8ab33c1533
SHA16c3c8ce91526e7ad09b26393d57df4258a5b00f7
SHA2563a0093df12035be90258744d3283538f621a4beca2e59ce24cefc1729cf454f0
SHA512dbec3a0bfe6f8d5f04bf9e4387b437fb51c7f2a2ca23502ee28fc55ba438c87a19359563df1a399c2dc178aab1e36852d3c31e0ee3920e05ec057ec7c92d5534
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize200KB
MD5d21e537884089a660950308bd90acde3
SHA125ecd45c5ec105b8079d6ace9b7027184419e238
SHA256b497c3546087a681bbb2766029f1c18ec89040229147eb2f58883c6419a298dc
SHA51282c0a4fd33dc17de5308127e0293cc6e69c2d139e14ed1bb90655d08ec6e5eeac3e212f13874980281757ae7b71482991a84a31115704d415b0243ccf76a99f3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize184KB
MD5731c0e733fe1e3123d366af7c8e578ae
SHA19756304ea773dd9cd96e5996dc79de2ed6a9ae9c
SHA2568f426b4be5e3440fa14d37480f018b7dc3d1a547b0e91c2fbfc6e31d9054a359
SHA512d29e0f2356a3226f64692b390c122d4d70f09f677d9f5d086f2babaeba6574d670171edb24ff52f928871ec489680f57910e21fac1ca8ec08783a07d21b1f427
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\targeting.snapshot.json
Filesize3KB
MD55886280eeb2f3f3a1fb534c84ef0306c
SHA12ce99db21d42d3bafe256aed24e375c0b5939ba9
SHA2565b48ce69e8e1d479dbc3825b0e92c75d64db86fc3de7a43235a5a6b1ebf72503
SHA5127e094715c7b9bed266576c27b69bf001598045b8c824a1d65637194a9c05dd574986c08fb2cce5efc2ebb1b22db45bca5600301e3077ddedf2f121c479e2794e
-
Filesize
141B
MD51995825c748914809df775643764920f
SHA155c55d77bb712d2d831996344f0a1b3e0b7ff98a
SHA25687835b1bd7d0934f997ef51c977349809551d47e32c3c9224899359ae0fce776
SHA512c311970610d836550a07feb47bd0774fd728130d0660cbada2d2d68f2fcfbe84e85404d7f5b8ab0f71a6c947561dcffa95df2782a712f4dcb7230ea8ba01c34c
-
Filesize
239B
MD5206a1c650edea2de7edf8049be278519
SHA11528de24600ca66bb51bdbf71a6acf90f8d3ef72
SHA25690cf66e0982fb8dda3b9acc5c74f7633312aa100e69d8a153b61359b043246fa
SHA512c3b24bf9ff87cb55b02dd11eada35393b2c439c8f82693946a90eef3976e70afcb920cb7c14de11437724ce44ade9d1ed6e55c818af89b48c9f5d3b19190845d
-
Filesize
32KB
MD5e9c8848028c188e9e602e7d9002f22e6
SHA13e53639113beaac7e08722188d98adff133d44c1
SHA2564f05111a04f812c91a6481dfe208c5b70b3de14fdb5169de6898bfd7299c32ac
SHA512603e2e84025fbff3373faffae56138bddd50dcc341c2689349f23ddcbe2a0da6f95492d261c5af0500f31d9134535c41ac7492362d4f35be87e71c2f3e767bb0
-
Filesize
283KB
MD5e8ddbbe06fb29005464ea482d68590fd
SHA1077e2fa722313f15ae901925d6b1b37e0049998f
SHA256938ae1280c5907fc20b9b04d2028615b7dfdccafbb9cc9a4cc3a319bd19a0bca
SHA512cc0f12cf1600898cadd8479a3aae41bb9b10e036181bbf39460fad6cc0a21dd1b2620208fb205d675d14ef8a8cc7cea564dcaca57f4764db44e89e045459c5df