hxxps://drive[.]google[.]com/file/d/1qpN1PaXL0MxQEMnfRUxVthpAZKu-sO64/view?usp=sharing

Analysis

max time kernel
73s
max time network
69s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
14/08/2024, 16:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1qpN1PaXL0MxQEMnfRUxVthpAZKu-sO64/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
68	drive.google.com
69	drive.google.com
70	drive.google.com
2	drive.google.com
3	drive.google.com
4	drive.google.com

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies Internet Explorer settings 1 TTPs 48 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000337fb6d7cf56364bb1c5afa06cf48ba9000000000200000000001066000000010000200000000ec821c8c14786c7aa87537afa856ac1608635f643545b32dac7117ab9e82605000000000e8000000002000020000000e53328c1c5c4c283750348a6ba7dbe0b4ecf3576a724b56605c6490fcec2949510010000a4b7f882bc8fd3e37d70886e20312537eb0a5995b32b53e1cf0f2a8d6d4215513f4fe7ccf2a9b4d0ce31bec05e190b3234c17d0aeeec8f720551b0c2621e61ef0d99840f8c818a138e713d126a57e4db53c07db53001adff3694b88461093c36205944255df47ab843fc4ee02f3c41aabb6c57896dd3d38ed466439454678a5e4356a9005e0f2f10141cdc07a58f96a75e3a2c1afe864f98cee6600defe84c4bb2072a43a5825185f07a528da619cb48bc73bd8be66460b0e9360356d0f0174b14d2140ac71e959fe07017a98940ac33ba0ac25de0c2d1b1d4ec6baf037b58394212418830ff8120cb8cfbb3aca4f851ba4d0dda35fdf200946ba49e0ebb1f5cbcceeacb8a5f7df0a83138c6dd8ce17140000000c86a11655aaf1a8c08c9fc1edd7f0a0686071ee9db1039ffe578588ebb3c96ffe9ccedba0730c2be5f1da622f1adc43252c4deff9ea06c57f6cb6feeca5ca534	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "430468056"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31125098"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 501d97c56aeeda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3280825841"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31125098"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000337fb6d7cf56364bb1c5afa06cf48ba900000000020000000000106600000001000020000000e968f80ea55fc883245fbd668b84c19ed9afddf2152a6600de0df44e48f883db000000000e800000000200002000000073d5a79481873a41672315d3e04b94d7a003f52a2ad16ebf9efb7e0c342e1dab200000000c5c96f32f3a60900b9c4216ab426d690228eddec95444b13f96283f3ec07e5e40000000036354da0efa80d2e974e389a8ac847de7db21ca53e3b4f1d29f5f094a5c11a308db57fdb821b1624de7b2b828df0db3920aaacf2f7b89df12fb04edcfe81542	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 3	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\FlipAhead\FileVersion = "2016061511"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "430436065"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430419470"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\FlipAhead	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3280825841"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EF14EE3A-5A5D-11EF-8A80-E6651DA5F279} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz!	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki	iexplore.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\D.zip:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	3524	firefox.exe
Token: SeDebugPrivilege	3524	firefox.exe
Token: SeDebugPrivilege	3524	firefox.exe
Token: 33	6100	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	6100	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
4140	iexplore.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
4140	iexplore.exe
4140	iexplore.exe
4656	IEXPLORE.EXE
4656	IEXPLORE.EXE
4656	IEXPLORE.EXE
4656	IEXPLORE.EXE
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
5940	D.exe
5940	D.exe
5940	D.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4140 wrote to memory of 4656	4140	iexplore.exe	73
PID 4140 wrote to memory of 4656	4140	iexplore.exe	73
PID 4140 wrote to memory of 4656	4140	iexplore.exe	73
PID 4512 wrote to memory of 3524	4512	firefox.exe	76
PID 4512 wrote to memory of 3524	4512	firefox.exe	76
PID 4512 wrote to memory of 3524	4512	firefox.exe	76
PID 4512 wrote to memory of 3524	4512	firefox.exe	76
PID 4512 wrote to memory of 3524	4512	firefox.exe	76
PID 4512 wrote to memory of 3524	4512	firefox.exe	76
PID 4512 wrote to memory of 3524	4512	firefox.exe	76
PID 4512 wrote to memory of 3524	4512	firefox.exe	76
PID 4512 wrote to memory of 3524	4512	firefox.exe	76
PID 4512 wrote to memory of 3524	4512	firefox.exe	76
PID 4512 wrote to memory of 3524	4512	firefox.exe	76
PID 3524 wrote to memory of 4244	3524	firefox.exe	77
PID 3524 wrote to memory of 4244	3524	firefox.exe	77
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78
PID 3524 wrote to memory of 2328	3524	firefox.exe	78

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://drive.google.com/file/d/1qpN1PaXL0MxQEMnfRUxVthpAZKu-sO64/view?usp=sharing
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4140
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4140 CREDAT:82945 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4656

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4512
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3524.0.1874914165\1251239947" -parentBuildID 20221007134813 -prefsHandle 1756 -prefMapHandle 1744 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4af0f7f1-2536-4702-9421-a789053c1033} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" 1704 27e89cd4358 gpu
    3⤵
    PID:4244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3524.1.1218687390\423983275" -parentBuildID 20221007134813 -prefsHandle 2172 -prefMapHandle 2168 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b13c1a3d-65fb-4a43-a60b-10f7c3d7470b} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" 2184 27e89bf9258 socket
    3⤵
    PID:2328
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3524.2.1651341791\868422930" -childID 1 -isForBrowser -prefsHandle 2792 -prefMapHandle 2964 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4518d29-5a8b-4228-93ee-1f4f31d58ea9} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" 3024 27e8dfa7658 tab
    3⤵
    PID:3896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3524.3.702757750\416995468" -childID 2 -isForBrowser -prefsHandle 3504 -prefMapHandle 3488 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b81fe1ae-ef95-47d3-87df-9b2faa7c68a5} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" 3524 27e8e5bb558 tab
    3⤵
    PID:1288
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3524.4.2858805\706241081" -childID 3 -isForBrowser -prefsHandle 3516 -prefMapHandle 3636 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {31d90467-3009-4101-a3d3-acb0fe2cf704} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" 4060 27e8eefdf58 tab
    3⤵
    PID:4916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3524.5.1059975508\554221698" -childID 4 -isForBrowser -prefsHandle 4880 -prefMapHandle 4940 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {db419ea4-127a-45bc-a187-27ac7070dd0e} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" 4892 27e905c2758 tab
    3⤵
    PID:1296
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3524.6.1322454384\98801208" -childID 5 -isForBrowser -prefsHandle 5064 -prefMapHandle 5068 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {60c20774-9c0f-4a03-b172-aa0b4ea1aae4} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" 4828 27e905c3358 tab
    3⤵
    PID:3724
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3524.7.972407915\1506427919" -childID 6 -isForBrowser -prefsHandle 5264 -prefMapHandle 5268 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc4575fa-f984-43bf-bddf-5ecb5752fdc1} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" 5256 27e905c2158 tab
    3⤵
    PID:4732
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3524.8.747638537\1825733737" -childID 7 -isForBrowser -prefsHandle 5740 -prefMapHandle 5744 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e1665fb-0809-4ab1-b4bc-add254bdc896} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" 5732 27e91e0e558 tab
    3⤵
    PID:3320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3524.9.1884400979\1618721034" -childID 8 -isForBrowser -prefsHandle 5948 -prefMapHandle 5940 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a937880-4202-4610-825d-4e976a4d07ec} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" 5896 27e9237c358 tab
    3⤵
    PID:5376

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5744

C:\Users\Admin\Downloads\D\D.exe
"C:\Users\Admin\Downloads\D\D.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:5940

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x40c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
5c888cc17fa6cab59f20c3d8c693ecc9

SHA1
1acf7b1e8487c72701a15c0259ed064c14a6a3f2

SHA256
633cfd390a6f9a580471fe82edff9f6f8df74854bce3f35ff1f36423b66393c9

SHA512
3007f1b5b5dbb692d1c6514a30ed47807627401f9edfa70fc4d92ee50aec392c75419d73bdd32a3eeff58f61b4692ab3458988be8fd0fe7e9d15950766a58577

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4FA45AE1010E09657982D8D28B3BD38E_BE32D9F1882B93E37445F58E05C44495

Filesize
472B

MD5
50a4a7906805a60318bdc9facec3b573

SHA1
29d050938a52790e6cdad72830da0e51f0eaf125

SHA256
d84de05fea477287d6a301c06e74d4cb60b990b10bbddccb8e38c1cb9006455f

SHA512
e74bab55f9ea07c0f26f139815cde1e2e45fe114ec7586820faa0b8f087eb862a93d73361b947146be566aa5f02e34f23b17ae410b94cce4e8cb323e05d19b9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
d7b69f648e6610c592cb1736aa44c4ce

SHA1
eef5421ca1987a98ab2a0ea8f53d4c5c24b76cd0

SHA256
da0fdfa632c10f18b9562d0bf4c4459669a4485ba03bc07246b5409ea75ac01c

SHA512
a5170290cf161b1535c4edb680534f0ea72c373a0d7517651adffa26723c79669f0e7ddc00b8cfc0aaf9b78041d7cf517b24d8f4e0ecaa32fbf5a9312b65ce51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
f7137a350135d988181adbdb29a829df

SHA1
380d71fd92df675e149b06dd3a89114d5931e72b

SHA256
bda292ee5e5dfbf105313adb3c2a448190d34f48c9851f68e57e57284b2b0647

SHA512
507a0993e8dc94e08677e6aeca889f348d12ca8f9aad9d94c616fa43c4dd150182e30523711041cc5e64466f9393cadc89bb28252f3de08af9b52fa237a80d21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
0217e33ef6301737f6475fb1b89316c8

SHA1
191f3d65f0c3c20b9131b7d1f6671ffccaf3df1d

SHA256
15ceacfc7f19811d1e8549907e280233d8f5e51835c57bbf9b961acaf878ee1d

SHA512
5704c293fcb54d1d616cbb077b78849bb0cf10585e36a3671c828dc2f0d8bb2c819c68b3bad4142fb0fb1294e8d5c5bc49c0e825e5950d1af08aa5c64126ab54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_BE32D9F1882B93E37445F58E05C44495

Filesize
398B

MD5
bfd4dfe0333d22e37a5a8212cb3c022d

SHA1
a6fb311c18167324e910c701fa4916e92de5e8d6

SHA256
6d633866d1e5aa1c48401634c8fecf238b91f16b804343a3b5e35cbd862968d9

SHA512
689942816b7ab2ccebdc9fe806b4ab711859104447e0fe8c92b30b26134ca84db74e988eb7dcb3126c3b676529fe3845d0e26ae3b60b524febc7bd30e2db20bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
0549e55a020bc89f234a77f2b65c962a

SHA1
39fd6690db1b86e185f87e6ec1f6f0ae8b6a648c

SHA256
5e1990902a7f4a988934148f4ae283830c4b1b235fe5a7534299969e7b73eb78

SHA512
15183bc74b847807525ee8e7cfc96e4d2753f0c172c5b0225936eb14ae55c3c2c85e1c991cf381922bdf3c8686e8431624344bd28a037f66bf494f4ce30cb3ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verF06B.tmp

Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3HONFD4R\KFOlCnqEu92Fr1MmWUlfBBc-[1].woff

Filesize
19KB

MD5
cf6613d1adf490972c557a8e318e0868

SHA1
b2198c3fc1c72646d372f63e135e70ba2c9fed8e

SHA256
468e579fe1210fa55525b1c470ed2d1958404512a2dd4fb972cac5ce0ff00b1f

SHA512
1866d890987b1e56e1337ec1e975906ee8202fcc517620c30e9d3be0a9e8eaf3105147b178deb81fa0604745dfe3fb79b3b20d5f2ff2912b66856c38a28c07ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3HONFD4R\cb=gapi[1].js

Filesize
122KB

MD5
7d41ce8af12a1020f76d0d4620a30b79

SHA1
913cdcd6daf53cecb2639d9a451c4f1f88071d9e

SHA256
2b4ae5731b6361fef2a0b2ea0d005ca674d5cfa837628dc8acf4140b2c8b3843

SHA512
f42cd6041d26407cb75ab57788a71aab626d3a94c50a2a4a04dcb6c89fb728695c44054c0dd79e3c2824bfa9188d6ca8e7a3cb71e6eef7f645f93839147ae0f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3HONFD4R\cb=gapi[2].js

Filesize
206KB

MD5
01aca6d674132913ecbc9db2b2d9ad03

SHA1
c9fb646739e2ed2e18869867e3fcdd9364ff046f

SHA256
f41d574aeffffe2094c610397398b37da40813e31cded45f92037c49295f4d15

SHA512
c96ab1a80f2db279ea53f8bedbd1b2feb17c3ac7ff29181235883d78b065fca21c59c832b04bb6c50fc6cd56287f5fb7977a1d9a2dfb5c7ac45443d86f56bbd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E49JWOHD\KFOkCnqEu92Fr1Mu51xIIzQ[1].woff

Filesize
21KB

MD5
9680d5a0c32d2fd084e07bbc4c8b2923

SHA1
8020b21e3db55ff7a02100faebd92c2305e7156e

SHA256
2cfe69657c55133dac6ea017b4452efff2131422abd9e90500a072df7ca5a9c8

SHA512
e19a498866f69f3d8136a65a5ab4e92cc047170673ed00b506e325165a84216267b9fef1e5cfd66458e85ed820c12e9c345cec9bee4de48e1c2e2b1a784f179f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E49JWOHD\KFOlCnqEu92Fr1MmSU5fBBc-[1].woff

Filesize
19KB

MD5
a1471d1d6431c893582a5f6a250db3f9

SHA1
ff5673d89e6c2893d24c87bc9786c632290e150e

SHA256
3ab30e780c8b0bcc4998b838a5b30c3bfe28edead312906dc3c12271fae0699a

SHA512
37b9b97549fe24a9390ba540be065d7e5985e0fbfbe1636e894b224880e64203cb0dde1213ac72d44ebc65cdc4f78b80bd7b952ff9951a349f7704631b903c63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E49JWOHD\css2[1].css

Filesize
607B

MD5
9971f6671a5d2203916c9172157cbf34

SHA1
c0ac281111f1c4876e0661b845363cb477dcfbe9

SHA256
34b99e216821e273bd666ec978d00c9f2149327f2c608deaa6896c06c6b778ab

SHA512
db8bef30c02671f965c9ba33740f51cf70306b83da67aa805c73e10970c4100cdef53df7b9c7db70e1fdbda8b2adf4ec2480966904244a25d8e5a9212507811f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E49JWOHD\rs=AA2YrTsx42cCC4whFxk9cLqDwhTgb_zhSA[1].js

Filesize
223KB

MD5
6bf0297bfff3f310d3be50d5762a9873

SHA1
ba91a937f1fa029597811bda214de69a046a04e2

SHA256
cb17e218e69383d606a39170c0ed553a54ef7cecf94dea5b4d484b65828f0d1d

SHA512
e35547fc51a42d1d9adec6dbf58ca772fd175d2ec404fdbc8fffce8c6a66852496051b89280c91e0eae728999ae23090986f1cb5d5eb9248bdf4ce002327855f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E49JWOHD\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IOKXFE4P\css[1].css

Filesize
794B

MD5
cfd7319c9c4788ba190a46215513157b

SHA1
de7d0cf7498ec54e1c19393d6f5d380b63df4e11

SHA256
758ae31e2c874158a350af456841cff0ade4b82ad57ad4d363d6813b9df772e6

SHA512
9d849b15c3dd99863b3eb87319c24e2fdc3757e0fcf07448daa97e8d6c202c6090d11e6de301e8e8f1ca586429aa8f65b2c2969a0b2ffcbc70b310c5cbcb0ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IOKXFE4P\drive_2020q4_32dp[1].png

Filesize
831B

MD5
916c9bcccf19525ad9d3cd1514008746

SHA1
9ccce6978d2417927b5150ffaac22f907ff27b6e

SHA256
358e814139d3ed8469b36935a071be6696ccad7dd9bdbfdb80c052b068ae2a50

SHA512
b73c1a81997abe12dba4ae1fa38f070079448c3798e7161c9262ccba6ee6a91e8a243f0e4888c8aef33ce1cf83818fc44c85ae454a522a079d08121cd8628d00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IOKXFE4P\lazy.min[1].js

Filesize
119KB

MD5
5c1a4b68757b6ccd39b595a2441d7c3c

SHA1
1be90dfa833ec7bdae7220da8feb734aac38e215

SHA256
ba07bebd73cb37c8c14ff99d766a75062b33479eff7365e9c9cd37e2f709eae7

SHA512
6ee9dbec35c999c9b7c22140ae08ca1e325ca568d27e09f68d471923cc0fdd2b8f6009d167e2898d730116cff220f22415368b3d3261d3b25fe5a343185199f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IOKXFE4P\m=v,wb[1].js

Filesize
1.8MB

MD5
a190b17ed258554bf430be0f2dfde223

SHA1
cb537379bdf426aa6fbff0f8b5e57894e1a3280b

SHA256
8227daff7ab06fed01a0ccf9abee91c29532d1548d14c0822755094ec99986f5

SHA512
78c43faf5d5e5182c884cbcfb02d9da62b8d398237f63243b4b53e160e735d951feaed84f6bdef4ca1e0508fdb00a705b179fb7a8616bf01afbd82595cc0295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IOKXFE4P\rs=AO0039vWOEKt76gfYi-cUY20xNTMcbSJDA[1].css

Filesize
2.3MB

MD5
ff3f7f0fe83159470c5e6e3bba8bd429

SHA1
15aa6df918a3c723f60777e5f4e53d98e17dcd02

SHA256
70175bf647ccf40e1f3ff006ce520af31a95bf3617551422dd90361329248ed3

SHA512
f44e62e752a34612909c5c7449a5550e69789c912ca6a3c863888e1596022e7547be3599b7d00bfd85d75d135e2733c8912d4acb4ff7e2db1c4fc9604397c08f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P1Z2RULQ\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

Filesize
19KB

MD5
de8b7431b74642e830af4d4f4b513ec9

SHA1
f549f1fe8a0b86ef3fbdcb8d508440aff84c385c

SHA256
3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a

SHA512
57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P1Z2RULQ\KFOmCnqEu92Fr1Mu4mxM[1].woff

Filesize
19KB

MD5
bafb105baeb22d965c70fe52ba6b49d9

SHA1
934014cc9bbe5883542be756b3146c05844b254f

SHA256
1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed

SHA512
85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P1Z2RULQ\m=MpJwZc,UUJqVe,sy6,s39S4,syn,pw70Gc[1].js

Filesize
6KB

MD5
e727ee1f1283edfb030c93d72e0b064f

SHA1
cddc185b48ae7d2389de8579e9a81a4abb46c294

SHA256
a402a538a7278ac6745222f6705365b098b160995bb1c0b56ee4658894164c0f

SHA512
ece2a3d7aee9a48c0c177582d9033bffcaf0ea9e23c01045fd04b80dbf65b887dd574f534e1a935293eee3e415075400bb5e5d4496d5c1edad507b7d4d13ee5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\D0UHWWMM.cookie

Filesize
545B

MD5
06be042494ab6a5fdeafa79405964d88

SHA1
a224a25cb3bb35c7cb7b78b4484dd1a83c334a2d

SHA256
6c3888090a52655b5ec4329eccd25afd2fad32347013ee13eaba31fa9e28c40a

SHA512
12ce0baea175abd1197bea1c919bc0f585f8e01ef5ff1a4be935d0aa51fa83ca1e1087155c4c45f4a9983a9af86aeb8d48eb85e792cf5c06cf3619697fd83a67

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
db6950509e4143b51b51046c3df47912

SHA1
c1d38fcb7a65b2933bc3d3e31eb31f8df3cab805

SHA256
b8eb1e4927588be9c6d9412abd3723008ae7a1c37388657381518907bca951d3

SHA512
dd5055d55527d4de52167f1a3dec778bde0f9b2efb2dbe15665d435ac80749123cc3a7c54ab0af6b4af9e04a201b9da1daf0ca2c58bb424f903fa20eea28fee1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\9efff1fd-cbb6-4244-9dcd-6532f75dd60f

Filesize
10KB

MD5
d0869a4fe7df905361f976031fe54cb8

SHA1
639f8e41d143609ff2fc3618a11574167033213b

SHA256
0feb8bad3ccee25272435a60d053f276cbc6c11abb8c241e909e8fd0346c4611

SHA512
d816b6473c0f458e3b3fe94cecd56fba21ad6775e71b0d1b90c346293458e918bae26cdbabc798920ea343a33fa12b6431317049670befa1e330149f6c4d4390

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\cf94fa96-0166-47bc-8907-e6f16c275cb7

Filesize
746B

MD5
44360a3ad2b0112e62ab73a4f3d7815b

SHA1
1ed1866ce14a1fa3898e16f551ea32ed2ec69de7

SHA256
70be4a11b5c75cd7a062587b6fb23297650c9c9de65fe1aa49c475470744e4b2

SHA512
4a733057b1374dfe5ff0082e1b49c4a5fe6f71c6a24825f4c13a986395c1cdb815d15e259250b5cdf5de904c9526a648824d7803893b796def8c3aff0cbecd61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

Filesize
6KB

MD5
d881b6626192aa4bebf40e98ca8e9dbb

SHA1
d8b23224e445f9619f87c08a290df36b0e5ae0f3

SHA256
becb7ae436f5c314fda6ec69045491abbc540acc408445e47361b9048c668934

SHA512
8cf2bba09ecf4e96ee2c3d3e4e760595432400505545d612096cf84581c4cc93add5a359a7a5fbd06878540a4ae0e6471dcb42fe0531bc0c45cf744359859422

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

Filesize
6KB

MD5
b32332ac07feaebb4ae8fd817a0b36e3

SHA1
e9977df1e6e17c28a903cd59dcbca29973624b28

SHA256
3af8aa1e1818ca192ad769a9f83329b20edbf9c7ae2474b20eece926e49b77a1

SHA512
82ec24d409da1a4b2d8ca55e94f16e0ac8b579a4eb4667093326526276acfc7bdaa439f306ae98acaa4c492deb89ee307045a34eae6ac6224bd0f684f02011d8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
4e852583bf3650c41028ae5f05f9c452

SHA1
378c5270943ad0f94ac9e7e12482b439f336b5f8

SHA256
c7ba2b68f4dbf697997ab2d81568c09e9a4e011524b6bbc137f57a1aa3afcb5e

SHA512
b59314d5e5147022c116ac581736f1ddaabf019ac482af44c9d3b44b38d84897474818ecaf8571f5e440e4d093b2c94fa42bc712e52524883c2f570586083377

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
c3ecd5eb80052ac198db26bad050ecdb

SHA1
b4fccc81e30ed5e754d6ac8a8774a35fbcb91064

SHA256
a77b4e76acb0c2afe86d50768d05d37a66dfcca5006e9fcc57f4ae9047759ff0

SHA512
ea33e9cad1a9acf0aeeb516af860df94750e58cf5ef1a5501f8ce11e1e216cbbbcdf8e450f120ccdaff4b3c7fd8cefd03e7071c4a0afdb85fa848e688b3fafa6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
df6cab15525edeb6dac33e33e33109fe

SHA1
d5f19c50ef443f5179172e106f7c62fd9bc4b7d1

SHA256
34e46586b7c43f13bbb0bf939ed64ea5aa89d0d4a3da290430ec567640ca4b91

SHA512
6075cb561b2588b2605ccf159904ef8d21826e413a740fa7cf466d9f94c20f7d880223003e6270d187ca21a517eacc691c91d65b19bf734cba734e3b47f3fab5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
0ed2663971e8051b2bcb574926400fa8

SHA1
467756bf41c377bdb07c8be10d5391f1df1d80a7

SHA256
0c44c9887ebd30506041e4f483422673660df0b74c7468b0cab2c69bee1f4e8c

SHA512
e521f02d0a4dc70e3bb33747c5113c76f18f15b4370826ef13700c4f559c8b158ed1d8ef79d7d88794bfea61496a75d653237391f2f8b5e53d8574a21f113898

Download Submit
C:\Users\Admin\Downloads\D.vdgge6Ft.zip.part

Filesize
40KB

MD5
832418032bc3b9a5d835b770c7d4554b

SHA1
0d1b847c1a004ce4e39576227f457ef098856046

SHA256
0bac86e4ca72f7f5db1ec3b5efade926f062e589bbe432e6af7aad65fe6f39ff

SHA512
168fcdd9168a087e9910d1937802f3763413910b33a72734743c13bfd1c490f4cdcce70eb1247945b932ce18dbbfa70f2c4148e7c5beeea596292a7c02727c3b

Download Submit
memory/5940-475-0x00007FF63F270000-0x00007FF6436A8000-memory.dmp

Filesize
68.2MB

Download