1e8d94d04b2d21fe062345f4f2eb5bd6896f420e1a98c17eaf0105236ae52b67

Analysis

max time kernel
312s
max time network
313s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
08-11-2024 00:06

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

RAT NIGGA.jar
Size

639KB
MD5

eaf4f869a0be0418568b88301e8318e5
SHA1

0f5efc7f8fea65eaa0bca6746ff72eeb4d65bd9e
SHA256

1e8d94d04b2d21fe062345f4f2eb5bd6896f420e1a98c17eaf0105236ae52b67
SHA512

2c746db76c9f9987d85809d7598b9a24558d8a1b1c98e77e0398725258b1611e7227dacd7efa094a8f0bdf9cb16b2aae794c5ddcea3a02f6bb153c4403a99c9a
SSDEEP

12288:YPvPQT/dZzqF149PE/+HgK/nRf+9ZYN2Xgg+1CRja3cuQ2hESQBDI7:YP3QLvqj4lTHgKZms2XtoNcu9hXQBDI7

Score

8^/10

defense_evasion persistence phishing

Malware Config

Signatures

Downloads MZ/PE file
A potential corporate email address has been identified in the URL: 93263704532955710A490D44@AdobeOrg
phishing
A potential corporate email address has been identified in the URL: DC4FCl9EEADTbpTauTauH92EDJA255C6DD4@Tau
phishing

Executes dropped EXE 4 IoCs

pid	Process
2544	jre-8u431-windows-x64.exe
3508	jre-8u431-windows-x64.exe
6820	jre-8u431-windows-x64.exe
2040	jre-8u431-windows-x64.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Home = "C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe -jar C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\.tmp\\1731024431504.tmp"	reg.exe

Looks up external IP address via web service 12 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
705	ip-lookup.net
752	whatismyipaddress.com
753	whatismyipaddress.com
1100	ip-lookup.net
1476	whatismyipaddress.com
1769	whatismyipaddress.com
1803	ip-lookup.net
749	whatismyipaddress.com
750	whatismyipaddress.com
751	whatismyipaddress.com
1804	ip-lookup.net
1805	ip-lookup.net

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\jre-8u431-windows-x64.exe:Zone.Identifier	firefox.exe

Checks processor information in registry 2 TTPs 16 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "120"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\jre-8u431-windows-x64.exe:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4904	firefox.exe
Token: SeDebugPrivilege	4904	firefox.exe
Token: SeDebugPrivilege	4904	firefox.exe
Token: SeDebugPrivilege	4904	firefox.exe
Token: SeDebugPrivilege	4904	firefox.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
3016	java.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
3508	jre-8u431-windows-x64.exe
3508	jre-8u431-windows-x64.exe
3508	jre-8u431-windows-x64.exe
2040	jre-8u431-windows-x64.exe
2040	jre-8u431-windows-x64.exe
2040	jre-8u431-windows-x64.exe
7832	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 3760	3016	java.exe	84
PID 3016 wrote to memory of 3760	3016	java.exe	84
PID 3016 wrote to memory of 3196	3016	java.exe	86
PID 3016 wrote to memory of 3196	3016	java.exe	86
PID 3196 wrote to memory of 4348	3196	cmd.exe	88
PID 3196 wrote to memory of 4348	3196	cmd.exe	88
PID 3168 wrote to memory of 4904	3168	firefox.exe	100
PID 3168 wrote to memory of 4904	3168	firefox.exe	100
PID 3168 wrote to memory of 4904	3168	firefox.exe	100
PID 3168 wrote to memory of 4904	3168	firefox.exe	100
PID 3168 wrote to memory of 4904	3168	firefox.exe	100
PID 3168 wrote to memory of 4904	3168	firefox.exe	100
PID 3168 wrote to memory of 4904	3168	firefox.exe	100
PID 3168 wrote to memory of 4904	3168	firefox.exe	100
PID 3168 wrote to memory of 4904	3168	firefox.exe	100
PID 3168 wrote to memory of 4904	3168	firefox.exe	100
PID 3168 wrote to memory of 4904	3168	firefox.exe	100
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 3940	4904	firefox.exe	101
PID 4904 wrote to memory of 2800	4904	firefox.exe	102
PID 4904 wrote to memory of 2800	4904	firefox.exe	102

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
3760	attrib.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar "C:\Users\Admin\AppData\Local\Temp\RAT NIGGA.jar"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Windows\SYSTEM32\attrib.exe
  attrib +H C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1731024431504.tmp
  2⤵
  - Views/modifies file attributes
  PID:3760
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c "REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1731024431504.tmp" /f"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3196
- - C:\Windows\system32\reg.exe
    REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1731024431504.tmp" /f
    3⤵
    - Adds Run key to start application
    PID:4348

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3168
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c3f7f15-702d-4f95-86a5-8b7f033bec23} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" gpu
    3⤵
    PID:3940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2360 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79b84fa2-2963-4f49-9caf-9f6e42f63099} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" socket
    3⤵
    - Checks processor information in registry
    PID:2800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3104 -childID 1 -isForBrowser -prefsHandle 3008 -prefMapHandle 2984 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9faffcc2-aa22-4aa9-8a74-ef87d03fa1bf} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:4896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4308 -childID 2 -isForBrowser -prefsHandle 4300 -prefMapHandle 4296 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50ff7bb0-31ca-43fb-8361-becc2791b97a} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:2856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4620 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4876 -prefMapHandle 4872 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6a59959-a4ac-4669-a01b-25b1950014d6} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" utility
    3⤵
    - Checks processor information in registry
    PID:3380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5264 -childID 3 -isForBrowser -prefsHandle 5244 -prefMapHandle 5172 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38c6a7ab-46cf-4477-940f-1cce1510d934} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:5476
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5408 -childID 4 -isForBrowser -prefsHandle 5484 -prefMapHandle 5480 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0208a147-618c-4dad-a45c-1d4cc2768184} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:5488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5380 -childID 5 -isForBrowser -prefsHandle 5388 -prefMapHandle 5392 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b0875c2-0039-4caf-9761-81c02ac009db} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:5500
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6136 -childID 6 -isForBrowser -prefsHandle 2296 -prefMapHandle 6128 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30d804b7-cb8d-4f00-9252-a7685ebd63b2} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:5096
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4624 -childID 7 -isForBrowser -prefsHandle 6092 -prefMapHandle 4692 -prefsLen 27919 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f664c7c0-c548-451a-a4a4-3f62d0516201} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:3716
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6456 -childID 8 -isForBrowser -prefsHandle 6480 -prefMapHandle 6472 -prefsLen 27919 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ceb350b-17a7-49da-bb37-b401b8f43cc4} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:2192
- - C:\Users\Admin\Downloads\jre-8u431-windows-x64.exe
    "C:\Users\Admin\Downloads\jre-8u431-windows-x64.exe"
    3⤵
    - Executes dropped EXE
    PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\jds240762984.tmp\jre-8u431-windows-x64.exe
      "C:\Users\Admin\AppData\Local\Temp\jds240762984.tmp\jre-8u431-windows-x64.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2620 -childID 9 -isForBrowser -prefsHandle 2564 -prefMapHandle 2692 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4ee4dcf-0ee4-4a77-8bca-1cc107197ae2} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:4636
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7380 -childID 10 -isForBrowser -prefsHandle 7560 -prefMapHandle 7344 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {993b4a9c-b851-4d86-9032-8f58ef251a6b} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:5220
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8160 -childID 11 -isForBrowser -prefsHandle 8128 -prefMapHandle 8124 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a1def5e-5754-496d-8084-79915953908d} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:4880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8380 -childID 12 -isForBrowser -prefsHandle 8292 -prefMapHandle 8464 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e98c5e7-1ae3-4118-8271-d018a0616cf3} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:5420
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8436 -childID 13 -isForBrowser -prefsHandle 8440 -prefMapHandle 8444 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fab75862-0191-4ca7-a740-2d751f3bc3a7} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:2204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8776 -childID 14 -isForBrowser -prefsHandle 8692 -prefMapHandle 8680 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00a750b0-d448-4520-943b-18eed3bd1f16} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:1292
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9264 -childID 15 -isForBrowser -prefsHandle 9280 -prefMapHandle 9112 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba1ae4ca-0342-4eb5-81c3-d66bc678c698} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:4556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9288 -childID 16 -isForBrowser -prefsHandle 9340 -prefMapHandle 9276 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e7e469c-67dd-4f14-8b1c-8d35acdf3526} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:2908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9624 -childID 17 -isForBrowser -prefsHandle 9616 -prefMapHandle 9612 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {391980a9-6069-4c82-b89e-6fad858fa5c9} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:4724
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9776 -childID 18 -isForBrowser -prefsHandle 9656 -prefMapHandle 9644 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f45507d-0320-4dce-82f2-dd756fe4c80e} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:2088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10120 -childID 19 -isForBrowser -prefsHandle 10148 -prefMapHandle 10136 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28891cbc-a752-4f16-9dad-0aedd39463db} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:5472
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8336 -childID 20 -isForBrowser -prefsHandle 8352 -prefMapHandle 8412 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9ee10f6-0e80-4f55-bc36-228a1c4d3d0e} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:6024
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10088 -parentBuildID 20240401114208 -sandboxingKind 3 -prefsHandle 10192 -prefMapHandle 10196 -prefsLen 30573 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3727ca6b-c57d-4f53-8045-17aa6d5d7cd5} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" utility
    3⤵
    - Checks processor information in registry
    PID:5672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10512 -childID 21 -isForBrowser -prefsHandle 10508 -prefMapHandle 10504 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {366fe8c0-13bf-4821-9ca8-ea76cc81e516} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:6332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10484 -childID 22 -isForBrowser -prefsHandle 10176 -prefMapHandle 10500 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4168019c-277d-498c-9639-8b9b95914863} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:6340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10472 -childID 23 -isForBrowser -prefsHandle 10064 -prefMapHandle 10068 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6eccb397-0d2f-449a-ba53-dc67e6ef56a7} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:6348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10520 -childID 24 -isForBrowser -prefsHandle 8752 -prefMapHandle 10092 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d688c727-1faa-4a14-9ee4-a5149d72b518} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:6164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5368 -childID 25 -isForBrowser -prefsHandle 5732 -prefMapHandle 5592 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2e553af-089b-4820-93c1-5b267b894577} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:5756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5520 -parentBuildID 20240401114208 -prefsHandle 10092 -prefMapHandle 8752 -prefsLen 30573 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2d928d9-64b7-4710-9a55-591d028eb517} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" rdd
    3⤵
    PID:5944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10252 -childID 26 -isForBrowser -prefsHandle 10260 -prefMapHandle 10264 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d6d33d8-7473-4784-bcea-a620aa6e604b} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:2460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10268 -childID 27 -isForBrowser -prefsHandle 10792 -prefMapHandle 10216 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5427b096-fa6b-450b-8ae7-39575dc775d0} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:5864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10604 -childID 28 -isForBrowser -prefsHandle 10756 -prefMapHandle 10740 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {05748205-2229-4515-a52e-57c005ea2353} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:1768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10268 -childID 29 -isForBrowser -prefsHandle 4812 -prefMapHandle 6376 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73b1ea80-5367-4ce3-b753-5be34bc7eaa1} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:4472
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9696 -childID 30 -isForBrowser -prefsHandle 4620 -prefMapHandle 5048 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a182503-0cea-4940-a167-1d5687556ccf} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:5656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9324 -childID 31 -isForBrowser -prefsHandle 6568 -prefMapHandle 6444 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d38db86-ff17-4dfb-870d-f47858526604} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:5660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8476 -childID 32 -isForBrowser -prefsHandle 6268 -prefMapHandle 6620 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7fff65c7-2c55-4cdf-ab5f-985b5ace47c4} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:6672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11184 -childID 33 -isForBrowser -prefsHandle 6608 -prefMapHandle 11192 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {71db5177-92ca-4d45-8ab6-27f4b9845045} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:5492
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8476 -childID 34 -isForBrowser -prefsHandle 5352 -prefMapHandle 5296 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c2e2cc8-c153-46b1-a050-3a95f4293103} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:4528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10392 -childID 35 -isForBrowser -prefsHandle 7436 -prefMapHandle 8404 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {449176df-aab6-4806-9639-8cea7cc82e21} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:5828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8392 -childID 36 -isForBrowser -prefsHandle 10116 -prefMapHandle 10004 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4d37776-594f-416a-8388-7b618a7161fa} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:5936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10736 -childID 37 -isForBrowser -prefsHandle 11340 -prefMapHandle 11344 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c251019-f417-4a36-b7e4-25df06c9dbf4} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:6820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8404 -childID 38 -isForBrowser -prefsHandle 6688 -prefMapHandle 9920 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f7adec8-a72b-48b3-a753-3011a9ed8cf2} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:6352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11404 -childID 39 -isForBrowser -prefsHandle 10260 -prefMapHandle 10908 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79c6266e-8797-41ba-839a-ddfab660b725} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:6632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11404 -childID 40 -isForBrowser -prefsHandle 11648 -prefMapHandle 11644 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10623125-ef68-44c4-acde-470f6b966d31} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:6712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11796 -childID 41 -isForBrowser -prefsHandle 6564 -prefMapHandle 11816 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {566e374a-b069-4846-a58d-8b875d3d14f9} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:7200
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11768 -childID 42 -isForBrowser -prefsHandle 11820 -prefMapHandle 6512 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef554e6c-0135-4403-9b5e-85fb251082ec} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:7436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2748 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 9332 -prefMapHandle 11996 -prefsLen 30573 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bff98f9f-173f-4be5-abd5-5638e5c4a7b0} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" utility
    3⤵
    - Checks processor information in registry
    PID:7680
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11844 -childID 43 -isForBrowser -prefsHandle 6260 -prefMapHandle 8724 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f90d5727-9502-4de9-b4df-d99f2f4a3f6c} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:8160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10152 -childID 44 -isForBrowser -prefsHandle 12196 -prefMapHandle 12192 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc33b510-e250-40e0-aff3-14869008446a} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:8152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12320 -childID 45 -isForBrowser -prefsHandle 12324 -prefMapHandle 12328 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20c6ad4d-18d8-4794-b640-33ff70b31a5a} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:8180
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12404 -childID 46 -isForBrowser -prefsHandle 12296 -prefMapHandle 11212 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1512af97-f2b0-4a69-9a8e-6b311e4cc1a3} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12684 -childID 47 -isForBrowser -prefsHandle 12520 -prefMapHandle 12724 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38d4ab56-5e2f-40e2-890b-a0af322b9014} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:416
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12712 -childID 48 -isForBrowser -prefsHandle 12888 -prefMapHandle 12892 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {afee37d7-a266-472e-b96f-f2f00ab365d2} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:7560
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12376 -childID 49 -isForBrowser -prefsHandle 12380 -prefMapHandle 12760 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c64db132-f035-49de-8e9c-0de9f59827cf} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:6472
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13220 -childID 50 -isForBrowser -prefsHandle 13228 -prefMapHandle 13232 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59a66b03-75fe-42d5-b72a-787ed47d1bc0} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:4388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11592 -childID 51 -isForBrowser -prefsHandle 10908 -prefMapHandle 2684 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d782dc8-4210-4b43-a0d5-a5ee8d9d581e} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:5932
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6404 -childID 52 -isForBrowser -prefsHandle 11372 -prefMapHandle 11504 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {720b56d8-9677-4bbd-8957-85318e8a8df1} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:7768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11380 -childID 53 -isForBrowser -prefsHandle 11476 -prefMapHandle 10736 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {747c1fbb-250a-40e5-9c3f-51e164447a79} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:7788
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11524 -childID 54 -isForBrowser -prefsHandle 11780 -prefMapHandle 11488 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f19ad184-f388-40e2-b957-011355876fd3} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:7792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4284 -childID 55 -isForBrowser -prefsHandle 6124 -prefMapHandle 6400 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {babd8d12-e72a-4a86-9b39-5121d83bb5b5} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:7528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8340 -childID 56 -isForBrowser -prefsHandle 6624 -prefMapHandle 6092 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddc2966a-9d86-4e1e-9395-950fda3ed62d} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:228
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10176 -childID 57 -isForBrowser -prefsHandle 11280 -prefMapHandle 13304 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ced4c69-2d41-4506-88d6-88adb5d2c82b} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:2660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10612 -childID 58 -isForBrowser -prefsHandle 12176 -prefMapHandle 11128 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65b83987-e878-4ba9-8a27-9022d6ebba83} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:5580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10768 -childID 59 -isForBrowser -prefsHandle 6696 -prefMapHandle 8340 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a040c87d-f9f6-474e-8649-8b1795ad0256} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab
    3⤵
    PID:5356

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\48b8e4c0754c4ec590f42c7e7dce0693 /t 2000 /p 3508
1⤵
PID:7064

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4412

C:\Users\Admin\Downloads\jre-8u431-windows-x64.exe
"C:\Users\Admin\Downloads\jre-8u431-windows-x64.exe"
1⤵
- Executes dropped EXE
PID:6820
- C:\Users\Admin\AppData\Local\Temp\jds240904484.tmp\jre-8u431-windows-x64.exe
  "C:\Users\Admin\AppData\Local\Temp\jds240904484.tmp\jre-8u431-windows-x64.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2040

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\d8550344a069454796f54346c8cb01ec /t 6012 /p 2040
1⤵
PID:1912

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39fa855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:7832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
e753ecd76e14cbb65e3080c1f5fab1f4

SHA1
78255014d61ed622af8d0362da00a0989571b3e3

SHA256
1cdacf97e04e901ef5dac189335e829e241d8253c288bf12aae84aa539c2248f

SHA512
6e5d5559965662a9eb4c639da317031297c949af0c33408882156d4a286f0423b37af9166c9a28ecc707dee2d3b2ef1b42f50cffdd59f9151e2187e91eb95557

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
e41527b6c6edbd1c4640041d4bc653d0

SHA1
40e31a73fb2bad0366f6ebd6ac4eebdf91aa9331

SHA256
22711c82024af0731a80a571ccf6dc812d2dd15253929d49c79e9ac088f6c3ae

SHA512
0bd24f12ee2c27bf13d5b2641121f9d3b5e31f9edd0dfe5168536ac29bf2d5b77f117704d83bac1ad8672d82b74cac72fb78723f94e025bb1581f5e6787ad08e

Download Submit
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_431_x64\Java3BillDevices.png

Filesize
27KB

MD5
8e52efc6798ed074072f527309a1ba25

SHA1
347d4c6b4f92e7315d9b199a97dd5cf7d86b2431

SHA256
12491ebc4eb99bf014d3bc44f770114bde013e84cbec2633303559a8c6e5f991

SHA512
0653c6e7f94ac36fe555db3eda8465f99d17cdbab91ea6413c6bd68dbbbb4db5df06e5d62768f6f4dfcef8d207d771e0b6924adfe403b92729bc4c5689e4fca7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\activity-stream.discovery_stream.json

Filesize
25KB

MD5
efe7dc1f8f37dc98fb9ee7fdb5341031

SHA1
819a16ae1de5148498f43dac0be7bbf8d0a2dcd1

SHA256
e372e121d9fa67fa10693bc8b12c97ad301db0935ad5a771f776012502a7e341

SHA512
12067ef44560d7ff7230fd5b5cd0a2fedfcf9b9e2f8e0061dec6adaaccecfd65c1cb0eed5a7dde39b494cc9d34866af127f7fdf37d50eba18db0a5a24ae74e24

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\doomed\14134

Filesize
7KB

MD5
1a7f25f1da36aa49ee5bc9b441d62375

SHA1
3fa8f7b4bba474d10afe0b713b25780ce25bfb1f

SHA256
5015c3ff3897096106d99409a4f4c4094489a063497f389795592335936654ee

SHA512
cc7f3962ad13669f7e59ab680c1ab4fa5215ff55cbc396bfc85c7a0357299cc648a24af81c9710ceda5583b51417bb06e12da914f961500d18bc0af32a6b28dc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\doomed\18657

Filesize
11KB

MD5
a0b28772b864e0aabba7325883ddd891

SHA1
30800376c065d3b68500f265ce20c8f19b572511

SHA256
eb908c2ea9ebd690c548f7a3c3062eeddf25154624b2f7334dc72b0f20db180d

SHA512
6087d0e7a949894e8c224021e9b360c0435014b27bfcdd829c43454ddafaba6ea8e4c9b3983d391a87317792d540e3ae80e078f8d8b96a1abbc77ecd2f3de942

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\doomed\20041

Filesize
5.8MB

MD5
4f47052f513b4ef87eaad89b804bb293

SHA1
0c517afd3f85b4d082cc77db450e2bc83ebd45b5

SHA256
24552bfe0bac978277b98d9949dbd251bf473850cc871d1d8e409a362919daaf

SHA512
cb00ecab24b719d9acebbdfab34e88e5ebdce6b9df0f3cac6ecd3bf06fe9d6784e3184a4db6582af75698900df6d78baf14152f1c81b24eba5c1b64cd9323e0c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\doomed\29274

Filesize
33KB

MD5
54f0ae6153359a4dd302d0755fc93bb5

SHA1
9f72aded27d132caa17070d13500eca5f831da26

SHA256
f5f30406052c77c2e44f36e0d1bc94c6984b769dbde8079c86a579b4223f05c5

SHA512
d24655b6a4d01ae15a070f05513a13f0caa38190e24038149e70a14a685ad446d37b415ee2125c3f2a3607757c1ef01839d63a3b0d9221a0c444b0635b10285f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\doomed\7588

Filesize
4.0MB

MD5
11b5d7912b497245266ceb3c02fdbd6c

SHA1
3ad902954d551a35ee9263d955df27723292f236

SHA256
7102ea1c846f43061b1ba2edee718c71c920174a5011b6bfe13bf09ef2cc3cfd

SHA512
35c8c41a27bcaf38e5cbc9836345c9a5bc83155d6210c0c041516004adfcbf141a14fdf54f68deffcb4563153c1b6204167671f2ca31fe4e3f03c0cf34604cad

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\030023B6D00F4B435C7191D915BA30A315E5FF3A

Filesize
25KB

MD5
cc9cab2c9a4aaad501400dd7ab98dedf

SHA1
d5069ecde867f8a80cc867f5733079a02d48745b

SHA256
bb7eec0cc85e2e90ea3f01b2edd9f7c89eb6bcd6002ec2dee615186804fc5390

SHA512
c6b1d330320c64bb52b984c6044d2bf9ec3ff847b73cd5ab726bcbee000d3241dbca8a6870c23ec35e51621e01bb31b61ba9afda3977d0ca46d81edb87d6dcd4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\219F18B59CFBAEB224CCC3162FFA1BD08C495212

Filesize
39KB

MD5
b6670e659f136a63f8f0cd927a565c2a

SHA1
2805844c9e2e882c72e777f6b785aad82558a002

SHA256
05df73697dcfcfe255e2c480d748048a6ea557fcdc0302f78b16fa8a0154bbca

SHA512
bcd502917cc57b51ae103c2821c349ec758957e3952d56b611835ad3c1db571cffbd90847a6580b2f540847f9a52dca66e2f4a731b8aad24657a262c27b1c535

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\23FB114B3D9508B13B3FFB93EE562A3C1E2303EB

Filesize
25KB

MD5
320f631b6e9861f39b2db273bfd26ff1

SHA1
99ef7e126abed2f087f24d1b008c9abe7e87846a

SHA256
82759885c3c2a33ef9cf12e1e9b0158cf1f41d056a5b265d8f6015097baa51e6

SHA512
2fb46f8395df113d9e32f33c084c797207b7ba4cc0e37bccc44fc6a1fbd5b60b36c3c7303c48ec4bfdcb25c82327ac593959ee92b4ea1331fdca9615a8af8771

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\2FD865645EAAF0607303E4AACF8305F249B13498

Filesize
5.6MB

MD5
cad98f20c9a8eae30a13e3bcdfc8f34b

SHA1
db0d7aa43afd415646285e26390aaf60099e40e7

SHA256
929d887f6d658398649d4a6cfaa23d46351bbf28cf26317b50715e124f088302

SHA512
5835ed5412635f3ea371bb6267f8df68b7bd5dd432e0851345901433b2ef8f30176e3cbd310279b812f3e3f6d2aa32c4e9a6db324535784db83636e0322f377b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\30416D929506067F3C85BBAD582FD44250A0C721

Filesize
62KB

MD5
de9e3fde7aab243ed33d2eeced400209

SHA1
7b6c046f905cb63a9fd3219bfdccfad0a6c0efe0

SHA256
de4f39f881c2291d62645a9fec17f5805fd8408997d484fd38991a517896dedc

SHA512
27b42e92507a06621b6298b80ecff98bc61e159e845fac817ae2b71ebaf18e6166abca67ea29385b477e7663cd13974db30b0b9e062248dacd0a00438c3b7425

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\38EEC9C054A68E6A6BDF7B3FE4E840C27BD37EB3

Filesize
145KB

MD5
b35269b20c42bdf197628fe7d63621e9

SHA1
15ebd7b144890d7e4246383d37846e9b1044396c

SHA256
105282bcfcca6b4c89ffbeb9287f0c7861d05d127520ac220c7fdaf70f6ec80b

SHA512
ff4a411347338790f315e0878f34529c9a5a9ef8d68c8d5cfcd053b40e76ef60443ca1d7c1aa8dead4d27d181c23b62be21706eb25ae083c313924fcd0019fad

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\45CB607B2BF58F16E6796BCD27E8F70463767730

Filesize
61KB

MD5
188a7be2378ee2f5c45603547a59e7c6

SHA1
b5917698b4a88b70c982aae8d88ac6afc69cc1b8

SHA256
5434f4a27807bf01882477be11ebee464a8d795f90372b60d600a1a005e52e2c

SHA512
a9417f11b2f39ee5df176febba9233d0743cf0451feefce6ff253e1dbf75f1cb3a82d593368ee92c4ca1a950794e89e9c1035f623a7e7c71250eb6e0eb965e53

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\48CE8F6EC90BE39DA275FE3BC27882603D848154

Filesize
34KB

MD5
862575018d696fd75d22e5c589c17a5a

SHA1
f821ee5a4c213ecf3d75a99136d52749e7909146

SHA256
4baf1850927d23776365b5445c538efa06fc70da0db9e1f89b09a8e1f129c82a

SHA512
aafb7f3283f0532e54343a6c55d5673cdbb5ae2f306ada3af36c0132454a8116bd6c2f86bdec7c06b3c5dd547b6d76f3d3a3f4b6c7a85d950d057aa4713f6262

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\5617C2BB77122AC13DC0FB65336A8386EC872F9E

Filesize
21KB

MD5
51e3551a1a079f9ff4839bca20fb90f9

SHA1
c8e10eedcc75d52d40a9308c069c7943a3ee8f38

SHA256
44094f81dce14a5e3ad8c59b72d72d01de3bb2ef86774e1f07bf8b92e8120f52

SHA512
eb8c8ad658a3d9fb62a99a68597757a6ad48ae72f8b2f6b2aa45ede32d5fa82a765f119139ff93bf00fcad6618da80d6f8ed83cc008a1a1f29cf71155ce1649e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\5A96F086BB7A3FF6857DF05C021C96F66BC59837

Filesize
57KB

MD5
7b40a9311a30090349e39dcb914e1e1b

SHA1
5b626a45cfff47c95629ae252440bdb56e8934c6

SHA256
720d84c6bc92a8a8f0b1bd04d9af97b820cfdd99b5a980a641bb8a2cbee0b45f

SHA512
93928a9912d4c1ad82822767b3aebbebeddaa644efa3eee934080b90d0114d4c068cb479256e8b0ebfeb7fff3e129d9fb2bd311eb4f492c8ab0179992f1edc9b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD

Filesize
32KB

MD5
2198256b2e60ecc71d907e408c634f7c

SHA1
33d40febc42dfe985751ea4d84848d86fdabd5bd

SHA256
8f0d1c6165024f01a557ae313481356bf9195bd8ced75d7a626a75285781b2f2

SHA512
f9b7b7c005c5f610e81a019e7e243250a07c4abe435879c5125651abceae9aa34a770e62af82f574f901848b0051fc7dd12a43990531c1c6f0a3b280c8390f27

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\619FDFDA0FBA4BCA0E20F1CF6F1CB9C9A1DA9A20

Filesize
20KB

MD5
e6c0d7cf279bdfc1f96686e50b4a173a

SHA1
016b6aef1fd713455fca98babcc617b41982c752

SHA256
655fd1a8b6c1e4de156bff45e0469ad3b3f1a04f5e4d5582e029bc08e7f58118

SHA512
777f4ef9d4af028f74e7f8639761e0b388bd20f1790434a272952da6c8be0f3a749c3bcd88671de918325b7b43a008756c55efa58e9e2dfd07d2776c64ba0c03

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\659954EB3DA5F4D5683518B98C6DA2C8396E501D

Filesize
17KB

MD5
745165875625fdf0a774d8d47817b14d

SHA1
aec0e0ecb2a805d56acdc0584cfacc9d8115310e

SHA256
29fb4890a0103aaa679fcb1750cc1ac40dd41e1c686b16567e469d4ba465c13d

SHA512
4e9dc4a7370858a4cd35279122f2e8bea9c340d01b28aeffd4633eb5355fb7ba1a03c31c97f13aca5f11969035fdbc576596fd7000156ab80d9389e7b1988136

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\6675F83157A27275AB7C98B98A4C0E4BD34CF038

Filesize
56KB

MD5
af736d54af6951755156ddf322260d6e

SHA1
48abcc3fb3ea664e421d89e059f77221fb8e315e

SHA256
a9851c0d905e6cbaf62afaf70c15d24a31c4b5e1442322120c05b938a265a2ae

SHA512
49f3692f5e45fb5abce662ed1850a7169d6064603f95dd12748e2f8653a7aca03a13368824c3a5fb630beb46418825fc055b165a4ef9e79274fa58e0618855c5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\677B80A25A006EDCC273545819E7C8B9A97E5201

Filesize
45KB

MD5
97309dce2f43a2ee324e717e443c164e

SHA1
2171b95661e012183456bbff284778856e2f98da

SHA256
4bdcf14b254285f0c527aa4477840b6143db5e39494602be97a804a57f28fd0c

SHA512
45adde96fd82f6c7c4591e2fe379108c626d8cbf336153df532b3439809b2fb06dc3b482e6a05b49002e85fe67dbc3d057cea60c0dda5f045bbd5c7e76f744ba

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\6D706F2C648084F3CB3534882828E2B7636CFC1A

Filesize
19KB

MD5
a226eadd09d5a8bcd9fccae719ce3eeb

SHA1
f18fb4f1ae3c73a64254cc93b7e583fde6f15084

SHA256
2f5b007cf6244ad6d3794c9e24ed44dba9a6a05cc3d099199d44c833b6c9e269

SHA512
6ae8300cac611356c6514e94f7d07789631a55ccf4a64bb969f2def6ac2d6803f704a1a6516343393e4760a39b6ad88f8308094a7a54589d40f70123f22680fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\7D55F73D961C78D9EF6CAC8E40765073A3BDD7CF

Filesize
1.0MB

MD5
df39f4aa8c38eb58925f5c8f3dbeee27

SHA1
f99c193d706a947c87e5a0525c371b4a8af88ab5

SHA256
6125c5fc4232d16fe685add36c0f08b3479844ad967de473d49461f8dfc4ef58

SHA512
c6df8a19e9132c12e0cc150ff21dd89b39643b7cb30b9b040a1a95d28f14d1cdd3e8a21be49c8e417f14a468a5588f88b9e60d0edafe4ef42068fdd342024b51

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\8888620FCCCF2F0CD3024569BF10FE8A2F51F649

Filesize
45KB

MD5
3339de657038632a3e428d26899da035

SHA1
b0d244f4bfe5b26161ce55e7f29c06d8b6417b24

SHA256
f699d24d85da8a6b91d7bd48abe1c144177e1e85e80623b782703c60ae6c84f7

SHA512
863e95cadc589fd0019515ab63779e2094033d7cf0b7bf69dd9154666dea0b702ba80da62aad86167f9aa459d1ad95e043d35eb1e065e545b2d51b6aed84f483

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\A84D6F23A3C4FF0EA8705354833EADFF3E319CF7

Filesize
14KB

MD5
c94d8f600e8170f91364e30f9a09f914

SHA1
eb31a171888532725d577dd54530ebfb474886ee

SHA256
4eaaaa53f6bb84f44996c13627b2d4ba29e5387874910ccd2becbfd685249016

SHA512
1768882237015ec6d95b56f9c586e8ce095c1a321c55315d42e966f085935e0473af9411899b0ecece351231b65ec66022993f0317436eec4496e26ef944aabf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\B04A5D391986E5F6CDCE95D245DB557E663ACA1B

Filesize
41KB

MD5
d3e7ffac38457ef92ec74fb734cf8df5

SHA1
20b9f670cac9c8b36394c6cec2c29403bdab6f66

SHA256
a4f35b6592f903a789fad0e67c04554d776223fca05e65232d342af345ab0b32

SHA512
99640eb4fee159b98c25f1989385b4ce618141c43a0dcf7f5383ea52a25a08e2a4b650c21cb9568086e9c3b7ae7de45d189f32066a2c1f27d2cb359b9a196e10

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\BC27801247C43DD3A2AE922BC96F2DA551DCD859

Filesize
15KB

MD5
054b95056dccae5e5c8e6ecaca36bcf9

SHA1
3f98e3095b794c4967eaaf5f8e3dcbe5c3103dd6

SHA256
aeacdf8cc13ab6da321153be384307f2fa3dc11cc3544ccdef030608872f7d41

SHA512
6b8332728deea856fe6c9c3d524ac73a6bb1f3dc72d23c1d422706758491adf10ab7357bc6983ed6ba26c39a2b23aeca4e003b6678c5de8240ce19ebdceda9c4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\C20D6E948C95171754338D15DA702FCB62A52108

Filesize
92KB

MD5
961c11a78777addc624b2286dbe75dc6

SHA1
f4a3bb16f40f40db829002bc329b67f05112149d

SHA256
4c5e150a32683779e805114d57117170774d6ad30a24bec6efae25684fb079e8

SHA512
1561a3c0cb5e78b7008d2e421ec341f59b4290bd3ee85832b205cf76bba9f315dd6c2348e87a272171f82db2c46145911540fa47dff9fb6c9510ed50226e6411

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\CAA4FFEA60170965F0C665887DF9E787A5D356A1

Filesize
14KB

MD5
4ae0b256815349c732197935828c3373

SHA1
66bc7f7d4bf2a8f79cb3662fda7c60df2439741d

SHA256
eff63aa0961bdf7fb861fc5d20ac3219e47f8209c19c7a2a13059ae4c3360063

SHA512
debf8c14a01621c6f6a76a995b97a2ab52adedbddd57d0ae957ba1ca416f21d91037e1cdd15659bf909bfce413621d75073df416444edcf2a2ee9472f75cb6c8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\DCE46386E0518CC247A6C333315C1AB3C6C0AF2D

Filesize
83KB

MD5
93fada625dbc2a8f574f7c5f155699e9

SHA1
19315e887fbfbc23e95a817dd99651b8b06d2151

SHA256
ec24b9a72783d40eb1201b9ff182b6ee26de7cf2e08c2cf61496de3b863fdf43

SHA512
5dd29522c20f9d8102be172b1bb07d72be086aecfa2bcc38ce162ca737a6747b2b8ab80bd5b8ac6c0345355d3f3b193383ec4994797b34872b1a83592eaf24b9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\DE26D147DBE5569F31980C868C430E7A30A282CD

Filesize
30KB

MD5
74dbdf4ec70f39a631eecf2c61be8c65

SHA1
fd799f96af462bf0257aebb2b629ac556c664d49

SHA256
90eb66b1e23d8b59828ea07e5f1a5d97b8f282746102b9a2c81b635f1a6bba21

SHA512
68b4ba00abb609d6bbf60e253097dff4d3dc721037997156d131a48646267dec3b89cb67f09a5e440b5d16bf9c8291dbbb302cf1280cb6b9e796530869270d14

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\EA87465A6B977981215042B94E7AB9FECDDEE708

Filesize
20KB

MD5
d4d64966baec84bd122500a492832273

SHA1
96261bbaf681acd7d76d51faef87778a739263df

SHA256
4d17a4ddf45798297ca46b000d0e1211412249344987660f7c778a2671fa9f76

SHA512
a494ec3b11bde18dae72428aac72e15fbc182214955cabe14365466f0702b7c80dd15feeff45831340ec6b4ae6c382d2a3ca6e3913dbf4bfd64f391d46a76e03

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
185KB

MD5
be71c4f4801029bea5d46de5030fb80b

SHA1
43b48b7724b7acecc2afcdb0fa115276cdb2bce1

SHA256
d07899e7a768f2a7c6e7e737e3dd0623d9ef9c04dd182da7869daf4330419c66

SHA512
bc898aab4fdf70bb32b1743236fd6aa7b891e62379f6b3e006f1f18e3601cbc1ff777f117d8521de082adc233f6fd29869739313b27eb9484e5c7816155bc4eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
186KB

MD5
ff488cceda3a6b3e2012551eb39f6d60

SHA1
d8f3cc2ee2d7a2c400bc9dfcee09803f7d7f6538

SHA256
56193189fa292a4ae5bc42cd3951e80d6d723e03330873bd83a8c0463a554125

SHA512
74965d4c557d02ccd9bb9a836c25d391e51fe1139eed204f4dd097170959eaf87bf5b52b014407a15a2596fa9866d5620129ef69a8a822dac71ec296a6a2d404

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
187KB

MD5
bb31aeb7a4d731a876d91c4cde48dcb2

SHA1
3e0af910c1babb4887ece71a3684a7b2ee25ba70

SHA256
9df5571c5bcf11209fb1c9e234f121290c8b9b0995735b77aab9272a52583bc5

SHA512
dd91ef167ddaafbe35e87ac6f2d557c2cba5012e8190830a7abb4304611ac2c09754740459e852fca618c3471fa545b255ac9499c5195e851da71da51b62c36c

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
164KB

MD5
4c6e4b59a46a38070c68cd1b44efa8da

SHA1
1acfaebfa6e708536c1421c037fa24b673f565c0

SHA256
394b392a0c10b794fa35d5b4b5295fd8963531ecd33b5e652fa8c0d315d8e523

SHA512
ec040526e9c3be6c85d19a1851f96f1b1bc5e1db712ad5225af2bcd0f9226e1ac9e1d0c15407a6f0f722275850d0f1ad36466cac135a095fdc599daa11a32d95

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
166KB

MD5
81d0b22aed6b97c73f157350ac871e13

SHA1
f81234fea1b53d539e05263fc9eafe9cf1503a8a

SHA256
27be26438c807a7e63643dd2c07f30146c735b5b5652f00e443feddb4c458952

SHA512
e8eddcfbe5e96b46c9a3c9c712160c668d4aac8950d51c4bd741bb91fcee9cb96e1fce578a2a0a5e08e0d9080415c17e052c7887d1792c5544eea8ace118fad8

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\AlternateServices.bin

Filesize
7KB

MD5
417cadfb341206b25751246134029698

SHA1
b5e4a909d985de2cacd8eabcccdc42d5093e025b

SHA256
e4b7e0e54bfe2afd42ea4cbfaa9f08180f39953e3f82cd3aaeddfec657299001

SHA512
47355be3165f261c9b2e020f20ef0412c6044f42c8208566b9e3900cf5bf79c4c7cb21d2f71ba2e0b1c90f5c91415591d7b0cd66565aefd40829e98c8aca65d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\AlternateServices.bin

Filesize
12KB

MD5
9476ee356c23bb1fad292a9d3a8caeab

SHA1
607bc71e17b2af8e03f93d18650b92c46cbc00e7

SHA256
574f9ddf425704822914b0fa6e951bfcb546909131df09b475f1650fd7bc8211

SHA512
1862b57d58ebdc191e433b312b09f6368ea76d83f806376f0ad3fadf7260b4a3348524b505bfa288cfc8826b9ef4fb565584eff566a2b6796cfe08a9a0d427c7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\datareporting\glean\db\data.safe.tmp

Filesize
34KB

MD5
e0a8e0dc7cd8f506b23d6958bcfcc0fc

SHA1
c9d30d229f508c469521ec8fd0db025c1cbc877f

SHA256
9d1aef2c986f0c0889aaa064529a63636f22feecb794f1a1964a009910a623b8

SHA512
2d295ef75a98a281852c90a9fe803300c0689ac1affa24f8aaa1821610762e6120b75ac3c6febf1c157e8d83a7d4e2117b6ffa4e09738b96584b410fba4381b8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
b0ada659658bc6b2a44becd467e50140

SHA1
e499a27e02364106321ec4322afacca1c2d7b144

SHA256
02a43f4cc062d4b2e1e555e45352629c4c3667ba70981d35e75608afc82c4d1f

SHA512
40046967006a98c6e652ac5aaeb1f9ce05130d37b85670e977e32c26e738f2d20e8c60996ec54f94d70cb986c11aab6145bf79576187dc6b9c16cbb77d2af753

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
beea466aeb95f1529740e8de6275b983

SHA1
52d36fb72a681d0f88917328d0cc3bea6f6a8875

SHA256
b845284be6eb237bbcdeb295c9c8b493f2356f72f12f43346250fc8984d1cb0b

SHA512
c171bd7cbf7e63e59323e1f2d069a338e72c2c294fb3f04f3c8a9811ca2eb70dde59712ae918c04938bdb43c99e71b7a3fb4af1edbea84db4a2800eedf9d32da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
a304bd52c608064365d3878a547d7a09

SHA1
4597651218ec8a0a6b7cd6196a6318f49c929b64

SHA256
7494641cf82d5ee83c2d11537d7af068ee28969635a83e61842489dcc042a617

SHA512
e8293c27231cc4aea3a1fd32bf37834376c0962144f73a26ac716876ea52d6bd1c03c5aa1c181ccbed0e082c94583825f4755a982141b6f39f1ad891ba97e2fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\datareporting\glean\pending_pings\1e32b14c-b45a-4422-aa68-ae4a4bbfca63

Filesize
982B

MD5
28058615e911e2020a11ac89c88b26d2

SHA1
9a54b129c8fe31e11023d2be21e98023ae2d63dc

SHA256
93810383b8fbcd037c82f6585a0617c1322bf55278dcc825627a92c08ea44705

SHA512
bf52a1f0a35a7ed2d5587aeebefce82f3734fa4dda3746802c9c7046f0ee7a8fa0c382a7bfa68647717a078a03b0ba12f83d603adcc0c8e963fbd8d82501b0f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\datareporting\glean\pending_pings\55bbbd15-dea5-41c7-ab99-61732c95449a

Filesize
659B

MD5
74acee26501f85ec264f9b81a2dae997

SHA1
889381a0c1f116617e3075e1cdd53925c502bb92

SHA256
933c7d379875a13eefa7d86c2996b000e6b788da57698d44f2f5bab53d80a99d

SHA512
d7eb97d46d413bdc1e9d74f88a75568a919192ab0270bdf6a39f47977c65fcd132f8307983b4d0f81f4735d17bf03a708ef18761b37657f361d657b992c1ccc3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\prefs-1.js

Filesize
11KB

MD5
a57a00d3926b28459ebe6e5138f6befc

SHA1
cb85a90588de8c9af6106345123899bcc1cdcae2

SHA256
ffb2dccd70c77e97a2b85baeb3fd3bcaa0e44bf0d4cdc3bea4ade6bc2dd98748

SHA512
1b60e522b4e70f35bbec82b7792113d800775a4e1333d2530964e79992cc8305ac0415916a5448b7685a80df40076d155c6b9899c1ead1c90ff42fa8c3bba571

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\prefs-1.js

Filesize
12KB

MD5
a9f51e9d4206dfda08fd2c54374e2bff

SHA1
b9d9e5fca4b92f7bf0e8ad9ddb174ffa65984892

SHA256
6a15242176cfb1193169523cd05cd29ca46492d49ff8163a7f64974966a3871d

SHA512
cec9b0227af2395a208e7d121169109ab5a03569c9ee07110c40b34c559c4cd0a9ba205883dcca1a5e945c459c29643cc578b4ddafc4a8afdffb368c9063947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
9f807635c4b5803a91f87379bacf4aa7

SHA1
7e010696b521d319630131c8181b6b753b98511c

SHA256
4d903872f1b78bc3f580552c5d9ed05ed636b1d50187218504d88ed259ce30a2

SHA512
effa84623dbc76f1100d1f419e1ce3bff2662449d439d7262b07a6608210af868900d664168db1c03af9d3917b60fab39ed6c44bc415214ac9d9488b1324c3c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
cc44803d5e82f57e010921d2fd0d0696

SHA1
428f3a91bbeb19d25199740db3afc2370b367a37

SHA256
b31b6de666a09b4a666e111f02635ae5329cb1f12d7f3a5a69f996ff2b0982e0

SHA512
4e28e4c719d15cf696e9a4f1068d203ba3f9c0fad805d3f4c35ac940b340b78e82e265eb9cfb6679909a33ac3dafa2a9e0bc68fc9d95f249f2a9ea753fbffd91

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
96a6a828abd8fe33cf33f76464064ccf

SHA1
786aa43dfe4162fa4ccc52024a10df35fa79c419

SHA256
5bb7e0c2ac5e78fc12cf6c16c7cccb111360e3bffcc5488e79f17e6dfe397e84

SHA512
e2ef550a1f8bd16730c54d7893e3e4ce36a48048d8c4188149a03c2f680b4464f775737ad3d67528a0cd32725fa0e480340214634fa9350368e98313d7842142

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
4f01d0678015ab964ed69bd65a78ccc2

SHA1
32f9b3c048f28669f1778d8faf8238eb78c2dcb8

SHA256
8d5913f61a68facd6ef26c1d3dbe6367f7f3f2694de6302b30653cf9330a2e57

SHA512
b2e189b3990544bb89e9ecfadd9a72b1de21c6dd30460df1f4f0f5d41f371921939b098ba20ce2f7d4d696e2caed34b4833564b2560ce22c743bbb35029c8f03

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\sessionstore-backups\recovery.baklz4

Filesize
194KB

MD5
6a1d046b044ce5916e18a6b7e7f12f32

SHA1
710bdb6d3e185e9d98ad8bed98b417ad48bf8a0c

SHA256
a02d9db342b78e7c023de8e2c8ee5504b2d65c440dd549b4e2498d8a6e0f5f26

SHA512
adb784d0319bf9916fb47d81e6c5b940b71af0435d3f2f9e650ea4110c9a01145d8eb817ac6b94627427b76e27496b26e733a7280558f64c6660b30a22098601

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\sessionstore-backups\recovery.baklz4

Filesize
24KB

MD5
264081507592addc836bc43e0264f898

SHA1
1d1809c2cae2cf01eb45b359d5857745cfcc565a

SHA256
36d450a5359761c0d294bd59662488d9ad685eba67cef4776f48c9781c2455b0

SHA512
afaf3f87ca6c8fa11fd49a29a456c71e125f8ffb210b6e8610035d82b05218ff7bd4480a996d67cef6f91ccc16ed369833a3dea87b8331743dcc345e59d7f2e8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
155d41e50c91891d79965e372bfa6a1c

SHA1
393c4a9a2433d35ffa121b5ddc601095fa73edc8

SHA256
c95b9806595fa214a355c0112731638708291ab46084e62343b3a67b54ccf628

SHA512
7eb5309973b0828b732507d291667fd1e5b79eaa706db19094a2ebca6f73c0ffec425883822af49a92049afcca452aba42ec86c95759f50643cc61e82b73338f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
97c2f92cb04532441d254880481eb9dc

SHA1
42690d3a9ec5a261d56cf006587f7d4dc7412b93

SHA256
fa2462a27cf115d469ca1685b32d743505ee07ee685ba7a66fe59bce51d055e3

SHA512
2e33c026c9eb5fa0c0a1e46143ac6619ce08abff82ae8dcb884cc352fa92dd48ed83486d706a8189d425087973635a84904ae1735a124c74d1c7974d29391233

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
c59f98bfbf441928bfe9153f1ba6cf0a

SHA1
0c6097264637d39e98bb30c6410dd47171da8660

SHA256
26dc3460c236ab42f290ee025830bbe5a848481e0856a4f81bf9fb6e5b73c7d6

SHA512
9c0eb850b739f63f6e9d3de27a22546eaabfac5cbd8050fb7650f22dd6f51ca5eb3970750051b1e84c2e5662b4468a1c1aa6f135684974da02e8e78829638958

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
cc9b0506c492eb9eba8e92770f87a004

SHA1
78fbefa4c0bc1315bb3dc4dd5a476ca7b891e68e

SHA256
87b2c0223272c6b9cc7d4c22a38e69376217bbcbe31c8eec6221781de9ed6fee

SHA512
2da8a631c3f0c86351c61880a087056d0cdd8bd28a3326eb9bf77012a2453f1ecd6a92f647ff98b9a970a05608ce6a808b22de8b9a6160756254b4f2f8349a14

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\sessionstore-backups\recovery.baklz4

Filesize
22KB

MD5
d43e79a9f543fa59f29b9409c636b088

SHA1
237fb6f8bd1ff4e130fd6c1d798771d9451e1e14

SHA256
a5b30aed746ffc539c01cba8f8643b4642f4b988094a1927cdb8e73997928140

SHA512
ebef211b44848514c268e8d390d89adc80f1396e0883817a7bc8469b3c8958bf7d3528705c3d637f003b9013bdeedae51e867a14c7a485bde13253fb6c75eff4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\storage\default\https+++5bb6406ec4aef8a4a9d77d00402108c5.safeframe.googlesyndication.com^partitionKey=%28https%2Cwhatismyipaddress.com%29\idb\12183338011.sqlite

Filesize
48KB

MD5
0de35648520fe276a0425c052ac9b36f

SHA1
65339f20c9a93a5c3bb264427f1b833f82002d56

SHA256
038dbbd1b2ed997e0037cba49fa7c52aa9f4964e222b5210b88909f9c4402e42

SHA512
7c1e2675a8428726ef01e93cdf71ce144826a6c2e62d84e98450ea9065ce2b4744fa7c1e071f650c321ecd38e6fe5ef5d15b3f36deffc040ffd44b4e3ef4d5e2

Download Submit
memory/3016-45-0x00000258ABD10000-0x00000258ABD20000-memory.dmp

Filesize
64KB

Download
memory/3016-37-0x00000258ABD50000-0x00000258ABD60000-memory.dmp

Filesize
64KB

Download
memory/3016-4319-0x00000258ABCC0000-0x00000258ABCD0000-memory.dmp

Filesize
64KB

Download
memory/3016-4320-0x00000258ABCD0000-0x00000258ABCE0000-memory.dmp

Filesize
64KB

Download
memory/3016-4321-0x00000258ABCE0000-0x00000258ABCF0000-memory.dmp

Filesize
64KB

Download
memory/3016-4322-0x00000258ABCF0000-0x00000258ABD00000-memory.dmp

Filesize
64KB

Download
memory/3016-2-0x00000258ABA50000-0x00000258ABCC0000-memory.dmp

Filesize
2.4MB

Download
memory/3016-4323-0x00000258ABD00000-0x00000258ABD10000-memory.dmp

Filesize
64KB

Download
memory/3016-65-0x00000258ABD70000-0x00000258ABD80000-memory.dmp

Filesize
64KB

Download
memory/3016-63-0x00000258ABD60000-0x00000258ABD70000-memory.dmp

Filesize
64KB

Download
memory/3016-56-0x00000258AA180000-0x00000258AA181000-memory.dmp

Filesize
4KB

Download
memory/3016-55-0x00000258ABD60000-0x00000258ABD70000-memory.dmp

Filesize
64KB

Download
memory/3016-54-0x00000258AA180000-0x00000258AA181000-memory.dmp

Filesize
4KB

Download
memory/3016-51-0x00000258AA180000-0x00000258AA181000-memory.dmp

Filesize
4KB

Download
memory/3016-48-0x00000258ABD40000-0x00000258ABD50000-memory.dmp

Filesize
64KB

Download
memory/3016-47-0x00000258ABD30000-0x00000258ABD40000-memory.dmp

Filesize
64KB

Download
memory/3016-4324-0x00000258ABD10000-0x00000258ABD20000-memory.dmp

Filesize
64KB

Download
memory/3016-46-0x00000258ABD20000-0x00000258ABD30000-memory.dmp

Filesize
64KB

Download
memory/3016-1038-0x00000258ABD80000-0x00000258ABD90000-memory.dmp

Filesize
64KB

Download
memory/3016-44-0x00000258ABD00000-0x00000258ABD10000-memory.dmp

Filesize
64KB

Download
memory/3016-43-0x00000258ABCF0000-0x00000258ABD00000-memory.dmp

Filesize
64KB

Download
memory/3016-41-0x00000258ABCE0000-0x00000258ABCF0000-memory.dmp

Filesize
64KB

Download
memory/3016-40-0x00000258ABCD0000-0x00000258ABCE0000-memory.dmp

Filesize
64KB

Download
memory/3016-39-0x00000258ABCC0000-0x00000258ABCD0000-memory.dmp

Filesize
64KB

Download
memory/3016-1039-0x00000258ABDA0000-0x00000258ABDB0000-memory.dmp

Filesize
64KB

Download
memory/3016-4325-0x00000258ABD20000-0x00000258ABD30000-memory.dmp

Filesize
64KB

Download
memory/3016-38-0x00000258AA180000-0x00000258AA181000-memory.dmp

Filesize
4KB

Download
memory/3016-4327-0x00000258ABA50000-0x00000258ABCC0000-memory.dmp

Filesize
2.4MB

Download
memory/3016-1009-0x00000258ABDA0000-0x00000258ABDB0000-memory.dmp

Filesize
64KB

Download
memory/3016-4328-0x00000258ABD50000-0x00000258ABD60000-memory.dmp

Filesize
64KB

Download
memory/3016-33-0x00000258AA180000-0x00000258AA181000-memory.dmp

Filesize
4KB

Download
memory/3016-31-0x00000258ABD40000-0x00000258ABD50000-memory.dmp

Filesize
64KB

Download
memory/3016-32-0x00000258ABA50000-0x00000258ABCC0000-memory.dmp

Filesize
2.4MB

Download
memory/3016-30-0x00000258ABD30000-0x00000258ABD40000-memory.dmp

Filesize
64KB

Download
memory/3016-1008-0x00000258ABD80000-0x00000258ABD90000-memory.dmp

Filesize
64KB

Download
memory/3016-26-0x00000258ABD10000-0x00000258ABD20000-memory.dmp

Filesize
64KB

Download
memory/3016-27-0x00000258ABD20000-0x00000258ABD30000-memory.dmp

Filesize
64KB

Download
memory/3016-4185-0x00000258AA180000-0x00000258AA181000-memory.dmp

Filesize
4KB

Download
memory/3016-23-0x00000258ABD00000-0x00000258ABD10000-memory.dmp

Filesize
64KB

Download
memory/3016-22-0x00000258ABCF0000-0x00000258ABD00000-memory.dmp

Filesize
64KB

Download
memory/3016-19-0x00000258ABCE0000-0x00000258ABCF0000-memory.dmp

Filesize
64KB

Download
memory/3016-17-0x00000258ABCD0000-0x00000258ABCE0000-memory.dmp

Filesize
64KB

Download
memory/3016-15-0x00000258ABCC0000-0x00000258ABCD0000-memory.dmp

Filesize
64KB

Download
memory/3016-4318-0x00000258ABD40000-0x00000258ABD50000-memory.dmp

Filesize
64KB

Download
memory/3016-4326-0x00000258ABD30000-0x00000258ABD40000-memory.dmp

Filesize
64KB

Download
memory/3016-4332-0x00000258ABDA0000-0x00000258ABDB0000-memory.dmp

Filesize
64KB

Download
memory/3016-4331-0x00000258ABD80000-0x00000258ABD90000-memory.dmp

Filesize
64KB

Download
memory/3016-4330-0x00000258ABD70000-0x00000258ABD80000-memory.dmp

Filesize
64KB

Download
memory/3016-4329-0x00000258ABD60000-0x00000258ABD70000-memory.dmp

Filesize
64KB

Download
memory/3508-1803-0x0000018612670000-0x0000018613CE6000-memory.dmp

Filesize
22.5MB

Download
memory/3508-3599-0x0000018612670000-0x0000018613CE6000-memory.dmp

Filesize
22.5MB

Download
memory/3508-3589-0x0000018612670000-0x0000018613CE6000-memory.dmp

Filesize
22.5MB

Download
memory/3508-2793-0x0000018612670000-0x0000018613CE6000-memory.dmp

Filesize
22.5MB

Download
memory/3508-1037-0x0000018612670000-0x0000018613CE6000-memory.dmp

Filesize
22.5MB

Download
memory/3508-1042-0x0000018612670000-0x0000018613CE6000-memory.dmp

Filesize
22.5MB

Download
memory/3508-1160-0x0000018612670000-0x0000018613CE6000-memory.dmp

Filesize
22.5MB

Download
memory/3508-1527-0x0000018612670000-0x0000018613CE6000-memory.dmp

Filesize
22.5MB

Download
memory/3508-2306-0x0000018612670000-0x0000018613CE6000-memory.dmp

Filesize
22.5MB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads