hxxps://www[.]google[.]com/travel/clk?pc=AA80OsxOJqDJTtimFViThn67OQkloT30Ajm0l4ZvLJJer0pJHlDs6FtKUzjSNqFcVCDDRK9HbWM9J68g_B5lWBQlAc6FRf4zwpPAQbYRTV4byfvHC1SF4YRK3ax3ADGyZ2SM3lU&pcurl=hxxps://www[.]google[.]com%2Furl%3Fq%3Dhttps%3A%2F%2Fwww[.]google[.]com%2Furl%3Fq%253Dhttps%25253A%25252F%25252Flinkprotect[.]cudasvc[.]com%25252Furl%25253Fa%25253Dhttps%25253A%25252F%25252Fwtb-redirect[.]swaven[.]com%25252Foutbound_click%25253Fwtbid%2525253D60c775e445e449143acba972%25252526module%2525253Dwtb%25252526touchpoint%2525253DST%25252526lang%2525253Den%25252526sid%2525253D2095_WEB%25252526avpid%2525253D0041100002228%25252526prc%2525253D7[.]97%25252526prc_currency%2525253DUSD%25252526clkurlt%2525253D3%25252526clkurlaff%2525253D0%25252526url%2525253DaHR0cHM6Ly9nby5yZWRpcmVjdGluZ2F0LmNvbS8%25252FaWQ9OTJYMTU4NDQ5MyZ4Y3VzdD10b21zZ3VpZGVfdXNfMTMyODcyMTc1NjcyMTM1MjQwMCZ4cz0xJnVybD1odHRwOi8venRmem9hLmZqMDIuZmRza2UuY29tJTJGZWMlMkZnQUFBQUFCbXcwT0RmallsNU5ZeWhqOXJUVmlLUXlNZmlTbVhlZFBjclg2NktlYXVSb21MZVRRRFZqZ2o4OTVzN0V5dmtoNENyUGFlMVFSY0UzTnd5YTQwTnlpQXhzRHhDNTVCVUlGSDVBOUVFakVHd1FpREhubUw0R0c2RVdMT2VnemZNbFhqdl9UaElNMktoaWJhc1poYWFTeXVhWUFnRUktNWR0czBkb2hfZDFxeEItS0RPUmxWbXhyVGN0WFpPUWVvSDItbjFVZzJjZ2EySjdJc2dpTzFjMXgxU2dFTzRxSEQwNHYxek84dmVWSmFPc3RPWTNEOWpDRTB3dmc3WDFob2tGeDk2TkNHY290V3ZUeWJGSDNCanJ4WlowWlk2cDNPcVVmZDlvOS1mQXRhRVg0SnBKYVpFNDJuS29WZXN3X1lZQThrOTNDaHFlZEJ5d3RWUjZKNnF5RjBoamx6eXVMcTJvUHRkYy1XVTNhYkxXakVuTTJuOHlRWmQwcHB2R1F1UGlJSVFVMmxlS1hKZ0M0UlZDMjV5VEJQY3duMWlyN2hUcXNockc4dVVJbmhmYWUxVGR1Nzg4OW5EVW9IdTJpR095MUtaT2ZtRGhBNDlNc2RJNVJwV2hqT2NQZHdmWTBNMDFpU3B1a2pEZUdfM21oamZNa0RQWGxuOVNmVGNTUzY1TEk5b2ZlbHVYTlFpejdOa25oaEFKOUVpS1F6cUElM0QlM0Q%2525253D%252526c%25253DE%25252C1%25252CDR46MsYBoqQYCIR265tDuHDy_G5rYCXcSJD3yqZE084XnwKAnmUdOkGTEGQQhlwGOYj_RpZJHPPpeiAVAfJ08NWAIzAZZeX1VKIwBKyDiJ-Dg8gikcGjT85owT4%25252C%252526sa%25253DD%252526sntz%25253D1%252526typo%25253D1%2526sa%253DD%2526sntz%253D1%2526usg%253DAOvVaw3SpPwkr0Yc9iUzwhAZX4qc%26sa%3DD%26source%3Deditors%26ust%3D1724078803364759%26usg%3DAOvVaw1LeNrsrSfcr7AhXG_sDVmp%23c3VzYW4udGhvbXBzb25AdGNlcS50ZXhhcy5nb3YN

Resubmissions

19/08/2024, 16:34

240819-t3gplsvcjc 1

19/08/2024, 16:32

240819-t19ydaybjq 1

19/08/2024, 16:31

240819-t1q59svbke 1

Analysis

max time kernel
488s
max time network
438s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
19/08/2024, 16:34

Sharing

Copy URL

Twitter E-mail

Behavioral task

behavioral1

Sample

https://www.google.com/travel/clk?pc=AA80OsxOJqDJTtimFViThn67OQkloT30Ajm0l4ZvLJJer0pJHlDs6FtKUzjSNqFcVCDDRK9HbWM9J68g_B5lWBQlAc6FRf4zwpPAQbYRTV4byfvHC1SF4YRK3ax3ADGyZ2SM3lU&pcurl=https://www.google.com%2Furl%3Fq%3Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%253Dhttps%25253A%25252F%25252Flinkprotect.cudasvc.com%25252Furl%25253Fa%25253Dhttps%25253A%25252F%25252Fwtb-redirect.swaven.com%25252Foutbound_click%25253Fwtbid%2525253D60c775e445e449143acba972%25252526module%2525253Dwtb%25252526touchpoint%2525253DST%25252526lang%2525253Den%25252526sid%2525253D2095_WEB%25252526avpid%2525253D0041100002228%25252526prc%2525253D7.97%25252526prc_currency%2525253DUSD%25252526clkurlt%2525253D3%25252526clkurlaff%2525253D0%25252526url%2525253DaHR0cHM6Ly9nby5yZWRpcmVjdGluZ2F0LmNvbS8%25252FaWQ9OTJYMTU4NDQ5MyZ4Y3VzdD10b21zZ3VpZGVfdXNfMTMyODcyMTc1NjcyMTM1MjQwMCZ4cz0xJnVybD1odHRwOi8venRmem9hLmZqMDIuZmRza2UuY29tJTJGZWMlMkZnQUFBQUFCbXcwT0RmallsNU5ZeWhqOXJUVmlLUXlNZmlTbVhlZFBjclg2NktlYXVSb21MZVRRRFZqZ2o4OTVzN0V5dmtoNENyUGFlMVFSY0UzTnd5YTQwTnlpQXhzRHhDNTVCVUlGSDVBOUVFakVHd1FpREhubUw0R0c2RVdMT2VnemZNbFhqdl9UaElNMktoaWJhc1poYWFTeXVhWUFnRUktNWR0czBkb2hfZDFxeEItS0RPUmxWbXhyVGN0WFpPUWVvSDItbjFVZzJjZ2EySjdJc2dpTzFjMXgxU2dFTzRxSEQwNHYxek84dmVWSmFPc3RPWTNEOWpDRTB3dmc3WDFob2tGeDk2TkNHY290V3ZUeWJGSDNCanJ4WlowWlk2cDNPcVVmZDlvOS1mQXRhRVg0SnBKYVpFNDJuS29WZXN3X1lZQThrOTNDaHFlZEJ5d3RWUjZKNnF5RjBoamx6eXVMcTJvUHRkYy1XVTNhYkxXakVuTTJuOHlRWmQwcHB2R1F1UGlJSVFVMmxlS1hKZ0M0UlZDMjV5VEJQY3duMWlyN2hUcXNockc4dVVJbmhmYWUxVGR1Nzg4OW5EVW9IdTJpR095MUtaT2ZtRGhBNDlNc2RJNVJwV2hqT2NQZHdmWTBNMDFpU3B1a2pEZUdfM21oamZNa0RQWGxuOVNmVGNTUzY1TEk5b2ZlbHVYTlFpejdOa25oaEFKOUVpS1F6cUElM0QlM0Q%2525253D%252526c%25253DE%25252C1%25252CDR46MsYBoqQYCIR265tDuHDy_G5rYCXcSJD3yqZE084XnwKAnmUdOkGTEGQQhlwGOYj_RpZJHPPpeiAVAfJ08NWAIzAZZeX1VKIwBKyDiJ-Dg8gikcGjT85owT4%25252C%252526sa%25253DD%252526sntz%25253D1%252526typo%25253D1%2526sa%253DD%2526sntz%253D1%2526usg%253DAOvVaw3SpPwkr0Yc9iUzwhAZX4qc%26sa%3DD%26source%3Deditors%26ust%3D1724078803364759%26usg%3DAOvVaw1LeNrsrSfcr7AhXG_sDVmp%23c3VzYW4udGhvbXBzb25AdGNlcS50ZXhhcy5nb3YN

Resource

win11-20240802-en

windows11-21h2-x64

8 signatures

300 seconds

Report Analysis Logs

General

Target

https://www.google.com/travel/clk?pc=AA80OsxOJqDJTtimFViThn67OQkloT30Ajm0l4ZvLJJer0pJHlDs6FtKUzjSNqFcVCDDRK9HbWM9J68g_B5lWBQlAc6FRf4zwpPAQbYRTV4byfvHC1SF4YRK3ax3ADGyZ2SM3lU&pcurl=https://www.google.com%2Furl%3Fq%3Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%253Dhttps%25253A%25252F%25252Flinkprotect.cudasvc.com%25252Furl%25253Fa%25253Dhttps%25253A%25252F%25252Fwtb-redirect.swaven.com%25252Foutbound_click%25253Fwtbid%2525253D60c775e445e449143acba972%25252526module%2525253Dwtb%25252526touchpoint%2525253DST%25252526lang%2525253Den%25252526sid%2525253D2095_WEB%25252526avpid%2525253D0041100002228%25252526prc%2525253D7.97%25252526prc_currency%2525253DUSD%25252526clkurlt%2525253D3%25252526clkurlaff%2525253D0%25252526url%2525253DaHR0cHM6Ly9nby5yZWRpcmVjdGluZ2F0LmNvbS8%25252FaWQ9OTJYMTU4NDQ5MyZ4Y3VzdD10b21zZ3VpZGVfdXNfMTMyODcyMTc1NjcyMTM1MjQwMCZ4cz0xJnVybD1odHRwOi8venRmem9hLmZqMDIuZmRza2UuY29tJTJGZWMlMkZnQUFBQUFCbXcwT0RmallsNU5ZeWhqOXJUVmlLUXlNZmlTbVhlZFBjclg2NktlYXVSb21MZVRRRFZqZ2o4OTVzN0V5dmtoNENyUGFlMVFSY0UzTnd5YTQwTnlpQXhzRHhDNTVCVUlGSDVBOUVFakVHd1FpREhubUw0R0c2RVdMT2VnemZNbFhqdl9UaElNMktoaWJhc1poYWFTeXVhWUFnRUktNWR0czBkb2hfZDFxeEItS0RPUmxWbXhyVGN0WFpPUWVvSDItbjFVZzJjZ2EySjdJc2dpTzFjMXgxU2dFTzRxSEQwNHYxek84dmVWSmFPc3RPWTNEOWpDRTB3dmc3WDFob2tGeDk2TkNHY290V3ZUeWJGSDNCanJ4WlowWlk2cDNPcVVmZDlvOS1mQXRhRVg0SnBKYVpFNDJuS29WZXN3X1lZQThrOTNDaHFlZEJ5d3RWUjZKNnF5RjBoamx6eXVMcTJvUHRkYy1XVTNhYkxXakVuTTJuOHlRWmQwcHB2R1F1UGlJSVFVMmxlS1hKZ0M0UlZDMjV5VEJQY3duMWlyN2hUcXNockc4dVVJbmhmYWUxVGR1Nzg4OW5EVW9IdTJpR095MUtaT2ZtRGhBNDlNc2RJNVJwV2hqT2NQZHdmWTBNMDFpU3B1a2pEZUdfM21oamZNa0RQWGxuOVNmVGNTUzY1TEk5b2ZlbHVYTlFpejdOa25oaEFKOUVpS1F6cUElM0QlM0Q%2525253D%252526c%25253DE%25252C1%25252CDR46MsYBoqQYCIR265tDuHDy_G5rYCXcSJD3yqZE084XnwKAnmUdOkGTEGQQhlwGOYj_RpZJHPPpeiAVAfJ08NWAIzAZZeX1VKIwBKyDiJ-Dg8gikcGjT85owT4%25252C%252526sa%25253DD%252526sntz%25253D1%252526typo%25253D1%2526sa%253DD%2526sntz%253D1%2526usg%253DAOvVaw3SpPwkr0Yc9iUzwhAZX4qc%26sa%3DD%26source%3Deditors%26ust%3D1724078803364759%26usg%3DAOvVaw1LeNrsrSfcr7AhXG_sDVmp%23c3VzYW4udGhvbXBzb25AdGNlcS50ZXhhcy5nb3YN

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	396	firefox.exe
Token: SeDebugPrivilege	396	firefox.exe
Token: SeDebugPrivilege	396	firefox.exe
Token: SeDebugPrivilege	396	firefox.exe
Token: SeDebugPrivilege	396	firefox.exe
Token: SeDebugPrivilege	396	firefox.exe
Token: SeDebugPrivilege	396	firefox.exe
Token: SeDebugPrivilege	396	firefox.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe
396	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2788 wrote to memory of 396	2788	firefox.exe	80
PID 2788 wrote to memory of 396	2788	firefox.exe	80
PID 2788 wrote to memory of 396	2788	firefox.exe	80
PID 2788 wrote to memory of 396	2788	firefox.exe	80
PID 2788 wrote to memory of 396	2788	firefox.exe	80
PID 2788 wrote to memory of 396	2788	firefox.exe	80
PID 2788 wrote to memory of 396	2788	firefox.exe	80
PID 2788 wrote to memory of 396	2788	firefox.exe	80
PID 2788 wrote to memory of 396	2788	firefox.exe	80
PID 2788 wrote to memory of 396	2788	firefox.exe	80
PID 2788 wrote to memory of 396	2788	firefox.exe	80
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 3936	396	firefox.exe	83
PID 396 wrote to memory of 4332	396	firefox.exe	84
PID 396 wrote to memory of 4332	396	firefox.exe	84
PID 396 wrote to memory of 4332	396	firefox.exe	84
PID 396 wrote to memory of 4332	396	firefox.exe	84
PID 396 wrote to memory of 4332	396	firefox.exe	84
PID 396 wrote to memory of 4332	396	firefox.exe	84
PID 396 wrote to memory of 4332	396	firefox.exe	84
PID 396 wrote to memory of 4332	396	firefox.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.google.com/travel/clk?pc=AA80OsxOJqDJTtimFViThn67OQkloT30Ajm0l4ZvLJJer0pJHlDs6FtKUzjSNqFcVCDDRK9HbWM9J68g_B5lWBQlAc6FRf4zwpPAQbYRTV4byfvHC1SF4YRK3ax3ADGyZ2SM3lU&pcurl=https://www.google.com%2Furl%3Fq%3Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%253Dhttps%25253A%25252F%25252Flinkprotect.cudasvc.com%25252Furl%25253Fa%25253Dhttps%25253A%25252F%25252Fwtb-redirect.swaven.com%25252Foutbound_click%25253Fwtbid%2525253D60c775e445e449143acba972%25252526module%2525253Dwtb%25252526touchpoint%2525253DST%25252526lang%2525253Den%25252526sid%2525253D2095_WEB%25252526avpid%2525253D0041100002228%25252526prc%2525253D7.97%25252526prc_currency%2525253DUSD%25252526clkurlt%2525253D3%25252526clkurlaff%2525253D0%25252526url%2525253DaHR0cHM6Ly9nby5yZWRpcmVjdGluZ2F0LmNvbS8%25252FaWQ9OTJYMTU4NDQ5MyZ4Y3VzdD10b21zZ3VpZGVfdXNfMTMyODcyMTc1NjcyMTM1MjQwMCZ4cz0xJnVybD1odHRwOi8venRmem9hLmZqMDIuZmRza2UuY29tJTJGZWMlMkZnQUFBQUFCbXcwT0RmallsNU5ZeWhqOXJUVmlLUXlNZmlTbVhlZFBjclg2NktlYXVSb21MZVRRRFZqZ2o4OTVzN0V5dmtoNENyUGFlMVFSY0UzTnd5YTQwTnlpQXhzRHhDNTVCVUlGSDVBOUVFakVHd1FpREhubUw0R0c2RVdMT2VnemZNbFhqdl9UaElNMktoaWJhc1poYWFTeXVhWUFnRUktNWR0czBkb2hfZDFxeEItS0RPUmxWbXhyVGN0WFpPUWVvSDItbjFVZzJjZ2EySjdJc2dpTzFjMXgxU2dFTzRxSEQwNHYxek84dmVWSmFPc3RPWTNEOWpDRTB3dmc3WDFob2tGeDk2TkNHY290V3ZUeWJGSDNCanJ4WlowWlk2cDNPcVVmZDlvOS1mQXRhRVg0SnBKYVpFNDJuS29WZXN3X1lZQThrOTNDaHFlZEJ5d3RWUjZKNnF5RjBoamx6eXVMcTJvUHRkYy1XVTNhYkxXakVuTTJuOHlRWmQwcHB2R1F1UGlJSVFVMmxlS1hKZ0M0UlZDMjV5VEJQY3duMWlyN2hUcXNockc4dVVJbmhmYWUxVGR1Nzg4OW5EVW9IdTJpR095MUtaT2ZtRGhBNDlNc2RJNVJwV2hqT2NQZHdmWTBNMDFpU3B1a2pEZUdfM21oamZNa0RQWGxuOVNmVGNTUzY1TEk5b2ZlbHVYTlFpejdOa25oaEFKOUVpS1F6cUElM0QlM0Q%2525253D%252526c%25253DE%25252C1%25252CDR46MsYBoqQYCIR265tDuHDy_G5rYCXcSJD3yqZE084XnwKAnmUdOkGTEGQQhlwGOYj_RpZJHPPpeiAVAfJ08NWAIzAZZeX1VKIwBKyDiJ-Dg8gikcGjT85owT4%25252C%252526sa%25253DD%252526sntz%25253D1%252526typo%25253D1%2526sa%253DD%2526sntz%253D1%2526usg%253DAOvVaw3SpPwkr0Yc9iUzwhAZX4qc%26sa%3DD%26source%3Deditors%26ust%3D1724078803364759%26usg%3DAOvVaw1LeNrsrSfcr7AhXG_sDVmp%23c3VzYW4udGhvbXBzb25AdGNlcS50ZXhhcy5nb3YN"
1⤵
- Suspicious use of WriteProcessMemory
PID:2788
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.google.com/travel/clk?pc=AA80OsxOJqDJTtimFViThn67OQkloT30Ajm0l4ZvLJJer0pJHlDs6FtKUzjSNqFcVCDDRK9HbWM9J68g_B5lWBQlAc6FRf4zwpPAQbYRTV4byfvHC1SF4YRK3ax3ADGyZ2SM3lU&pcurl=https://www.google.com%2Furl%3Fq%3Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%253Dhttps%25253A%25252F%25252Flinkprotect.cudasvc.com%25252Furl%25253Fa%25253Dhttps%25253A%25252F%25252Fwtb-redirect.swaven.com%25252Foutbound_click%25253Fwtbid%2525253D60c775e445e449143acba972%25252526module%2525253Dwtb%25252526touchpoint%2525253DST%25252526lang%2525253Den%25252526sid%2525253D2095_WEB%25252526avpid%2525253D0041100002228%25252526prc%2525253D7.97%25252526prc_currency%2525253DUSD%25252526clkurlt%2525253D3%25252526clkurlaff%2525253D0%25252526url%2525253DaHR0cHM6Ly9nby5yZWRpcmVjdGluZ2F0LmNvbS8%25252FaWQ9OTJYMTU4NDQ5MyZ4Y3VzdD10b21zZ3VpZGVfdXNfMTMyODcyMTc1NjcyMTM1MjQwMCZ4cz0xJnVybD1odHRwOi8venRmem9hLmZqMDIuZmRza2UuY29tJTJGZWMlMkZnQUFBQUFCbXcwT0RmallsNU5ZeWhqOXJUVmlLUXlNZmlTbVhlZFBjclg2NktlYXVSb21MZVRRRFZqZ2o4OTVzN0V5dmtoNENyUGFlMVFSY0UzTnd5YTQwTnlpQXhzRHhDNTVCVUlGSDVBOUVFakVHd1FpREhubUw0R0c2RVdMT2VnemZNbFhqdl9UaElNMktoaWJhc1poYWFTeXVhWUFnRUktNWR0czBkb2hfZDFxeEItS0RPUmxWbXhyVGN0WFpPUWVvSDItbjFVZzJjZ2EySjdJc2dpTzFjMXgxU2dFTzRxSEQwNHYxek84dmVWSmFPc3RPWTNEOWpDRTB3dmc3WDFob2tGeDk2TkNHY290V3ZUeWJGSDNCanJ4WlowWlk2cDNPcVVmZDlvOS1mQXRhRVg0SnBKYVpFNDJuS29WZXN3X1lZQThrOTNDaHFlZEJ5d3RWUjZKNnF5RjBoamx6eXVMcTJvUHRkYy1XVTNhYkxXakVuTTJuOHlRWmQwcHB2R1F1UGlJSVFVMmxlS1hKZ0M0UlZDMjV5VEJQY3duMWlyN2hUcXNockc4dVVJbmhmYWUxVGR1Nzg4OW5EVW9IdTJpR095MUtaT2ZtRGhBNDlNc2RJNVJwV2hqT2NQZHdmWTBNMDFpU3B1a2pEZUdfM21oamZNa0RQWGxuOVNmVGNTUzY1TEk5b2ZlbHVYTlFpejdOa25oaEFKOUVpS1F6cUElM0QlM0Q%2525253D%252526c%25253DE%25252C1%25252CDR46MsYBoqQYCIR265tDuHDy_G5rYCXcSJD3yqZE084XnwKAnmUdOkGTEGQQhlwGOYj_RpZJHPPpeiAVAfJ08NWAIzAZZeX1VKIwBKyDiJ-Dg8gikcGjT85owT4%25252C%252526sa%25253DD%252526sntz%25253D1%252526typo%25253D1%2526sa%253DD%2526sntz%253D1%2526usg%253DAOvVaw3SpPwkr0Yc9iUzwhAZX4qc%26sa%3DD%26source%3Deditors%26ust%3D1724078803364759%26usg%3DAOvVaw1LeNrsrSfcr7AhXG_sDVmp%23c3VzYW4udGhvbXBzb25AdGNlcS50ZXhhcy5nb3YN
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1840 -parentBuildID 20240401114208 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {97e250b1-36b5-4c12-ab5d-805dc2d89e21} 396 "\\.\pipe\gecko-crash-server-pipe.396" gpu
    3⤵
    PID:3936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2400 -parentBuildID 20240401114208 -prefsHandle 2316 -prefMapHandle 2312 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8db4f555-5cd1-4281-bde2-c46f5f35fa0e} 396 "\\.\pipe\gecko-crash-server-pipe.396" socket
    3⤵
    PID:4332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2584 -childID 1 -isForBrowser -prefsHandle 3076 -prefMapHandle 3020 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8a38a6a-22cb-4f41-9bd4-4de4ca973727} 396 "\\.\pipe\gecko-crash-server-pipe.396" tab
    3⤵
    PID:3956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3596 -childID 2 -isForBrowser -prefsHandle 3584 -prefMapHandle 3580 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ced9fae5-a817-4ebe-9ead-69e016322506} 396 "\\.\pipe\gecko-crash-server-pipe.396" tab
    3⤵
    PID:1956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4688 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4680 -prefMapHandle 4676 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ca3deda-5086-4b96-96f7-baa1e8a67d96} 396 "\\.\pipe\gecko-crash-server-pipe.396" utility
    3⤵
    - Checks processor information in registry
    PID:5000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5340 -childID 3 -isForBrowser -prefsHandle 5328 -prefMapHandle 4940 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c23b95f-8eae-45cf-8d90-4eae5ab3dd3c} 396 "\\.\pipe\gecko-crash-server-pipe.396" tab
    3⤵
    PID:1588
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5516 -childID 4 -isForBrowser -prefsHandle 5592 -prefMapHandle 5588 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3fb3d7ee-50b6-4fae-9045-e5ddb0344b62} 396 "\\.\pipe\gecko-crash-server-pipe.396" tab
    3⤵
    PID:4464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5500 -childID 5 -isForBrowser -prefsHandle 5728 -prefMapHandle 5732 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1674333e-032b-45fd-949d-f93bfb2d9115} 396 "\\.\pipe\gecko-crash-server-pipe.396" tab
    3⤵
    PID:1628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3260 -childID 6 -isForBrowser -prefsHandle 3432 -prefMapHandle 3040 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50413b96-1503-4a5e-9594-22f5bd0257cd} 396 "\\.\pipe\gecko-crash-server-pipe.396" tab
    3⤵
    PID:3720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2968 -childID 7 -isForBrowser -prefsHandle 3104 -prefMapHandle 3128 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8c18d5e-6ce5-4dd1-9f5b-f97b31d1b753} 396 "\\.\pipe\gecko-crash-server-pipe.396" tab
    3⤵
    PID:4880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5384 -childID 8 -isForBrowser -prefsHandle 3176 -prefMapHandle 5160 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {549f1888-355c-43be-bac7-33438e4574ba} 396 "\\.\pipe\gecko-crash-server-pipe.396" tab
    3⤵
    PID:4344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5760 -childID 9 -isForBrowser -prefsHandle 5164 -prefMapHandle 3852 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76a91382-665f-4d96-8f06-3f1488782a6d} 396 "\\.\pipe\gecko-crash-server-pipe.396" tab
    3⤵
    PID:2824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\activity-stream.discovery_stream.json

Filesize
29KB

MD5
8b9bdc4c11516369a413f070c313d42f

SHA1
a22dba31e52bcbaedf2e96008b0dae06996c0250

SHA256
2ddbf75ee2b2820833530ff821baf027a02cee8e76cc5e73f0256d95ffbca217

SHA512
03077ae8d8d926d0ae1fab5e59432663b60734d36697287043a9a87fbd712410926fd06b4e983bd74a473c955358a00db9441c1836247df42303a47ac87f2fea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\cache2\entries\1CCECF851334BDFAAD204ACFEF28B17A464F4E35

Filesize
60KB

MD5
ee5d732724e39aa5af65c26cdce828fa

SHA1
f301c67d6e8314d13b518dfa8ef94320519cc1a0

SHA256
e697c144bc7fd450956edab11bc2270ca29f24ea32ad2063616307626ad25077

SHA512
95cade16bd8ce0490c0be8599df4fa2adb81dd3db7d88031edc0a4556a0a0e1fcf45c6d0b28589bb40c7d1d6bee470499d3d8c22435a8096effba4918320440b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\JYEI2QA3BVKZ9JIYMSDH.temp

Filesize
22KB

MD5
38427466ff81b3710dfcb91225deee19

SHA1
b0f524292a6f71687d32348f88cd96a490a5987f

SHA256
fa6903718b744646db5862e37939b72fd5f43f869c1141f79799928181049fa5

SHA512
089c02aaa270be8ffdc36982c6c7c5c6f7bd5de2b305440e26fd86c9daef6909245479da54aed4eb17b286aad328ffa2a106ad37807b5734fc28ece138d4be66

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\AlternateServices.bin

Filesize
7KB

MD5
3420ed29810d5782f800c69bbb2b4811

SHA1
20062acf7f03a25e3b7b240d857e47a9b78fb10f

SHA256
3bdadaddd7d22a28dee32fc6a100c69d568c3f2f6813f7ac227c4c812e8f0efa

SHA512
4d08ddae30cf07209122815c4cf9423af0dcd452aa60e965dec47e9089f4f9f02bb0eaf7889c16ae1badeeb611be04852b37be68c433150ddf43e73d5f40d385

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\AlternateServices.bin

Filesize
16KB

MD5
1d6924ed5b5e1cd887d4a1da2cd02e62

SHA1
14ccdc4145ebf0a3df457c10fb9ddbffc7d3840f

SHA256
3d4a8bf2792d8be479e92851e0e03fc9fc0f9e5ca6d45f7a467f175fb4f28598

SHA512
cc6975599c4012ec9ac46b3b963085ffc9ac9af54367e68d3db0fd474f2816de80be867584c905d8dee0cb3a933abc5c17d20b15c7ff66cbb9d9b8b8e401af49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\bookmarkbackups\bookmarks-2024-08-19_11_vDmcqcGTsS-x0pTAdB1VPA==.jsonlz4

Filesize
1017B

MD5
1367beaf2ef8e5b03d55c1eeb67c752e

SHA1
6a48bf4f706d8557c10bbd47b4ec7363e28fd52d

SHA256
27948b7f272c791eef2b48a12fc7c541da1c41be71910887eaeb7bb5afe16985

SHA512
a0f8d2779e4f5914d32b164c9bd390f30fccd605103e181346d1bdab046f76c6122dea93e345fe8bfaabc109ef2eb7e006b117a742ab60ee35312233054950d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
8a703caf649be7ce1076d1cc9dc54226

SHA1
936373004889a4072c6e29968de2ba7205d237d4

SHA256
cf9c6148b685e8c4c069857b0bd280de44f8edb9349996afb7228d9049eef6e7

SHA512
16df9a7821f8bdb91312c17c1bffb8763f073c9649553d577457f5261c9b7398e8b2269c67c5eef0542dbb29df6bed7e33abdd2ec73b3b4f36edaf4451de7f59

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
1c5ae16cf0abb856e1ce06f2d6158964

SHA1
b075fe7d113be1b940904a2c26a4c76ec65074f5

SHA256
11541afb9ebe698e5bd1accf4d5919956a8f667e1c02d05f8679c1009eb9c935

SHA512
9df87a24cb979226c3598617c3146b472c276281db34f1c0cbf2ab810fa16136c412b8f94da4b1102c5053ab3c1fc55bebd17a3a773f76ba149f1f95f236442a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
6dbfba436ff6d6c0155140b76c432a6d

SHA1
6a64ab39bad3b4dfacb98bea657017e946a37dc3

SHA256
d13ee1965ed89e6ccd8fe71979db201984f0b41a87b73d101b409e8e8f008b89

SHA512
f3a6323c8fad748c17f84559faa5a784d7bec4fd2bc779d0088c4a6203ad5023bdc98dfba966147c2a5acd50f7e5aff5acd7820d488a5a379b27319504bc4fe9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
40KB

MD5
11986bb194134d0a19387f9d644788e6

SHA1
bdc157dd523d1a2a3122e68a9ed6292936ccf5c9

SHA256
12a7d302bed705e91fe69050b435b8d4ddbacbc527cdc7c473ccdd908881a9b0

SHA512
a491801e8eee3f4da2dcf58141d8f5711ec00b520958ec7c3d253724058dc1bc2092b0179f9a3e4ba0d40fbeea70d23f274cb66007feb8503e54ceb50695f564

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
42KB

MD5
1f8de3f5e6e4010105ce27dd7bc53d7d

SHA1
9b9f83b8f09be4cdd67515a36d8bcf51d1b2600b

SHA256
5526e7d11e4ca394165bfb68c19068ae500ce805536bf0870cd1b6a8dc52de9c

SHA512
eaf20864ce5733f168312c632c5da3828054602c2721cd21a8ae549626874b91ab348af17e2fab0fe56921fe0da47f7abb37511c67b1128b724bb34f01ebd31f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\pending_pings\00ce35de-022f-4555-8f21-92c912339927

Filesize
671B

MD5
cca601e7ab6510c0772437c7d092d73f

SHA1
984eabc59ccbdddc94ec2a75abe00be47bdbf6ea

SHA256
a9d5d9e40b342795561fa3a9f282c531a54c95b98fb753aa58d071a04f28640b

SHA512
671e0f150d195577340ef3896790a97441275468ae8a6871a2966a46330e3c01e4010f180892cefc5c4a640d60b39e997d97c4210aa0e0c7bf477e738ab9e8eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\pending_pings\85c67440-4b72-47c8-803e-a860d08b85a8

Filesize
25KB

MD5
682d09b8a37bb689e86daddc07a75186

SHA1
b7926d683d16ece89c8d45de1e97fd82b223d232

SHA256
ebbd899e6afb28bfce4e2c7e3bc8c78650e6b002cef7cd59ea116f7b925b84f6

SHA512
73df2bb425822633f7327cc7b3815ae4e97d5e2a127b3e554e3f709b78f0a6af25b2e9874216acb0488a344d2abfb00e861a63803446b946801184e40b7e556f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\pending_pings\e3c3ba40-12de-441a-9df5-15195de1ff07

Filesize
982B

MD5
08f2ea56d5f27d7f9b36010fb509f430

SHA1
b76cddde0b7dff27c1eb62113a60e5733c775cb8

SHA256
e9bdedae7590e9857338cc688e93145c67eec13e1e2d2b32c1e353cafb11b309

SHA512
8fb474eb0636b85fd0a37066cad3ea4dbfca97d154b8aa4bd57c4dc899e3197913609e64666e766b003fb5a8b51b272007443e985ce0916f1eb63a119477c1fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\prefs-1.js

Filesize
11KB

MD5
56061ce6cd819ee367740523d963a9b7

SHA1
a52e420661a85bbbaa0fbeb1a36eaf4f332980f7

SHA256
e3172c5c56f726ab72438e28a259098e1fbc0e67216ebecc11ebc5ca77139e4f

SHA512
2f91dd5d340aa5f6bfe008114ae805e57a5db6adc32c1e5f19a7ac0c3cc24fe7295157d3ae3fb571504c50444eb3c076106fd13f54f7e851b4b06767c5c266f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\prefs-1.js

Filesize
11KB

MD5
5bb3098d3fe06eedcc16ef823b1c2e9a

SHA1
2d047de9218cdd68cbf64051c326dcc6f8ae20dd

SHA256
d12ed5453ef899a4acc26ed56dd5a59997adbbb02de0beaab46860892a66e9f4

SHA512
c56aa3906aef385f0bfa652ac0b698edc7b70ee7bc8236b18105950839682866895bba1179dd5eeb00eb4f9cd54dbeeab20e213bed6312f6a74e45af2bb938b8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\prefs-1.js

Filesize
13KB

MD5
3559e38c411119bd81bb4830a7b1050f

SHA1
4c8849d323899321765799c0a91bc12b39c66046

SHA256
9ffa2aadd141ed03e0508a6118a3d6b1cbca27dcb8d987f1a4cbd507b4cf05e5

SHA512
16c9ba625bc396b9afacf8198dc6433947a05052a759a98c5a31ffa45983b2d65938f2d09166fb23182120dae742c6505a5f1274f7a1b44db577c7f57901d1a0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\prefs-1.js

Filesize
11KB

MD5
3752f78b0658c85253c078780ee31a67

SHA1
29255c197454781af479cfcfceda4853f1b001cd

SHA256
03d8a4f79c4e92cec81970f67d028ddfaf147a85e21a27e6643aa59fa0ef3944

SHA512
c40642c65280abbb6aafe87613a597101f2e76e5b7e8529855365a272e73c03f3bcd8497ada473162129622f3ac245046ae57d3f1f66403fdc0c08f57d49b830

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
46f773493e75c6c816b431afcee31f97

SHA1
8a3334a0b220b87c11f31c11ca3096a55d6ec345

SHA256
2f3bba079d15ea0263e097b1dcd7178dfb361aa2ca7cdeda2883661ef8257e00

SHA512
c18ec7a361caf6e854473c1822f425c468175581126c1452b09b310a5c11f25c4129ed3644673e5f5c68b81d7d95a5a255cd2c03d757845e5a4880feb37f58be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
56d3f06c4ed72f889beaa2c61b9c3e00

SHA1
335b01f311078b71d6693c1079e370f394bbf088

SHA256
42a273287e7bc83062ecfb555fcf8c57746f987db92d83f9163ba9af9fac9ba8

SHA512
2e51ec1336dee0481deb1d7cb6bc29c20e0f56099d094ddcfc8a643151ed9b01cf32ca70e8375b4c81ba9236a2e12be05fa66f262b3f4f179cd3b594930f0534

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
576KB

MD5
7fd1c258820f462d1fbc1b3ccc258a45

SHA1
b6861d73670d97786b6b8d6c23bc5feb2eefe44b

SHA256
cf0f0312c48121f1ecbfe04278764225f33a4755c75c496589ce3b1a89383d7f

SHA512
44f4b246d2c108c5be3fdf84d5207066621353d50557ab85644a9b6e2d5898a187fef7f4225fe50f565deffd07a621bc9a05158978ee8096b0067ec0263c074a

Download Submit