f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a

Analysis

max time kernel
299s
max time network
285s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12-08-2024 05:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
Size

3.1MB
MD5

cee03893acd8cf955d1e44ecbc0883bc
SHA1

ca1c79c413e2196b192aac3544b9a7818327990d
SHA256

f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a
SHA512

fecdb2c44175cd591527a5c4613c01d82d80b71d2570fb138704454cf104344ed7748f93747cd621101f2d40521982aa93ed00a8a5002fc8f8900b8f7bc4b769
SSDEEP

49152:m4HMa/zj/VS5cw2ip+RhItw9lq26rWYNSm3Q74cJOJCuDRsv+RN9vzvWLpW:x3bjdS5RAYtK4xlSm3s7OHy+9vzu9

Score

9^/10

credential_access discovery stealer

Malware Config

Signatures

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003

AutoIT Executable 33 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/memory/2756-1-0x00000000012C0000-0x0000000001DA7000-memory.dmp	autoit_exe
behavioral1/memory/2756-2-0x00000000012C0000-0x0000000001DA7000-memory.dmp	autoit_exe
behavioral1/memory/2756-155-0x00000000012C0000-0x0000000001DA7000-memory.dmp	autoit_exe
behavioral1/memory/2756-156-0x00000000012C0000-0x0000000001DA7000-memory.dmp	autoit_exe
behavioral1/memory/2756-157-0x00000000012C0000-0x0000000001DA7000-memory.dmp	autoit_exe
behavioral1/memory/2756-167-0x00000000012C0000-0x0000000001DA7000-memory.dmp	autoit_exe
behavioral1/memory/2756-203-0x00000000012C0000-0x0000000001DA7000-memory.dmp	autoit_exe
behavioral1/memory/2756-248-0x00000000012C0000-0x0000000001DA7000-memory.dmp	autoit_exe
behavioral1/memory/2756-250-0x00000000012C0000-0x0000000001DA7000-memory.dmp	autoit_exe
behavioral1/memory/2756-251-0x00000000012C0000-0x0000000001DA7000-memory.dmp	autoit_exe
behavioral1/memory/2756-263-0x00000000012C0000-0x0000000001DA7000-memory.dmp	autoit_exe
behavioral1/memory/2756-264-0x00000000012C0000-0x0000000001DA7000-memory.dmp	autoit_exe
behavioral1/memory/2756-265-0x00000000012C0000-0x0000000001DA7000-memory.dmp	autoit_exe
behavioral1/memory/2756-266-0x00000000012C0000-0x0000000001DA7000-memory.dmp	autoit_exe
behavioral1/memory/2756-267-0x00000000012C0000-0x0000000001DA7000-memory.dmp	autoit_exe
behavioral1/memory/2756-268-0x00000000012C0000-0x0000000001DA7000-memory.dmp	autoit_exe
behavioral1/memory/2756-274-0x00000000012C0000-0x0000000001DA7000-memory.dmp	autoit_exe
behavioral1/memory/2756-275-0x00000000012C0000-0x0000000001DA7000-memory.dmp	autoit_exe
behavioral1/memory/2756-276-0x00000000012C0000-0x0000000001DA7000-memory.dmp	autoit_exe
behavioral1/memory/2756-281-0x00000000012C0000-0x0000000001DA7000-memory.dmp	autoit_exe
behavioral1/memory/2756-282-0x00000000012C0000-0x0000000001DA7000-memory.dmp	autoit_exe
behavioral1/memory/2756-283-0x00000000012C0000-0x0000000001DA7000-memory.dmp	autoit_exe
behavioral1/memory/2756-285-0x00000000012C0000-0x0000000001DA7000-memory.dmp	autoit_exe
behavioral1/memory/2756-286-0x00000000012C0000-0x0000000001DA7000-memory.dmp	autoit_exe
behavioral1/memory/2756-287-0x00000000012C0000-0x0000000001DA7000-memory.dmp	autoit_exe
behavioral1/memory/2756-288-0x00000000012C0000-0x0000000001DA7000-memory.dmp	autoit_exe
behavioral1/memory/2756-356-0x00000000012C0000-0x0000000001DA7000-memory.dmp	autoit_exe
behavioral1/memory/2756-360-0x00000000012C0000-0x0000000001DA7000-memory.dmp	autoit_exe
behavioral1/memory/2756-369-0x00000000012C0000-0x0000000001DA7000-memory.dmp	autoit_exe
behavioral1/memory/2756-370-0x00000000012C0000-0x0000000001DA7000-memory.dmp	autoit_exe
behavioral1/memory/2756-371-0x00000000012C0000-0x0000000001DA7000-memory.dmp	autoit_exe
behavioral1/memory/2756-376-0x00000000012C0000-0x0000000001DA7000-memory.dmp	autoit_exe
behavioral1/memory/2756-384-0x00000000012C0000-0x0000000001DA7000-memory.dmp	autoit_exe

Suspicious use of NtSetInformationThreadHideFromDebugger 31 IoCs

pid	Process
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2664	firefox.exe
Token: SeDebugPrivilege	2664	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2664	firefox.exe
2664	firefox.exe
2664	firefox.exe
2664	firefox.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2664	firefox.exe
2664	firefox.exe
2664	firefox.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 2680	2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe	30
PID 2756 wrote to memory of 2680	2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe	30
PID 2756 wrote to memory of 2680	2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe	30
PID 2756 wrote to memory of 2680	2756	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe	30
PID 2680 wrote to memory of 2664	2680	firefox.exe	31
PID 2680 wrote to memory of 2664	2680	firefox.exe	31
PID 2680 wrote to memory of 2664	2680	firefox.exe	31
PID 2680 wrote to memory of 2664	2680	firefox.exe	31
PID 2680 wrote to memory of 2664	2680	firefox.exe	31
PID 2680 wrote to memory of 2664	2680	firefox.exe	31
PID 2680 wrote to memory of 2664	2680	firefox.exe	31
PID 2680 wrote to memory of 2664	2680	firefox.exe	31
PID 2680 wrote to memory of 2664	2680	firefox.exe	31
PID 2680 wrote to memory of 2664	2680	firefox.exe	31
PID 2680 wrote to memory of 2664	2680	firefox.exe	31
PID 2680 wrote to memory of 2664	2680	firefox.exe	31
PID 2664 wrote to memory of 2612	2664	firefox.exe	32
PID 2664 wrote to memory of 2612	2664	firefox.exe	32
PID 2664 wrote to memory of 2612	2664	firefox.exe	32
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 1944	2664	firefox.exe	33
PID 2664 wrote to memory of 2608	2664	firefox.exe	34

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
"C:\Users\Admin\AppData\Local\Temp\f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2680
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2664
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2664.0.14064728\314084153" -parentBuildID 20221007134813 -prefsHandle 1228 -prefMapHandle 1220 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1dea6432-ff61-4a98-9526-d4dde66d657e} 2664 "\\.\pipe\gecko-crash-server-pipe.2664" 1292 110d5e58 gpu
      4⤵
      PID:2612
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2664.1.247556113\158776981" -parentBuildID 20221007134813 -prefsHandle 1496 -prefMapHandle 1492 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e89c52a3-0a22-483f-a442-12bb9d81066b} 2664 "\\.\pipe\gecko-crash-server-pipe.2664" 1508 e72d58 socket
      4⤵
      PID:1944
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2664.2.1860962235\1718110321" -childID 1 -isForBrowser -prefsHandle 2096 -prefMapHandle 2092 -prefsLen 21811 -prefMapSize 233444 -jsInitHandle 904 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ffc5102-6da5-4d8b-96f3-0f4980e9b9df} 2664 "\\.\pipe\gecko-crash-server-pipe.2664" 2108 1b0c3e58 tab
      4⤵
      PID:2608
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2664.3.2057861927\1279646501" -childID 2 -isForBrowser -prefsHandle 2888 -prefMapHandle 2884 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 904 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {089e3504-a2ec-4078-bf33-23fe53bfa786} 2664 "\\.\pipe\gecko-crash-server-pipe.2664" 2900 e69558 tab
      4⤵
      PID:2156
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2664.4.1402264191\1550149681" -childID 3 -isForBrowser -prefsHandle 3780 -prefMapHandle 3788 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 904 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a739269f-a4c0-49b2-a4cb-4e1ec3612c6c} 2664 "\\.\pipe\gecko-crash-server-pipe.2664" 3868 20a03b58 tab
      4⤵
      PID:2484
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2664.5.2116279818\1802139045" -childID 4 -isForBrowser -prefsHandle 3976 -prefMapHandle 3980 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 904 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2d7e951-a410-4ecb-b49f-24d596725988} 2664 "\\.\pipe\gecko-crash-server-pipe.2664" 3964 20a04158 tab
      4⤵
      PID:1128
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2664.6.1269027954\503665562" -childID 5 -isForBrowser -prefsHandle 4144 -prefMapHandle 4148 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 904 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {76a356b9-78d4-4910-b387-7bfd5a62f0e1} 2664 "\\.\pipe\gecko-crash-server-pipe.2664" 4132 20a05958 tab
      4⤵
      PID:904
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2664.7.2111339204\770671041" -childID 6 -isForBrowser -prefsHandle 4196 -prefMapHandle 4192 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 904 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd0cc8ab-5a8d-4760-8d60-184a5d5bbb64} 2664 "\\.\pipe\gecko-crash-server-pipe.2664" 4180 212d9f58 tab
      4⤵
      PID:2444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nyws1jjf.default-release\activity-stream.discovery_stream.json.tmp

Filesize
49KB

MD5
64e42c21b198d5ffbdbc9620b83ae371

SHA1
43d87db509f0adda13d913c9994e09f59834bd9e

SHA256
08b9a09fdd8273599b7699bc4b434efc5e2cee043294f69a13348daea3bdf1cb

SHA512
02d20748f340ae7387e29c683368cd5e3f0527067a8b4735013a2c2d68aaa2213359585b64a8be55f03420b2f65f95b4170c225e855976e8935f933e8cb00ef6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nyws1jjf.default-release\cache2\entries\037778A55E1B7E9BED3390289866D09402D6C913

Filesize
9KB

MD5
bf8a45aed0b6c2f509d5bfd4018b59f4

SHA1
e42bdfe855fbb78e3acd7a97e44b670945c43e89

SHA256
32c56a70fc5d1b05c276bc2af624653cd2548ada396e87791618d87bb83dd127

SHA512
9b50e956ce931819c74746e9c3a85c4b33aff6b07a027633c5c99a3bde7ed2b8edc6f81ab08f6185e477575779b9578379e0a2db7163830f056b01d1dad63929

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nyws1jjf.default-release\cache2\entries\099EB2BF8827A4F91EAB3E38B14650D0205226F2

Filesize
15KB

MD5
732f6871a8195e65daa196bacfca5b52

SHA1
5d36b9a818e32d35f7bdccab07d9274fd1733885

SHA256
8ef3a3c5a82a071ae505d81f3f3aeb0d09bc198c53ff9b47b6f3b1560d68f22a

SHA512
636aa66f601a77e610b44d97c0603011b14fa82679880bcd88120eb5d6d803298dda6c64f912f6477767407cc4653f5f1da9b7232cb835e85e883ff3eac08306

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nyws1jjf.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
ada8c373bde75c60439375741baad4e1

SHA1
8d869fc7ff3d54a4acbc4c9640eac7b4fb13287f

SHA256
b909832287903b0c2afae1d36c722d888cfa346629068a99a206a91dd9230149

SHA512
2e64590af26df39e224ccb5b8ccc7d898b003564b8842dfd7b657ec7dcb566a3667aa5628e53efa4e7bf60ecf29a3f24c7bc2203954bc4dbd258c255a74c4104

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nyws1jjf.default-release\cache2\entries\5536EAE4B55397E8E6461B986C8A4E4126581DA4

Filesize
35KB

MD5
864d140c92a6dcfa673bcb5630ae970e

SHA1
e2de2e5046a5f312c5d740103d734996403fdc87

SHA256
00fa72d4c7eda9260c8c8fbc145bb848e59f1a26851ea9436737dce7895ac8dd

SHA512
0d197cd6bc4f481e01f1b76fb25b176af24101c7c64164b3b19009ef1540752aff3823e4ae0037bb6e4a650e93db896be9469b3c55bf00eae89130682b850252

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nyws1jjf.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

Filesize
13KB

MD5
9f1039411f20e1233e5a6ec729c7f7d1

SHA1
28b68414a8f05b01eda511332f7e6314ee548d0a

SHA256
937207a2fa7c05c416854397bc41d6172014f644038e8c1f60186bc9fa644f88

SHA512
75d2f34b86442c39e99c2ce570688f32751bfb72e00428fb4a97045e40f4e6aebde3cdd39e95eea8d1f7b60e1cbe2a50c5dfeeb1252a9b7c98b7828d0536eab5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nyws1jjf.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
15KB

MD5
39d292477d63436edc1b6d4eb6d55244

SHA1
511b3a359ba916f6f45d1b2741dd02a45d1f5eeb

SHA256
cc1af9ea00a3261109806ad8d6134af9a928d2b3a19ba64de768d0643cfeff23

SHA512
279a9e7a224b98fa5b06cf4ed6a6dddb10301657de5c3c25d0eeb18c29fdde42f8d96f95dc6fd808d05dcb2800ecd640deab6e89ef6c9733f080c470653e0f8b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nyws1jjf.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B

Filesize
13KB

MD5
7fce88ef366b5ce6efc0da6ee1bb98c3

SHA1
35e3257421cf89fca272cb0965756001315ec386

SHA256
e53390c9ff04e1e0c35cfb5f9fb7c835db5b174d629402860c0c06779e84ea72

SHA512
a76ea92a1de8234cd187afaa061e402b5d29fefe3d52e46ba33090e849d5233569afbf883a2f08e48d028af95472c518e15bf59ad1c11098d4511304092da7fa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nyws1jjf.default-release\cache2\entries\F210D48319A1879FD1C5213FA010C613B99BA085

Filesize
11KB

MD5
6d1e7ca329fc72398f0ff4ff7189ee6b

SHA1
deaff9a77dc10a1e79ffb5a67d664c79e2bad798

SHA256
2761b778f92d7dc9512110ca51c3766a4fefcf9e72bddc480d63995ebb4ed76d

SHA512
5b27e4b1a79ae167d7bc9b97df3e67a33b296188cdf7a8be160256a80d395ebeb312b4e59507663082e8145a10e06f95c895f33d0b21c6768aa8d7cc7edfc7ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
e6086df3eea44cada82f092dbf5fb1cc

SHA1
2d74af4da86e15b35739171dba7564eae12f2070

SHA256
10842e4cd5bf55f0a0e088c87af5251a174ec78f54cb4779820401e0163a1c18

SHA512
d39044be75275a949e93bcf7d9fb35c4df2bcbd87edb6e06914b6db29e0b8cd11a8926d64d447b8d820da2f4dd29ef7179c81058325fbb0638c0339baf49442b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\bookmarkbackups\bookmarks-2024-08-12_11_k-PozTETHt6fhzgbtjurZw==.jsonlz4

Filesize
945B

MD5
3d51709d111f1dc0e9ff50769d909199

SHA1
b63660e874277d13f65082aadac3e5129c27b671

SHA256
2296864a5031604077ad9080a817a493875eeb6ca70c6555c99eacaf404c5ed7

SHA512
fc4f8bb48e7f4c08226a7f2f2f6b6825d489ce1d2b90fddaa20f77a7d568136f223a7e01f06feef868a836ec77c3cf59a1102c140b5f7b64eea9afbbe0a9011d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
ee7ca7ec2ddef7ec08e5ce07bde45d11

SHA1
2494ec22911fb44c3ac178d177f2ecfa61483450

SHA256
75bc8b8f37ffadb84b29ee7de149c8af11e4dab8db791bbd226d00df692f66ed

SHA512
6710f9781aa06a356cf272d2b096fd05eeafda55838955194d8ae1e65c2a04feac870cdfae23aed1c42e965a3e747e8ae40af1a607e6c5c29ffe2e7299e60ee4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
397eec0d45b4f44e27b0b0c4badc6983

SHA1
5ab8894d3962c3118f4b4758fca1bb35409a3615

SHA256
739b7be517f9ce53fbc11f82636a41b1491d6723e6cda90257cd4ae9cd60dcde

SHA512
762e6ccfcaea0ddbd5fb48d3dab22c0f6183a75784e570d4e5fdb403825d55371a934a7a89600b0e8976e0e59b46609000797a2779f3d20fd29d2d52dc9c9266

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\datareporting\glean\pending_pings\e3b766f4-46f2-4350-a3e4-3495d9dab3c3

Filesize
11KB

MD5
f3e9d5c713cae3cbe7c2cec1efdc0410

SHA1
132d20ab37a99b0f1bb4c59f772e22b88019c355

SHA256
ce01fa819876f8bef94249eca13051e6ea0ccd4152ef095e10755d1c202ac17e

SHA512
53a968efa27e7d81c88711c0f70f8ae119112dc9a94fe0095a38e4f2721ed7389860b39860fdc98484002cf3cf75d804e75b986429c6caa5d3e9d99a1091ad8f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\datareporting\glean\pending_pings\e9fed8db-6660-449e-9c83-c1a53113a989

Filesize
745B

MD5
29e86f422cde5a33db162665de18dc62

SHA1
8b81f69f0030a72a3c9b99c76539a7c1efdfff8e

SHA256
83c78c1ebe5587aee71baef3ad05466aadc937e0d5d34aae6206db89ac1b85ed

SHA512
b593afaad564962b4ac51d51c2257b7c22f39b57852b612d78b959a95cdc7df98a2b256a55e0976d444cb6ddb7c5d5f206931daba4f28a4f20eed6495b564e93

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\prefs-1.js

Filesize
7KB

MD5
17320f414e3c9669308a586ac83f2ac8

SHA1
c6786ddd997c21970c52abd742b427df206bcc7c

SHA256
900f7dd010be71693af8138fe5bbeb9ef1ba1b1d627b25654aec13de293e21dc

SHA512
97cdd60efcd0c8388d611d2664546e1a34e3f899362068b7a3672cc64d5f60ef4f889b25d82da331672e542db3d4ca1fef6f8fd820c1daf1d6fa5da9d8262ef9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\prefs-1.js

Filesize
6KB

MD5
98a460e807d305ab112c1af74b79b90e

SHA1
a712f44a04e12a20763099a2cc4f4bcda6ff05ee

SHA256
2fd630d4e814121904b4c7d921b897b0c4fea7d75566cbba10939a09ffba7580

SHA512
4790cf78febb8cbe74986509d81a745db6a6c89c8f545f8dfb4fdd09d5d559b3926b39f2d982495650b3830d17edc80ebafe06fd0a09f6a41b9715383cb0b36b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\prefs-1.js

Filesize
7KB

MD5
6ee120e6a41ea99bbcca9277ac734bb6

SHA1
446f4b5ec4d7f76e0c7b33b5cc9d7758f6191a1b

SHA256
8783b51d093e7ff72f47d7e33eeadef1e8038da88cb4d18c44729beb195eb1a0

SHA512
239e06d271a3c3b926357236724c33b2f7fabf72fd511c2376ba434ca499ec2365eb2172f48269548d504bca20bb083ab86bccec21a10d46b466441352f16878

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\prefs-1.js

Filesize
6KB

MD5
1e6fc8a7bcd2128d8c4d01c3ac5d22bd

SHA1
d739b7e8ea7706057004fb6da8df887c679b9443

SHA256
072ee5a79f75d7bc31748da8c1cbe27e1e967f8ec9dbbfbeedb940082e07208f

SHA512
56024efc226fb93f5f92f42efe0995ce016f4389b99ae7343a0283601e85f91dfba9664a5df2073d73eac3f3b030692f1abed680bd4d15492c64f04310529d1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
47cd7f697db6685a2683e99cbd8dc9d7

SHA1
a6f7a8bb911c23e92192ad977eeefaa49cf08231

SHA256
88b2b93a5fe06891b57aefcfa22e430312757c0d046dcea6b27775cb87d3587a

SHA512
a4f9f7c87619814c3b773cadec9f22d94af44637a0b53a2bf25675a534ab3bc6a0f69a6c4ceacc5923fd4006b6606aef930c2434afba8a1cae0f1be87e8c351c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
200KB

MD5
abfb58fb0f454f1006b7bb3de3d69135

SHA1
a877b9bd8a459595e55f270629545ddb9903e5fb

SHA256
ad299733205ab8ce78c2db632c17c314008159a326843e2854998b7d53674fd9

SHA512
6ff80dca90f7565aaa8334db7838e23c7d35184d609ddf08d3221d0a09ed0d7c81919a779e679918488cccc5bb36817c78fec4b8ce145aa59384c3a826495ca3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\targeting.snapshot.json

Filesize
4KB

MD5
367647632b2d99e983b835ddb2f997a0

SHA1
86eb9ddf02c54235dc691e6ea78cab2dd110eb04

SHA256
907c4a28efbada0395a0bc9b8a5255fa7eda811ac64d7cccf26522facc7432e6

SHA512
8c86cd4c8bd099850142f15fc86b2236e708913b08e32f0c37442521d3c3cf78db9cece4d7e456f208fde755ce0a38e141c0d67f662fd46b1fa6a07a35146962

Download Submit
memory/2756-264-0x00000000012C0000-0x0000000001DA7000-memory.dmp

Filesize
10.9MB

Download
memory/2756-157-0x00000000012C0000-0x0000000001DA7000-memory.dmp

Filesize
10.9MB

Download
memory/2756-268-0x00000000012C0000-0x0000000001DA7000-memory.dmp

Filesize
10.9MB

Download
memory/2756-274-0x00000000012C0000-0x0000000001DA7000-memory.dmp

Filesize
10.9MB

Download
memory/2756-275-0x00000000012C0000-0x0000000001DA7000-memory.dmp

Filesize
10.9MB

Download
memory/2756-276-0x00000000012C0000-0x0000000001DA7000-memory.dmp

Filesize
10.9MB

Download
memory/2756-281-0x00000000012C0000-0x0000000001DA7000-memory.dmp

Filesize
10.9MB

Download
memory/2756-282-0x00000000012C0000-0x0000000001DA7000-memory.dmp

Filesize
10.9MB

Download
memory/2756-283-0x00000000012C0000-0x0000000001DA7000-memory.dmp

Filesize
10.9MB

Download
memory/2756-285-0x00000000012C0000-0x0000000001DA7000-memory.dmp

Filesize
10.9MB

Download
memory/2756-286-0x00000000012C0000-0x0000000001DA7000-memory.dmp

Filesize
10.9MB

Download
memory/2756-287-0x00000000012C0000-0x0000000001DA7000-memory.dmp

Filesize
10.9MB

Download
memory/2756-288-0x00000000012C0000-0x0000000001DA7000-memory.dmp

Filesize
10.9MB

Download
memory/2756-266-0x00000000012C0000-0x0000000001DA7000-memory.dmp

Filesize
10.9MB

Download
memory/2756-0-0x00000000012C0000-0x0000000001DA7000-memory.dmp

Filesize
10.9MB

Download
memory/2756-265-0x00000000012C0000-0x0000000001DA7000-memory.dmp

Filesize
10.9MB

Download
memory/2756-167-0x00000000012C0000-0x0000000001DA7000-memory.dmp

Filesize
10.9MB

Download
memory/2756-267-0x00000000012C0000-0x0000000001DA7000-memory.dmp

Filesize
10.9MB

Download
memory/2756-156-0x00000000012C0000-0x0000000001DA7000-memory.dmp

Filesize
10.9MB

Download
memory/2756-155-0x00000000012C0000-0x0000000001DA7000-memory.dmp

Filesize
10.9MB

Download
memory/2756-203-0x00000000012C0000-0x0000000001DA7000-memory.dmp

Filesize
10.9MB

Download
memory/2756-263-0x00000000012C0000-0x0000000001DA7000-memory.dmp

Filesize
10.9MB

Download
memory/2756-251-0x00000000012C0000-0x0000000001DA7000-memory.dmp

Filesize
10.9MB

Download
memory/2756-250-0x00000000012C0000-0x0000000001DA7000-memory.dmp

Filesize
10.9MB

Download
memory/2756-248-0x00000000012C0000-0x0000000001DA7000-memory.dmp

Filesize
10.9MB

Download
memory/2756-356-0x00000000012C0000-0x0000000001DA7000-memory.dmp

Filesize
10.9MB

Download
memory/2756-360-0x00000000012C0000-0x0000000001DA7000-memory.dmp

Filesize
10.9MB

Download
memory/2756-2-0x00000000012C0000-0x0000000001DA7000-memory.dmp

Filesize
10.9MB

Download
memory/2756-369-0x00000000012C0000-0x0000000001DA7000-memory.dmp

Filesize
10.9MB

Download
memory/2756-370-0x00000000012C0000-0x0000000001DA7000-memory.dmp

Filesize
10.9MB

Download
memory/2756-371-0x00000000012C0000-0x0000000001DA7000-memory.dmp

Filesize
10.9MB

Download
memory/2756-376-0x00000000012C0000-0x0000000001DA7000-memory.dmp

Filesize
10.9MB

Download
memory/2756-1-0x00000000012C0000-0x0000000001DA7000-memory.dmp

Filesize
10.9MB

Download
memory/2756-384-0x00000000012C0000-0x0000000001DA7000-memory.dmp

Filesize
10.9MB

Download