5c7d774313e58e4e3b93d7860126e9df834ead52e03c696a42c398d6ddd6a039

Analysis

max time kernel
265s
max time network
270s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10/08/2024, 11:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

FabFilter_KeyGen.exe
Size

595KB
MD5

4be8f03c51f006a7ca3542e571acb6bb
SHA1

a39d638e5e075f9f44bf0b434ab3a6f5ad53652c
SHA256

5c7d774313e58e4e3b93d7860126e9df834ead52e03c696a42c398d6ddd6a039
SHA512

967870c9eff8bc06233a8abdbd45f65e913f2fe040519dd2a3d3f2b8f867641bade0d1ac9ad1297c9d182067bb9d67634fbe837482f98819fafa872fec257f88
SSDEEP

12288:XYkc9t2Sll/d7jwkELre7lHzVYC3FtQjtyHw2evVF7v:XYkcL5Zkxe79S4taOw2ev37v

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
5072	keygen.exe

Loads dropped DLL 3 IoCs

pid	Process
5072	keygen.exe
5072	keygen.exe
5072	keygen.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
141	pastebin.com
143	pastebin.com
138	pastebin.com
140	pastebin.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FabFilter_KeyGen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	keygen.exe

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	firefox.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3608	NOTEPAD.EXE

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	2552	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2552	AUDIODG.EXE
Token: SeDebugPrivilege	4952	firefox.exe
Token: SeDebugPrivilege	4952	firefox.exe

Suspicious use of FindShellTrayWindow 22 IoCs

pid	Process
5072	keygen.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4952	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5024 wrote to memory of 5072	5024	FabFilter_KeyGen.exe	92
PID 5024 wrote to memory of 5072	5024	FabFilter_KeyGen.exe	92
PID 5024 wrote to memory of 5072	5024	FabFilter_KeyGen.exe	92
PID 4908 wrote to memory of 4952	4908	firefox.exe	126
PID 4908 wrote to memory of 4952	4908	firefox.exe	126
PID 4908 wrote to memory of 4952	4908	firefox.exe	126
PID 4908 wrote to memory of 4952	4908	firefox.exe	126
PID 4908 wrote to memory of 4952	4908	firefox.exe	126
PID 4908 wrote to memory of 4952	4908	firefox.exe	126
PID 4908 wrote to memory of 4952	4908	firefox.exe	126
PID 4908 wrote to memory of 4952	4908	firefox.exe	126
PID 4908 wrote to memory of 4952	4908	firefox.exe	126
PID 4908 wrote to memory of 4952	4908	firefox.exe	126
PID 4908 wrote to memory of 4952	4908	firefox.exe	126
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2616	4952	firefox.exe	127
PID 4952 wrote to memory of 2708	4952	firefox.exe	128
PID 4952 wrote to memory of 2708	4952	firefox.exe	128
PID 4952 wrote to memory of 2708	4952	firefox.exe	128
PID 4952 wrote to memory of 2708	4952	firefox.exe	128
PID 4952 wrote to memory of 2708	4952	firefox.exe	128

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\FabFilter_KeyGen.exe
"C:\Users\Admin\AppData\Local\Temp\FabFilter_KeyGen.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5024
- C:\Users\Admin\AppData\Local\Temp\keygen.exe
  C:\Users\Admin\AppData\Local\Temp\keygen.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  PID:5072

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x150 0x4ac
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4324,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=4332 /prefetch:8
1⤵
PID:1660

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\lc.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:3608

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4908
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4952
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2016 -parentBuildID 20240401114208 -prefsHandle 1932 -prefMapHandle 1920 -prefsLen 23602 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7dfcb72-8c63-4fcc-b24b-049a687e79bc} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" gpu
    3⤵
    PID:2616
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2428 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 23638 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {749c7f51-3934-4f63-b3de-0ef94bf691eb} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" socket
    3⤵
    - Checks processor information in registry
    PID:2708
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3192 -childID 1 -isForBrowser -prefsHandle 1576 -prefMapHandle 3112 -prefsLen 23779 -prefMapSize 244628 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b2001ad-5ab7-4eda-8be2-cd6b37dc4fc6} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" tab
    3⤵
    PID:3588
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4296 -childID 2 -isForBrowser -prefsHandle 4288 -prefMapHandle 4284 -prefsLen 29012 -prefMapSize 244628 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6638c8a-f354-4a9d-8c3c-dd76c64a958f} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" tab
    3⤵
    PID:1344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4880 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4872 -prefMapHandle 4868 -prefsLen 29012 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc20fafc-8245-4f4c-811b-fd1e425d2104} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" utility
    3⤵
    - Checks processor information in registry
    PID:5476
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5240 -childID 3 -isForBrowser -prefsHandle 5232 -prefMapHandle 5220 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {064a74db-39bc-4274-a58e-dbc7b01afc6c} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" tab
    3⤵
    PID:5760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5396 -childID 4 -isForBrowser -prefsHandle 5404 -prefMapHandle 5412 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8acfd654-7bb6-4b50-9a7b-fac42a3d828e} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" tab
    3⤵
    PID:5772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5380 -childID 5 -isForBrowser -prefsHandle 5600 -prefMapHandle 5608 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd1027c3-f1ab-46cd-8ff8-2bc8be226f22} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" tab
    3⤵
    PID:5784
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6004 -childID 6 -isForBrowser -prefsHandle 6044 -prefMapHandle 4524 -prefsLen 27132 -prefMapSize 244628 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64b35331-cb97-45fe-ab89-18429465903d} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" tab
    3⤵
    PID:2720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6312 -parentBuildID 20240401114208 -prefsHandle 6316 -prefMapHandle 6412 -prefsLen 29278 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7be7f0a8-d318-41d7-aaee-739879d05ef3} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" rdd
    3⤵
    PID:5376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6080 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6924 -prefMapHandle 6648 -prefsLen 29278 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ed261a9-559b-43cb-b13e-6a599c577e81} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" utility
    3⤵
    - Checks processor information in registry
    PID:2504
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6920 -childID 7 -isForBrowser -prefsHandle 2972 -prefMapHandle 2732 -prefsLen 27132 -prefMapSize 244628 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {13712abc-97fa-4ddd-bf9e-a240549c47b0} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" tab
    3⤵
    PID:5260
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7104 -childID 8 -isForBrowser -prefsHandle 6924 -prefMapHandle 7000 -prefsLen 27132 -prefMapSize 244628 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f310f22b-759e-4d03-bda8-b6c7f04e237d} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" tab
    3⤵
    PID:5384
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7208 -childID 9 -isForBrowser -prefsHandle 7228 -prefMapHandle 7216 -prefsLen 27132 -prefMapSize 244628 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9166504e-9cfe-4d3c-a721-310cb721aa2f} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" tab
    3⤵
    PID:5460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3704 -childID 10 -isForBrowser -prefsHandle 7088 -prefMapHandle 5416 -prefsLen 27132 -prefMapSize 244628 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df40fa06-3509-4d9c-9218-89863e2eb632} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" tab
    3⤵
    PID:5292
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7060 -childID 11 -isForBrowser -prefsHandle 4580 -prefMapHandle 7804 -prefsLen 27132 -prefMapSize 244628 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b590c946-3e64-41dc-89c1-73ec552cf3bf} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" tab
    3⤵
    PID:5316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7772 -childID 12 -isForBrowser -prefsHandle 4540 -prefMapHandle 4536 -prefsLen 27132 -prefMapSize 244628 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df836528-9582-4e81-923c-1e98330a68e2} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" tab
    3⤵
    PID:5428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5416 -childID 13 -isForBrowser -prefsHandle 7760 -prefMapHandle 7764 -prefsLen 27132 -prefMapSize 244628 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c99667b-49b5-4ea8-ab99-052cd6629a6e} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" tab
    3⤵
    PID:5336
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8404 -childID 14 -isForBrowser -prefsHandle 8424 -prefMapHandle 8420 -prefsLen 27132 -prefMapSize 244628 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {778187a7-73ee-4706-9120-e18cb6407d79} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" tab
    3⤵
    PID:6052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8452 -childID 15 -isForBrowser -prefsHandle 8460 -prefMapHandle 8456 -prefsLen 27132 -prefMapSize 244628 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dabd8c0a-9efd-46a6-bb0d-544e92d04e3a} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" tab
    3⤵
    PID:5356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8272 -childID 16 -isForBrowser -prefsHandle 8264 -prefMapHandle 8292 -prefsLen 27132 -prefMapSize 244628 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1adef40-4b17-49b1-a429-d6352d297712} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" tab
    3⤵
    PID:5212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8864 -childID 17 -isForBrowser -prefsHandle 8896 -prefMapHandle 8892 -prefsLen 27132 -prefMapSize 244628 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {062f86da-1fca-4078-90ca-0faaac074771} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" tab
    3⤵
    PID:6232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7516 -childID 18 -isForBrowser -prefsHandle 9108 -prefMapHandle 6908 -prefsLen 27132 -prefMapSize 244628 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e329791-6f1a-426c-89fe-c441feb6b921} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" tab
    3⤵
    PID:6748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6992 -childID 19 -isForBrowser -prefsHandle 9092 -prefMapHandle 9096 -prefsLen 27132 -prefMapSize 244628 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2322d68c-5009-42bf-9f45-02930368c7bd} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" tab
    3⤵
    PID:6756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6980 -childID 20 -isForBrowser -prefsHandle 9080 -prefMapHandle 9084 -prefsLen 27132 -prefMapSize 244628 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e64a236e-584d-4d4e-9fd9-cd5f99b9f913} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" tab
    3⤵
    PID:6764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7420 -childID 21 -isForBrowser -prefsHandle 7480 -prefMapHandle 4260 -prefsLen 27698 -prefMapSize 244628 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3476e767-1b41-4ee8-8e78-d018bf24b40f} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" tab
    3⤵
    PID:5964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8436 -childID 22 -isForBrowser -prefsHandle 8160 -prefMapHandle 8372 -prefsLen 27698 -prefMapSize 244628 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {390e632b-0a44-46a2-8d47-351aa1fa901e} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" tab
    3⤵
    PID:6932
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8116 -childID 23 -isForBrowser -prefsHandle 8108 -prefMapHandle 8120 -prefsLen 27698 -prefMapSize 244628 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1ba8ce3-f769-48db-bc43-c7854f90eb2f} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" tab
    3⤵
    PID:5520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8220 -childID 24 -isForBrowser -prefsHandle 2976 -prefMapHandle 8980 -prefsLen 27698 -prefMapSize 244628 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10b6370d-5653-44f1-9150-2cb7c3d29b9e} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" tab
    3⤵
    PID:6512
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8680 -childID 25 -isForBrowser -prefsHandle 5732 -prefMapHandle 5716 -prefsLen 27698 -prefMapSize 244628 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58530677-46c0-44a0-af46-26f1498e4555} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" tab
    3⤵
    PID:1432
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8288 -childID 26 -isForBrowser -prefsHandle 8244 -prefMapHandle 7288 -prefsLen 27919 -prefMapSize 244628 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ebc653d-e91b-4af8-8b39-786de0982435} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" tab
    3⤵
    PID:6204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8916 -childID 27 -isForBrowser -prefsHandle 7844 -prefMapHandle 7840 -prefsLen 27919 -prefMapSize 244628 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ed277e4-746b-4be8-8c26-e4563dc33825} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" tab
    3⤵
    PID:6536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5576 -childID 28 -isForBrowser -prefsHandle 7232 -prefMapHandle 6924 -prefsLen 27919 -prefMapSize 244628 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eca02ff4-6d20-4b90-83ea-1953c54bf013} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" tab
    3⤵
    PID:6552
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7232 -childID 29 -isForBrowser -prefsHandle 8812 -prefMapHandle 8796 -prefsLen 27919 -prefMapSize 244628 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25d024c8-e3b0-49b1-b8fa-30d13363fc0a} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" tab
    3⤵
    PID:4564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8588 -childID 30 -isForBrowser -prefsHandle 8252 -prefMapHandle 9060 -prefsLen 27919 -prefMapSize 244628 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb4d91c2-1cae-4a60-abe8-9260991d67af} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" tab
    3⤵
    PID:5204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8556 -childID 31 -isForBrowser -prefsHandle 8484 -prefMapHandle 2732 -prefsLen 27919 -prefMapSize 244628 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2db90bed-4480-43a6-b07a-eded3c88826d} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" tab
    3⤵
    PID:6940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7128 -childID 32 -isForBrowser -prefsHandle 8468 -prefMapHandle 8472 -prefsLen 27919 -prefMapSize 244628 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {18e91232-c4ab-48c6-8e97-b93e9de00bc3} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" tab
    3⤵
    PID:6856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7660 -childID 33 -isForBrowser -prefsHandle 6908 -prefMapHandle 9108 -prefsLen 27919 -prefMapSize 244628 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {31ebe253-4af4-4f41-bdb4-9fdd57157a06} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" tab
    3⤵
    PID:6892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=436 -childID 34 -isForBrowser -prefsHandle 8724 -prefMapHandle 8684 -prefsLen 27919 -prefMapSize 244628 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {621c486b-de80-404c-89d7-d24e23d379c2} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" tab
    3⤵
    PID:6352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6048 -childID 35 -isForBrowser -prefsHandle 7808 -prefMapHandle 8648 -prefsLen 27919 -prefMapSize 244628 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dbf118f6-846a-44a0-8bd0-664679bab92f} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" tab
    3⤵
    PID:372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\doomed\25022

Filesize
16KB

MD5
9d45fbc85da07689df21b9c1280ef50d

SHA1
c9b5823b91068ac74752c029436ac916f8c1b010

SHA256
705937cce61f1303e00a2e01274af3d7875a5a1d30e3d75f74e20e557206278b

SHA512
cff6cd64f208eed77f87880db04d3fc55664121e13555161313b918434a76d4ac2b1b0cbfa91b67e2793b7029346a2653759839751aadd039f0550d00bf7fa52

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\0ACC82030DA3BA56FE9F5FE91DFD287CF95F7C4C

Filesize
197KB

MD5
0cba27ada1c27ad73eb4672d4edd42c4

SHA1
78370f19a568a31b6b485e4b7e236a3973006b55

SHA256
ba29be8c606d033d53759fab4d6934765842855320e37fd59878d70938f04628

SHA512
fa56561942f3f51eb6e677ad9fd756028b67e11691d863599aef612b7cde1d9d32251f103c09dc7f51c57629248f6eda93da87befd16d3837c8988951dbc0c55

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\21A7D5731DFA23DF1F2B625219D1B9B7A118D4C4

Filesize
196KB

MD5
b8d127e43afa056afca55d049b548c55

SHA1
43f5f24174c2998851c681e50ea247e72365ab1e

SHA256
ecd904b981ccbc314ca425901bb9e5ae1ef2a06c7f581c9ece3ffc5842473fb0

SHA512
3de6497401a2bb4c33c875905f27f4990056fc23cec4e646849e04b7cd0f933a8f54ce1646e1e416587c90f7ff4d3e981cf50a87b1ff1b6a2d16ceb6651b6f11

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\2B68D02AD6AD906DD0374EB16717DD7F664A5C96

Filesize
275KB

MD5
0bb132557522b09fe717f65360f79080

SHA1
2ca8adf8215c6e224b2598784051e3ab977dc874

SHA256
ebcf4029dfd30cb8e5ef80adb4da8f7257b63d2cf5128b8b2a6ba763dc812c2b

SHA512
c3361822ccb12ebf9d0c126559eb63f6dc48c0bdd3f94b14e1c99e8ba01175f5653e6f44f4299bb5f09cf9ad449833f9f1a48624174a09ee5a4fcee57f0fb35b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\4666549EC1D1FE2BD0083A17E6B552C3C4DEF45C

Filesize
10KB

MD5
6bf8a866f3e1f04a2c9c6b998dc55741

SHA1
30d5f3301ff6ac922d050e317f798d51fc4b93a5

SHA256
921782a84699f98e895b3cf3757b8e19e0a9039f01ebf2889c86f4b917ad3dbc

SHA512
25331b92037ddb9e4609f722252cc3e253cf2485b5faebc8481eb2d6de6d91749cbd317a317c55f11a7285c2f9797f911c645583cd4cdee4ebe8d5ce3ef0f5c7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\64C4DE6C206166C1C699B63BA1FAFBD0D956616D

Filesize
261KB

MD5
e2eb36ee3768c19fba6d72cada288382

SHA1
7755e310c034fcc84d90c4befd5f635a7b57e5a4

SHA256
7578b350de398de41b68e98494b9498d860280ac20e8dd0ee741f2b324879f01

SHA512
1f388adf3f7e6d5b9fe196688ae316829712a974b71666d640d0c645613ae9399334fc4e2e681a85c6a3512de88ffcc79d3c246049564af22298031da2a16fd2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\66F7A28EA723B6E0F38FDD933AE945F828FD9FF8

Filesize
1.9MB

MD5
22615000767f7bb68c4f7b1872b93227

SHA1
01d2e5f2d460ef75bd62ff072e0867db0233ecf6

SHA256
dcf90c98c5b835368576132246d1495ac3047fad5edfff590c8fdef155890958

SHA512
be27bfdbc7029e6ac716681f0c8766a8684379c2821e6fe68b15a9736fa1bf406620bea26177c79635c675af118f4857b02dce1b2b1dc9efc5f873b1c6fb0fb9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\F4AC35FEA4BD6F9B06007EDBEFF252DBD7A6F015

Filesize
217KB

MD5
77d659ff012e4c5111a2fa2442d093d7

SHA1
063e8c2cf82d8d97b33778b9846d4f3d3f82d78d

SHA256
f292d2d5c00abadf2f348e493a82ec5bd9a5534d7e8b8e64bc3e2b87126ec386

SHA512
62149d115efa353c247039cad1609140593521139c64b1d1695ec2cc584faffa3c960fdfd7053e3d668a1bb8f2b0fdbf175d4e3909c90843a793df2c6f8c0fe8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
7KB

MD5
c460716b62456449360b23cf5663f275

SHA1
06573a83d88286153066bae7062cc9300e567d92

SHA256
0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

SHA512
476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\thumbnails\457dde8ba547fd3e7a39555e99471c0b.png

Filesize
8KB

MD5
aad9a221f42afb382029daf8009fb38b

SHA1
3a51adea53af1d9de79fc25d0e103b8663d8b252

SHA256
5598690c861759679a6af9643f35bd2efd29e8cf64253418c84eb426befcc454

SHA512
b963452d1823a2b07889bd286a58b82aaf745474f7a138e027e453eefd2ae8743cd1ddf222de6d8fc0e9879bcb0cd39410197adc151dbe1d09aaa5e8eb9fb951

Download Submit
C:\Users\Admin\AppData\Local\Temp\BASSMOD.DLL

Filesize
33KB

MD5
e4ec57e8508c5c4040383ebe6d367928

SHA1
b22bcce36d9fdeae8ab7a7ecc0b01c8176648d06

SHA256
8ad9e47693e292f381da42ddc13724a3063040e51c26f4ca8e1f8e2f1ddd547f

SHA512
77d5cf66caf06e192e668fae2b2594e60a498e8e0ccef5b09b9710721a4cdb0c852d00c446fd32c5b5c85e739de2e73cb1f1f6044879fe7d237341bbb6f27822

Download Submit
C:\Users\Admin\AppData\Local\Temp\R2RFBFKG.dll

Filesize
91KB

MD5
62695f6fa2a85fc9993f57dfcbdc2749

SHA1
07a9b478df63fba4cf3002974b4cf56b404d0914

SHA256
1ab33027c4965b027298651781a1c780c272818da189e2c3a8101ac578069260

SHA512
69dd0de913629853400106811bffdebd8ec2037c93c9f9820d3f140e84576912de3ab57434086e20cf8698185015c27fa307e06047e2219dcf38a927a36f3c95

Download Submit
C:\Users\Admin\AppData\Local\Temp\bgm.it

Filesize
80KB

MD5
5e3c083251880c635f5ea6a0a6ed8e76

SHA1
e7fb44133e223140057243493159bdce01c5f080

SHA256
9d460a48d7f7f461967c9065182456871606eef1c27f21767335b7d81384e141

SHA512
b4a6a5ad71a13f51989e1fccedb542ab528f6ab9bc3d60a4c93c59e544b8eaa06ca7b9fe79c1d9a5c92b61345c18e38736561cd21426bc9e43ae3a4c59424284

Download Submit
C:\Users\Admin\AppData\Local\Temp\keygen.exe

Filesize
1.0MB

MD5
b9872d9716560f33dfc497b1f9620c16

SHA1
a947972a9dc18d765c8604de03330d4a0d7662d8

SHA256
be0b99fa2979e33afe4fe1b98e616c5f20c577eb2669f1305348769d05712a89

SHA512
bbec5ff507592a33f1aa0219e0ff048ffa05bde41dd1efd9e9d1b58c5f0fe4716165eace96a00715de2a11b1228643a6c5c9f3acef28511758c62a34a4d6db90

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\AlternateServices.bin

Filesize
43KB

MD5
400c93577a6a9e895af717582ef94dc8

SHA1
7b63a06cc27413f07a752d606efa7251dfdb1790

SHA256
edbc417c76e63f7336b8a394811b3f591929bd5170838254e8f94beb7958296d

SHA512
4b6ef8e6d633e125f980042930391c0520defa5c83d53020e57d7c2b574d7ae4c7b7f25d94ad09d07bd7d5523efbc8890c578701b7e60997ab3ff9c25f608aea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\AlternateServices.bin

Filesize
10KB

MD5
f3a684f54f296a75d227e6b367d59ac5

SHA1
b0189fbfe222cb4a7638be67f58714191143ff83

SHA256
d4bfee5a45407fcb15b675cfaeec264f087b2ef969d8e0bc88d904ba45c33a2f

SHA512
74c5900033b1c1891e2e3d675c828d0d8e8da55d6641d65427e0ad0e9bebbe49a6723a4197e8658ac26e3d7db556a8a376f3687fcd35d30e5bd6ca75a544c0e8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
e3775af517c322866e0478eb967b0645

SHA1
70a2f63ec031bd02574d522d78104f5a91da2f1b

SHA256
8fef925cdb6d4bdc31d65f1a18f858b2c7c1377f27712620fda89c4c7ec00bb6

SHA512
045b45c7a6301e517b1b078d3489997b09e9f158f73ac9c200805268b4b6447e5513972462d9f678861e9f9873fc481d5fcb26b2cdafbce2715302a7dd250f6e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
49KB

MD5
b5932619abc4d7563a1aafda8df370fe

SHA1
92bf3e78200af94e15cf02c846262ebdf97c47c0

SHA256
ed4f3fe4a6a919f4bd5b58317eaf0f9ee946994cdd27025d4169c4dd54c13449

SHA512
1179a83d9b5e3f4f963892a1773d8875b0996c77a3635518fe4817288a976c24658354aa31469696169ec91637b49dcf42a6c8c8d64335f8a225337c17d024dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
63d8b95b2b7981479a7ff5eac4b520df

SHA1
cff5cb2e9f3b2cf4ef06df0f4ec4eeb6a1348233

SHA256
b2533ce5e515b8bda4d9369bd510fb821b779f6ea13f8e2df48ebee280aac7e7

SHA512
8e71e8e18950070bd8d3abf590bb9cc147b60312254d5bbd4b3e67ceca344c573650079c5e61ac15e423efd1af8ae27ea3fd41b2206fb0565a85be3af8cb6380

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\20047319-3ca2-4e30-8a0a-73faf70e063c

Filesize
982B

MD5
a38420fe040ba83f8fe5c520e9df84cb

SHA1
62e5662f3587edce1e98238a0a8693fd2033bf09

SHA256
ed303e6e2cce9b7d7db272ea093703d77e8aad29f61384b6ecf88d7cc9bb9997

SHA512
a9f6a9829551d4551a1bea40907683ae3db1dd3ae5bd61650eb37d824f1700447a6bc6d489e99098f3d5fd2a1f67e94498f0e048ac8ab51f29d0dcc887c621b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\2944ab66-3345-4d29-9b06-7f9b0a457956

Filesize
671B

MD5
975eadaa2a84d319ad0ce438be49447c

SHA1
e6a8f2d9a0d014b223e89ef1877db3643c40ade6

SHA256
56bc2c7de3dddea207f746efbad34a03e2411c10b14cc4d98c864ca6225d8f2c

SHA512
2c646113cb32a84700e3e04ca64272df709a44b7f5f6e9f95c0161e2c1262d785ab092d3ba73b0de6bf940dfcf98f5c0b634232e00e211e06ea28a5657e6767e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\bf72e2a0-bead-4deb-861a-29acd3134248

Filesize
18KB

MD5
c9ba4bf1be7f2960f719ed9c30f675ac

SHA1
f9f9ef924f4503a983f2b9b190c4e09c58e0c750

SHA256
248b258081c91d202f31d95e4a79c94efc5e4f0dd10a6bed18da63b3b5ee418e

SHA512
e35aad3cbfa489487ed7e600e1af016e07b1e9c7716270b57cfb7119f9d0a7b50e00d83180f765ac200cfc822356b113a146a45c246e34bd2bdaeef1b936ebc2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\f6bec9df-ba09-4ab2-8b3e-60c6262f12a8

Filesize
28KB

MD5
066da38d2162cab77ff7557df23ea4da

SHA1
171b3da13c923993a6c829eac6206ad0859a15a7

SHA256
b13a0a3c53a0515ac81f04bcda46199dca98458c0ad62ebb273e78030bc9d5bb

SHA512
5d812e690ec4f41ce544ceaea3751b5cd37b736d61dd6ab3132ca90dd80d1e4e7c3a9b8007c0ec99d52a1e615138cee2cd440ba4974ad9a22b633d9db36833bb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs-1.js

Filesize
11KB

MD5
94a84cd63d7e897a02367d060de24023

SHA1
d6f62afc20a1d92bff23a48b03aa8837131d5928

SHA256
51d29ee005eb7f04d3f3ca8cd8934de3f89aaf3418b50211f1b5ff4f9833450b

SHA512
daeb01ae3294abd0140c97682b726197ed14c544d24ea765e9c311ceee70739259860f252479ef3c9fd8e20be115178616c7c4bd8fd56200c03ffa8014c235bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs-1.js

Filesize
13KB

MD5
1067ff11fefe8749ed0350f58046136e

SHA1
f388e73e737da51c57c9e3cdbeb3196e663fe968

SHA256
b8381cb31e53fd5825c5b2d636b72d5a7b732091c69d8f33d009625ba7b00117

SHA512
69811499e725d8ad8fc7e9df6bb677b8d2caa2842fc0f8a715911b638f83b5a81b59ccbd0ada7f26f08749b84b344bdefc6398391d653c5a4cee3f9b000b9992

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs-1.js

Filesize
12KB

MD5
759077855310ae832e1acecc6485c0bd

SHA1
1588ba4ed8df2a6ac0296e164dd4e5b0ebde3669

SHA256
f24529da1de43ccca4f2c96b3895d9b70c80bb6286b14062e1485aa801068e8e

SHA512
1f3b00b0b674458497d1faca8739af9950a48acb15af0f6ab17fc4c2b3048d1c5a44db2557af20864d945b5b6cc6fc1bc64e3f25feaba04b438356181790d57b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs.js

Filesize
11KB

MD5
98909fb05da31daeda39f5e848aa85ac

SHA1
77b0e9d750bbb4f6a4afe0b6b7f33f611a9537e0

SHA256
242841aee30b9bd65cb5e8620bc4deb4e12bc09b3aa6d75653a55cfee696b465

SHA512
1692faed0f51791471894dde7e9019a735a6f245b2cbc60d478d25beaf2cac5b4798e0eb741ffc3379d6945e2b83bdb6f9e26e9a73f5abffdc26156fc6953e20

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs.js

Filesize
11KB

MD5
5cdd4a523b6837502d60ad021ce84b7e

SHA1
d487e462f562d073da0c90de2c33b034294ee1f0

SHA256
4dc58dc8557ada7115db2b2b7631bde1e2316f1a04d07b709346c5c64e3b5708

SHA512
176dfa24a36df09f17a50a8d1391a32acdff6116a826f4976e5126ff660057c96ac233fa2b1c4ba1d0bd3010f576b03bf9c947bff9699ea91a5f3baafb1e98f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
95f889937892fe3c928b117415e21ad9

SHA1
0bd41d46a5c98922411be94ec1a42de5d10d1b9e

SHA256
0afa9a532e765a254d2cc2032fd20f613b6031f37e90fd3afd82a1fa7d608425

SHA512
c527c092db82e126841941f5ce44a655673ee0ddc541e73138f27e1609959127c03893d046d93808b34df79a77b3f27e2e92cdc2d67eafc7cf511c5874c99999

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
8c851aac13eeb93f4bc0231614a6cfe1

SHA1
a825b5068aa4afac31f05d993bd7886ea06e9a05

SHA256
a8304ed016fbf456907666003fec16b4ac3e6d291a3cca6014d7c2b3689c7188

SHA512
9edeb46a52426fe953beaca164143892d48d32f654f57f1b99cb20feb0c2998d5f11c287a1c76d812f7f345f71d8ed33760d44406f0cab6d86928f6185a5f5c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
3e60543132e3186697a4ac6a7107b4c6

SHA1
257d0c472a9652a31386817ac708ffc4c3f08d4c

SHA256
8447b1a6f4eecd48d3378616564948b4473ab869f22ecf764609f3e31f6a1216

SHA512
bc3391a7c79c2a99352638b469489edf9d32694a0ef10233c6aec080e31dd70de0aa300668311e0abe52f1f920adc969783025a33638ff08a734964bc151c46c

Download Submit
memory/5072-22-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/5072-28-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/5072-23-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/5072-32-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/5072-21-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/5072-20-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/5072-19-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/5072-25-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/5072-26-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/5072-18-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/5072-27-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/5072-24-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/5072-17-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/5072-29-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/5072-30-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/5072-15-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/5072-31-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/5072-36-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/5072-13-0x00000000008D0000-0x00000000008EF000-memory.dmp

Filesize
124KB

Download
memory/5072-6-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/5072-34-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/5072-33-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download