545a8847ba2a146ced8d289a38ad1e0031a6cc55dd63e29913d6f53af75c94e7

Resubmissions

29-06-2024 05:04

240629-fqdwas1fre 10

29-06-2024 04:59

240629-fme9ysvblj 3

Analysis

max time kernel
248s
max time network
256s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
29-06-2024 04:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

S$olaBma/template/installation/assets/installation/dist/respond.min.js
Size

4KB
MD5

afc1984a3d17110449dc90cf22de0c27
SHA1

b5aba40d65b0d6f85859db47f757ea971a0efd30
SHA256

83a8807ef669fa70d0d9375347f5552897f76c6ae8e2e6f97ef592595462d8d1
SHA512

a9656fade32e1fd8b40ebba070eb627f176d6550412f45fbe6bf58c1e5ec7421ed5d489d95cb70ecd5e0e4a54fdc84cfb6a6764b9ef9034c0592f812d9a9ea48
SSDEEP

96:fmyBKAqK8GALbDdHx2YreRfMbSsYWjIvMAyAepEOHSQGw7TnK:f9qpG0tx2YreRfMbS8jIvMANepEOHSam

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings firefox.exe
NTFS ADS 1 IoCs

Processes:

firefox.exe

description ioc process

File created C:\Users\Admin\Downloads\S0LARDfgjNFjfwu327fwg3huio2S.zip:Zone.Identifier firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings	firefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\S0LARDfgjNFjfwu327fwg3huio2S.zip:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes:

firefox.exeAUDIODG.EXE

description	pid	process
Token: SeDebugPrivilege	668	firefox.exe
Token: SeDebugPrivilege	668	firefox.exe
Token: 33	5912	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5912	AUDIODG.EXE
Token: SeDebugPrivilege	668	firefox.exe
Token: SeDebugPrivilege	668	firefox.exe
Token: SeDebugPrivilege	668	firefox.exe
Token: SeDebugPrivilege	668	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

668 firefox.exe
668 firefox.exe
668 firefox.exe
668 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

668 firefox.exe
668 firefox.exe
668 firefox.exe
Suspicious use of SetWindowsHookEx 10 IoCs

Processes:

firefox.exe

pid process

668 firefox.exe
668 firefox.exe
668 firefox.exe
668 firefox.exe
668 firefox.exe
668 firefox.exe
668 firefox.exe
668 firefox.exe
668 firefox.exe
668 firefox.exe

pid	process
668	firefox.exe
668	firefox.exe
668	firefox.exe
668	firefox.exe

pid	process
668	firefox.exe
668	firefox.exe
668	firefox.exe

pid	process
668	firefox.exe
668	firefox.exe
668	firefox.exe
668	firefox.exe
668	firefox.exe
668	firefox.exe
668	firefox.exe
668	firefox.exe
668	firefox.exe
668	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 3932 wrote to memory of 668	3932	firefox.exe	firefox.exe
PID 3932 wrote to memory of 668	3932	firefox.exe	firefox.exe
PID 3932 wrote to memory of 668	3932	firefox.exe	firefox.exe
PID 3932 wrote to memory of 668	3932	firefox.exe	firefox.exe
PID 3932 wrote to memory of 668	3932	firefox.exe	firefox.exe
PID 3932 wrote to memory of 668	3932	firefox.exe	firefox.exe
PID 3932 wrote to memory of 668	3932	firefox.exe	firefox.exe
PID 3932 wrote to memory of 668	3932	firefox.exe	firefox.exe
PID 3932 wrote to memory of 668	3932	firefox.exe	firefox.exe
PID 3932 wrote to memory of 668	3932	firefox.exe	firefox.exe
PID 3932 wrote to memory of 668	3932	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2072	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2776	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2776	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2776	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2776	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2776	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2776	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2776	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2776	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2776	668	firefox.exe	firefox.exe
PID 668 wrote to memory of 2776	668	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\S$olaBma\template\installation\assets\installation\dist\respond.min.js
1⤵
PID:4284

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5032

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3932

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:668

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="668.0.357235779\579973557" -parentBuildID 20230214051806 -prefsHandle 1800 -prefMapHandle 1792 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {69acc03b-e86a-4295-8674-beff83a53fd0} 668 "\\.\pipe\gecko-crash-server-pipe.668" 1892 1ca33b24058 gpu
3⤵
PID:2072

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="668.1.265407146\1277408731" -parentBuildID 20230214051806 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc7f8bf7-fd7f-404f-888e-bd8bb082cc84} 668 "\\.\pipe\gecko-crash-server-pipe.668" 2420 1ca26e86258 socket
3⤵
PID:2776

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="668.2.1054199775\1620081678" -childID 1 -isForBrowser -prefsHandle 3036 -prefMapHandle 3032 -prefsLen 22148 -prefMapSize 235121 -jsInitHandle 1048 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a15aa18-e5bc-40ec-a5da-a9ec5d7417a9} 668 "\\.\pipe\gecko-crash-server-pipe.668" 3048 1ca36a17b58 tab
3⤵
PID:3540

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="668.3.1840993256\278159594" -childID 2 -isForBrowser -prefsHandle 3352 -prefMapHandle 3356 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1048 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7801929-85a6-4aae-bfb9-876873a57e09} 668 "\\.\pipe\gecko-crash-server-pipe.668" 3488 1ca26e76e58 tab
3⤵
PID:644

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="668.4.1930510838\252423964" -childID 3 -isForBrowser -prefsHandle 5200 -prefMapHandle 5180 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1048 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {560d83e1-9fae-40ef-9796-2566fd8ca8ca} 668 "\\.\pipe\gecko-crash-server-pipe.668" 5212 1ca3b1c3258 tab
3⤵
PID:5092

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="668.5.1844217097\1803101190" -childID 4 -isForBrowser -prefsHandle 5352 -prefMapHandle 5356 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1048 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f764e6cc-47bf-4816-9c56-3306cc2e0aa3} 668 "\\.\pipe\gecko-crash-server-pipe.668" 5344 1ca3c07d958 tab
3⤵
PID:3192

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="668.6.1102079535\1634820816" -childID 5 -isForBrowser -prefsHandle 5548 -prefMapHandle 5556 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1048 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a34dbaa2-9197-4fd1-a9d8-9365d36144af} 668 "\\.\pipe\gecko-crash-server-pipe.668" 5540 1ca3c07e258 tab
3⤵
PID:3196

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="668.7.2124082918\167862087" -childID 6 -isForBrowser -prefsHandle 6056 -prefMapHandle 6052 -prefsLen 27774 -prefMapSize 235121 -jsInitHandle 1048 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0fabc3c0-9aeb-406c-892b-0221fae68d63} 668 "\\.\pipe\gecko-crash-server-pipe.668" 6068 1ca39c73258 tab
3⤵
PID:488

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="668.8.869250206\886297626" -parentBuildID 20230214051806 -prefsHandle 4928 -prefMapHandle 1624 -prefsLen 28039 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f3f9060-e8f2-438f-a34e-92c6ab8d53e6} 668 "\\.\pipe\gecko-crash-server-pipe.668" 3744 1ca3992e158 rdd
3⤵
PID:1440

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="668.9.1564036251\1431871447" -childID 7 -isForBrowser -prefsHandle 5292 -prefMapHandle 5144 -prefsLen 28039 -prefMapSize 235121 -jsInitHandle 1048 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7352957d-51bb-41f3-a69c-88ae49624d4e} 668 "\\.\pipe\gecko-crash-server-pipe.668" 5820 1ca3b8b3e58 tab
3⤵
PID:3188

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="668.10.1521189251\737510169" -childID 8 -isForBrowser -prefsHandle 5324 -prefMapHandle 5248 -prefsLen 28039 -prefMapSize 235121 -jsInitHandle 1048 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20c50c86-42ee-483f-919e-adf10ac1bdd3} 668 "\\.\pipe\gecko-crash-server-pipe.668" 6404 1ca3b8b4a58 tab
3⤵
PID:4900

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="668.11.562227154\231492658" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 6612 -prefMapHandle 6608 -prefsLen 28039 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee46d89d-c2c5-4b51-b3bb-9a7312432e23} 668 "\\.\pipe\gecko-crash-server-pipe.668" 6488 1ca3bf56b58 utility
3⤵
PID:796

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="668.12.1854716587\1345161605" -childID 9 -isForBrowser -prefsHandle 6812 -prefMapHandle 5308 -prefsLen 28039 -prefMapSize 235121 -jsInitHandle 1048 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f336928-af77-4773-b1a1-4fd9bd521c8f} 668 "\\.\pipe\gecko-crash-server-pipe.668" 6792 1ca3904c458 tab
3⤵
PID:4008

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="668.13.114643455\2131051348" -parentBuildID 20230214051806 -sandboxingKind 0 -prefsHandle 6128 -prefMapHandle 6140 -prefsLen 28175 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a37f9e4-e999-4994-b9b2-2e432c9be2b4} 668 "\\.\pipe\gecko-crash-server-pipe.668" 6116 1ca3cd30658 utility
3⤵
PID:5868

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="668.14.1874900952\647009017" -childID 10 -isForBrowser -prefsHandle 10460 -prefMapHandle 10476 -prefsLen 28175 -prefMapSize 235121 -jsInitHandle 1048 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0736a7f4-9e08-429d-910a-619d0889159d} 668 "\\.\pipe\gecko-crash-server-pipe.668" 10436 1ca3ddacf58 tab
3⤵
PID:488

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="668.15.403043540\224198325" -childID 11 -isForBrowser -prefsHandle 10264 -prefMapHandle 10256 -prefsLen 28175 -prefMapSize 235121 -jsInitHandle 1048 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3078b728-666a-4731-bb57-3a8ef0c30aba} 668 "\\.\pipe\gecko-crash-server-pipe.668" 10904 1ca3f849e58 tab
3⤵
PID:5236

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="668.16.1363839667\1067304194" -childID 12 -isForBrowser -prefsHandle 10556 -prefMapHandle 11000 -prefsLen 28175 -prefMapSize 235121 -jsInitHandle 1048 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5cffdb66-2fe6-470b-9435-8955900f92c3} 668 "\\.\pipe\gecko-crash-server-pipe.668" 10672 1ca3fd4df58 tab
3⤵
PID:5528

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="668.17.983485127\283899565" -childID 13 -isForBrowser -prefsHandle 9764 -prefMapHandle 9776 -prefsLen 28271 -prefMapSize 235121 -jsInitHandle 1048 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0bbb5fb6-d416-457e-bce2-6befc670aadd} 668 "\\.\pipe\gecko-crash-server-pipe.668" 9736 1ca3b850c58 tab
3⤵
PID:5456

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="668.18.982709723\671127811" -childID 14 -isForBrowser -prefsHandle 9752 -prefMapHandle 9756 -prefsLen 28271 -prefMapSize 235121 -jsInitHandle 1048 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {572e2c11-5dfd-4990-b33b-6605344e1d57} 668 "\\.\pipe\gecko-crash-server-pipe.668" 9720 1ca3fb1c258 tab
3⤵
PID:5464

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="668.19.212139799\1091070666" -childID 15 -isForBrowser -prefsHandle 9940 -prefMapHandle 9928 -prefsLen 28271 -prefMapSize 235121 -jsInitHandle 1048 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce1f930c-a1a4-4ee3-9468-b043bed4e523} 668 "\\.\pipe\gecko-crash-server-pipe.668" 9944 1ca3b117f58 tab
3⤵
PID:5660

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="668.20.1459043404\1448860468" -childID 16 -isForBrowser -prefsHandle 9492 -prefMapHandle 10940 -prefsLen 28271 -prefMapSize 235121 -jsInitHandle 1048 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae6f341c-b618-47c6-b619-3d9034b56b62} 668 "\\.\pipe\gecko-crash-server-pipe.668" 10736 1ca3917fc58 tab
3⤵
PID:3136

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="668.21.89857620\2145570468" -childID 17 -isForBrowser -prefsHandle 10600 -prefMapHandle 10516 -prefsLen 28271 -prefMapSize 235121 -jsInitHandle 1048 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1cb859b-363c-4bc7-96c1-0210d8e24433} 668 "\\.\pipe\gecko-crash-server-pipe.668" 8820 1ca3935f858 tab
3⤵
PID:5460

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="668.22.558419735\1225240323" -childID 18 -isForBrowser -prefsHandle 8836 -prefMapHandle 8840 -prefsLen 28271 -prefMapSize 235121 -jsInitHandle 1048 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {456353a7-e26b-4d07-811b-934d28fcf6fb} 668 "\\.\pipe\gecko-crash-server-pipe.668" 8800 1ca39362258 tab
3⤵
PID:1940

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="668.23.1541855184\1942641412" -childID 19 -isForBrowser -prefsHandle 9084 -prefMapHandle 8340 -prefsLen 28271 -prefMapSize 235121 -jsInitHandle 1048 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e048d54-131f-4f43-b030-16083dbb665a} 668 "\\.\pipe\gecko-crash-server-pipe.668" 8364 1ca26e70d58 tab
3⤵
PID:236

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="668.24.1219115434\619713974" -childID 20 -isForBrowser -prefsHandle 9128 -prefMapHandle 9124 -prefsLen 28271 -prefMapSize 235121 -jsInitHandle 1048 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33d126c5-8465-4513-9352-e12c13b43be3} 668 "\\.\pipe\gecko-crash-server-pipe.668" 9616 1ca3bf4df58 tab
3⤵
PID:860

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="668.25.1567674673\1465248387" -childID 21 -isForBrowser -prefsHandle 8184 -prefMapHandle 8188 -prefsLen 28271 -prefMapSize 235121 -jsInitHandle 1048 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3016c0a-abb9-449f-8775-b61cb2a285e1} 668 "\\.\pipe\gecko-crash-server-pipe.668" 8172 1ca3c3a9658 tab
3⤵
PID:4220

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="668.26.814313278\1223999921" -childID 22 -isForBrowser -prefsHandle 8960 -prefMapHandle 8488 -prefsLen 28271 -prefMapSize 235121 -jsInitHandle 1048 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3dffd45e-e1f5-4ef4-8d43-ac38c59d60e6} 668 "\\.\pipe\gecko-crash-server-pipe.668" 8440 1ca3cdd1358 tab
3⤵
PID:3292

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="668.27.78933908\716643098" -childID 23 -isForBrowser -prefsHandle 7992 -prefMapHandle 8000 -prefsLen 28271 -prefMapSize 235121 -jsInitHandle 1048 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9393a95-3137-4035-ac8f-d109830bfd83} 668 "\\.\pipe\gecko-crash-server-pipe.668" 8012 1ca3b835958 tab
3⤵
PID:6792

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="668.28.875260230\562406092" -childID 24 -isForBrowser -prefsHandle 6980 -prefMapHandle 7776 -prefsLen 28271 -prefMapSize 235121 -jsInitHandle 1048 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd2391d0-b698-4b56-823e-43d8a68b01ca} 668 "\\.\pipe\gecko-crash-server-pipe.668" 7792 1ca3bf57758 tab
3⤵
PID:6724

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="668.29.1344950928\958408488" -childID 25 -isForBrowser -prefsHandle 8592 -prefMapHandle 10492 -prefsLen 28271 -prefMapSize 235121 -jsInitHandle 1048 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdf30848-4ab1-43db-9bb8-dd1b8d55fd33} 668 "\\.\pipe\gecko-crash-server-pipe.668" 7796 1ca3bf57d58 tab
3⤵
PID:6732

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="668.30.1970663762\2011984495" -childID 26 -isForBrowser -prefsHandle 7476 -prefMapHandle 7472 -prefsLen 28271 -prefMapSize 235121 -jsInitHandle 1048 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca5ee1cb-f32a-4545-9802-7ebe1d48e26d} 668 "\\.\pipe\gecko-crash-server-pipe.668" 8528 1ca3bf59b58 tab
3⤵
PID:6740

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004F0 0x00000000000004EC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5912

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:6024

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\activity-stream.discovery_stream.json.tmp
Filesize
25KB

MD5
93e7446d0f3f3c84b8da2f3e6018a85f

SHA1
537db5075f476fa2106bb9f8b91b475031811cef

SHA256
a76f763f25b114a451ef9f58c02229a2c4edee87141c8d8db119c988498d4347

SHA512
7825f4a37e957538f10e1b6cc471faba7a37f6cd5711c09453e9fe6f77caffd54f69050af1607e7aa173f2a94fc1ecb32003c8e269b545a928a9706719b3b2f0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\cache2\doomed\11889
Filesize
8KB

MD5
5c990c012b393e568fd52c849e3b32bd

SHA1
daf0ec19ad42339eabf0a4a532c49ace96ed3b24

SHA256
3b1f074018cfa6e34ef3bd5ae451275ac82bc14c388ec2a43a3af6501de3e003

SHA512
aa0608f0322d064071bedb5246274b8cf338abffbd0c5413105282467dad3e835f01636a781a23397eddb71abd685c90c09320b8efd26e2f207e3c7e5acec14a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\cache2\doomed\13123
Filesize
7KB

MD5
8c89c01d2b8bed4acd0ae492f3ea037f

SHA1
83ed2b5e16708714f004cdc276d9f2d073e35d49

SHA256
ab18d1c79f46cdb659e472d9d554bcfe6a165b00d17a43998650db472496bae0

SHA512
7e33f851a4bf58cc25254dd823a496ab032c55a6b85160cd6f07bc8af6f06f2bc35a970123d8b114eb0a118867c88955f21d5ed50c99dbb2b1f3fa04bebcf07a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\cache2\doomed\15604
Filesize
7KB

MD5
f77f3fb2a1a33b82204d3652445be810

SHA1
8cf3e8f826fbf303286cab28bbb7e14bfccc13ed

SHA256
169ca8ea1a96fd21d6fe41f60502fe5d48d0781fa01763476e07ae5f72a89d89

SHA512
ffe21fd31065c60ab7511173e41dfe1d22e79057d94529ecd76c89e43f642f55265bea70a508176b03263412dd2c4829ec584c2ac0f7d2d0bc1cdd704efc655c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\cache2\doomed\17400
Filesize
10KB

MD5
f390e51fc26e02a151e56fa93b7aa5cf

SHA1
6401f7c7172cdcf2ce4d8605259596c5d9fe72f2

SHA256
dcd8099cb2f3c06d521a003c7dcc07616a9f7f9d22886748de09f2f7eb3d12e8

SHA512
bb518485212710f450c2935cb700d8c1fe0e6d1a30e9a2194abf51bc4e80d1c14c0fffc45dd2907907436ff754890d622e2bb1551cb5a51de7281ccda72c9c86

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\cache2\doomed\19891
Filesize
7KB

MD5
806f6d79fcb6aece750d9d0127243e0c

SHA1
33ed02b88ccca2fd0727e53125a9b2ec5dc09c10

SHA256
43bcd722991a831acf6a3b75e931505031207670e683357a8493d2bab8dac2f4

SHA512
6c4aef42a278eec6269c4e2b74bad8239d45fd1c4b063ab87f80a96cef40df18530b8f8b6a035058e90baeeab8a2f3147950528ad02569518a9bcca136d92053

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\cache2\doomed\23156
Filesize
7KB

MD5
626571dc9899d4a1c981a79970db8fb9

SHA1
14fa7a86af0869cb18427bec1dd5abf2a9d507f8

SHA256
cb8c059c91a7264e2ad3b1d550c96a25e9450790149cc10fa25815a85a34679b

SHA512
1a3bd22607cbe56cb4b6ea7fc837c0c22b54d3e447b79c367acf71135766788e3317ed2ced1d2eb99507f992d4f378d5ae3de8891eff492caa154d9cf3995d7e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\cache2\doomed\26688
Filesize
15KB

MD5
657b0bba62477f8c751bcec2236b0a70

SHA1
179e8c8cca6a2540fc026e8152ada1f311ee91dc

SHA256
20eb7f115b721c7cc674e9a14a20dfa6d33f48cb0c559f4ad98bfb55269eb172

SHA512
bf509f8ff8c49b78d3b28d8090dd2e5d721959bd6ea4e16d9b19398204c0f5fa6846f06aada869a6bfc97c3b3573a2a2daca8680a8d6c307e9395788abeb8b1d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\cache2\doomed\32219
Filesize
9KB

MD5
2621a184791ef2e2feb60442451f80bb

SHA1
1022fa37a57a3797a45e58515ead4849a0ee1d3d

SHA256
608e593730ce49b9670804b8f1503fba01ff3568e43c43834e0415ad3893b10e

SHA512
a32e121be8e2153ca32b49dc91553dc4f76959a68136738e6781be25123422ed4d38889bc903b03ac35b73f56cd24eb952717ee80160738e4f3e4293bbf78c34

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\cache2\doomed\3500
Filesize
10KB

MD5
877f08444bab3ea08a0bbd196a423ed1

SHA1
6544cdaa84bf803bcd80318fa4304ac9d6c2c8ad

SHA256
a6211d85bf0759bdc678339ef1a105fb628efdd9c990371de478706808fc7bd4

SHA512
48389055f996129cd2ec85fa7e136c41ee74dcfd2939cf3044c69a00634136888f53d0f879c5b9639adae11a661e8172bc497de39ca6179931d70428be2a69ff

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\cache2\doomed\7939
Filesize
7KB

MD5
f25b5706fe20a59c1a73a6fb11aa189f

SHA1
4d6a68b80f735fc6e30bbcdeb897d8da5c2bb874

SHA256
e31ecc6fb9d7006fc76086e3cabaa5382a79d2224829966b2b0f92c26befb537

SHA512
f4f9bc05e84600d5e9148e3f4eed34461590ee2f840dd2fb93c3198487756a65c62084f492177030b1624d65723524e30618835ef1ec7691c16afc2697d1f232

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\cache2\doomed\8960
Filesize
10KB

MD5
083ff8b08a686c17d57866f3a402d423

SHA1
351fe29f030443e2301d14416ba2813a792840df

SHA256
07fde1e54f6b9a2d8f78183b04f620dfc4db9ac807c7874027eab4ac466e83f5

SHA512
deea10c412333aea2717edd26045e0b05f01d19c152e81fd653c2d6a526e96a6740f9d9802b3c3191b6f3a7fec77a9377ea08ca8190b1415223af5a23eb52043

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\cache2\doomed\9297
Filesize
10KB

MD5
08554b261e610ff27b54af1af6527026

SHA1
81bba7b4fa1476caf6353fbf23110875fcc49525

SHA256
4f779ac4df32109c6da32ffc9fa729e4d9f169c7c16e509b4786a4ffa56f80aa

SHA512
20a7b687381e8d5d83d99973fc174544a5c5c51eb8eca4468d50cf9b1db123ada6f30ef62242c05848059db8782a1e63f3c2fa81bed09e8f41f21a868d174f88

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\cache2\entries\615756B5ABAF82CDA9D12766E9EB7EFB26EBBAD7
Filesize
220KB

MD5
c11ddfee513c0d0b3070956b89cf8351

SHA1
48c1ff5e33cb8694715209136d9ceccedd25843e

SHA256
2fe8667ae30f2edd857494efe93ef19cb813f880db4261a7b031b04dc8668581

SHA512
1182d1164253ee370d68de8474667ac673cea8d127d893efca85cdd5ca318ea370d766ba2d76d8b01ced894e8f790b8026510f596dd6741e4da627963c07ae34

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\cache2\entries\D32D070B851EC148FB76706DC67B363AC7102860
Filesize
13KB

MD5
94f954d7917b1c7ba61714251ddbe57b

SHA1
f887420a8e015d92ff27a7bb811607c04cffde22

SHA256
1d274cd293132436f66bd9f480dc2e517169be2c40137c42134549890ba5cfb7

SHA512
4a5dc002143729256580e9ba742decff5032fa0b06b12ef579e310e8b95a9af61ee9de088e4b7dd94efc0401514f35a875e4c45eea1a9529241718c0a8d7c971

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\cache2\entries\D32D070B851EC148FB76706DC67B363AC7102860
Filesize
42KB

MD5
4a7189c624fe0bd6b20c93a184a9f5c1

SHA1
f89dd1cc965aca0f8bd699e3ccbc941680e07303

SHA256
db5ec2a3cff04c92fc3fa110e0ec6b7c942e5964bc576c3f42e767a05a0b3710

SHA512
37342f79c9993f52154a3c1d99f9cd5a6d0874e773dae7e3a4e91b20bc7239ac712e605d0c88e45e0fff6f5b7746f712a0bc4051abb5c9f02bafbe3e2dd65882

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\prefs-1.js
Filesize
6KB

MD5
89326a6e7976e92f6f6b61a73f63903f

SHA1
e7c70e7a5ce12a32deafeb844ee951b3738ea414

SHA256
b529ef8a94f28c9ab1cc26f8e6433f331e6d44158490ed895d98c32e26afb8e6

SHA512
adb4d1c8414e33936e289961f98a1209536abe88dbe9cc8e10fd9d94f48fae3f11ee9dbddf5cd0bbd85f9d094ac7a4be9bb1966dc00f666d4596f8d8bb7c6298

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\prefs-1.js
Filesize
7KB

MD5
162a174427e24ccd8fbffd7f88d5cb70

SHA1
3437d19710c7efcf1995906970d1a610e60ea98a

SHA256
f3f9f735c7c959ba6add5dcc0d75696d1979a4c90b4773027ba3a950c4b4294c

SHA512
7b8a74c6f44db07f0c4a7b957f772bf4d6c75e0cb0bfdfbbf3cce10c8ea3d752ac019778945aafe4970d554d6f5305585f324055e3970d4e70294eff28af0ce3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\prefs.js
Filesize
7KB

MD5
be4ccc018636d6476b56af9a81856271

SHA1
c2449333216371e74f376e7435e0fe33ccb35f35

SHA256
9487f36f99d2f95765f97cc3538aad171c0a11816c097bce4b643f62bcc63e93

SHA512
20ec852cb1b8bfb2d25523f53ecf26696374da671d77390ec643c8e8694731e0cca529d0e3851d4d2008bde9126f2226f850b5d9e7c88d47b3230fb94476db68

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\prefs.js
Filesize
7KB

MD5
74ddb176d8487c582d2cdbf9e2dd7e9c

SHA1
76b216fa9a6dfa04f463f993e803f49e5916f479

SHA256
72ebff400e0db2b0c365d3bf5d2270df9aaf48902b87c35423991a3015802620

SHA512
1d48c34608de17cb12d9aebebd2d293c92fe468ce01b95dd7e4b7430afe3812243f433c3f5feb301139682db0f0649baee961fed13849962f9bfecf1aa958618

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
8c9395378ea72206a26224bea7692b4b

SHA1
14f836ddb57f6b3b478fc2fb47f30378e9d799f8

SHA256
8ecdc9180c015a7f825d4b09f9dfc2810230e4e1ab0837f0a048b2dd09661a9a

SHA512
bbe3b01a75af4beb8cfc75999ecb7ac37fe6c490ffb065a67de1d23068551b1c1635ce42500a4945374e90a726c1cb2276dd28f42df36314903920b4b69d0b8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
7KB

MD5
a37a59fdda84a65ff6bd5fffc08f15b9

SHA1
a55a23dca10ef13d21a4269a2c9342e1d55000ce

SHA256
3655253162a39730efd7c063119d6999b294b05018af8f42821d8780a8e09cb8

SHA512
2672e1e37cb27f1017f80a7229a0ac6bbb80441215727e47ff02e2e87ea1b2d305e6b115abef3010430cb29f40d8f7896e6b9627b886bcfb0b0c7b5ff6c490b8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
6KB

MD5
c9a342a6b6638c777bcdea09ff8daf83

SHA1
4744297ca307cbe349793a1e4c24872f3fce43d4

SHA256
182e8c2e92e6409869d2e4d1cb8281252df07e5cf9c7f24696b8d8ac9c6991b6

SHA512
53024e09071629e1a594cb26584a0072ee736a0f3cb95f0e6852420579c98b426f0d6eb4b20819a7457ceed23918734a72e02ca51dc81d2d4ef64639d0972e2c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
a59e25bba51be532a44b527ded557c75

SHA1
62c8186f0f10fff643dac73ec199a3fed4a501ff

SHA256
de1d09724c41a4413ecc0a5f3ffa28b5c116b8183963445133a20c1eb9e3eac4

SHA512
2578b7853c8f8c4ece38404795f628dcc1a9e5b33b733abc1665f2978f15fc8c75d7b0692cd0d340bb2c53164f0463360490d5e74dd8bcbc750eace33636811c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
9KB

MD5
4e050d6719be5941744a27f0ae08b03b

SHA1
f76a828e15f2b659a7f00005dd03c7c0945c0926

SHA256
ff9e7a4be220b92d99fcf224e818d1b2cc9c99e868a9fa56012bcaf5ce7f7521

SHA512
f0c7b9af6c68e7f6f6996990707ba4f48229ee11f73e6b70d4cdeba58539841f5f38e0744c80b35a3fbe81441c271c97f83c6273db538e13ab0904f1545ceb3e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
5932ba0f09edafaa1edaad6eb6d79078

SHA1
8c623830e4550ba2b9231dbf95398fa5196a2edf

SHA256
e0fc3926204d4a72678edf55862e710b2fa9e96dc426677ec5d147529435db6a

SHA512
e060fa54f92ffbb65c0275669b3db6877ed421230cc3c74bdbc32d410aba105321690dbd6d0dd749c13c07370a307f98f7ce16e8be2fdb19991305ac21a600f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
19KB

MD5
a4e94bacd6d512524bdc7e833ad1e512

SHA1
6661b6bb074881cf2596f89536617e674746f0b4

SHA256
3abb986c8c8b5e8415cad59900215813ebf29bf8a2df98a550afbea76eeabb3e

SHA512
3dee1af9f139d4ad609d72d464e0c02382e5c918b517c83494ff1af340c9d6167dd3467ec1ff9177574fad91d178803d062c2aa04d2e14f7e9672178893883fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
5KB

MD5
44d33c389cb7dac6f8b996b679e90502

SHA1
f412c5eba58aa178dca94de31a72c712aa60d02a

SHA256
11b41c390205842ee2cc1fa2f9d7c89fbc22e34bb9c959135069cd1a10311127

SHA512
f00448eca80c7917d97029619482b3c9d8298e5f5d8fa538bb7ab9a01fb62d71665cbe8965d038218a3abfdf2ecac4f7ed32d7b6c4c425441db6d728179ddf3b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
6KB

MD5
1ca9a782f618787d52762920632eb951

SHA1
cd25df0bd289519c031653baf442d48a8da82d96

SHA256
e5440866ae1ab5b38db9d66001a006472a00354acd9122c30842ac3ad1c63768

SHA512
2c7e6cb89d0b98fb301fcce299fd8c780f95f3c910df419de5de41cb823ed5d8dae0c18c57a2d0c57cfe384222533bfbc8cb5aaef9fc044c014cce3fdcefb6e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
19KB

MD5
4b894292144a7f19323257e33b348f63

SHA1
d8922f9168da67f29e277821c11a3fe2fa472793

SHA256
2efdf65ce92d15d3808ae2944b55a679c164f8c8fbd9f08db6ecd0c9fb07ee3c

SHA512
ba78e6f0ef20fb820afebe5fb53418409c30bdc136a3d61cbf5a60cfa70a855d1a4e0301b8a396cfe2d968e6ae07de622a2ed22088cc7c7ac690ce71165f3596

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\storage\default\https+++www.youtube.com\cache\morgue\49\{0c3b6f0f-3d80-4256-bf9f-cc0c8ac77031}.final
Filesize
192B

MD5
2a252393b98be6348c4ba18003cc3471

SHA1
40f75302fcbe4a8ac2e33a8d9daf801abc2a9598

SHA256
04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee

SHA512
07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\storage\default\https+++www.youtube.com\idb\2523612501yCt7-%iCt7-%r6e1s4peo.sqlite
Filesize
48KB

MD5
25cfc7019c83a3161d4268159046b03e

SHA1
9cfc0d5f950726cb5f2b998f60a60d4d1633bb0e

SHA256
7ec59f649d92917b5d68ab7ba843abd6882fe9b506e8ed8cf5003512349c66ca

SHA512
93016ae67b2c8baa829729470930213fda738817ebafe882a2c4b1eb792c51de9f9b8bd500ef74033c67b02b5ae4f562961149ec01b848d47e5d521fa1bb83fa

Download Submit
C:\Users\Admin\Downloads\S0LARDfgjNFjfwu327fwg3huio2S
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\Downloads\S0LARDfgjNFjfwu327fwg3huio2S.Ou12c4UZ.zip.part
Filesize
64KB

MD5
a74865beb901b28917ad987deb874a6e

SHA1
bb55b9c612cc4ff4fef89a19cb18cb157ba32acc

SHA256
dad1c0468251b244042016afe9e4dbdbe39865bae76a27eeba5f1f4cbda4904e

SHA512
34c89ce18572b914d51649a2b8eb9d3abd241cae2ef01021cc06fdb1ce6e534b34b2dacc3c16ddf25cdbbf13c4c2d720ff5a239d2dca88b438ce594160925bee

Download Submit