f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a

Analysis

max time kernel
300s
max time network
299s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
12/08/2024, 05:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
Size

3.1MB
MD5

cee03893acd8cf955d1e44ecbc0883bc
SHA1

ca1c79c413e2196b192aac3544b9a7818327990d
SHA256

f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a
SHA512

fecdb2c44175cd591527a5c4613c01d82d80b71d2570fb138704454cf104344ed7748f93747cd621101f2d40521982aa93ed00a8a5002fc8f8900b8f7bc4b769
SSDEEP

49152:m4HMa/zj/VS5cw2ip+RhItw9lq26rWYNSm3Q74cJOJCuDRsv+RN9vzvWLpW:x3bjdS5RAYtK4xlSm3s7OHy+9vzu9

Score

9^/10

credential_access discovery stealer

Malware Config

Signatures

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003

AutoIT Executable 29 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral2/memory/2228-128-0x0000000000B10000-0x00000000015F7000-memory.dmp	autoit_exe
behavioral2/memory/2228-142-0x0000000000B10000-0x00000000015F7000-memory.dmp	autoit_exe
behavioral2/memory/2228-184-0x0000000000B10000-0x00000000015F7000-memory.dmp	autoit_exe
behavioral2/memory/2228-236-0x0000000000B10000-0x00000000015F7000-memory.dmp	autoit_exe
behavioral2/memory/2228-238-0x0000000000B10000-0x00000000015F7000-memory.dmp	autoit_exe
behavioral2/memory/2228-243-0x0000000000B10000-0x00000000015F7000-memory.dmp	autoit_exe
behavioral2/memory/2228-244-0x0000000000B10000-0x00000000015F7000-memory.dmp	autoit_exe
behavioral2/memory/2228-245-0x0000000000B10000-0x00000000015F7000-memory.dmp	autoit_exe
behavioral2/memory/2228-246-0x0000000000B10000-0x00000000015F7000-memory.dmp	autoit_exe
behavioral2/memory/2228-247-0x0000000000B10000-0x00000000015F7000-memory.dmp	autoit_exe
behavioral2/memory/2228-248-0x0000000000B10000-0x00000000015F7000-memory.dmp	autoit_exe
behavioral2/memory/2228-249-0x0000000000B10000-0x00000000015F7000-memory.dmp	autoit_exe
behavioral2/memory/2228-255-0x0000000000B10000-0x00000000015F7000-memory.dmp	autoit_exe
behavioral2/memory/2228-256-0x0000000000B10000-0x00000000015F7000-memory.dmp	autoit_exe
behavioral2/memory/2228-257-0x0000000000B10000-0x00000000015F7000-memory.dmp	autoit_exe
behavioral2/memory/2228-262-0x0000000000B10000-0x00000000015F7000-memory.dmp	autoit_exe
behavioral2/memory/2228-263-0x0000000000B10000-0x00000000015F7000-memory.dmp	autoit_exe
behavioral2/memory/2228-264-0x0000000000B10000-0x00000000015F7000-memory.dmp	autoit_exe
behavioral2/memory/2228-267-0x0000000000B10000-0x00000000015F7000-memory.dmp	autoit_exe
behavioral2/memory/2228-268-0x0000000000B10000-0x00000000015F7000-memory.dmp	autoit_exe
behavioral2/memory/2228-269-0x0000000000B10000-0x00000000015F7000-memory.dmp	autoit_exe
behavioral2/memory/2228-270-0x0000000000B10000-0x00000000015F7000-memory.dmp	autoit_exe
behavioral2/memory/2228-322-0x0000000000B10000-0x00000000015F7000-memory.dmp	autoit_exe
behavioral2/memory/2228-323-0x0000000000B10000-0x00000000015F7000-memory.dmp	autoit_exe
behavioral2/memory/2228-334-0x0000000000B10000-0x00000000015F7000-memory.dmp	autoit_exe
behavioral2/memory/2228-335-0x0000000000B10000-0x00000000015F7000-memory.dmp	autoit_exe
behavioral2/memory/2228-336-0x0000000000B10000-0x00000000015F7000-memory.dmp	autoit_exe
behavioral2/memory/2228-341-0x0000000000B10000-0x00000000015F7000-memory.dmp	autoit_exe
behavioral2/memory/2228-349-0x0000000000B10000-0x00000000015F7000-memory.dmp	autoit_exe

Suspicious use of NtSetInformationThreadHideFromDebugger 31 IoCs

pid	Process
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	4212	firefox.exe
Token: SeDebugPrivilege	4212	firefox.exe
Token: SeDebugPrivilege	4212	firefox.exe
Token: SeDebugPrivilege	4212	firefox.exe
Token: SeDebugPrivilege	4212	firefox.exe
Token: SeDebugPrivilege	4212	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
4212	firefox.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
4212	firefox.exe
4212	firefox.exe
4212	firefox.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
4212	firefox.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
4212	firefox.exe
4212	firefox.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
4212	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 2764	2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe	73
PID 2228 wrote to memory of 2764	2228	f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe	73
PID 2764 wrote to memory of 4212	2764	firefox.exe	75
PID 2764 wrote to memory of 4212	2764	firefox.exe	75
PID 2764 wrote to memory of 4212	2764	firefox.exe	75
PID 2764 wrote to memory of 4212	2764	firefox.exe	75
PID 2764 wrote to memory of 4212	2764	firefox.exe	75
PID 2764 wrote to memory of 4212	2764	firefox.exe	75
PID 2764 wrote to memory of 4212	2764	firefox.exe	75
PID 2764 wrote to memory of 4212	2764	firefox.exe	75
PID 2764 wrote to memory of 4212	2764	firefox.exe	75
PID 2764 wrote to memory of 4212	2764	firefox.exe	75
PID 2764 wrote to memory of 4212	2764	firefox.exe	75
PID 4212 wrote to memory of 788	4212	firefox.exe	76
PID 4212 wrote to memory of 788	4212	firefox.exe	76
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 768	4212	firefox.exe	77
PID 4212 wrote to memory of 1760	4212	firefox.exe	78

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe
"C:\Users\Admin\AppData\Local\Temp\f942d5a62da02fb646574af0259c6c2f16d338370d004ab77f5d4f1b59f9cf1a.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4212
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4212.0.1674116821\1346880153" -parentBuildID 20221007134813 -prefsHandle 1692 -prefMapHandle 1460 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6423d96e-5367-4c7f-93cb-e937915ca837} 4212 "\\.\pipe\gecko-crash-server-pipe.4212" 1764 1a8b7403558 gpu
      4⤵
      PID:788
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4212.1.81307157\1769153052" -parentBuildID 20221007134813 -prefsHandle 2128 -prefMapHandle 2124 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ff68e9e-6aae-4e50-8d45-eabb2cb33865} 4212 "\\.\pipe\gecko-crash-server-pipe.4212" 2140 1a8b6206e58 socket
      4⤵
      PID:768
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4212.2.1311448041\84854577" -childID 1 -isForBrowser -prefsHandle 2948 -prefMapHandle 2992 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5cb4bb5b-6eee-4784-94fb-68d3ef72828d} 4212 "\\.\pipe\gecko-crash-server-pipe.4212" 2780 1a8ba4d6858 tab
      4⤵
      PID:1760
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4212.3.676721897\729869611" -childID 2 -isForBrowser -prefsHandle 3616 -prefMapHandle 3612 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {355d31e7-f385-4c7b-9796-d9e89df053f5} 4212 "\\.\pipe\gecko-crash-server-pipe.4212" 3628 1a8bb84a758 tab
      4⤵
      PID:812
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4212.4.1366789238\2065287963" -childID 3 -isForBrowser -prefsHandle 4800 -prefMapHandle 4792 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f99ac8e5-fc5c-4cd8-bc15-4947c38d14ed} 4212 "\\.\pipe\gecko-crash-server-pipe.4212" 4796 1a8be357258 tab
      4⤵
      PID:2232
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4212.5.1902088335\1668223069" -childID 4 -isForBrowser -prefsHandle 4944 -prefMapHandle 4948 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {437cdaa5-1879-4f3d-9ecc-0fd17daad4f9} 4212 "\\.\pipe\gecko-crash-server-pipe.4212" 4936 1a8be359358 tab
      4⤵
      PID:1220
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4212.6.1031947862\52055792" -childID 5 -isForBrowser -prefsHandle 5228 -prefMapHandle 5224 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d380a03-4add-4695-a784-59513047238d} 4212 "\\.\pipe\gecko-crash-server-pipe.4212" 5148 1a8be357b58 tab
      4⤵
      PID:3580
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4212.7.680619585\70637679" -childID 6 -isForBrowser -prefsHandle 3196 -prefMapHandle 5224 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {70256c9c-c11c-4c99-ab83-716eb0b49682} 4212 "\\.\pipe\gecko-crash-server-pipe.4212" 5168 1a8be9c6e58 tab
      4⤵
      PID:2044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\037778A55E1B7E9BED3390289866D09402D6C913

Filesize
9KB

MD5
3154f84ff81b98a88ac97663e11e7ede

SHA1
7792ab6ee6acb3f25289761f68deb733c23770c8

SHA256
3b0d474b096d0490d38fe2b7861b91ef48d588386e0b7faaf99fbe186d3d1fad

SHA512
c30e43808440989c67b3166aa4e0a6bc7cd4b3d9eedbb63b84e8c0fa9189d4a7e85a171d58026f49fdf86a4f062d85bf81dc4432120e0add010dad7f35b716ff

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
728214695ddb5fd64dfe8241f2e12a7d

SHA1
df38205fdbbffe8ba1e10ffdeb73cb75ce434bfd

SHA256
2e0fa78b48bbfa871b8410d0ada9044cce698ff3111381e9d661d6356dda4915

SHA512
60e46627d5134a50183c5f114fedc3485d60b6b7a85337c28bb97755e8482f9127f521d4b7c110a093588debf556b35bb84b558a1654356b5716bc490c15c952

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
15KB

MD5
43fa47aac7ce2527992c3f48c286cdfe

SHA1
6d206d8cf41f5249b93103e6fe34cf0d2eed2280

SHA256
3da9b72ed57e5f31e6c2f23b4adaa3da3363c0c1cc7b67c8b9495529400580bd

SHA512
fe7eee90ad60e71cb502643a29c815d48c0828d8b7f12a33980e8e83c70ae4ddb1e142f1ed7892807656e8d5a79d3767b4cb3279747b242cd7254125e9f12d37

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C

Filesize
13KB

MD5
70d4a85e18f1f1c91c56a00f2ac732c8

SHA1
fffca010fecfc73f715e5a39095cd23215ce7ee8

SHA256
a9ec0a47c7a03fc7de62d0c0c89e81bf7e65d599235ce5cfd6ced44c8d82093f

SHA512
19710519d2102f948f863378496bad52d73d9a79a4dfc1fe1dd7541f66e07840e557b3a846bc520f8a66e858c1b27f61d4b37f41b616bb9eca998465db203dc1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B

Filesize
13KB

MD5
79f19e07937b1b7dd60a6cbc56bbb36c

SHA1
b49f155bca443863cf7d7acfca856218448065ba

SHA256
1eb693f2aaff94cda88f253a3f1ef199da5936d5057c4fa8f1cba78c731fd3ed

SHA512
394a7f7706d303e1e27f931afbb457fe9c7ddeeb72732a1f30522d1d160c4a94997829f4577a4f871682bf0aecb0810dd03aaf82467738254d73007da1939dac

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\F210D48319A1879FD1C5213FA010C613B99BA085

Filesize
11KB

MD5
08d4097ba8c839243210a4080f116892

SHA1
31e2e998c86275aca00a9210b7b541f9c7e867db

SHA256
027878655480fa7510f2525df44344836bdfeb179011e7006b77bdb9e9c1ea23

SHA512
01f8ad2c8062b08a55b1b145d8fcde876cbed1d2ee130bdebe795ad80c904d9fb6b106c09cdcc0fc56e597aab54f9bf7e1f391a9239a1366040935237b496004

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
4cb8fdc16ead858c026bbf7233c56236

SHA1
6cf231b0fb1cb910678aec2152d9fa735b8fd137

SHA256
ea82c8caaa788f7f0561202f81573086f5f8e6f0b56f7b637cddcb2f731f2895

SHA512
0630d4b32b979ba1a72e9449688813e6af94566672e3245ee99a3ef6e8992645c90d16c153f6cc17cd41baeaa0e050afa0716ac7ab0f815a0706f6003f394fab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\bookmarkbackups\bookmarks-2024-08-12_11_JYHA1IDH37kjW2ud4k03lA==.jsonlz4

Filesize
948B

MD5
7c618c5385632ed123b3929e89a9104a

SHA1
877eef304b5bca587c7f990c0b187b1fbe666e04

SHA256
0c052f029079668e4dc8f63800c6b2fd173fd97de4739e5a66d017df726f519c

SHA512
78e0c287f8367a1fb67e816d2ca7a675cf880d1a245ebc1f4633c52a54bd7fb8ba4564d7c07ceddd9f56c9efbaadb2da1ccc928f679645b3d91dcdac7c87d64e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
e3ac0e3cb1bc26a6b171c87423f74b2b

SHA1
19e11acaafa358e7cccbc0508d5cc48d554366ed

SHA256
bfa1969e3c3934e1c0e48e4acf3a358090418be76780671f414c3ac3589dec33

SHA512
ec2e647a4b17366fc5a9609950faa3347be8cee9cd1745ea19974618cab78e86a8cfd99272b01ced7f09f0410ea73832322e8810af22482288b3326a1b81c3ae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\f190d8eb-fb5b-4c85-88e3-22149be6562f

Filesize
746B

MD5
72f1ac9e7abdd77d972915245f56e711

SHA1
c94ea03aa5ba812db4d5621338954b6c0550e8cb

SHA256
0236a7170724c82da8fbf26dbab13b777a5ffb376787fd23e1b2e0047a594062

SHA512
f5bb887a1562c6aad3d5ca7d991da73597da37244ce8d4b93840631226e68318cc28490e90ef8bc4524995c1fff6ab884cb9dfbb885c8959cfa3c6226e1bf13f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\fcb39463-1320-4dfe-a5f5-66abde96155f

Filesize
10KB

MD5
15b08b5bd02a55fdaf3d77431606f204

SHA1
586cbda8257b0e967f1b3c56b0952ac59ea284c7

SHA256
c0f37ef0b0547b69639f64318c7478b5293ee4e9ba8ffc4761523e8e76f38caf

SHA512
816752c80add424f8e470d88e184949926114b06f2a09a1cdabdcaafbc2d054bcb46dea7821f8acb670c5ef8155f28d33ca37b87f77c104dc0bbbfa6f8697e1e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
7KB

MD5
7079aa36486caaeb8b712b8273f01f6b

SHA1
f71a902ee978ef689e83baa9ee26c7d997ea93be

SHA256
3978e5b9fe40ee5b781f8ae20206df1794d0db576405f1bd342fe95aae6a5fe9

SHA512
99f99cf99a53af2114c6d38d8696ca8afe896d046ad80139360cd605769fe1e55472604969dfb193c04a1a877416a045d11db5fb5bbf0e318ee1f8594ee48124

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
f87be12b64afb06a188b5e72f64a8f1b

SHA1
f6c515f8a7ebf40cfa0158cbc6f7a2266123a478

SHA256
5c99d25387bc6a6309716c53a0a137b48aa4a9a6e63675ec86dac14020348f2e

SHA512
7466ad9939acfb97bcbde53c12ac6f76229d4bea4c2e7ff1e065a1e80e7cb3f88d5493d337cb389c06a2364c648ef17abf62631ef4a5d00c2d037a25ee9045e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

Filesize
6KB

MD5
b1259ce29eec5de938c410a74cf36067

SHA1
1ad47a7ec0e11b87d48725c95d9bf131fd8b66a0

SHA256
c1885f8994918c1f4708332f682b3dec5a71833c863114a71e32378d131a895a

SHA512
ab38db0ee3499b3dc40d9da4247cb97fb983f8c27449737bf65278b2716577d63719fc6d73b69410c7a06f044af87e4bf263690d60fc8ed54b8d181b2392251c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

Filesize
6KB

MD5
1850eca07897bd1b45b5aa216c2cc8a1

SHA1
08352c22d4a8f590941706383952b4350bfe57be

SHA256
bc87f1c7cee026101ae69e4fb0a2b74ea35de869ff1f7a81abfa6e330c8ee7ac

SHA512
2ba3c3a8f6edfb4fc8f6e6890482fd66a91f1be51d9d2b63b54d66ea7a1ca9d17098db4bafebd38eced1bc25a9005a944927fb5ebb9ed2e18d652ba5a22b95e7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
654e98966518e26a35c7c54dcf48063c

SHA1
d2a957c9cc4b8732fa9bae5bc667c319ac1aacb2

SHA256
2a37cdab77bb8ba0af3ee80d0df9f0b68f155c7866564f3f70edffb479f2eb72

SHA512
c304e73a3ad56131c70283f8bb529860d3b4910282689fa46b9dce8a4d1d0e286eb149b1bceb1bef58b03e4fe7f070551f177cb22f8cdc1e77eecf40d9543869

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
abc4e78294826672c8772f1251eee87c

SHA1
c34c7e199b543083ca67afcc67cbb4f56e9b8776

SHA256
de8e48ec8e06985accc4afeb4b9266df30ab0e282205268fee7049328f91dc79

SHA512
96edadb1a6a22dc04624d14cf7008005ff2af2cb8b43bb212f249f6e08996a34428312c6d2575fc18d3bbfdbd9676da26378981613e643ff2cc232982a5aa318

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
1fdc13de64cfdb8ba3fcd71aad9d33d3

SHA1
b7649cfd66d751435fa56a4b4b20daace452c692

SHA256
fa890605b23aecfebe4300d159f10096cfaba982a942c8ce829617b3de36a783

SHA512
3c9dc261a1f0a96d4433d60de03423d58f0bd63dbf5db48962372658103f16991f6da06c1670deea1e51efd2a15aae699d1d287ee377e0a457299a7dd9f691a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\targeting.snapshot.json

Filesize
3KB

MD5
45745dd1014917d2f40c9924039a5609

SHA1
c0f7ddfbcf6157509ded2afbae2c93989b365be3

SHA256
e7401c1912a150e58f17ffd545eab9417be9374513279de07612743040100738

SHA512
8913858ab93e5a2b63714fecd4c194c26353b40772f4b1eebe13b930a94c153c6378a68e8d8b3f2c43dd567041e1c7e24dcefa3b5f91463b30c24199dc444a0f

Download Submit
memory/2228-243-0x0000000000B10000-0x00000000015F7000-memory.dmp

Filesize
10.9MB

Download
memory/2228-128-0x0000000000B10000-0x00000000015F7000-memory.dmp

Filesize
10.9MB

Download
memory/2228-248-0x0000000000B10000-0x00000000015F7000-memory.dmp

Filesize
10.9MB

Download
memory/2228-249-0x0000000000B10000-0x00000000015F7000-memory.dmp

Filesize
10.9MB

Download
memory/2228-255-0x0000000000B10000-0x00000000015F7000-memory.dmp

Filesize
10.9MB

Download
memory/2228-256-0x0000000000B10000-0x00000000015F7000-memory.dmp

Filesize
10.9MB

Download
memory/2228-257-0x0000000000B10000-0x00000000015F7000-memory.dmp

Filesize
10.9MB

Download
memory/2228-262-0x0000000000B10000-0x00000000015F7000-memory.dmp

Filesize
10.9MB

Download
memory/2228-263-0x0000000000B10000-0x00000000015F7000-memory.dmp

Filesize
10.9MB

Download
memory/2228-264-0x0000000000B10000-0x00000000015F7000-memory.dmp

Filesize
10.9MB

Download
memory/2228-267-0x0000000000B10000-0x00000000015F7000-memory.dmp

Filesize
10.9MB

Download
memory/2228-268-0x0000000000B10000-0x00000000015F7000-memory.dmp

Filesize
10.9MB

Download
memory/2228-269-0x0000000000B10000-0x00000000015F7000-memory.dmp

Filesize
10.9MB

Download
memory/2228-270-0x0000000000B10000-0x00000000015F7000-memory.dmp

Filesize
10.9MB

Download
memory/2228-246-0x0000000000B10000-0x00000000015F7000-memory.dmp

Filesize
10.9MB

Download
memory/2228-142-0x0000000000B10000-0x00000000015F7000-memory.dmp

Filesize
10.9MB

Download
memory/2228-131-0x00000000FEAE0000-0x00000000FEEB1000-memory.dmp

Filesize
3.8MB

Download
memory/2228-247-0x0000000000B10000-0x00000000015F7000-memory.dmp

Filesize
10.9MB

Download
memory/2228-245-0x0000000000B10000-0x00000000015F7000-memory.dmp

Filesize
10.9MB

Download
memory/2228-244-0x0000000000B10000-0x00000000015F7000-memory.dmp

Filesize
10.9MB

Download
memory/2228-238-0x0000000000B10000-0x00000000015F7000-memory.dmp

Filesize
10.9MB

Download
memory/2228-236-0x0000000000B10000-0x00000000015F7000-memory.dmp

Filesize
10.9MB

Download
memory/2228-0-0x0000000000B10000-0x00000000015F7000-memory.dmp

Filesize
10.9MB

Download
memory/2228-184-0x0000000000B10000-0x00000000015F7000-memory.dmp

Filesize
10.9MB

Download
memory/2228-322-0x0000000000B10000-0x00000000015F7000-memory.dmp

Filesize
10.9MB

Download
memory/2228-323-0x0000000000B10000-0x00000000015F7000-memory.dmp

Filesize
10.9MB

Download
memory/2228-2-0x00000000773B2000-0x00000000773B3000-memory.dmp

Filesize
4KB

Download
memory/2228-334-0x0000000000B10000-0x00000000015F7000-memory.dmp

Filesize
10.9MB

Download
memory/2228-335-0x0000000000B10000-0x00000000015F7000-memory.dmp

Filesize
10.9MB

Download
memory/2228-336-0x0000000000B10000-0x00000000015F7000-memory.dmp

Filesize
10.9MB

Download
memory/2228-341-0x0000000000B10000-0x00000000015F7000-memory.dmp

Filesize
10.9MB

Download
memory/2228-1-0x00000000FEAE0000-0x00000000FEEB1000-memory.dmp

Filesize
3.8MB

Download
memory/2228-349-0x0000000000B10000-0x00000000015F7000-memory.dmp

Filesize
10.9MB

Download