phemedrone | db8721f8df446cbb083694598bef88e7a9f60dcd132a89f436a66b93fa2464b2

Analysis

max time kernel
154s
max time network
152s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
15-08-2024 02:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

loader.exe
Size

139KB
MD5

fb945448fb22c90d4a788494084c7f2e
SHA1

cd6173bd4a143ed1793fe0d305d329472bb2b70b
SHA256

db8721f8df446cbb083694598bef88e7a9f60dcd132a89f436a66b93fa2464b2
SHA512

66b1d59423fa9d79645e1a1cfa06d38907ca4d8cdad5213efffbbf8fab503724ec53fa22c1d20d13db0cca62e718bdb47f0b474f6d091ff31b5c823292993eb0
SSDEEP

3072:vl8ENz25WGNx23FTuHqW8hsn0kg0+T77qCGKLhN8IxX56Ez:dhNz28GNU3JAh8h60kpM72ohNRxYE

Score

10^/10

phemedrone discovery stealer

Malware Config

Extracted

Family

phemedrone

https://api.telegram.org/bot7253527125:AAG2zbXlkuY33BxLSZk2mcohhToET22xkTM/sendDocument

Signatures

Phemedrone
An information and wallet stealer written in C#.
stealer phemedrone

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4728 set thread context of 4580	4728	loader.exe	75

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	taskmgr.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2456	4580	WerFault.exe	75

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	loader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4988	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4988	taskmgr.exe
Token: SeSystemProfilePrivilege	4988	taskmgr.exe
Token: SeCreateGlobalPrivilege	4988	taskmgr.exe
Token: SeDebugPrivilege	376	firefox.exe
Token: SeDebugPrivilege	376	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
376	firefox.exe
4988	taskmgr.exe
376	firefox.exe
376	firefox.exe
376	firefox.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
376	firefox.exe
4988	taskmgr.exe
376	firefox.exe
376	firefox.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe
4988	taskmgr.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
376	firefox.exe
376	firefox.exe
376	firefox.exe
376	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4728 wrote to memory of 960	4728	loader.exe	74
PID 4728 wrote to memory of 960	4728	loader.exe	74
PID 4728 wrote to memory of 960	4728	loader.exe	74
PID 4728 wrote to memory of 4580	4728	loader.exe	75
PID 4728 wrote to memory of 4580	4728	loader.exe	75
PID 4728 wrote to memory of 4580	4728	loader.exe	75
PID 4728 wrote to memory of 4580	4728	loader.exe	75
PID 4728 wrote to memory of 4580	4728	loader.exe	75
PID 4728 wrote to memory of 4580	4728	loader.exe	75
PID 4728 wrote to memory of 4580	4728	loader.exe	75
PID 4728 wrote to memory of 4580	4728	loader.exe	75
PID 3716 wrote to memory of 376	3716	firefox.exe	82
PID 3716 wrote to memory of 376	3716	firefox.exe	82
PID 3716 wrote to memory of 376	3716	firefox.exe	82
PID 3716 wrote to memory of 376	3716	firefox.exe	82
PID 3716 wrote to memory of 376	3716	firefox.exe	82
PID 3716 wrote to memory of 376	3716	firefox.exe	82
PID 3716 wrote to memory of 376	3716	firefox.exe	82
PID 3716 wrote to memory of 376	3716	firefox.exe	82
PID 3716 wrote to memory of 376	3716	firefox.exe	82
PID 3716 wrote to memory of 376	3716	firefox.exe	82
PID 3716 wrote to memory of 376	3716	firefox.exe	82
PID 376 wrote to memory of 2028	376	firefox.exe	83
PID 376 wrote to memory of 2028	376	firefox.exe	83
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84
PID 376 wrote to memory of 3216	376	firefox.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\loader.exe
"C:\Users\Admin\AppData\Local\Temp\loader.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4728
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:960
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4580
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 1060
    3⤵
    - Program crash
    PID:2456

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4988

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3716
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="376.0.290933489\2097917912" -parentBuildID 20221007134813 -prefsHandle 1688 -prefMapHandle 1680 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {774abf40-85e0-4a9d-bcfa-2a720106fc3a} 376 "\\.\pipe\gecko-crash-server-pipe.376" 1764 27f4d6d9358 gpu
    3⤵
    PID:2028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="376.1.712234191\869182326" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3d6dce4-1d82-467e-8ed0-3fcfb3a9a20b} 376 "\\.\pipe\gecko-crash-server-pipe.376" 2120 27f42572258 socket
    3⤵
    PID:3216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="376.2.2007966906\986718968" -childID 1 -isForBrowser -prefsHandle 3200 -prefMapHandle 3016 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d8cf60c-5d7b-4eb0-a62d-a0db4d18deca} 376 "\\.\pipe\gecko-crash-server-pipe.376" 2712 27f51999558 tab
    3⤵
    PID:828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="376.3.1365054925\674772368" -childID 2 -isForBrowser -prefsHandle 2740 -prefMapHandle 2660 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9498c21-2f46-4afb-b39c-14d27b6417a6} 376 "\\.\pipe\gecko-crash-server-pipe.376" 3536 27f5199ad58 tab
    3⤵
    PID:2448
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="376.4.1905460991\912337096" -childID 3 -isForBrowser -prefsHandle 4128 -prefMapHandle 4120 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {df330593-83e8-4866-bebc-7f9a649cf4ea} 376 "\\.\pipe\gecko-crash-server-pipe.376" 4140 27f51105158 tab
    3⤵
    PID:2380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="376.5.583027052\1741185037" -childID 4 -isForBrowser -prefsHandle 2624 -prefMapHandle 4748 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {da33dc11-68ed-4251-91c8-fa967dcee3c8} 376 "\\.\pipe\gecko-crash-server-pipe.376" 4740 27f4ff78558 tab
    3⤵
    PID:5012
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="376.6.1107548061\115899455" -childID 5 -isForBrowser -prefsHandle 5116 -prefMapHandle 3780 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e501bb3-5f17-44da-955b-99c5b2e195f6} 376 "\\.\pipe\gecko-crash-server-pipe.376" 5104 27f543de658 tab
    3⤵
    PID:4252
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="376.7.1403546163\1158934665" -childID 6 -isForBrowser -prefsHandle 5300 -prefMapHandle 5304 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d837e8e2-d45b-4801-bb0d-1ad4da88d6e5} 376 "\\.\pipe\gecko-crash-server-pipe.376" 5292 27f543dec58 tab
    3⤵
    PID:4076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="376.8.1453044096\971000464" -childID 7 -isForBrowser -prefsHandle 5116 -prefMapHandle 3780 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {be3ef674-c55e-4623-8a52-6b3acfb0a0d1} 376 "\\.\pipe\gecko-crash-server-pipe.376" 5172 27f5594d058 tab
    3⤵
    PID:5016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="376.9.373455005\638029842" -childID 8 -isForBrowser -prefsHandle 2624 -prefMapHandle 5852 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0eee3e9d-b988-4690-a320-44d766e039c7} 376 "\\.\pipe\gecko-crash-server-pipe.376" 5860 27f55d4fe58 tab
    3⤵
    PID:5216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="376.10.376450174\2074764833" -childID 9 -isForBrowser -prefsHandle 4480 -prefMapHandle 4596 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {409b2a89-e615-4b30-9df1-6973d94dc460} 376 "\\.\pipe\gecko-crash-server-pipe.376" 4132 27f556e7558 tab
    3⤵
    PID:5624
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="376.11.653530145\1416972917" -childID 10 -isForBrowser -prefsHandle 5336 -prefMapHandle 9660 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {850988c8-faf6-4663-8b07-687b6919e46d} 376 "\\.\pipe\gecko-crash-server-pipe.376" 9764 27f569aaa58 tab
    3⤵
    PID:4264
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="376.12.1219427928\1287098185" -childID 11 -isForBrowser -prefsHandle 9776 -prefMapHandle 9772 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5bb96f9b-2e02-43c7-b13f-eaf99ae9d7dd} 376 "\\.\pipe\gecko-crash-server-pipe.376" 9472 27f56a57758 tab
    3⤵
    PID:5752
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="376.13.1254578248\1776365134" -childID 12 -isForBrowser -prefsHandle 9812 -prefMapHandle 9768 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8dcabbe-c16f-43b3-a7ac-8e45a4d4d4aa} 376 "\\.\pipe\gecko-crash-server-pipe.376" 9604 27f56c76258 tab
    3⤵
    PID:5968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="376.14.1949912109\1210450574" -childID 13 -isForBrowser -prefsHandle 9308 -prefMapHandle 9304 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ecbac59a-f55f-4d11-885a-b350b3fc3609} 376 "\\.\pipe\gecko-crash-server-pipe.376" 9316 27f56c76558 tab
    3⤵
    PID:5980
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="376.15.1463238017\231189330" -childID 14 -isForBrowser -prefsHandle 9112 -prefMapHandle 9108 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {37ece765-09c3-42f9-ae3e-ab80f8eca60f} 376 "\\.\pipe\gecko-crash-server-pipe.376" 9024 27f56c77758 tab
    3⤵
    PID:5992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="376.16.1642778809\1932619699" -childID 15 -isForBrowser -prefsHandle 9088 -prefMapHandle 9084 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1721a44-0491-48ef-99b9-af37658acae9} 376 "\\.\pipe\gecko-crash-server-pipe.376" 9304 27f56fc0558 tab
    3⤵
    PID:5668
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="376.17.1847341314\1601831036" -childID 16 -isForBrowser -prefsHandle 8652 -prefMapHandle 8656 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {620f5491-5cc9-4a1c-95c5-a5f84ac79f82} 376 "\\.\pipe\gecko-crash-server-pipe.376" 8704 27f4ff78558 tab
    3⤵
    PID:5520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="376.18.177057152\1206949432" -childID 17 -isForBrowser -prefsHandle 8640 -prefMapHandle 8644 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4fbd8398-fb49-4f56-8844-a749ad700237} 376 "\\.\pipe\gecko-crash-server-pipe.376" 5124 27f543de958 tab
    3⤵
    PID:5532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="376.19.970629188\1851013612" -childID 18 -isForBrowser -prefsHandle 8628 -prefMapHandle 8632 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4bffa70-2342-41ae-9b0c-2d12ac77d3f0} 376 "\\.\pipe\gecko-crash-server-pipe.376" 5592 27f54f1db58 tab
    3⤵
    PID:5540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="376.20.27469455\504863693" -childID 19 -isForBrowser -prefsHandle 9876 -prefMapHandle 8652 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {41b5e817-90f8-41e0-98a5-a1f1cc41c7d5} 376 "\\.\pipe\gecko-crash-server-pipe.376" 3384 27f56ee5b58 tab
    3⤵
    PID:5604
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="376.21.1481261762\1063788438" -childID 20 -isForBrowser -prefsHandle 8820 -prefMapHandle 9668 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bea8cc04-002d-4bca-821e-2d4e47f6ca3e} 376 "\\.\pipe\gecko-crash-server-pipe.376" 9236 27f56c76858 tab
    3⤵
    PID:6736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="376.22.2131390156\1134140799" -childID 21 -isForBrowser -prefsHandle 8780 -prefMapHandle 8768 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8b5526b-6eb7-43ed-9d10-5e08ffcce9e5} 376 "\\.\pipe\gecko-crash-server-pipe.376" 9004 27f57e1bd58 tab
    3⤵
    PID:7108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="376.23.2025075935\973306574" -childID 22 -isForBrowser -prefsHandle 5808 -prefMapHandle 4320 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {289a4ae0-b990-4704-b070-2a5830888a3b} 376 "\\.\pipe\gecko-crash-server-pipe.376" 5804 27f5865a858 tab
    3⤵
    PID:5740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="376.24.901303387\1693627005" -childID 23 -isForBrowser -prefsHandle 8796 -prefMapHandle 9288 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1a65396-a12a-44e7-8176-4215926dc432} 376 "\\.\pipe\gecko-crash-server-pipe.376" 5652 27f57245658 tab
    3⤵
    PID:5264
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="376.25.669352065\573234780" -childID 24 -isForBrowser -prefsHandle 5316 -prefMapHandle 8796 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {61636137-ba80-40a8-ae84-e838068cbdd2} 376 "\\.\pipe\gecko-crash-server-pipe.376" 5476 27f58d29858 tab
    3⤵
    PID:5996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="376.26.1445174664\1135244574" -childID 25 -isForBrowser -prefsHandle 9524 -prefMapHandle 9464 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {022c069d-f610-4e57-bd1c-51ce9eace968} 376 "\\.\pipe\gecko-crash-server-pipe.376" 5700 27f573b8e58 tab
    3⤵
    PID:5136
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="376.27.72176143\1698738586" -childID 26 -isForBrowser -prefsHandle 9464 -prefMapHandle 5652 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e72435cd-9ff8-424a-97f2-7f09c065b591} 376 "\\.\pipe\gecko-crash-server-pipe.376" 9524 27f57105958 tab
    3⤵
    PID:6940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="376.28.37876532\1649811879" -childID 27 -isForBrowser -prefsHandle 5236 -prefMapHandle 5224 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a12bc45-7791-4d4b-92d6-fb9a9309822e} 376 "\\.\pipe\gecko-crash-server-pipe.376" 5132 27f57106858 tab
    3⤵
    PID:6924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="376.29.1280728011\1628149604" -childID 28 -isForBrowser -prefsHandle 7884 -prefMapHandle 7944 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {12188ef5-4304-47c1-b589-fcf2c9a2b4c0} 376 "\\.\pipe\gecko-crash-server-pipe.376" 7956 27f58ff1058 tab
    3⤵
    PID:6948
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="376.30.1734512334\550971640" -childID 29 -isForBrowser -prefsHandle 4604 -prefMapHandle 4536 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1cb3d41-d839-41aa-b900-431ba367c535} 376 "\\.\pipe\gecko-crash-server-pipe.376" 4612 27f5436dc58 tab
    3⤵
    PID:1088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\11370

Filesize
9KB

MD5
adc5c5e620cf5470ba20ba1a98a933e7

SHA1
03c93b01c3c426fe7d4fa2bdd64042790c06b125

SHA256
70bde63c24a9ef54980056cfd0a96a40c2613c44d2efd5a556c69b69eb0ddb8c

SHA512
71ab1bf5b98741f4da13d557c340fdc9a5f192c997fad98f0acb1ee1d7b839f63decb8d9ea4570e418a9bc7d183d8ac2624f6d57d1de6f17ccd44dd2ec0fb627

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\11460

Filesize
12KB

MD5
983ea8d2427c2c643941c59cbf3cf4c2

SHA1
b2423750882879f4b5340851bdf900d207bb33d7

SHA256
6a8e5172e834eb83295ed25bc974674ae7bd735482ee32c3d9ad511e57ac474d

SHA512
fe8375a4a98dae26f781658fcaab32905dbfd2c16bf3b88a278d4e7af288ef839064e5d087f3f0dddb19a504eb23c9c3bf3c45037c54cee4bf688a3c6f379b35

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\15965

Filesize
21KB

MD5
78498966b812b2dcd9890d9baa91e1ea

SHA1
9bf76c76aa1bbf5752a65a5c9f919f41aa5ab361

SHA256
0f5f3806656fadd5de6b59953e30cd99f8f848b12c9ca8487b8c612dc16b9e6f

SHA512
a5c6874ef72e3ecfeaaf6d0b549b1c35b5c4c432d9eaa7e7ba254ae1539f74ba31d6eb9df2ff097839a212f75ba8259f479c7e86da396c80dab1acbdfa044a29

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\22364

Filesize
8KB

MD5
56054cfbe872bb01c9ba795016e00827

SHA1
d965d0247d0e3063fa33a4b38b23f3e80ea58789

SHA256
ab96538993c5180e3adc3ea709ec484918cc209169239cbc2a6a2d53e5e6beae

SHA512
961f4a3b6bc55460009153918c86b9a3372d3e6ed49448c29368bec70d7540f308379da6220076981b74e8b2ea77413f30b03a4b01c486756c1c199d9552afdb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\22986

Filesize
8KB

MD5
67b691b5af9023621179810bfaaa713b

SHA1
1a4037f4c3db3dd8ab871c10c391312f70e2c747

SHA256
259a8deb3759e6b8cb9073bddc44587be6fad33fe4f74ebb512bbba22ef7eb41

SHA512
be4b1d8fd9d32dd2f412b27ddafb85ad8efa52c484d587fe847021a347ae237c95b5d2fa944d713586f90409bb45b0ec9be15eccb05cc098e59f0d7b62a27af4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\23082

Filesize
9KB

MD5
5a001a2e7b2fa9d99bddf71b2c6adc9a

SHA1
605190ab68271ab4801f4f02d91a282845186cb4

SHA256
1fdcc01126600617fef0241663c08949f86e2f6335c95ced6a1f543e88746eed

SHA512
a434b6d217db268c99a63b3eda061e6317d133ef2d7093a6d7da73019c8ecbf2768a2fe861e6cd2f497a091042daed1889bf7bd23a8722a0059d9b812346ac41

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\24432

Filesize
9KB

MD5
03b668c88cb59adb09c7561002ac3431

SHA1
ce4f1ac55c8c5c310294d453bbb231bf620eca31

SHA256
28ec259af4393e2273cec0264ec00a65bf743106205f235ae10d2bd62bb884a0

SHA512
bae44fd949a574ccddc69ed96b0c97f79a742d0940e942dfd2b91326823bc4cfece9d4f8f722eef274bc277c0fcc785acdd9e08244c0618250e604c7d2f75fa2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\25768

Filesize
12KB

MD5
4283e42090613e6e4f47b72d684ed163

SHA1
9c78c0b5de3a237c2d99ea0cbb2b873856c7cc53

SHA256
39bfd92891ded3b1bb98c61c57e232199e6ee44336a202da5947e10b247cf2d8

SHA512
334940f107d8459295cced8ebb522dd34d6f16d644096c443e4e9194c61a9dbe6ef1c0fda0c4b72463ba17d3f5b95979f5a5d0408e5588f7f347122c44e8cc61

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\30212

Filesize
9KB

MD5
165165b1e003c3f6466ccb2b61662cea

SHA1
a397cd42c0c56c6046b256944f8010f9eb5d98cb

SHA256
c7ce471396acc3e6ccca7b2aa689d46b98c9855232f4b92249e60059c848d5ea

SHA512
0097b332ab9adf2c906810086d392b05416e9bb2152c2b577f4908cf7d20baff8e69679a2120997b126dcdcd2693f148ff8d4c3c606beb4791c228e59081dcfd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\31076

Filesize
9KB

MD5
f360610a528b2c50d20a0a1abe4c9149

SHA1
68b27a0c899ace917c88983e060fab9916686a66

SHA256
97366fc8097c13fb4b1ec6780641a0d25aa45df635df9e119c5f22fdd8597b83

SHA512
3047f954ba634b88ae8ceabff0cbf0323ee7a00daa29df1596f7d4230b6abb257029011165ab5ddb8103c06b9541fc5d364520ba2cb5f9087ab2fd783e5e1e0c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\665

Filesize
8KB

MD5
30eed6333d7386699265616ca1d95d09

SHA1
63c6c5db27eb96f63a5dd1af0671b95c09ea0e10

SHA256
3bd78e8775bd688cb6f0c6d307c79319b333e128c0a911f992be6cdfae4a2f31

SHA512
42fa14017628078a79a2c327fe33b15052ab5ef280f1c0a47490786070b2bd16100482340269e19f15a28e1c09e575f3a88b7ca9bfaa33a1bc9d24751bab5da9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\6972

Filesize
5KB

MD5
f00bf99577ae54136e25e39d875f3bcf

SHA1
21283bad01eeceef3a8228ba649173df91e6e8d6

SHA256
01a7a6b2302170299ae8ab072ebe34c910e03534c71b2b426ddcc1f0d7aa9ddd

SHA512
be227d43991366a1f92bcd659d821cd99083ae87842674ae02fe32f248cb07294ad901e8290bd9467f4bd5e87f8e9ae13e2aad5b239062f5967ac4a09ad78e7b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\8578

Filesize
9KB

MD5
121f9f3a39eaea9617fa8f8d33f6b48a

SHA1
c1674d2a1dd83dd82b29b189bd4493d5d592bc80

SHA256
dd951b3e79273c962247f5ed9d98ffa22822112b0476005ee789a5259f1596ac

SHA512
4da3b922bdf696aa50422ff424a29736329739837a9ead11e1c465052a1390566ddb949042ca7572d95274a62dd5161474fd389b6606f9f93615cabcf9b56ab6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\21381B302D5D92D471CBF520A4381EC0A77D243C

Filesize
17KB

MD5
967368675905edac1f5caf567735bfaf

SHA1
59007ec659161410cb9bbd95947ef4d06ae26b95

SHA256
c23dd0fd89dd4b2eeb3ad1640804845088f6593e7cd8c3d015646006924a5ec7

SHA512
aeba5660f6381bc080309ee23fe553a37727e3b66049152e01b2de62a1b9205ccf2f9f949f3982610afc9d2e3c1aec9a73f9376dee53568760840909ec565490

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\310DFA1FD62041A416EB7E08244A7AFA8992C084

Filesize
14KB

MD5
eeece0ab6be8f1cd44cc4b4a4545df69

SHA1
5abd966b0045c972ede119792b6248d0fccd055a

SHA256
886acb9cc20f89ea0a64f86f26cb174dff197635222c0d601a8637afc4c9fe96

SHA512
a62bcda17bf1578dc769d2ea606a07eb12e58add465823bc91c8c4560175a5c9b7e73b959ca1e7d65700f38fce89f68d2ccc80454b338158ebc14716efee6b0f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\677B80A25A006EDCC273545819E7C8B9A97E5201

Filesize
39KB

MD5
6b2764794211576ea9b05071975621e6

SHA1
aa8a4f989a17d23b170c77ab507b416cca5566d2

SHA256
2d68ec78be105cdd90542d8e9766f46f732d8351d0cb43e1e5f05558ed0f6328

SHA512
bd1ec2d5c39b1a2b11bf563efdc0fa9ebcc3a6e96a09ce106995f3ce7b867fcc2af395fb7b4394fbcb16390bd59cd59eb02fa627d4b88b44d5e03febea6955ac

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\677B80A25A006EDCC273545819E7C8B9A97E5201

Filesize
39KB

MD5
79fa47dd755605d971d7b39bb136aa7a

SHA1
5aab3a041fc27218cc93ab38c49cd4ebc46c1c5a

SHA256
a649b60cd1a2b8ab946de7abdc44458a69052e037d300f3a6b42f29ee5d47b4a

SHA512
017475c111533f52d6cc2da4cb77d5f538ef32a979d739b6eb0daa36000b0486e47d8a25b2d641001f1de8e84bf2bb92f908e66c159c1d080ea97a111bd320b2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\7D3068195A30D049CC263CE0A0641E65E92E39CF

Filesize
72KB

MD5
dff1a9d942d812bb9fe91cc4dfc5989f

SHA1
b19a4c7bd49e306146ca77152f4ba7d84a5f4201

SHA256
dc3ac90f0513b2a60a32792e20a3ec702217b6509a2c1805a14c7461703742a6

SHA512
11d1bbd9d100a5e687f2a8c40985afcc51e3bbe80da2dea9f5ad740d3ed148fb60abe6d80a4ecb034b80f810d2d8cbe0da3e7bc1e0dff7047a6629326ade0b07

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\8B0F3C4E9018C2815288FE037BBFAD1C66EB1C00

Filesize
17KB

MD5
5d953ee094577720d0dd8fe9f4b65bf7

SHA1
419971eccb53d6d155ac791c092c5db1553ab3e6

SHA256
72ee951e49b499edf1fa8b44dadd17d7f95ffe4a6c5b67daf0e8c2b699973e58

SHA512
48ff1f4e3730a3179b309af2fef1179a8d58b9376e8723f7616bd0553480a20213eb8fd0b469e04d6d08e927ec912854d0a368cc926617c4c019f3a916240374

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\9357B92D7A82DC731CBB46EBC4F197AB314C7C11

Filesize
218KB

MD5
55eb28cb7348d83276a7352fa29c4037

SHA1
d028dddd02cac3512f5f3b3b4f7666a292823e26

SHA256
c05d4936618ddd869501c8cd7d2ea303f03a7e8e325e832ebc8cadb733868eec

SHA512
b5b9d2a27a81369de9417e042e8a7ef896c864cfaefc877f84915b06cc4b5d214aa697c10b1d757aedcf8a7db7a149ab5610c8e6d5a00946cebb20bf757548d6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\FDC533421C8D2DCB98DE738D8A0272403E7E4EBC

Filesize
22KB

MD5
136536002e2de0f34d7a93dcfcf4f55a

SHA1
0855f11bd8b7dcbaba6839988cf8500a6df0c8f2

SHA256
47d82561c3e81e2701d9d5cf0742a3b3bd901bc50bb70a758192c1685bd80440

SHA512
112941516953a14e62e77e947238f8b54edb2ec6696ae6b8a66e2c43450805a0cd657bb1d7bdbb19ddad716aa9b36d8531e552bc838200e4649c890bda03791a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
8KB

MD5
2f951139d4194e1a300e1ad35e74b3ea

SHA1
8f895b0f294bdfce2d5b03456bcd822b7446da22

SHA256
e78f1c413aa3c5bccd3ff79b4d2d7b45bd3e85d612c6464afcfd388b08da0eff

SHA512
d1dc47bfa4c973a24d4368e132cacabccaab3c8886e7d75abb5354456fac90bba97fec12cefdc5ffd9ce96b4bd535c48f923fb7fc09383b64a06bcb853fd2ed5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\a0b3e143-b239-4a32-a602-744ac0b39020

Filesize
734B

MD5
a6b2317524a373b2ef4113a8b83b9c2a

SHA1
e9e97730fd32a3e2843b4758499fbcc5b1c29264

SHA256
bf207c15fdb6456f28ecd211c22efc3b69ee419f95eaedbbcc7e7ece56e59abd

SHA512
cd1c5abcdca341b0ebefef76e4e4652c7f54da7be9ccaba4b7a4514df6df66ad95dbc10664d87dc65b13b2ea991eeb366d9765a4ddf0a41ce8a8698dcbdd48b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
ffd6c762d7a1b005b65a4c261f3ab2f7

SHA1
12f3f2f6c91a5840d689647987ecaafd940405ef

SHA256
b376ac71736ad536f21a25496c0555320b5f64435caa1556016faa89ad27512e

SHA512
a88b68d3a2bad68cdc4e80c85e7c01bbcedca1f77614acd15e0bf9c81309281d72f98b8d8b919bc670355e5db5e1a0c47ad677ade7be83485ad8311f974cb3ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
336e93cf7b47584e95406c04015e58da

SHA1
b2da97d5a5dfe6cff8ffa6ae3cad82ac8b64a9a7

SHA256
60d03bfb408fd8f165e3eea31fd034e14afed1b0605f948321a7c362ba3ce755

SHA512
d5b37659b0db1be84e024294078f357f8f042fd74872285207ece4d6e7c961f4f651dce68cf084404100b60aead097f787f54dfcbc6533675b61e070dbe778b7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

Filesize
6KB

MD5
6d0b2df606b30babfa59ccf1e8db5241

SHA1
c9560e0df42047ccb726c01fa15e5104d3de5ce9

SHA256
c15ff1ec8cb3275f29a5ddf7158030057c80ee904108cf3e0ec9d0e15495cc8c

SHA512
c369af82fa70f800a197383e8ed8027b702df464ac14ea20acf4a52c02383b33eae4eb43076e555d55d72828376aef66d356ce6cca2465a04757c2f38e0ecd85

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
3ff8a40b88837ff0f700dba5e2235a10

SHA1
bd87dc2f376782b862e66ecbc69ee5ba27a72dc4

SHA256
c1820da07b960fd97eb61ea045770f9fd17d9d7df93e79244cef234ec604849e

SHA512
0088c82f97d5b3f6794aaaad534cdfda89d1a30c95f4971e2760c1f8024afe073210cae1b1d31399ef3e3f5c3304b899fbc93d4fb6333f1392acfb8abdc7cebc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
2ffb43d5c0b928b7ac8b7d1b0bcab363

SHA1
5f27600a2732d9bb3bb207e322803ddf83e9180b

SHA256
78518c8b2eb0234757ca8a11651ccd7c37f58e5c6e6204d2e186dbbbe9996eb6

SHA512
cedc20a376eb4c03a07e30bdd353b39e404135a706456d883666870fb470a751b4cb2e6ab669211e5baa08b938b421f857f2143ca5436a6c1c169e90531bf90e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
803eb3137debf28766feba4bab144407

SHA1
a552b4a8f270255f682b4a34e25fd0bc0ebe4d02

SHA256
08edf194ec30be1b3c0a1e5b2df7501bb94a0e13f4ee591526723e6ecaabe94a

SHA512
c3910268950bc2e3f020d65e0fb9eb9d155f6897d44d8a817d17fb8182df47aa0e5f0031ca9b85cb5a2c7dca0c2efe23d9346c51d1546ed0d4bfbbedf748ba2c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
0efb6eedf514c39cf9c39bd3295ebf32

SHA1
2df62c3029c7622c8efe5e80cc206b0cd008af44

SHA256
1e75c0dd36fbece2df42853eead53eadaa150c0e75e8b40ffdb073d89d550158

SHA512
7bac7976f083a390dad6aab511802a441533e0ffebf64fcbdae224fdfa1bb8126295fd15137a56b0b60dff4ddc56ba1cb6f28b58e1236bcf69fdeaa43f8746d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
294755afbb71862949d9be2e31224d0b

SHA1
14148d62a2798297d714ff9799328fa893be566d

SHA256
f30bfec8faf908227a3ec08d425d65fe2db1bc0eeeba90e4fc390697d83f8ea3

SHA512
fa7e1f81fe0d43410ae881146d8f91ad90592619b3954f0b46e9c2fe86eb421b74e16d5bb244da40283dfa164af1e27dd2ce457d6ce32e8e8747cd5d3d6beae6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
90dcdd4fa4221c03a770036edc1e1404

SHA1
5e15a45069f172009bfa837256408e426625ab94

SHA256
0baa969f61f568571159345735bfbb79820bd4be4ff6ed5bc79738e7cfa3470f

SHA512
fff628ef458a4ec0c36666ccc2b33f3d6a5dd52eb7643c37cee8b11e9436ac8826f5ad444a11ad142228b56970a05dcbe8c5d81c150244ad9973dac1aa1bd662

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
d4fe7a34fd764ba90b9386d36b58408a

SHA1
66fc0bf0973a56b56321e79134692b495ca2be99

SHA256
532a96ad4c816aabf572b0d448e9c5580b0eaef77b7583a9e5a09376f7824a69

SHA512
d5b20a306e3300d7a5686948ba2416be6570b7d918b7d10f50e60bc9cd1624d39d59e3f552a67111eeacb4ca93be395b5b1032fb12a58898526d6a4e7676ea40

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
e7d901ad03d22078f4c42ecc83c3bd45

SHA1
13ffe2ced2026e6b99c39a96d006c7832a72ba17

SHA256
fddee54013f830a84e74dce5679f6e4c3c71b4c5c51ecdf58bcef7e27eba4f17

SHA512
8e7373116183db845f03c74e28effbe85b53c6c109f0a1a867fc4daa2944c099846644c5b6ecfa6408091d097a08b3f1b8cedcbeffbdcfaa14147f6b76663ec9

Download Submit
memory/4580-9-0x00000000735E0000-0x0000000073CCE000-memory.dmp

Filesize
6.9MB

Download
memory/4580-7-0x00000000735E0000-0x0000000073CCE000-memory.dmp

Filesize
6.9MB

Download
memory/4580-6-0x0000000005390000-0x00000000053F6000-memory.dmp

Filesize
408KB

Download
memory/4580-3-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/4728-8-0x00000000735E0000-0x0000000073CCE000-memory.dmp

Filesize
6.9MB

Download
memory/4728-0-0x00000000735EE000-0x00000000735EF000-memory.dmp

Filesize
4KB

Download
memory/4728-5-0x00000000735E0000-0x0000000073CCE000-memory.dmp

Filesize
6.9MB

Download
memory/4728-1-0x0000000000770000-0x000000000079A000-memory.dmp

Filesize
168KB

Download