3e3a0c2cbb2fe6b325f14d2c0a353647dcda20c3bc46d0e8da959ed47b702261

Resubmissions

10-10-2024 19:45

241010-ygqgvatbmg 10

10-10-2024 19:41

241010-yeebsstake 6

10-10-2024 19:38

241010-ycmkdsshkf 6

Analysis

max time kernel
149s
max time network
152s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
10-10-2024 19:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

21KB
MD5

a1d5921a1d53a08d66a22e2eefdfe1f2
SHA1

e840a6ff5e9f439334aa9e0858afec7abbe78d5c
SHA256

3e3a0c2cbb2fe6b325f14d2c0a353647dcda20c3bc46d0e8da959ed47b702261
SHA512

e95fad32e169a2aca7841eaf3adea6f30d187149dc2e15f0f8ebcbd50cc6cf86d8f49788651ffea8b35e844e28762ec64e573a369c805fe32530df6970aa2083
SSDEEP

384:MPU1spa1ocy444lbGaYMvhpNMi98sHtjFro2REu4Y0wM1Ozf51xCejiw:MPUv1ocy43EajJpNn9V9FrEu4Y0wM14n

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
57	drive.google.com
61	drive.google.com
64	drive.google.com

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_Classes\Local Settings	firefox.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\clippy.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Bon.zip:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	2576	firefox.exe
Token: SeDebugPrivilege	2576	firefox.exe
Token: SeDebugPrivilege	2576	firefox.exe
Token: SeDebugPrivilege	2576	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2576	firefox.exe
2576	firefox.exe
2576	firefox.exe
2576	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2576	firefox.exe
2576	firefox.exe
2576	firefox.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
2576	firefox.exe
2576	firefox.exe
2576	firefox.exe
2576	firefox.exe
2576	firefox.exe
2576	firefox.exe
2576	firefox.exe
2576	firefox.exe
2576	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 2576	1756	firefox.exe	29
PID 1756 wrote to memory of 2576	1756	firefox.exe	29
PID 1756 wrote to memory of 2576	1756	firefox.exe	29
PID 1756 wrote to memory of 2576	1756	firefox.exe	29
PID 1756 wrote to memory of 2576	1756	firefox.exe	29
PID 1756 wrote to memory of 2576	1756	firefox.exe	29
PID 1756 wrote to memory of 2576	1756	firefox.exe	29
PID 1756 wrote to memory of 2576	1756	firefox.exe	29
PID 1756 wrote to memory of 2576	1756	firefox.exe	29
PID 1756 wrote to memory of 2576	1756	firefox.exe	29
PID 1756 wrote to memory of 2576	1756	firefox.exe	29
PID 1756 wrote to memory of 2576	1756	firefox.exe	29
PID 2576 wrote to memory of 2792	2576	firefox.exe	30
PID 2576 wrote to memory of 2792	2576	firefox.exe	30
PID 2576 wrote to memory of 2792	2576	firefox.exe	30
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 2916	2576	firefox.exe	31
PID 2576 wrote to memory of 996	2576	firefox.exe	32
PID 2576 wrote to memory of 996	2576	firefox.exe	32
PID 2576 wrote to memory of 996	2576	firefox.exe	32
PID 2576 wrote to memory of 996	2576	firefox.exe	32
PID 2576 wrote to memory of 996	2576	firefox.exe	32

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\sample.html"
1⤵
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\sample.html
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2576
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.0.2126621153\1369490620" -parentBuildID 20221007134813 -prefsHandle 1228 -prefMapHandle 1208 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48e89dcb-455b-49d0-b21c-981c2f36b59d} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 1304 118f0858 gpu
    3⤵
    PID:2792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.1.591254821\2120446552" -parentBuildID 20221007134813 -prefsHandle 1504 -prefMapHandle 1500 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {565dee60-f04b-4d6f-a4a7-bd087782fd2d} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 1516 e70558 socket
    3⤵
    PID:2916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.2.1957835372\662161290" -childID 1 -isForBrowser -prefsHandle 2112 -prefMapHandle 2108 -prefsLen 21811 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f304ad0c-0e77-4da4-9312-6bed17c2b888} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 2124 1b3d6558 tab
    3⤵
    PID:996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.3.855747808\909196998" -childID 2 -isForBrowser -prefsHandle 2744 -prefMapHandle 2740 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {73a25a43-cc3d-4a4a-b8b1-ee525df23710} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 2748 e5c258 tab
    3⤵
    PID:1268
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.4.889452843\1199329501" -childID 3 -isForBrowser -prefsHandle 3776 -prefMapHandle 3748 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {172c6fc4-8d05-4c91-b659-de38e4886cbf} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 3796 1f711e58 tab
    3⤵
    PID:1600
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.5.1914356325\1163682627" -childID 4 -isForBrowser -prefsHandle 3908 -prefMapHandle 3912 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8adec523-e40f-4ab1-aa93-52e8b7bfc22b} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 3896 1f710658 tab
    3⤵
    PID:1104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.6.1135811916\1093935959" -childID 5 -isForBrowser -prefsHandle 4076 -prefMapHandle 4080 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eaab20d1-e0c8-4701-9bdd-f602bceb0f1d} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 4064 1f711558 tab
    3⤵
    PID:2196
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.7.594219967\1984034723" -childID 6 -isForBrowser -prefsHandle 4132 -prefMapHandle 4124 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e64ae517-ed2a-422f-81b2-37fcb884512e} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 4112 1ce2aa58 tab
    3⤵
    PID:1720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.8.401849668\1543816981" -parentBuildID 20221007134813 -prefsHandle 2344 -prefMapHandle 2160 -prefsLen 26796 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c6a4676-c224-4a1f-8420-3de61909ca33} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 2124 205b1e58 rdd
    3⤵
    PID:1480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.9.1470317465\704928987" -childID 7 -isForBrowser -prefsHandle 3680 -prefMapHandle 3420 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {df5ed531-f180-4d70-b118-6502e728423c} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 3672 205b1858 tab
    3⤵
    PID:1588
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.10.2106818114\1269860136" -childID 8 -isForBrowser -prefsHandle 8208 -prefMapHandle 8212 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c732872-f10a-4640-b884-973c1ed99bc5} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 8196 1dc93e58 tab
    3⤵
    PID:2440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.11.993663418\243952736" -childID 9 -isForBrowser -prefsHandle 3672 -prefMapHandle 4476 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {45e6fbca-449d-4aea-89ec-cc4cbdccfe1c} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 4396 b23a058 tab
    3⤵
    PID:2284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.12.479376446\1700553416" -childID 10 -isForBrowser -prefsHandle 8096 -prefMapHandle 8168 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9aa339f-b8ed-4750-bf0b-6be681498bbe} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 8100 b227e58 tab
    3⤵
    PID:2092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.13.1798861754\152768193" -childID 11 -isForBrowser -prefsHandle 7836 -prefMapHandle 7832 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {83f69250-f903-4a83-90cc-57b2d0ae5530} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 7848 b228458 tab
    3⤵
    PID:1708
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.14.773800693\323163661" -childID 12 -isForBrowser -prefsHandle 7700 -prefMapHandle 7860 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {512f0d2b-ad34-429d-8ca1-0096dc85e498} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 7704 23977f58 tab
    3⤵
    PID:1892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.15.1122772422\1431581722" -childID 13 -isForBrowser -prefsHandle 4216 -prefMapHandle 4204 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ecad845-378f-44bd-a08b-120732eafd34} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 7648 2199cb58 tab
    3⤵
    PID:936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.16.85931677\1658440967" -childID 14 -isForBrowser -prefsHandle 8120 -prefMapHandle 8116 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c575ad7-ccc4-40ca-b185-72fd06dc451f} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 8164 b227858 tab
    3⤵
    PID:2468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.17.1072033488\1686352071" -childID 15 -isForBrowser -prefsHandle 7804 -prefMapHandle 3692 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f731da3a-f0f1-49ac-82d3-8e999166e105} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 4300 2199e958 tab
    3⤵
    PID:1348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.18.426613328\878933376" -childID 16 -isForBrowser -prefsHandle 7760 -prefMapHandle 7764 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1265ede-a2ee-4cf6-a972-482a04dada7a} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 4408 b3fbe58 tab
    3⤵
    PID:1144
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.19.1726011301\443711110" -childID 17 -isForBrowser -prefsHandle 7512 -prefMapHandle 7516 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {393f9a40-dbcc-4f69-8bdb-6b7e0a7c7811} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 7500 1ce2a158 tab
    3⤵
    PID:1760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.20.1238321025\953648087" -childID 18 -isForBrowser -prefsHandle 7924 -prefMapHandle 7864 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0962c8cd-c34e-4644-907b-437f1ec8fa74} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 7972 1ce2a758 tab
    3⤵
    PID:3588
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.21.221069896\431461945" -childID 19 -isForBrowser -prefsHandle 4200 -prefMapHandle 7512 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c96dc637-aa30-4fe2-99e0-cda388313b3e} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 4432 1dbc3358 tab
    3⤵
    PID:3596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.22.2033954980\899332894" -childID 20 -isForBrowser -prefsHandle 3208 -prefMapHandle 3168 -prefsLen 26836 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee53bde1-2bb8-42fc-83c9-52ece74bcce1} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 3276 1dda9e58 tab
    3⤵
    PID:3356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.23.1468770491\450645883" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 7024 -prefMapHandle 7028 -prefsLen 26836 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2effcd62-2a70-4e2a-88ae-ef359b8ba45f} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 7012 205b0f58 utility
    3⤵
    PID:3840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.24.1862389818\160531008" -childID 21 -isForBrowser -prefsHandle 6868 -prefMapHandle 6872 -prefsLen 26836 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c16331c-65dd-4c2b-8c5e-0df0f249a698} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 6856 2199c558 tab
    3⤵
    PID:3932
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.25.729433683\495671343" -childID 22 -isForBrowser -prefsHandle 8112 -prefMapHandle 7528 -prefsLen 26836 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {92afcd7e-dce5-49cd-adce-3c13b60fa517} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 1124 239a8758 tab
    3⤵
    PID:3336
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.26.1308641169\1534991604" -childID 23 -isForBrowser -prefsHandle 2148 -prefMapHandle 7368 -prefsLen 26836 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cefc6ba3-289a-43ee-8a27-bc2c607974b5} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 7160 b388258 tab
    3⤵
    PID:3616
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.27.1894907608\1946505117" -childID 24 -isForBrowser -prefsHandle 6848 -prefMapHandle 6832 -prefsLen 26836 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c4f3fd4-2746-46b0-b745-8608ac5fc58e} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 6780 1dc90e58 tab
    3⤵
    PID:2556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.28.17889420\1691761879" -childID 25 -isForBrowser -prefsHandle 1664 -prefMapHandle 7188 -prefsLen 26836 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5ea7eba-351a-459e-874a-39b473512d49} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 7048 b3aff58 tab
    3⤵
    PID:3900
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.29.88699469\647573265" -childID 26 -isForBrowser -prefsHandle 7188 -prefMapHandle 1664 -prefsLen 26836 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef89cb16-48a6-4907-9bb0-35cff7b79c91} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 7212 23003e58 tab
    3⤵
    PID:3464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.30.148315278\193595517" -childID 27 -isForBrowser -prefsHandle 6684 -prefMapHandle 6688 -prefsLen 26836 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c02a3af-8f2b-40c8-9d21-3e4823a0e994} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 7044 23004158 tab
    3⤵
    PID:3428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.31.1803927684\1776014795" -childID 28 -isForBrowser -prefsHandle 6568 -prefMapHandle 6564 -prefsLen 26836 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f43fd4b6-7ece-4514-a8ba-17e11062c7bf} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 6580 23004a58 tab
    3⤵
    PID:3456

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:3440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\activity-stream.discovery_stream.json.tmp

Filesize
23KB

MD5
0130d2b53d14c8a7967384b76294ec28

SHA1
c1f4f419120702d6e3e0614b6820203b970fd90e

SHA256
289d7557c2bd0092e8cc9a998d4c2b209b73f6aac31c88da8b5b4dd328396bb2

SHA512
0a79b8dbd3f2b45b80cfccf4a76b23c9e733b9fdd947b316397c144107747702825fcafa6fed41034205279fd8a8ef91b86c8cf51fb2ffb7e65fce2adfa8fd94

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\doomed\10755

Filesize
6.8MB

MD5
38eec43b968e381a7f6220fbf887f87e

SHA1
9812b3975638ceafb5e21c2ecdc79a432e6ebc59

SHA256
e8cc4d759ac06cbd02ecd63309b5b6eaef693e84527da8a5c6ba42ce1e51962b

SHA512
ed31cf8e9a971eace2c14965f4699eb510db98e31759c892894baeb766ae3384b5027af57927bb1eefc1cea2bf479561e7ffd3bb528a03450856f7f7636d78b6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\doomed\11376

Filesize
21KB

MD5
41cad341768293466c34e744fd829342

SHA1
a1f757e2f9e2364847455d6268f7a4680b980efd

SHA256
4af12caf3f9450e22ad3464b36489d2db4bd73ae9d6b53b39b1f5750b8c1de61

SHA512
a88f8f249481ce34275ba00841af59ae292911b4f66eb967bf8aced2101d961f222b6e8e4b1a92d1df09a2b9ef34efa4c5e541463ff51f157513edee3218d491

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\doomed\1240

Filesize
9KB

MD5
cb52be6eb94cc570f90934995fd1966b

SHA1
09d3c4fd0d0c3d2caeed9f3b799932ffcea809b9

SHA256
408cd43c9644f743a082284c9c4da5b32bd63c4f4d9f0733faf56cc4f900dc2e

SHA512
602b624a922330adfdf5d54b4d61e116516812c4cad15d6f26040eac7189a6cc4e0c59516c1cee0a0a49e6ccf464fcad28e562547a7faf3055f09475824c9444

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\doomed\12812

Filesize
7KB

MD5
cbde0edebe1e597ca3369bdf53a8a0ae

SHA1
7a8af1e8379fc72b123a7c84415501c12a84a643

SHA256
9a7a60530a1767f103aa18bdc15749a154d122e7154e262433effabef833b115

SHA512
2837dfba85b8943b1cf950a5343525ed16308462c2a34bf8e6084fdb4db4e9fac1c3a8935f216db1e2f9536b9d2a55d328f0e7d31437b5db0afbc862833b9da7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\doomed\13616

Filesize
7KB

MD5
7bfd400b3b523b4cd8a8fd197bf8f114

SHA1
de8eecc1d4ac4f42630101f4cb0e9c51a4be19d7

SHA256
db07d6edc2df815edf634a89de5c96454473a4106f1902ee7d75ef9b233eb5e4

SHA512
86a217b12160076f626d3953541100799d24ce35451847eb6eec647ee7eacd045ad63d7ddd83539e64d6fa6a3b2e3f6042a4428106c63a3ee48ea3a50b016817

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\doomed\17872

Filesize
8KB

MD5
704ce6db346f652c5dc8f54e2c3daf73

SHA1
7e8dbdc2f5158e47efc7aa51d9113a4f18b4f691

SHA256
8a98164503b7509ab261e0ead76d6d034f0b53b83c1819ed486a9fb70c1b1e72

SHA512
60d2e4b93fd49cabc1cf8de42ed057912161ee8818e0ba6c010a0b648392a17b0cd279bcb7bc21851f99fb4fb6177f21edbd4157304f27f3cec8fafe513c3f7c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\doomed\24093

Filesize
15KB

MD5
31caa67af40da0605cfd9f5e0d05decb

SHA1
8a887266547217622c311dc6d9443d9ef69afbd6

SHA256
d572045f4214b55d9b85dbc199b9d0b6a6b9f203073a44fe07a41ac89349c440

SHA512
d5c655fda1da0a83d32ce15e304a44014e5a733b4584caf171e0b3b2674d26cc02411bfebcb8353f61ec3889c44afa729b8428b7479299d21e6645c47f32fb0d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\doomed\30621

Filesize
14KB

MD5
475bc450e32ad5f7719d54471d71f670

SHA1
ec555ddbf7dc69853e0779bf3bf77906efcf1941

SHA256
87dbfefe73a2163bc006c4cd08ffb9fb24ced354483069e9f33edb62c4c93820

SHA512
f5343942be79ee98692eded65b98e52177b678579679c6c50351d3b8b3de1f0219fcae7222cd0c75df7198dfbcda7dce909e9c10a32fecdf365780e56fbd01a3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\doomed\5546

Filesize
10KB

MD5
f674d03798a8bc2f840c069e109de9f5

SHA1
d51a4cb540778213247f1c2a84f97ba830ebdd07

SHA256
3d2a60a9b6250d5389e8e80dba75139130a6521de86356410eb1e3188d2c23cf

SHA512
5339f0dd2e7e3c873420845e2f49aa2b3beaf307302d9adfa0a1fc9a4eb6e5c0227936fb38da9d914dce42c7c67bfb02bc9ea114e79dbd83079bd79e3219970b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\doomed\9229

Filesize
16KB

MD5
d5d5e4ad0fa1c81eda4c4083c10dff06

SHA1
f414ca4802fdd5647c85f95959943563921283c4

SHA256
41d01495c8e31fe16663803b15304828c6f8c3f1809fb7e9b453082dac909e89

SHA512
a72bf1ce03266cf6f2e1b056a39446c49cdb55f06c006d931d3fd344f89acc68add6db30d97bda24fc16c3c4395c2bea2ce0dfd062013c735c3f07fb4d434dfc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\doomed\97

Filesize
8KB

MD5
12a022983f7deab5cdeabdc35fab85cc

SHA1
6492e046a203e8df40b2541ab93d68332224e538

SHA256
67bfe4e4d19e929aaf615a56f1788945191314db5255398cf53d376d0c4c9127

SHA512
c3fc9e44268885c16f36efa2d23f9b4d9169f2389ab0c9acc3723ba85da22ed7d2f9716354a700dc67e9ba38f02962c0f83d69145bbf4f9c50e08495caf5fd85

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\entries\04B9F0FB7C466980A18B81686266C55B1664430A

Filesize
569KB

MD5
1b750176fbdbdff1664e81127441e136

SHA1
d1a47a17a2e3c0692fb1c261d6b60d873de85774

SHA256
223035df2d5c479e5f6130b72c51b751aefb1e0008589a744006fce1044b5da2

SHA512
e5b080fb840d6748c6b92d6acdce0e58eb9814f4f51bf0d6f4af95fd6293d074d447e037f5e985ee8d909954c2655a92625bc083528b5fab9eb9941c2c390504

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\entries\1D0B56C0D1378A8AE4E6D8F2B942D96BFECDE10F

Filesize
403KB

MD5
10a137f3c57ec3b73a3c3bdf6e985da9

SHA1
bc09d2f92af0d6d76d5e1602e201921abb417778

SHA256
c45068ef470b2ab70100fc500144614af0e4ee8df6f0a6653bee817bbe661f59

SHA512
371c34c1f8df79f6e2d385d2bc69dc68d976313874d5814cfae99a997a5b8c55c3d1b60e2ef5f197449046cb438d6ac6a1c85cb8a88f2d040221484157b345d4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\entries\2D826BD682ED46E2B50DA3AD49E455C6EEC72FD6

Filesize
72KB

MD5
eb616e2e58ca35728eb3fc1185e68ffe

SHA1
fd2f074ccf1282108b619c42c90bf01b76e6d7ef

SHA256
a57c2a8522914b1fadb68d2f93c64c4bce25df0585062d6d703a84ed26ce8fe4

SHA512
e099595a491b36d533bdc1c836e3fcedf13480151666935e60a02f7837debe3cdca767f82419d910487a90d827f7e14c37c32476a972db43cc5201146fe33d74

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\entries\3D3F1F296CF2EDE2000E6227853F7F1B2F793A08

Filesize
18KB

MD5
c0f78cb58257a44c107fbad293eb155e

SHA1
16305c8a17d283e465e5aa5443fd9122afb82694

SHA256
a1a36832930b64baa6a2cd5ba15aaa3089d7bc8b78bde92df980cd62dee2459e

SHA512
35b9761ae7d8a36898d7fc03845da31d80d5de8dcafa30282bcc267a3f69ffb6ecf3d5892927038e7c776fb505f0cae3f0eeb6e895185bbd281aebfb5ab07aed

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\entries\40E8C923BB1C8C27A9A2C56763154C34C2A5732F

Filesize
22KB

MD5
2aa150a09ea68fef115417775e5e8077

SHA1
0d9d4520761fdd9a790228ccaf433c5806b7d8fc

SHA256
4a6b11028e954552b4232fe881324f8575035cb1e1d4c0f465370a73add67835

SHA512
a4c12f6adcf6d1f11155f17e448ff396c6599befa7e04ebff653aa4e0851be7cf45108607285320120a4d6efdd320864f5685121d79062736484abf074215b57

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\entries\42090F11E10AEF67CBBA301A406EA7F25E72199B

Filesize
8KB

MD5
b0469f82967753509e72e18a1653caa0

SHA1
6a3dd7c638e43fcd1b7d775a5569e0b0e4c31c68

SHA256
250738717a8b4552c2e95298bc2d5ba20260910423b610f5f8616939756bda36

SHA512
1fcd3c384eff354ab130fe8976e7693848041024d702d21052990bc0dd81619066127712337f6b47e7ad408bceb7d7088b4fd9c62d99566cdb9941d61399eca2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\entries\5379CDE20416283DE4100B6E9A1435B674F7FB65

Filesize
29KB

MD5
089430f63032a13beed869bf205f5b48

SHA1
77ed681657ee590b33913d14bcaeaa0b37838ef3

SHA256
e6f81889ffe72485de28f9b96830f58f4ab950a2da53bb039b0f28f7727f1df1

SHA512
1900d0116ed1efaf51dcf4a2b4d1ab30db64b638c5e78cc16f6238e403c1036cd98e5ea9e50db904c6cd4fb31270dcae5ba7cc8836f06a35e9763d6029879054

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\entries\59957580E61DD1378D2D8C46F5294E6969D4C481

Filesize
138KB

MD5
48502779fd043188e1484ed14dc8543e

SHA1
84b038b218f421e8420a242416b6fc32299b7cca

SHA256
0892f75470db23fe5f5f8aba47b65310bab471f4acd637ea182ddd61c659d6b9

SHA512
397e71ba3d39a5597eba2bec0c438773fe87852ecc18dcf41e382a7d4513cf19a5026f7791e6726ea5b4948f9c4e8410853a975fb533380fe9adde1e829709f0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\entries\5BE1A021430B86174FDCBD623D7BD726CE2E27D3

Filesize
89KB

MD5
df8642571e08d9663d8a57484fac965a

SHA1
551543039d34a44cf119aa7be8b111c176b3c8e7

SHA256
44fff4b1de0fffaf0f135aaff88e97b82c65c8e31a0067cf2b443905799dbb05

SHA512
848c556b4278312f287293292548498bd87a631d5ed1e8fc5da788cce17e37dbac3918f8cdc792a47b0f14746798149fdd3624aa556552b6c7355856058036df

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\entries\64101EC468CD330E379A5B8013C7D025226963F8

Filesize
16KB

MD5
8d4d990cb3b5de58fefc26dfeb3c2eca

SHA1
56f042091939cc542abf7f54c677cdc7dec0ac5a

SHA256
909f2365afd929b86369d785f56945b01d7ae9b981bbe4834e68bdb214d7c33c

SHA512
27af14ee8e9b9ff8cd6b89b009385d0be1cd8b9032511b9b94efb87dcce52378f0d4abe273114259cc0c3b81f7eb31d893539f327fa9941474c6caf6b3049bec

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\entries\981ABC04E690674FD1913FFDE6DB2B609BBB07FD

Filesize
13KB

MD5
352e28dcda75f7f3f9e0068e8a07066c

SHA1
b12762f522b22f20c3cd5523b1f7db3a27afd243

SHA256
75a5e4c7c66b7999ea7ca48cc36644ea4fb8034b4642ebc0a3a9ec104a515cfe

SHA512
c8319fc2fb0bd733eb3fe628e851894b71493b78481b647f1fb1422c37f8444f3f3119390805afaa020f27cff6bcf49e193d91d6df399fcf140cf4e0ed4337b4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\entries\9FC8C85689D31525EACE26158B83B464F43A027B

Filesize
23KB

MD5
326b7878736f0f30c9f694e92d6669cf

SHA1
194176696e23a6c85a404b472f975f2fdc025c16

SHA256
aa2a3ebf66a615042d8f28ba15763b6b9c880405ccf2856b41db9bdf8311c35b

SHA512
3093c9d367b09598e4c3f3acf800edd530d0040d86ee8e2f1949a9e43f065ed8ab5a4457c93b80e2f9fb9dbf8fbe4d41ddb28a156ff7369ecd5df5a551e854f1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\entries\A752BE816C32A166B4212612D41570FEFDA0B4E8

Filesize
24KB

MD5
70fd63101eb0afa52312dd131becdf28

SHA1
e81950f9d4a0cd04ef589c6bb673c35b0a030d54

SHA256
197bfb003e6392e328370f487b144a135d29498b9dd425538b9ea4c243df9c9d

SHA512
a44cecafe6c8e4821ce8e0df01995994d31510c7be5a36f9293c5eac20b82b20a6a37c3666a38d2d566ea79aaf63cc79a798d1b327afca076221e9485e48687b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\entries\B897D37DECB60F4D69A69DE73F05F39960632B77

Filesize
140KB

MD5
560daaf65219ae3413aaefa33f129543

SHA1
4a84708732db2f6d455bc229dce3b4b244257a00

SHA256
cabd5953420c27fffe427d035e92aaaaa9d217c8ce1058068efee8a645e38ff6

SHA512
276194df1afbfb2a88c5049a89da92c8382a2d991342a61dec6eba20beaa1cb9d32b34b144d3ae65019fd4c1c380571c4fd4787a05339218a4be28afb26101b3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\entries\BE3AA76B4C0728ECF10B6708B86ABC71DEF4CBEF

Filesize
18KB

MD5
b543b35d7f0b29c77ad2b2a816250c9d

SHA1
d13470243ef22b886612c99a67efc26c2223cd9a

SHA256
9727bb871315e3c76d2d80a48a38fc1a4993f316e320804ffea60b585c02d338

SHA512
33a9d46b53834a1d9ab886803137d398408b17ad1f0aeb25a05a6d9be26193d1de1ce40d08667b4c55eb3d87d8949a7f402b05c58a4b2bba7174479549bf19d5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\entries\F2961089FC520C0BEEB7076957617E2A6D0A2821

Filesize
17KB

MD5
a13dd7f04c2c0086bd09d35a7c159cf4

SHA1
4d85a78e37b3bf001d30afd892eb871b8d04c9b5

SHA256
750339db1611bafc49080c9ef75e6cb2e36aa5bcb11e96a39850a6345da782f9

SHA512
3224372a45b776b7a477bcf83cede9013dfb6946eae6bbe799bba4879d711e236bbd86842030810915a85b1f752ef07aed12b8fc67bd5909595b66a569acff04

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\entries\F657C3A323FE459389995420C687A7062F262C1D

Filesize
30KB

MD5
42b35e85f3a3d06548e9073f3e6bcf0c

SHA1
8c6d3ed7b2e10e262a6d5fe14e83f4fe269b2a29

SHA256
57fdf3bd6408d36742f07e60833c99c5617dc8fd89df51f35e043c5861d222e7

SHA512
41a4b33270690ef7905df34dd0b6c402ac5cd676a0b928752160a01e7f66d11df2caa8190c981439f8dc13f1cb8e27c4316e709ea83f1a507f48f98d78149a47

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
7KB

MD5
c460716b62456449360b23cf5663f275

SHA1
06573a83d88286153066bae7062cc9300e567d92

SHA256
0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

SHA512
476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
f39730e0bce38a43462bea3926ffb2cc

SHA1
a2cec3eb7e2cf09db790166d091aac880831e50c

SHA256
954e5ae72b1d917e524f899c30c395e25c5cd7b6c3c7539c0f2c4cf83219c0cd

SHA512
fb405ceb58eb420cce75039d419f7aa5743c0fb855cbcd7741748b33dab9ec1c5ad141c42930a1206d5711c35bbbea50584474ecf1a9d5c480d5e47b58ad7a11

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\datareporting\glean\pending_pings\4db6e7ee-beb4-40cc-9c0e-cc0392c8a8ef

Filesize
745B

MD5
8bd4c5f4a6efb3a09cc9bddf94cba2a3

SHA1
fd002011fe0d7e74cfca13068fb74b541d074a43

SHA256
8890d440a6d5811d320198f6758e8ed12f323bedc620a59edcf741e856af84b1

SHA512
fcf4a724443a7b0729ee5e08f0144c667e89ed361493e47c966468fd60867eb2c19a2183e182b526ec8b5b4e0eafcfe4dbd6459a957dae7d2207df00d0c5122d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\datareporting\glean\pending_pings\fac673ca-b260-4c4b-88e5-9c6113a1eb50

Filesize
12KB

MD5
2612f29d1ad37d6a2ddfe28a6dd4945e

SHA1
be6d60341a59d72329731b8630376ec520692ad7

SHA256
3ef5e5e1c6f0ef1aa126ee1cc9c202c23659d849c47569e19cb53971aebecd5c

SHA512
83666c7714b82d8319ef15605599ba8a4f120a3b2bd2fdfe321b87723fd462e2dc4181f21f283532bcd7f05dbbf54d1f3abf0d734b0bd4bd5bc77b6e14f52789

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\downloads.json.tmp

Filesize
638B

MD5
3ec37d05119a8c5568eec74c374aa3a1

SHA1
9b275f6e65182b3db404690c72ff3238d84a3866

SHA256
73583c604b0891778cc8b446a75f3c5d724fcc1638149aea950549454bbafa2a

SHA512
a7ccbd1bcd57f30159c609aaf19dfb93b0120a2c0e21bcc2676f01fbe65fcb6dd721a09eedf0738a4a14bd57f7b50812cf6ce62a35d86266c9ef40ef83b0a0e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\prefs-1.js

Filesize
6KB

MD5
0ebd938a36de3b21e659d189bf3f5750

SHA1
48bf964b3d8d20b926cc358df6fc3298512aac05

SHA256
b79415379df0cab781ba82afee5be4af1f875d480fb3c5ee4415d88f188766af

SHA512
520a56c5ae7db6d3b66bbe865ecfecf6a3c4f37fa4f0143ec9f2c16cce9a3359672fb44f3688da5206b86fb7eb3af4def7a25bf8650e4e728fa51cf82bab6f01

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
81357e3ea1c472f4b5a36d54d48626a2

SHA1
8eaf65d0db967c2db23100e87d22bcd16d24413f

SHA256
ca5cb5d1a4052cb3f285541af19fc2da67b31c8360fe39dd9c9e9040c3826f9d

SHA512
1f8efe09417ce65a8c3e3527f02593f56f29745d321769bb4d78f8f072755b63b12c6acec538b32a955110a103e0d539e54b6357d952a89d36fc9a769d65c27e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
54a669d9b3c478b9393f74c61cac4f7b

SHA1
05f6f1de62a275f53cbff1b3894bfb629fc7e2dd

SHA256
556ef94096477bd32812d17e59f18f0331f5486c008d0349c8244e3584bf70ea

SHA512
9023e63568ff14c2dce2282458e7b2da9f76c2042aa1c68d956574e1fc8b6fa3c115911ca5284cab1d53502a838e096fd3e3667e249aabca94049ed8424c09ed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
16KB

MD5
1ef65542c0d571571f2fc6914307744e

SHA1
f797c25763de25ce328abb2a8399160a449ff343

SHA256
7ae50566e0aa394abf4ba801c7acb446c346933b1de594e8959ef6565195fca8

SHA512
946206265e6c664806f22b2ceba070fd0c292505b0385b0d0a8ca9b30e96ec05509829c4b0e054cf8a358f701195ede7b7dfd5d8c379394c73644c7fc635e751

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
13KB

MD5
3fea86b986fd98334d6169b9e26bc1fd

SHA1
70a2fa48f94bf4424b2516355beae46d4218c422

SHA256
ead98a9ab340acf3a55aed34ceee54ae4927f223123a0e1b538bd62a04d47f90

SHA512
e23fea607c16240598637d996274fee0913e90b2cc60db95c4fc58d2a414ad8a4cedb53d7a807756eb8d1a569cc4ee2998837ff73a19ef71a5d968b3e139c63b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
cc1a304ff6c352c9911127d71256751f

SHA1
fee0b92d742d91a633e5780b8066e31efaa627d2

SHA256
0b58f946179a631463f1444028ac7de01f036b26291a0ae973bad369b22da331

SHA512
6a71ce257cc3929658d56bf27b259616a2f2a61e9c7545a65c62d2c6772aad0bf98013471f10477de3cd98dab4c5f941fc1afcde3633580af9220ea0c2ae7e56

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
cecb663f9733fd2047722a2349354b4f

SHA1
0791523f8f23d257e0b6aa7afeaa32666bbf556c

SHA256
33d9536d7fa04a3cbd3b300ce04e8694ff1b8e9d88b14e09b8ed2f3a0173c0ca

SHA512
6381a71351a94e9ee34395353a31a1d14fa3a0b607f7f19a05d1900a123ac2096070129b99b1a37f85d2d85312bb2e46b572aa851726f00e620124e2ea2a5280

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
09add78b7790b8f78152adbb7ad2d8c1

SHA1
db060b406808ac05a8be6423237f1d1235efb62f

SHA256
56735113e3221754ba4eca908cf7a707b95e4cbbe62629a1206cc6e933ada69c

SHA512
17d037b48d401752d512e08e5629490fce0b4bd42da98b5efa642be0c132cd7725a51ea26ed011292fa747bcdfc586beeaa5e81bdf4bfb873448e0695ce57742

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
17KB

MD5
533511f970387a6c72d7933ab858a59a

SHA1
edb5628533e6ef5602c6ae51728dc559e76502bf

SHA256
99966f212a27e61f93d56c9bf23f37d0828a5eca4d33859dbfabd8667a890e39

SHA512
720b023095975c8a11ee37a209124df86cc95c9f37976e37e618d277f7795bdd88fee2762d965879539b35a20a8ad91b5f4a0e34f9a1d3036634a2c829ce17d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
15KB

MD5
76cca890dc823ca60126697d02ae7f0a

SHA1
925c5be003f0b1f8d571f65202fc66e61be16a9f

SHA256
f7ec756b92cdd10bbd6220bf46031a08957d0623f5942667644617b4f45b165a

SHA512
7c946e0618f60e19b2e41d57685119cb2021daa2878c90f0eee9df1c5088f0a8a36eb1a1a0fbca4cef151b0e37adbd9b3400b40b507e4f3ce6aa77695a8c34b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cgoogle.com%29\idb\2171031483YattIedMb.sqlite

Filesize
48KB

MD5
4ca6700cd6294bfba2e41f9824da6993

SHA1
217994bd6811d4a811077c10f6c341d97b6ba6f7

SHA256
7f7f1665ba64f4c2adeae764bdb8bcdc21839d008d5221141e3489a012da90b9

SHA512
69cf4942035756765bc9560fb4f19ff771c656bb8761f9ed1abafd8b683f8c33f6e53673c07535a7b13c5e9f0444b929a76c91dc3f001135abc282753abe156a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
bece0acf9d7f19d01c7943c54d2ad372

SHA1
aef59ca4b0fe97f32db128e103bfb98aee3b5e29

SHA256
ce40f79585195148ac86928d18da80b963cc98d6feb83c1c2e75e8b6d6ef39f8

SHA512
105fb01521fca054766d1d1e46cf3bf177b8bab44800f7bbad9a84f388af32e745474b3cc4f70c1fd779b4e7bcf0912502860092e1824f7ba4b52c612ba5a70b

Download Submit
C:\Users\Admin\Downloads\clippy.56fAkmfw.zip.part

Filesize
64KB

MD5
de67e283d03a38f69d38018bbade93e6

SHA1
ce54cfd07c39101779278b77828441f56aab5875

SHA256
3d0b9ac29230238856f7680192caabea6b42da41e767aa7e8a1923afbda45daa

SHA512
b6ac40c4aa184d22e75650fb7a91489d1b5e0a8a02ba48fe26894f358f1e1138d96adb7fdc6d8f5c6a0b34bd1e6b24f1f2eeaebd08531c6f78ea1d73cd867693

Download Submit