hxxp://megaaddons[.]org

Analysis

max time kernel
221s
max time network
224s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
27-12-2024 14:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://megaaddons.org

Score

7^/10

steam discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: currency-file@1
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Concorde Manual.zip:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	4016	firefox.exe
Token: SeDebugPrivilege	4016	firefox.exe
Token: SeDebugPrivilege	4016	firefox.exe
Token: SeDebugPrivilege	4016	firefox.exe
Token: SeDebugPrivilege	4016	firefox.exe
Token: SeDebugPrivilege	4016	firefox.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
5560	AcroRd32.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe

Suspicious use of SetWindowsHookEx 20 IoCs

pid	Process
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
4016	firefox.exe
5560	AcroRd32.exe
5560	AcroRd32.exe
5560	AcroRd32.exe
5560	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 4016	2336	firefox.exe	82
PID 2336 wrote to memory of 4016	2336	firefox.exe	82
PID 2336 wrote to memory of 4016	2336	firefox.exe	82
PID 2336 wrote to memory of 4016	2336	firefox.exe	82
PID 2336 wrote to memory of 4016	2336	firefox.exe	82
PID 2336 wrote to memory of 4016	2336	firefox.exe	82
PID 2336 wrote to memory of 4016	2336	firefox.exe	82
PID 2336 wrote to memory of 4016	2336	firefox.exe	82
PID 2336 wrote to memory of 4016	2336	firefox.exe	82
PID 2336 wrote to memory of 4016	2336	firefox.exe	82
PID 2336 wrote to memory of 4016	2336	firefox.exe	82
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 1640	4016	firefox.exe	83
PID 4016 wrote to memory of 3696	4016	firefox.exe	84
PID 4016 wrote to memory of 3696	4016	firefox.exe	84
PID 4016 wrote to memory of 3696	4016	firefox.exe	84
PID 4016 wrote to memory of 3696	4016	firefox.exe	84
PID 4016 wrote to memory of 3696	4016	firefox.exe	84
PID 4016 wrote to memory of 3696	4016	firefox.exe	84
PID 4016 wrote to memory of 3696	4016	firefox.exe	84
PID 4016 wrote to memory of 3696	4016	firefox.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://megaaddons.org"
1⤵
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://megaaddons.org
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2044 -parentBuildID 20240401114208 -prefsHandle 1960 -prefMapHandle 1952 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d1e048f-4069-4b25-97e2-8d8a9b074609} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" gpu
    3⤵
    PID:1640
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2440 -prefMapHandle 2436 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce96bd48-d065-4101-8c8e-4e07e158480b} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" socket
    3⤵
    PID:3696
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3168 -childID 1 -isForBrowser -prefsHandle 1612 -prefMapHandle 1460 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec9924f1-8e22-4302-8997-29c992c6e367} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" tab
    3⤵
    PID:3976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3652 -childID 2 -isForBrowser -prefsHandle 3640 -prefMapHandle 3636 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {96451df2-82de-4644-b83c-31c32a9b089f} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" tab
    3⤵
    PID:2380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4760 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4676 -prefMapHandle 4704 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8c476b3-235a-4c8d-b60c-47e3733069fc} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" utility
    3⤵
    - Checks processor information in registry
    PID:4340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5264 -childID 3 -isForBrowser -prefsHandle 5208 -prefMapHandle 5252 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a811259-57f4-4aef-91b7-26971175b8fb} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" tab
    3⤵
    PID:3300
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5416 -childID 4 -isForBrowser -prefsHandle 5256 -prefMapHandle 5260 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f2183e5-8532-4592-946d-f79fbbd913a3} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" tab
    3⤵
    PID:888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5608 -childID 5 -isForBrowser -prefsHandle 5684 -prefMapHandle 5680 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e071162d-3e85-45d3-83f7-314f083544c0} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" tab
    3⤵
    PID:4196
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3768 -childID 6 -isForBrowser -prefsHandle 4588 -prefMapHandle 4556 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2b60e60-cf90-47a4-b9ff-683afab1ca6a} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" tab
    3⤵
    PID:2136
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5480 -childID 7 -isForBrowser -prefsHandle 2964 -prefMapHandle 5188 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ac5b9f2-f643-4a89-b3ee-9d7852b73104} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" tab
    3⤵
    PID:1252
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6280 -childID 8 -isForBrowser -prefsHandle 5780 -prefMapHandle 5596 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e7fadbc-4ff5-413e-aae7-9557f3191e11} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" tab
    3⤵
    PID:4748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5600 -childID 9 -isForBrowser -prefsHandle 6344 -prefMapHandle 6340 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e87e134d-eac1-4646-b714-ad15ec264f9a} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" tab
    3⤵
    PID:3424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3204 -parentBuildID 20240401114208 -prefsHandle 4120 -prefMapHandle 3584 -prefsLen 33432 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {91e8af9d-89e3-4725-8cd1-bca4de697a49} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" rdd
    3⤵
    PID:3704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6284 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 3100 -prefMapHandle 2696 -prefsLen 33432 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c02c7fe-359b-4bb3-bb6d-3e8d789cdac5} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" utility
    3⤵
    - Checks processor information in registry
    PID:4284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4548 -childID 10 -isForBrowser -prefsHandle 6740 -prefMapHandle 6728 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81839baa-5693-45ab-ae8e-b052aeac97a3} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" tab
    3⤵
    PID:4532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2976 -childID 11 -isForBrowser -prefsHandle 4948 -prefMapHandle 1608 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ee9052f-76f2-4148-9df3-1b175db48c37} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" tab
    3⤵
    PID:2240
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6312 -childID 12 -isForBrowser -prefsHandle 6204 -prefMapHandle 6188 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc199f69-29dc-4b29-9f15-57aae9ec6b10} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" tab
    3⤵
    PID:2188
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6184 -childID 13 -isForBrowser -prefsHandle 6200 -prefMapHandle 6192 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {57f7e793-ce3e-4664-8ce4-7d0192850fd4} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" tab
    3⤵
    PID:4612
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6244 -childID 14 -isForBrowser -prefsHandle 6216 -prefMapHandle 7084 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69fe5578-6572-4477-9218-18329a8d57d9} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" tab
    3⤵
    PID:3632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3284 -childID 15 -isForBrowser -prefsHandle 5100 -prefMapHandle 4700 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5207f454-b15c-41e1-9871-955a68f232c4} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" tab
    3⤵
    PID:1656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7740 -childID 16 -isForBrowser -prefsHandle 7732 -prefMapHandle 7712 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c48e81ad-f79d-4a9b-a6aa-dbff31ffba9d} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" tab
    3⤵
    PID:5384
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8904 -childID 17 -isForBrowser -prefsHandle 6248 -prefMapHandle 7368 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7393ba45-0434-47ed-863b-9c1387729e0d} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" tab
    3⤵
    PID:5512
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9084 -childID 18 -isForBrowser -prefsHandle 9092 -prefMapHandle 9096 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {46a1f41b-5063-4810-8ce5-c8fddd96749b} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" tab
    3⤵
    PID:5736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9164 -childID 19 -isForBrowser -prefsHandle 9156 -prefMapHandle 9152 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fbb0d73d-63a7-4906-9844-3f83afe164d9} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" tab
    3⤵
    PID:5776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6188 -childID 20 -isForBrowser -prefsHandle 9364 -prefMapHandle 9032 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1afb2f95-e70d-410d-919c-c8ef6603d2c5} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" tab
    3⤵
    PID:5236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9496 -childID 21 -isForBrowser -prefsHandle 9576 -prefMapHandle 9572 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1ef321e-c096-49be-9172-b50085f415c4} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" tab
    3⤵
    PID:5196
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9676 -childID 22 -isForBrowser -prefsHandle 9684 -prefMapHandle 9688 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7cb60e2-90c3-4191-9a1e-2b8df2e8537b} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" tab
    3⤵
    PID:5212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10056 -childID 23 -isForBrowser -prefsHandle 10072 -prefMapHandle 10068 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {228872fc-414e-41f1-a77f-ad031ae65cb9} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" tab
    3⤵
    PID:5592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10168 -childID 24 -isForBrowser -prefsHandle 10204 -prefMapHandle 10228 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {46a79464-7109-48da-9e16-af90b13bf893} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" tab
    3⤵
    PID:1736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10368 -childID 25 -isForBrowser -prefsHandle 10376 -prefMapHandle 10380 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {400a1ca8-294c-4a45-8367-06ecaf28d468} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" tab
    3⤵
    PID:5424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10544 -childID 26 -isForBrowser -prefsHandle 10552 -prefMapHandle 10560 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae94f72e-020f-440f-a228-d5ed6c99a146} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" tab
    3⤵
    PID:1352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10400 -childID 27 -isForBrowser -prefsHandle 10588 -prefMapHandle 10592 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40ca0c11-1200-4707-9c1a-1b23138a12b6} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" tab
    3⤵
    PID:6292
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10228 -childID 28 -isForBrowser -prefsHandle 10576 -prefMapHandle 10580 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0a44ab6-7930-417e-b792-f8d6c9b1a54a} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" tab
    3⤵
    PID:6300
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7444 -childID 29 -isForBrowser -prefsHandle 5712 -prefMapHandle 6968 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6c1e938-b4ee-48f8-80f4-cef7088e0d6f} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" tab
    3⤵
    PID:7096
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9472 -childID 30 -isForBrowser -prefsHandle 7888 -prefMapHandle 7840 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91afea21-ee6c-47af-8f42-486b8f37528b} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" tab
    3⤵
    PID:5856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9664 -childID 31 -isForBrowser -prefsHandle 7836 -prefMapHandle 8880 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d93c67c6-3197-4eaf-80cd-be4723835180} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" tab
    3⤵
    PID:228
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7548 -childID 32 -isForBrowser -prefsHandle 7524 -prefMapHandle 7512 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {384a9977-2f37-42e8-ae5d-b8e389cb1c59} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" tab
    3⤵
    PID:6320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10264 -childID 33 -isForBrowser -prefsHandle 7760 -prefMapHandle 10312 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f13cbcd0-84a8-436a-b423-23e535cc92ab} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" tab
    3⤵
    PID:7112
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3068 -childID 34 -isForBrowser -prefsHandle 10196 -prefMapHandle 9092 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97e070d9-d48e-4b4f-a736-0f9df50fa82e} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" tab
    3⤵
    PID:7140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7668 -childID 35 -isForBrowser -prefsHandle 9444 -prefMapHandle 9460 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe8bc927-42f0-453d-85ad-bea2521e12e6} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" tab
    3⤵
    PID:4792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9088 -childID 36 -isForBrowser -prefsHandle 9580 -prefMapHandle 9336 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1474206-ae91-42c7-a98c-85be7c334b0d} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" tab
    3⤵
    PID:5452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9452 -childID 37 -isForBrowser -prefsHandle 10796 -prefMapHandle 10820 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {865fbbcc-d249-44e9-8cd8-0d7dc6ba0eef} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" tab
    3⤵
    PID:7088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10772 -childID 38 -isForBrowser -prefsHandle 8960 -prefMapHandle 8964 -prefsLen 28288 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3964b3c9-edb5-4b09-ad2b-5262e14d097e} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" tab
    3⤵
    PID:1228

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2444

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Concorde Manual.zip\Concorde FXP Full manual.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:5560
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5808
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=92121AE9BAF45F91E7536947949D72DF --mojo-platform-channel-handle=1768 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5192
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=42BE05546DA8A3B146046CB240AB3686 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=42BE05546DA8A3B146046CB240AB3686 --renderer-client-id=2 --mojo-platform-channel-handle=1776 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:6628
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=858B37E834D26C247A6F1E8EE4A08AD6 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5980
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=EA524EDF8FE9FD9BDB04DBCC51248D37 --mojo-platform-channel-handle=1832 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:6200
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=EA049A5C46F1DE8689638BCCD9A4494B --mojo-platform-channel-handle=2308 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2896
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=DAF2FB92A1F060D545C88066737E1968 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=DAF2FB92A1F060D545C88066737E1968 --renderer-client-id=8 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\activity-stream.discovery_stream.json

Filesize
18KB

MD5
8aaa71e9cbf18996590779175515dc47

SHA1
2b7bd2c4f70848633192225d0174164355dc286f

SHA256
07daa65d0b47b9be8c8c0196640342e2e7e049b8f2afc9e48def3ff3fb192824

SHA512
d67e3a73d301eef870a5de0894d4d571b52808a00b755945585059510f7bb6738fb367148cf33a743619c0507fb01c966b96e0cc6f5936636b4bd0d54fa143ec

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\1BDA57B290494BE05E66EC1CB8D1E547171EAFBA

Filesize
13KB

MD5
95db32406e1367691f4d3e327c99ff83

SHA1
bab1ba64231505149cdd2eb71cd194f6626e304c

SHA256
91a5d4d3d57f34ffc6f0673d510f8c6030802322fb907bbd8ddd5c980f5b3ee0

SHA512
2e77db75cf5e97e8f6fde35e77770984b9a28d29dc1211c00b3e1c7258e38e5e2c3e55260f444c827e70c4e996cb95d88075f2069f2250daacd1097608e8a242

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\26F9B84BA9878C6D978A5283C3658EA7805C5F96

Filesize
278KB

MD5
48103b1eb7b7aea67dfd379d71e290fb

SHA1
34dd9e9eed6f200eb5fcf9a1b9abe115702ccd2a

SHA256
2d58b6dd8262de930c0c29c695830e7b3f426533995755dad27e24f5142e8c1e

SHA512
fa13952e7b69ac1f55f9a1002e37e0d6cf78cefd6c3616d289b54d11a16664360395dd0e840fbf57e38c07a784db2676281d567998b969f24280d0f1ee69e55b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\37F4CD40A9934D89C95DA525DFD09BB0C8EEF901

Filesize
1.5MB

MD5
a67c2601c43dc0d00be1ec796d1d0c59

SHA1
16b0653f73f5d8c2821238adacdd4ba55909a880

SHA256
3e8988d75839e800b969765255d09c15682bb2b342642227f6ef644934d577e6

SHA512
19178900463463262d58e5a9b8973db7640db2df0f26fce3f700fe82c1b80381462c5fd09cebc470e359974749f732773bc1125e41b3955be5d85f4e73890197

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\3F86ABEF01233FBF55572C45DB52BA7CE8ADA578

Filesize
454KB

MD5
a8e014188b8632170111288c1590fa5b

SHA1
296b34c0cb81683948334c4f0f8118aacec49bad

SHA256
a97b03c3f1983a2417135be0411ed8f44c006d3cd2fda4e811855fa867c6e283

SHA512
365f793d90d6ec8eea02f0d4d251e9f322667c6e6e616020a61fce274e7267468e2ce5af27caeba7817d6222e7516aa007174c1b35d0361dce88ff0ca6ffb4eb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\7D3F8E5E09D5915E222C2567D58300FA07EE2FD9

Filesize
261KB

MD5
7b450cadfbc12243da667bfb375dc926

SHA1
2bea1ad9dc19996b62e04db1ec736730fe2850d7

SHA256
79203a0af39a3d989564daf57bad0c2985779eba6341b9e21526be15c902e22c

SHA512
f8e1a3b02c87bbfb30d7b85f322a852c3adb347af66af17ab9a1230117d1fe4a1425e6820bf9103f4411e5c0ceac1c844a0d705f8bf76725d451f7426ecb8d79

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\9AF9A2FB0EB4294E01F86F299F85C9FFA3665438

Filesize
76KB

MD5
3a133af5b2819c1a81cd7f127de9d0e7

SHA1
81939ea1ead95b6c2beb2d0b247408abb353bf73

SHA256
62404ccea97ff1a11e3ccdeb267d9f620aa61b2ba0475579fb0eef0ae0dffd48

SHA512
b5d9d7bc41330016671b6d27569b59bf7430dec1419031012096d88891b38a97f6c9795f5d5f5d1363fd44a69d6ce8dfd45f95defe25bdd205fd63c4baf4136d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\9FF77D869C548B364987861918B5B19057044718

Filesize
439KB

MD5
e04aa411bb7e029a1db2628b6bd3984b

SHA1
a2fdc521c33f24c31bf951266a276f8391a63fcb

SHA256
875b21f177e69279c7c796f99ffcdc6eb096311c52e4cb4350e4c9a5b6c5ed15

SHA512
5ebf1f2e5e20d860d606527a89a0a24946baef24683f6bf9d2496ebdf333ac68f396deff226a22c9e913a49a4779de883dfcd60f7bdb69ac84b880b7257c428b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\A68BDB66DDC7C421DD7768342F65755AB153C676

Filesize
140KB

MD5
371ce53076790273828be3268561ab6d

SHA1
9e6d7e8d2bfc04866771ef119efb926d76248daf

SHA256
f331ae06e2bab96b5b77f605415a945e62d844ce83f9b789d095d9cbd48432d9

SHA512
932dbb6382bf116fe3c6180bb431349d9704b06b5d78e6f1dd95176343aa34df4b279fc82522c6e448325a28fe84c9a86b18755b24be18264212f89cb37bb757

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\B852E6C63C6FD06406279B65818E321D780A43AF

Filesize
144KB

MD5
a1ce63202adcdef5041643ee0f9ce33f

SHA1
f4fe69a7269efe539e9cba0d99a65d6f61edda30

SHA256
84e02c7bfc94c39008abcfa6d4d4955fa0ec844457feef8242d74cf9204f3c43

SHA512
4810255f6e0eb4e363ccb72eb2424ec99f9026cb531bbdb8540487c159ca2df5e5bb3cd6cac695b2a41b7a45fe63ea578108addb65057e100da3cdc76c19ffa9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\C2D37C19D9F36B4EFB71F9760F5BF51352D1A970

Filesize
11KB

MD5
a33831f2ac772d508bb3d7d2e3d2a019

SHA1
c1368e0fb10c31835dcb10315fb915367b012776

SHA256
5f09afdcca42ec1b22feaf881679371058909fca232b39ce73d6930d25c6bb7c

SHA512
07bf4ddb2b879e49cc7ff3c3c29507a24bb71556af72c0751e910f77f5aa653d2cec5346675cbf64f7b225b130606e1f883f7e174e29e4fee9e5547339f4d6ac

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\C36E7F743EE43D881696D799D90A29E22152FDE6

Filesize
195KB

MD5
e496724a868db04ca4263043f9ff51e7

SHA1
b4f53514ad41d0103bfd772e5cb72c41c02f34d1

SHA256
2e6ca24ea0adf468377b90885a136ba9d637b2ea32631228c2d094a660afa793

SHA512
efcc1257430822ff6b6db6a397cfae17f4da67553803d9014531ed9aef4d7c2ed08854a94f9a8ab7db2871f704e03a98f71c2c8ec552449ef9da067683997ace

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\DFAF798699EE7D2494A7287D4CF123272A2A18BD

Filesize
1.1MB

MD5
f9c1f9175aed16f870dd0bd63470cc26

SHA1
b5d087ce2a072a978d038ab0aaa54c82473bfa86

SHA256
fd7891b756df1fa3a7240ebc21333c57e2b567ca340de847c8f35e6a73cf3f69

SHA512
4b938134fb6d7d8690e4317b8117edf125f6b296cf1ee130d7e80b8288158fe2da7b37000d31954834314db27502baa43c9432cf9d54b60062c4d2b23403df34

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\E3E096661CC12A0FFB4E42A32E6157FAAC411A71

Filesize
97KB

MD5
02d968819724e3442aed9b6e4a2aec59

SHA1
8a6a37b829e98841a8688fc90c0c03b1793a8164

SHA256
cc3250344e5f3ce379d1c2eae6a7256c1126d04d6b30c37b908030e9903e6dae

SHA512
b90de85c9378e944baff5215dc748e01a1a1f1c2dd9cd1d930d1029741d703e516daf59653720e75e6548986086206d4a3f837bd60bb784a86e15ec69df62be1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\E762BAE1423248197A0EB4C33BAEC4BFB9890D28

Filesize
208KB

MD5
e21647194975233e0ad42faa9375a464

SHA1
cb698204010253ccee30e432df45bf506cf98af6

SHA256
9b4f507df870414af3063244c64b18f09d7403a0f3c91bfb51f24d80974e63b7

SHA512
797def2a1d63267296289dc3909a56d744fa5872d24e900e3b01d2bae3c2a68e792a4e39088dc0dd1c83276cde4c4c48041816bd34a61d4c0eba5dbb48116225

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\E7F7A560FAB7054050F81D89B8B3096A4AEE843E

Filesize
112KB

MD5
52cf1002cdda16a049e757f0ec256d67

SHA1
4139bbcb62661421bfb3bf44b7116f3d49a68ffc

SHA256
265936e3ee7b6cc9d95c14700e857f2fffdb53f9f59e521f29d85cebb1325fd5

SHA512
cbae882cdf853045200c880542a2c207014b166faf2f62fa0c3634ff0a2377ccc0f39c0f72d04bf307a3e4503c7a401327d72a66c4fcf465f94c4b128202fac4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\F0EAF5000FD9C2A30FD2826A9F349C1386795C38

Filesize
70KB

MD5
1ed9a72ec5db05133a1a48382c19dfe8

SHA1
07362bc7f5d9d4c34ab0c8941ed14a836d1ac63c

SHA256
2df521e7c891a575dc4545b5d6cd7352ce4f6ba9728290a84e36cf86d66e86d0

SHA512
cba4be4041255c33e72732758dddd05c471810425272610a84fdeda379462048e61f59c83bc14b158bf503bfd4266c47f3195f464b3646d5141287e555de06e3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin

Filesize
6KB

MD5
fd27a15681ac25b76799e4b321620880

SHA1
d17c60bce451599eb342738d4fa62c061565f626

SHA256
84ffa29a6fab410a19a07f576a6d04ca8817dedfa57edcef34863b67c42f6c66

SHA512
21c4b35802f9de0a73caf72184c10637cddf2110691fdb3b5caddd71b421287397b1f7bcb5cf706a6e414596632e2fa890c1cf477969e4b0ff9809fdfcde3353

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin

Filesize
8KB

MD5
22fc67ae82b00baa4da32a5cdd8fcd81

SHA1
7c2c0ac1fb9948a2f351824a18cde781d71152bc

SHA256
2218043b919989ac2e3e64b8ad54cd88793c4a014e0f798811bbb349ba84df15

SHA512
ceb31d23f2406a5cefe46e78bc5d569c3046047eab10c04c869be2d5c136b59b7c3da7e369d3c3eda4da316ace90496378d417daea9e0059861a814a6641441f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin

Filesize
16KB

MD5
911ddd8a9b99f01f7f229f360bf31680

SHA1
151e3200d818055c107e16bd2e863c87124c633f

SHA256
857a5d3e7a730f91f6c35684cade4a3ec2e6fed426782bd522cfdc3db7d89509

SHA512
b0ce0268ff78d7f48ccb6857de118de3fd9bea12c24d1b9cc6f5d3f816db5647d6ea9f43af51a19036cbc0cc834eb58f48d7673b6c1c51df337a14bbf26b36e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
4ffddb9d5c557197b6a77193420b2234

SHA1
21ac5d474bb1c345994d6f25f2d73403c301009b

SHA256
463918a59a634e8f9fbc731936ea8b4a45f9ce11a48e54c7d6e90147f7a76aab

SHA512
2a39370cae61ef5cc6fa8b89ff1593fce6bbf5ae436606ca7995b0b6aa9182bceb5367bee755367dcd41757f2c05cae6d5865a51e58250f599877124c0b5c7f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
3151e7ca3939ffb7522fbac6afb20bba

SHA1
8d17f334228c2d148b6539ea5c31119625a5dc04

SHA256
9ca6ec4ebb4bbf001be8a033fe8f15a6caa94f167053b5a2711ea0f020b422a0

SHA512
9aa871a6712233c6a60b94e691bee2ba78974cb7df4536f02a318e75a08dd29d86811f136bd45cbb8763b25f7e012e7dfeacf770482dfa619942f34b3442edc7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
76805746cff1439d64bd77f57832fbb0

SHA1
530c993f1772d97d26ded3c7e4be869ab8e70439

SHA256
0f31288768c72a967413c8220a698c69d984524e8497094cedb1924f6ba5fc1e

SHA512
ef0bf3b1b33e2d95923ef56a11316839be5f5d85d8c70fffa9650d6028179001a8f51b94f89770ad7e8ec5341e26b0ce0ce68fc230d90cbafdcf41eaa4aa0a25

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
f8de026f9d91e29c740bf1276d9c7ff1

SHA1
453490ca4ea2ac7868b2d4d910acaf1f1ace3c83

SHA256
b2a8bb17627cd1d2cc16c7c6ada453b066e68c54615e232f97a846ec38d24abb

SHA512
f968faa61ad0a97f3440887c2a5f3b42ea689140d124bcf346fea2d6421b4f94ff4173c6347591fac3a2bc3cf67b6eaccc0a5f07ec3791d364959c20646c5634

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\26cbe712-0939-471a-b3d4-8826ca054098

Filesize
26KB

MD5
ece2cc377cd0cda5eba28a353a08781e

SHA1
1fa3e65045024da11b0a5c51c54ab537a174e18b

SHA256
38b9c66eaeab0b49b20b4d737e438634c641f291de15aae3e2e807024ceb2395

SHA512
d5e90707aefb916591a5abfecabbc69a005dc88aebcef0a56e0fbff91209c9dcf4951a6ab417c767ac2becad7556c4f03c533a08f30cc64b9aecd83be9cbcc01

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\563a99ec-6315-4d46-83be-6ef4fe1fb433

Filesize
982B

MD5
a8153e95a2d94dfd13724c854b14d2e7

SHA1
1c07c743fffabea65e76c6a3068a1a8cce358048

SHA256
9a8e19668e6fd656cc41558fb2e7efc6011bbb5262bb2b16c6bdf5f87a9611f8

SHA512
db124b1ddc5ae14a0c56f35d38c6d582454183543fcb281fd3515490b8f76eaf3af4438c68b6f1dee32289177d3e5af5e696bfb3b3118e82dbd6ae9bbd741c86

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\931075b5-b477-416c-96e9-239f07b26788

Filesize
671B

MD5
470ae666e0936cd65aecc3d4839c9ce1

SHA1
890a0ee4ef0247050e9e0a579978976ea6f7407b

SHA256
d5986fb201a9a114057d6220ce57d9b3c40090ffe606b03fa145784ce1a27eba

SHA512
c1923d04ee8e62507da15ddf71c13887e30521cbdc4a0826d01132588ea103afeb1529bf78cea88440363e93a17fd5cca86217f8222cc54c4d2ec5312ad6096c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs-1.js

Filesize
12KB

MD5
28cac014a081d12f267061782ce12785

SHA1
3954e1e88b1df10974f1f841ee3aef660a476b2c

SHA256
82098aaaf7ebf4dd8447fe5303c5d20118f24fa0b39f3eafe36628cee5e677c4

SHA512
40631874e583b5ae56360a197a72854b784e7d80deb4f3041977bd90af7be298f209b473deb2260c6f20081503b414e9e4dda494410a2a7b204c16698efb7aa2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs-1.js

Filesize
10KB

MD5
539636ea510c810eaafabc829ce24c87

SHA1
77e4f0c91bafdc918547d918a12b4d54b53ed0ac

SHA256
f52f3af7ae6b6c802416eaac42823155bd0e2667e257c665f6a856ee5ebd353e

SHA512
6fa62a9186ce4a77f3c9d16daf3830044b546194e602e78881fd18d6b0a4aade993fb8757ec3003df99d9a6552ff28e041ec3f673ac5b0efefdd49c418f8529d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs-1.js

Filesize
10KB

MD5
cb2901f1e31c758647ba2d63fdcba93c

SHA1
ab4be4b3f0c6cc956dc7bcd3a83ef3d6eaf6a814

SHA256
eaec0b739936bca5b9e16d827fa1625444b75125ed15d60691f2f834617a5b30

SHA512
56bf99e4232fb060eee2822b81ce536fc57fb076badfc18d4cdcbbd479b9493984b2e2949f0740a33dc83d808b7078812e2e9919b0b25a3ddc7e15ede6e67380

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs.js

Filesize
12KB

MD5
9d6a5544b73a4ad10be8c29704295f41

SHA1
749359c38d7191671eecfad568aae2475fd4022a

SHA256
c1a9e8bda11ed6136e710656e9a9063494f7704386c66beea963cb7bd35e5bcc

SHA512
922c690a8c122d557bc6722936cbba9e5df14adf414878056d8c4c601935fd1fda5e44b98c2d528aa74ccff5fb7b26c1656194008f1d484f41b1a2b9da9a3fa3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
20423d7d8750fb797dca0f5122560b34

SHA1
e10b48bded7a4b3a657fc956b8839b96fbbe7dfe

SHA256
b78d5ce3b9a43ef58da516343223184a6dd4d3d1070a73b62db60e2305450835

SHA512
df62b6dcc1e25d6fc341cdf8b77931d1460f868de5b36533bc7bcc7324c96d0565044b8dd9fd5f3e779a05ca4717d7edcb1719334bd2ed8d075c45dbe1f0451b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4

Filesize
8KB

MD5
48fbf5f85fc2cba56be3cbd2f2a51bea

SHA1
bafac2c99bb39f61a5ff0244b11c2b1f21c40ba3

SHA256
cdcec176094060f0a292c2db5503b25d2fee4060db6bfd33ebd5e0acaafb1a84

SHA512
b71343b83dd94f77458619d4a8a0be8f07dd4bcb8c1fb82882ee69f790a58f3e827ff635142220efcf6ffe22c4098f475109966c4ac97c8ebe391a517628dd05

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4

Filesize
11KB

MD5
e52b1ca857cb8bb9108a899bae623fd8

SHA1
9faec0e0aaa2435de226d4700d2f05f57a804965

SHA256
0f4fb3021d7ea9722d29e1e339af27faab0ed6911f15280ac2bd38cf31739721

SHA512
c70864302e37dceb19ca6e2565ad86e1435ecff5e0730f18da5197a7f700883a13aa0eeaa1ec1a0311ae101440e000f2b7e8caa5728d6386b52f2b83101a7a36

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4

Filesize
59KB

MD5
20aa76587876c41631cf7f088bf6c8a7

SHA1
f936b79648b566e79b0b4e49bdc7c24f77be162e

SHA256
2ba9e470fc3cb8d90c3a9b1e7889dd676cf409b5d8c3083f5883a674226c7f40

SHA512
4bb8922dedb00a27d98d26257e2f99e09514de49464e16313c53f02b71b3484305ed1d10922f8299634fd9053e9b16080a4a7950c5c0dc2855de25433726a497

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
e47a126637c2e79010c2fef88ad99c22

SHA1
3071334fb64952f5f188645a1e2161f67e8214ba

SHA256
f5927c18364ab7234add7582133042c8ff25214f4ca693217f54613594e07441

SHA512
8aea7bc80d9d60a2a2e8cf8d9d0d0c2349ce7f48151455d5f9754e15841b5359b5756f86ad3fec5a607ede3c15a9b8145c17c484e5dceaef1410285eded524b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
97acdb5abfbb665669cb1540fa075a4a

SHA1
ebff2170d33605cd3af2fbcc60d77642db08c1c0

SHA256
de36dfcca8329d867ee191770fecf70947b6b46cf56ac26d4b0365b18bf650bc

SHA512
37fe3279d63861e1b3844de3666dc8ad6cebeb2dcff1e58b7001a6a6f26db8cb6dd904c17067234ba24032b8dfbda2649f529564739a8cd5b409beec2cdeeeb2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
96d4696fa8949e8f701f0ba9c9092cce

SHA1
4aa7cc0aeca14a0f02d3484bbeffee093a972e30

SHA256
a28491c68808ca96c63f95bca2d3fc502209c216f993bc0698434ecfe2e4b567

SHA512
20925d2f0bfe046adffdb4d9c28893de3e7e3bdf3f3713589cb31b07a80ef2de6da9dce2c668b1099050e700592032d06f3629ad3d18a05b9f0125c64a133902

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
dabbc1c4e33cdb2384dae449a42e59d6

SHA1
d8d36b16825b7f1d0d41815c57d741e344b303e7

SHA256
0a1d55b3604da8e10c93b8ecb3bb97dfa5f50c91aa9c407f78c17a7f48b0da07

SHA512
91a9a83f31de44edf3eb06bc1bded52aaeeae54dfa5ee9c94c994571922f0d20ff38d0fc8d00492aa2266f497a1f9c7e03f348de5e6243175def5c29918855a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
31cbab0332ba2c4a796ee570de2e048b

SHA1
575582f363990c219184576f150ebd34d7977ea3

SHA256
952cbf283c98321bc1c22fda344b9372cc7099c2a523ed172b6b73dce7e1c5c0

SHA512
6f04e4178942323421f0a2a653023c9359def383143fffd68f9634ddd216288cef863ebc5e3c08263af138fba838b55dc52644d431582aeebe2d73284733f7ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4

Filesize
15KB

MD5
83f117359a2d112b6ce7698cb364944f

SHA1
b42ecaed1dca98d68143891cda0cfb64eb6b1c9e

SHA256
ff881d7befb12561ac2cebadb28e2295760b792d06ce6fc0b94cbb05335e8ba6

SHA512
73fbfce5ed48da8d85e553580be4329ca237927975544dbec7f09fb4861923a35f341a449f043da4e58ae8f13dac2dcb0ba13126d9638ff5c3f3c380e2f3680f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\storage\default\https+++modsfire.com\idb\301792106ttes.sqlite

Filesize
48KB

MD5
338ac0064a668ed680542f791de71652

SHA1
d6e9435b11f9c376d579c3b0ed3f124cddd9f8d9

SHA256
1a6f153e9038bc58523853530f47243ee7c2822b7ee5807924b19bb3a15dbd7e

SHA512
21536c999cdec49e5249546cb32c3865d0c15dfceb8fe2e1604e1c25b10aa3298538ec20fe3f3f7723e14445aac198a91da78efa7d71fca34fc4f0ded16f622e

Download Submit