66cf9aa479bdfc53f9255343b6421ba5c69149723cc9ef31373a0d0a31379fcf

Analysis

max time kernel
1800s
max time network
1792s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
30/03/2023, 05:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

penis.exe
Size

437KB
MD5

7353f60b1739074eb17c5f4dddefe239
SHA1

6cbce4a295c163791b60fc23d285e6d84f28ee4c
SHA256

de96a6e69944335375dc1ac238336066889d9ffc7d73628ef4fe1b1b160ab32c
SHA512

bd98c8aee1138d17c39f2fb0e09bf79ef2d6096464ceb459cc66c5fb670df093414a373bbb4b4d8e7063c2eacb120449c45df218033f2258f56bec1618b43c4c
SSDEEP

6144:+srKopvMWwO9sV1yZywi/PzNKXzJ7BapCK5d3klRzULOnWyjLsPhAQzqO:BrKopEW2KXzJ4pdd3klnnWosPhnzq

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\4183903823\810424605.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\3877292338.pri	taskmgr.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe

Checks processor information in registry 2 TTPs 13 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4120	penis.exe
4120	penis.exe
4120	penis.exe
1352	penis.exe
1352	penis.exe
1352	penis.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 16 IoCs

description	pid	Process
Token: SeDebugPrivilege	4120	penis.exe
Token: SeDebugPrivilege	1352	penis.exe
Token: SeDebugPrivilege	1304	taskmgr.exe
Token: SeSystemProfilePrivilege	1304	taskmgr.exe
Token: SeCreateGlobalPrivilege	1304	taskmgr.exe
Token: 33	1304	taskmgr.exe
Token: SeIncBasePriorityPrivilege	1304	taskmgr.exe
Token: SeDebugPrivilege	1848	firefox.exe
Token: SeDebugPrivilege	1848	firefox.exe
Token: SeDebugPrivilege	1848	firefox.exe
Token: SeDebugPrivilege	1848	firefox.exe
Token: SeDebugPrivilege	1848	firefox.exe
Token: SeDebugPrivilege	3304	firefox.exe
Token: SeDebugPrivilege	3304	firefox.exe
Token: SeDebugPrivilege	3304	firefox.exe
Token: SeDebugPrivilege	3304	firefox.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1848	firefox.exe
1848	firefox.exe
1848	firefox.exe
1848	firefox.exe
3304	firefox.exe
3304	firefox.exe
3304	firefox.exe
3304	firefox.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1304	taskmgr.exe
1848	firefox.exe
1848	firefox.exe
1848	firefox.exe
3304	firefox.exe
3304	firefox.exe
3304	firefox.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1848	firefox.exe
3304	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4120 wrote to memory of 1352	4120	penis.exe	67
PID 4120 wrote to memory of 1352	4120	penis.exe	67
PID 4328 wrote to memory of 1848	4328	firefox.exe	71
PID 4328 wrote to memory of 1848	4328	firefox.exe	71
PID 4328 wrote to memory of 1848	4328	firefox.exe	71
PID 4328 wrote to memory of 1848	4328	firefox.exe	71
PID 4328 wrote to memory of 1848	4328	firefox.exe	71
PID 4328 wrote to memory of 1848	4328	firefox.exe	71
PID 4328 wrote to memory of 1848	4328	firefox.exe	71
PID 4328 wrote to memory of 1848	4328	firefox.exe	71
PID 4328 wrote to memory of 1848	4328	firefox.exe	71
PID 4328 wrote to memory of 1848	4328	firefox.exe	71
PID 4328 wrote to memory of 1848	4328	firefox.exe	71
PID 1848 wrote to memory of 4840	1848	firefox.exe	72
PID 1848 wrote to memory of 4840	1848	firefox.exe	72
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 592	1848	firefox.exe	73
PID 1848 wrote to memory of 1656	1848	firefox.exe	74

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\penis.exe
"C:\Users\Admin\AppData\Local\Temp\penis.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4120
- C:\Users\Admin\AppData\Local\Temp\penis.exe
  "C:\Users\Admin\AppData\Local\Temp\penis.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1352

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1304

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4328
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1848
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.0.184380238\953698152" -parentBuildID 20221007134813 -prefsHandle 1644 -prefMapHandle 1632 -prefsLen 20888 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a786b7a1-7c65-4106-acdc-ae42207db85c} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 1716 232b17a5858 gpu
    3⤵
    PID:4840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.1.862365793\689977291" -parentBuildID 20221007134813 -prefsHandle 2060 -prefMapHandle 2056 -prefsLen 20969 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd55d4c6-a231-4f1c-9c88-e229bba2414a} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 2072 232b050e558 socket
    3⤵
    - Checks processor information in registry
    PID:592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.2.1940317805\1125222483" -childID 1 -isForBrowser -prefsHandle 2860 -prefMapHandle 2856 -prefsLen 21052 -prefMapSize 232675 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcf1f346-5203-4469-96b4-31a7d13faa28} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 2872 232b44f9958 tab
    3⤵
    PID:1656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.3.543840628\691923852" -childID 2 -isForBrowser -prefsHandle 1368 -prefMapHandle 3184 -prefsLen 26562 -prefMapSize 232675 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e353a604-4766-4ec5-97d7-e5455ede3e27} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 1280 232a4e71658 tab
    3⤵
    PID:64
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.4.831075956\2133954144" -childID 3 -isForBrowser -prefsHandle 3688 -prefMapHandle 3684 -prefsLen 26562 -prefMapSize 232675 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7df1d164-b08f-4d9a-b6fe-6702959f61c3} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 3700 232a4e5d058 tab
    3⤵
    PID:204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.7.490973633\1008428236" -childID 6 -isForBrowser -prefsHandle 5032 -prefMapHandle 5036 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8ff8fb0-90ee-449a-aba8-59ad15d51c08} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 5116 232b6e0d558 tab
    3⤵
    PID:4292
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.6.1135101247\765278470" -childID 5 -isForBrowser -prefsHandle 4816 -prefMapHandle 4820 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3d5e9d1-5859-4dce-9df8-0041f44632df} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 4900 232b69c2858 tab
    3⤵
    PID:5092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.5.1263085212\195245901" -childID 4 -isForBrowser -prefsHandle 4684 -prefMapHandle 4680 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1041cd35-8d8c-4898-ac1f-bc8be63ea0dc} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 4692 232b69c1358 tab
    3⤵
    PID:2072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.8.1195681601\1454729136" -childID 7 -isForBrowser -prefsHandle 4636 -prefMapHandle 4592 -prefsLen 26798 -prefMapSize 232675 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {58bcc71a-62bf-40cf-b1ba-f6ccde8e9ca4} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 5664 232b84e2558 tab
    3⤵
    PID:4848

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2708
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.0.906739145\79421415" -parentBuildID 20221007134813 -prefsHandle 1640 -prefMapHandle 1636 -prefsLen 20888 -prefMapSize 232727 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b9e234a-8cc5-4fd3-b7ef-56405eb17e5e} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 1720 264fe9f0258 gpu
    3⤵
    PID:4684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.1.1405829455\582591937" -parentBuildID 20221007134813 -prefsHandle 2060 -prefMapHandle 2056 -prefsLen 20969 -prefMapSize 232727 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5ac9abb-0c60-4e41-9b41-610804b973de} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 2072 264fe8f2258 socket
    3⤵
    PID:3024
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.2.264528311\154454169" -childID 1 -isForBrowser -prefsHandle 2680 -prefMapHandle 2768 -prefsLen 21052 -prefMapSize 232727 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {569faab1-6c07-49f9-9e0e-b793d6fd37de} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 2676 26482a0f158 tab
    3⤵
    PID:4968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.3.1824624059\3184301" -childID 2 -isForBrowser -prefsHandle 3324 -prefMapHandle 3320 -prefsLen 25743 -prefMapSize 232727 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cf36c04-ae28-4836-b41f-6b4bb4951b08} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 3368 264f385ee58 tab
    3⤵
    PID:1072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.4.2133289725\984580770" -childID 3 -isForBrowser -prefsHandle 3704 -prefMapHandle 3692 -prefsLen 26523 -prefMapSize 232727 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e159e53-4564-4483-ac6b-56541cd739b4} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 3716 264f385fb58 tab
    3⤵
    PID:380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.7.1042963729\232255495" -childID 6 -isForBrowser -prefsHandle 4584 -prefMapHandle 4588 -prefsLen 26604 -prefMapSize 232727 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4de4cd7a-b636-4d10-8844-0649447c27d6} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 4576 264f3863e58 tab
    3⤵
    PID:4848
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.6.574267892\234586716" -childID 5 -isForBrowser -prefsHandle 4440 -prefMapHandle 4436 -prefsLen 26604 -prefMapSize 232727 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a8c352e-85f8-492a-be3d-855fb713d7b7} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 4448 26484426958 tab
    3⤵
    PID:3976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.5.1367369916\2114429269" -childID 4 -isForBrowser -prefsHandle 4236 -prefMapHandle 4232 -prefsLen 26604 -prefMapSize 232727 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e1869e3-4a32-416c-83c3-4d1f9db02ad7} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 4244 264840e3858 tab
    3⤵
    PID:4384

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\profile_count_308046B0AF4A39CB.json

Filesize
117B

MD5
2784d51e4de83905a192d576e432caa9

SHA1
1e9208a955ca20407f1bfe80f4d71c12a4a4ba38

SHA256
0400a0db5c6121ea4a03fdd6f0449c42096470b2142844f47c3c6905d7a88447

SHA512
597ba72b554c793ed34d8ac9c3ba8f217113b83baa5774432e3a6ef4848ef6488707104cc672a245dd5e7334fcda3e2d66b99b79154253c46d0adc6124f221ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
50KB

MD5
2143b379fed61ab5450bab1a751798ce

SHA1
32f5b4e8d1387688ee5dec6b3cc6fd27b454f19e

SHA256
a2c739624812ada0913f2fbfe13228e7e42a20efdcb6d5c4e111964f9b620f81

SHA512
0bc39e3b666fdad76bcf4fe7e7729c9e8441aa2808173efc8030ce07c753cb5f7e25d81dd8ec75e7a5b6324b7504ff461e470023551976a2a6a415d6a4859bfa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\510gyhsb.default-release\activity-stream.discovery_stream.json

Filesize
152KB

MD5
39547c09855d0c5b126db60b26e67be5

SHA1
d53a56eed712fecb0a2c942ebcc892e14c882ba0

SHA256
1871bf6a3b03e8378d675ca1eed079cafea4af1dab24a5ef83fdabbabdc90cbc

SHA512
8b225ff43ae33925ae58545bcb47af5bdfe24e0016342f6e3b767d280d62ee48e76662191caebf6fbc79901ccdb04295e95413ac7bb090a329ac91fbc01191d3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\510gyhsb.default-release\activity-stream.discovery_stream.json.tmp

Filesize
152KB

MD5
a554ea761d26f53c8c4cc2845fd10251

SHA1
02339a1d587801a5e4e685dd7747217a2ef1caf2

SHA256
28fdf0fba4c0e7327695872d952b13d3473f4e2433ad705c688d011a158ec719

SHA512
99bc3c38d657a323cc28c69a00e2fcdc87cd2e054d3883fe998f92a5a308108d00b373478ad8b9a435633bbc61a8f1ea9f3ea4e873429ac86756cc1509b99e88

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\510gyhsb.default-release\activity-stream.discovery_stream.json.tmp

Filesize
152KB

MD5
d998882b617af7f6804ccc898e1b2f29

SHA1
fcdc88225e9478da529556886bfa84938e8d7a78

SHA256
d3f552b46fdadaee3fbf26565fad542702e653ae84a8a8b4e741b36407ef3b8b

SHA512
6401981cabcdf17d89d706dbc0c512baab844cf9670fbd2716f9b02d8a9b4e8d3690f926abadcb1ad06ae1722de6beebc3593750b867b0618be214ea41c55a08

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\510gyhsb.default-release\cache2\doomed\10126

Filesize
9KB

MD5
251f7b47cedd11e16f59234b35d42ada

SHA1
d9ef42c9d923f2c5c0045f855bcde152b5bc2868

SHA256
c9042980bc35eaedd1c6a58846d40aabde6737f27b8498de1a793d158ad38034

SHA512
fbbf7cda0d4ffbf6bab8ea582ae89c07f3510e530addf3d4273f023123083e2ff0166a64442c0007f094db2fc0312f931b74d55cd56eb7301280242a0c0f3577

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\510gyhsb.default-release\cache2\doomed\13352

Filesize
9KB

MD5
3daeaf3c118e0d3697ed3e2a1ae2ec8c

SHA1
4b9209e4427e89ae453cdf09a5f48ed462b76d6c

SHA256
85c7eee569cd1825eb5c440edf9575c7bef7a1ebd4211849f5ee4d02ff8a8453

SHA512
11eb657b9a3fab8d0ad274aa4e4f931716c3f770c6eb2a1166b31d91f30a599a8c0fc393176aca02fc3cb3e02f82e6ba7eff864faf0b3aa8e575cd6a7f67353c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\510gyhsb.default-release\cache2\entries\197E28B3E7088CA9CF33EEE70E788459DE2ACB55

Filesize
30KB

MD5
94e3c54ecba2d5405352d54b3e5fea80

SHA1
0a9b4d289099cf91980cb4d1de6901e01464868b

SHA256
dfb6e0f5debc170f32c6d34136a5eae8f5bea31e86d9804ef5b84645a78aff36

SHA512
cb6d22b08e514835dd6dd0c3cb7e9c309a0da91dd5c63bf5545df83e5678425b4e9c87c3485f7d75d8eae9906f377ea65ca41b62e26213da6ef49b4fc63f7ce4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\510gyhsb.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
15c26988f8560f6eda4fd5e1db8ada3c

SHA1
9914185c73f69e8839ad014354d5c33c7b28f38e

SHA256
a44b52db4b35171caddd685b767fafe33ae5459e640bf7806f750f7302c15552

SHA512
8299087da24f4f7a4c19aa3af25067ecd66888fe36519615db961a33b6f2491bf7237c0f61f9d3854019d7ab51cc59c62a4ef8c75e684349f46a3203e6c91802

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\510gyhsb.default-release\cache2\entries\38FF788A718C79DDC3D1E23EAA975517D9BA3BB0

Filesize
9KB

MD5
5834288e4f665d2faab0b806f9264ada

SHA1
e55a3e1d083eee93ce2cc924d5a7d8fa98b4ed4e

SHA256
3c39e2fe77e23c8a6aaa0b00339c2298985ae709e7f9baa66ad4f9dbbc3e6485

SHA512
69bf3cd4969fa8bc0ca62863aa254eefe6c769728c3315aa77d2f44aadedebe9568301d82ec8efd019993ce822f66afae6dd5458a7f98266214c89983b0a5597

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\510gyhsb.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
9KB

MD5
17f45b08b645c3fdc7ffc3a8889ffba2

SHA1
6a3ebbe79d74df9bca4aae69bc188f27c1add4f7

SHA256
8bc3c0144d742591f40ed8d93158473592c84916b086508272fe583a5dd63d4f

SHA512
e026e408ae233e74f60b52be570531846d10ed7aedb6ed5c6a8c57a82b3ddaebf6821a8b11a5f9d0f2070958587515c638db7d9670cba94794d33e2f1db03335

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\510gyhsb.default-release\cache2\entries\8540EC873F08CBAD5DF5121BD3BABF95624B4A14

Filesize
10KB

MD5
af9c499382f08fb862a7791b22b0f5ba

SHA1
3a5b9fdd67a0f39e604158c05a631498935712d6

SHA256
710758399d4adf1d39f6ab089b567baa4fb639dc70411ad9334f316c59085c55

SHA512
765a9c09794ad188f9e3c805f4e1bcf281c93e24c43fe357884ddaf43be8a8487c9782222535c0902a4b245675be324e31b7bde14d0f1427dd55e9d652874dda

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\510gyhsb.default-release\cache2\entries\9648808B6C63CD1AAD97A7B68F84F35C95682143

Filesize
9KB

MD5
0081e3be6158e3770f579de277739628

SHA1
28b727d1dae868fe24fa7e61fa9c32ed8b49602b

SHA256
bffa46eb32ab3de1f4c5d12dd8925f94d1726de5a6af65ce60d6e977ce9814b4

SHA512
464d6a7f2573acca5508b86c889e64afd551252095b6733982301e80c225d088d711f624d07e9530666fb467a3b89aae7302c299d13cc4a729908f91ae39bfa1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\510gyhsb.default-release\cache2\entries\B4360309C721BD332442C137318108EA7B18022D

Filesize
10KB

MD5
4dc1fed2132434357310390834cabf48

SHA1
185ac3043a1348c41c9d1db90f29821943c6cc73

SHA256
c94da603a145483e88be002441e54f1fca09cb1629e370e6daccd940ed1c1f82

SHA512
b2ec42e5425cbc241f83022616b261c25ca5bd74613dffa77374b35964e2540dad060162a8386694a7dd031ae7b55019be18e063381e066f7e445e2629638d96

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\510gyhsb.default-release\cache2\entries\CE30F9E7CB4E0D8AEB054228E581960CC2812E48

Filesize
8KB

MD5
e5ab47ca01975fe8b2c8f133fb9b46db

SHA1
4d36d5eac8d3d25a02e741b178ab794c0cf4dd0a

SHA256
c917c48fb2a575d844edcd3650229228e76be00cf681c253405fd7cd90175a49

SHA512
bf433ba8c5b6b6554232b98f40a470c445f3d5f63794aa506784a132153480bffd102edc935e181b76bd077b9c77cdb1f028da531e798fb83e537cc6f8b3097b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\510gyhsb.default-release\cache2\entries\D5594A2648EECD01993B5C42919BA64ADBF56052

Filesize
14KB

MD5
8560f0c61bf9414edc042fcb577631d1

SHA1
74429c653710a8932dc8f1a379a5b9d7ae2c618d

SHA256
4044774e053767ac0fda0754605e7378f283ad0a5fa291fc27d2cbb9816bc776

SHA512
6a5afe98bc828a37fa9856e1d9e021b7884793b4769e7a2ba1a0271e8b7ed9077d64617e724d24f18df4e71cf567ff712eca521f17819d6db072ff932ed56914

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\510gyhsb.default-release\cache2\entries\E78E3F76C38A478389988CA4F4C125CDF3D80965

Filesize
54KB

MD5
ae9e9038695296d6fe095c0b75e9e6d3

SHA1
6d1334ae4043a9e12cb659996545fc5c4cc4c882

SHA256
96f64386a844c9ee00f1fd334a35b0174ba99c03be2e1cb30002f53544a23577

SHA512
9907c5ee3949ed37492dc5194fadd108fe8aedfd8a07632e428dbcf2d8cf47ea6e72ab52a3d3e40eb8f34b3127d3140bbda0f9bebdd1c8e2752417a3865366b0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\510gyhsb.default-release\cache2\entries\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C

Filesize
240B

MD5
86b6c3388f020f3465464557feba5524

SHA1
db994ceefd1a65d902fc155ae9c28a8741208857

SHA256
1c8e83ba7262b48b1ed147e21bbe1ca9c750f7da5c7cf1b6d2237813af4aa0c6

SHA512
28a57dadb6547e3ffd175d3a0cdc16cb25c63cf9af8a74b858d503aacf56026d2091610e1731792493bf91acc1950f09b7f348363c623781f5ee3c1ad905489f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\510gyhsb.default-release\startupCache\scriptCache-child.bin

Filesize
464KB

MD5
5b6d9966d20791c38f3948d133bc4014

SHA1
e033078a3e395fa5ac0c24c92ba9e0d2f9129887

SHA256
181aa6dae48c54c9e5324f6810a4bab386f426d6d90d69f3c99fd03edbb77fe4

SHA512
568ec26dddb29f09c182b16af91f3b908e2890e1c3261547b70550827633719047ca0d7fbc0d2846c7bb1da1ef1a3ee278b4073567348d5d8e02417c8e439d88

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\510gyhsb.default-release\startupCache\scriptCache.bin

Filesize
7.8MB

MD5
4463068f7a5571728dba980ea449fed4

SHA1
996c7744a4a9988af815c2b62992ca0c641a250e

SHA256
988e6b9ebcf9092df0cdcf4d56560615e98b6f1cbc69b9d013bae0822b0999d9

SHA512
6cbf1600e7aebe4ed196e1d2e52aee803dd6e102d5d7886353b2502f7ea38dfbf558aac7c252b03b4ff9184312152e91ac01cc5df3271ccd925d98d493b51748

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\510gyhsb.default-release\startupCache\startupCache.8.little

Filesize
2.2MB

MD5
32a3938bbb0abae31a02154110db1741

SHA1
5850012c3c0a5d6dbfc0cce5db64208546a3040b

SHA256
ad9f0b3de4c29c459a2ba7fdd1b97ce4e95b538853b9add76823f4e021b87f13

SHA512
73cd4dd1e9f0e3eede0e2dced856edf0ec94dbfcceac39552feb9efbe7769beb3df4798104516b237d6bc9b2d4bfb6fd51bc192b834db63038b6f88d3a9fc579

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\510gyhsb.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
89b05a22d86771c6336c9f647974cded

SHA1
f876394d5d8bb976cc7205e61d4321716b2165aa

SHA256
2ceafccdd1e1649450b842a739897618a486377c7a92216b89c456c6268df922

SHA512
f5045b467bb28cf52d1b77e0e875e229644270787892a112e84a816977bfe88fd355f6891b35977ab9aa6ba24eff65027a150f7ede8350ff920e10b181150485

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_o2tnuf1t.pkm.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt

Filesize
13B

MD5
2593fb442f9897091da4ff51762c241a

SHA1
061af8e6632584148b084ab0dd073fe62b4a5322

SHA256
6d0f080fa9ea2744e0c23de07b9dd271665076135d72e59e561c875602aca340

SHA512
0777dd5683fdd8e08fb2226dbe11c3e730314e37f480088760263355978436dc2048f686621c39b3c01b5db4885f613605c56605e7e79c6857d16b0fbd406b5e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms

Filesize
5KB

MD5
7839ea5a85011fa96a9d33b7ed4038ea

SHA1
fa994dc898bf5aad884e906e98349ddb2a5a133e

SHA256
73a2fbcf8d3bf62e90185c40e64a5eb6090702421e9bc87abab6c224c47c087b

SHA512
74c3e82a69a87288e3830401cb7051365dedd69a37918408176fbd8cae2861b7f2853c1ac43038ef688d1af6d327830778909fa2bb7e9cbd92328e83a66935ec

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms

Filesize
5KB

MD5
233f4f26b864a94fc5d9a1d4bdd413cc

SHA1
b3e400f1a1a17e7093a269b05acab9bab7d7a7c9

SHA256
e61443ce9d45c03ff473dba5e79c677a80555faff1d65f8ec21e32ea6412dd5c

SHA512
57382d29e57b18f6a7992fbaac6710efb9652c70a3c2cde38d593a370e62c459fcd54a255f0add6c5f760d034213a48b3e67afce46ca7697ace89d013c350afe

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
2b6d04cca94f66d2bef3e42301101d9f

SHA1
8885bae888ac6c9904cfe196bc97f1be0283fb84

SHA256
945d91610936ea61791e4f603242b79312dc7c3955c4f94bf3d93b9944e36cdb

SHA512
63371536f8acf6de340c5c1c78a9917d0ff4685fa3807508ae261f74df3c2eb424323813eea528fbab52b00cf248a97386a44b45d7cc589fef4275ba2d56d258

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\AlternateServices.txt

Filesize
197B

MD5
e590115e096575e3431d215ff08730d4

SHA1
4bf14d6c1f2da52e60ab8832d479ab4165cc161b

SHA256
b21f8aa8f04c096fbff83be058902a1114c51ff518208e1d6092cf91d10ba25f

SHA512
78da0977d817ea92df4d06120bc79254261804886ee304a5e2e0255da6582ce6dd6eb711cf816c51f154d5e6ece982c17859b0a7d748c2787e9c26b0f64d97e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\SiteSecurityServiceState.txt

Filesize
407B

MD5
db2ac8d82ae3b41908286031388a6753

SHA1
d8c4abf84de981f41b7b8801d52a0f25c1c1b6ad

SHA256
2b987612bf79091080d7600d0a21eb5b69b567e4f55d86952cca26238f5943e6

SHA512
0d93e4399bc5a1e987b5ee31b7648e99ef76ffb7cc2b09d94e11ba4881b31e84654e27a9fcf67c8d5127eb944dbbc8f11c7d12062aab1105b095c01faa70e9a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
f250c684a241935c2794c30ae164ae52

SHA1
ea384bb1ba6744718b3bb8180800365d19887692

SHA256
ff08fca842608945bab874f225d809065a58d1eda82f37f80f727bff95bc00a7

SHA512
e16698db5705fb140ab0579c4ecbe51ba7fd2d494bf987c23bc5c46294e84749a3f1b43d0ef43fa75e7ce0d1b67ac3c22421717506be6fedb4dac49e2e7870ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\broadcast-listeners.json.tmp

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\cert9.db

Filesize
224KB

MD5
24a79e0449cca3ba108440cd753c45d8

SHA1
c6aeebc7f458340c850cfb703a0c7d30cb24f086

SHA256
de9fdf47d85882d9f8c94e252e2fb6e7db1a942a20bb117bc360734b8f31602c

SHA512
e07f8daa68f0c7bb000366ca7a36ef80597d36ad9497d449b0d9ecf056669d81c987a87f562fc42ecfd0102ff5d5fbd0aaecb0aec2ebb98682a97a561f691847

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\cookies.sqlite

Filesize
512KB

MD5
6d7dc804b14f9eb1062bda7ecfd5f622

SHA1
e793ba9f73fd8bc785000228ff36cd11fdeb68e6

SHA256
72eff2dc7d060b64a351d274a32ee26bbeb094739b7bca18508ce762ee219566

SHA512
85b005fcde3eeb0959519c2aed20b133d86667c48ccfd96761f9f519110a68b97216c8d6ed5c2d8ed5435116111615e867093649c974c1aad159313a6d169e21

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\crashes\store.json.mozlz4

Filesize
66B

MD5
a6338865eb252d0ef8fcf11fa9af3f0d

SHA1
cecdd4c4dcae10c2ffc8eb938121b6231de48cd3

SHA256
078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965

SHA512
d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\crashes\store.json.mozlz4.tmp

Filesize
66B

MD5
a6338865eb252d0ef8fcf11fa9af3f0d

SHA1
cecdd4c4dcae10c2ffc8eb938121b6231de48cd3

SHA256
078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965

SHA512
d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
1c3c58f7838dde7f753614d170f110fc

SHA1
c17e5a486cecaddd6ced7217d298306850a87f48

SHA256
81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d

SHA512
9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\datareporting\session-state.json

Filesize
161B

MD5
246b49cee33b86d1d2b18c8e4242f9df

SHA1
f815227bdf168c6b275a1256410ac1915aff8dae

SHA256
422f70734ec4e7b1c0d98c505fc9dd77fc64b9f4a81b53c05e75dd9397e09499

SHA512
b2e375c19206bbd66121784315463563a35fbdbfe7913334a63a76799fe49d4a300e281de7f8f834418ba12a50e2b0c6cd50200787ecb3c1c99506b890e559aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\datareporting\state.json

Filesize
51B

MD5
3e32e2cc1ed028dd8ff9b06f50a4707b

SHA1
b3910351bd8e13ad1479db699cf6fac6544a5bef

SHA256
4a3a666d98e61b5fe06fecac56807137a0fffb4bb71d4c3b16baa8702dde738c

SHA512
4585ee9ec04adf138727cd039a9cbe78db6cf2926f6ce92524312a42efd1250100848a919ec4b833f9a013181ce93734575b86eed37f1bf32effa3237eba84db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\formhistory.sqlite

Filesize
256KB

MD5
69d4b8b0aa63af040c465b8837337c44

SHA1
190aaf74a3795e7c2e2ca50bcf61b308bc8bd05b

SHA256
c1ef0883adaeb33e96e847bbeca46a13c6e2e5b3d4cdea51bc48e75073b84d6f

SHA512
807e854e60f93c5b19f7937d272bebb075410685d48a4698231bd099493226fe673256e4dcd42a92a2d5bbb3669db09352115cad48c3b3df8e39dd601315d8a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\permissions.sqlite

Filesize
96KB

MD5
02575d813df33f8f7d135f0a12680bfb

SHA1
cd6750e62f9dce59c14090815be20aeab32ccb59

SHA256
ceb84946475722946c87e93393c0886abc3d464697d509c5b46a4632807cc225

SHA512
87a615c1a4ff79e13b237760192487df6bb25b104b784a2d997928d1a95227636f56780364ce8435e93ca653d2aa41d662a8948a2bf26de32809de845c9c855c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\places.sqlite

Filesize
5.0MB

MD5
072d101be1f08df7f0c3cd64aa322d4d

SHA1
ce29b8cfc5f3114b7d96692949427e7d111490d9

SHA256
b136bd4a5c0f1822da583d6712f2620df78b3492240901981c3f984c31a49113

SHA512
0a796fd1b01bfaebcea05c92e526d7230842d31ced8ab2f74037aa116c9fe927e904670592f1faeb528377b3eb103dbcef7930a5a97c9197384cc2c85d201bf6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\prefs.js

Filesize
6KB

MD5
c205c8a6591363331cd60c7286ad4ac1

SHA1
7d4c89374e88116484984f5d0b5df0d59aa63ecf

SHA256
81db871d08aa9e5a991e6e04e462d416753cb92830860bca520d0c73d69b07c0

SHA512
fd09bd9b7d42c6bfa6e508c071d0a67caba2437ceb56e0088cbf72e85690619ba9e7a81f2bc9956405a93210e2c46b8ec4bbf5aa7341f382457a5926ab9cd7c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\prefs.js

Filesize
6KB

MD5
c205c8a6591363331cd60c7286ad4ac1

SHA1
7d4c89374e88116484984f5d0b5df0d59aa63ecf

SHA256
81db871d08aa9e5a991e6e04e462d416753cb92830860bca520d0c73d69b07c0

SHA512
fd09bd9b7d42c6bfa6e508c071d0a67caba2437ceb56e0088cbf72e85690619ba9e7a81f2bc9956405a93210e2c46b8ec4bbf5aa7341f382457a5926ab9cd7c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\protections.sqlite

Filesize
64KB

MD5
c85d1bbdcb2505d7f5c6bd0dd2b06492

SHA1
b045492af83bf1549827343014eae43cc0a817d7

SHA256
a5cbb5daa9ea1b98935ab288b6293bd08abab25a4576a400334c68e6b781c64f

SHA512
7343830acaff4a89de4a47e71e10f9a99539d075fcfef3ca0d9e9701f6a8fbfbfb8ad342764314a01a171a1acb3b3d5eb404817d40ca5b0a2444c06e8f925f37

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\search.json.mozlz4

Filesize
296B

MD5
033eb0645837c8b618a593f7b9a72642

SHA1
cf4c2e7ccaa275ee47cdd945a7bd1f8b57c61172

SHA256
3409fd08295094b37673d748a0374cf0afaecf1671188b2ed012626cad67a582

SHA512
27dd0743306b0845c06b3be3e3ae2f515777dced4bbf91a4864bb95c5873e2d6351d99be36d4762a2ba8262130c6d139db3f4f5272afb8717e02b09c1e39c2b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
f456cf6ee2c8891144b217d439a4027c

SHA1
b3d213f4ef1d54bfa29e844ebb028dcdf42f66bf

SHA256
8f1b037e79d315f2516eda7d40ea8e9c1fbab4f207c416a90ab91aaa5623bc1d

SHA512
f2ba65920cc58a575d0c603cb49c2f9227fa623b3177e072641fee6b9e4b0fe1cdae60ea2044dfe032490fbd1ff440f1e4bd87aa8d55ea1ef5e4d00101e05ded

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
eea267c1f226d8c8a014fc2603920f34

SHA1
f22cfb607f3fd5f302c3f328457551af0b848186

SHA256
436f7e434fde3ec717c241cac11f75d0cfcd683f25769d8189f5e86a5e7081d2

SHA512
a938d8755587052cb124a40ac03ae65f3d5cfedb7db8f9e083fbf5c428d698f8458b344f49a3b24d64051fd08d186019095ba63ae0d967ad65320184a7fc1bf0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\sessionstore-backups\upgrade.jsonlz4-20221007134813

Filesize
3KB

MD5
a83fbb3dbd0a92ba18b1d80eebcc3f0b

SHA1
419dbaebd9ccd40af81d44a0fb65822675d68e52

SHA256
ca42e2c9dd10f56dc383c7d7d5fb27ea9d1815aab06ba593a9cfaba77835f833

SHA512
9eab539a3f57e15cc27b24cc5b27d8c81e9c90d757b6173fcfcc9760f6b5a98e85ea93f7f84ab9cb3493961dd99107a0600425669e0a64ce3b30314dcf1c7bca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\sessionstore.jsonlz4

Filesize
3KB

MD5
a83fbb3dbd0a92ba18b1d80eebcc3f0b

SHA1
419dbaebd9ccd40af81d44a0fb65822675d68e52

SHA256
ca42e2c9dd10f56dc383c7d7d5fb27ea9d1815aab06ba593a9cfaba77835f833

SHA512
9eab539a3f57e15cc27b24cc5b27d8c81e9c90d757b6173fcfcc9760f6b5a98e85ea93f7f84ab9cb3493961dd99107a0600425669e0a64ce3b30314dcf1c7bca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\sessionstore.jsonlz4

Filesize
3KB

MD5
a83fbb3dbd0a92ba18b1d80eebcc3f0b

SHA1
419dbaebd9ccd40af81d44a0fb65822675d68e52

SHA256
ca42e2c9dd10f56dc383c7d7d5fb27ea9d1815aab06ba593a9cfaba77835f833

SHA512
9eab539a3f57e15cc27b24cc5b27d8c81e9c90d757b6173fcfcc9760f6b5a98e85ea93f7f84ab9cb3493961dd99107a0600425669e0a64ce3b30314dcf1c7bca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\storage.sqlite

Filesize
4KB

MD5
e754fbe11ba0e708fa319a0396ff4274

SHA1
46687e5fe95275f8d9512e64659a7ad985343553

SHA256
33f31db8b6798aad9d7752c69ddbf9c4b97621fb924c9171f7f8c4d4e6c59704

SHA512
e02fc85d8b3bcc22c33e93dda90993122df5be0dcdff02302577978f47fb202ecb20cfaa899c2c67f4d09c6381b076eae6b2e0af682de10b8df7e187e735bdab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
435c0a49e6e35684d95256bebb0fdd3d

SHA1
26151a834f88ed75e4be994e146e65bc24ecc427

SHA256
26faf0b3e244bee88685bdc2df135aedd1d947321cf97c2bc50972cf165b1fe6

SHA512
61dae561021d89f215073ef7e796587141ff086f4a7df59018da83c8dcc893feadb801bd4300c8fb3f7484f6d32497b75b82085e25f58e493723150b87f8dc7d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
ab4677bc6bb4c1269b70e22924db96c7

SHA1
cfa33336186fb89ff02b0596f932791d5b2841f4

SHA256
c9ea01023a8f1e86cb62099a519ce227187a0c24c07f44b7a4db196e01b5e1de

SHA512
9942c52982ba57376f1504234a88fb3f14aa31521497e92e6f985d97bc78304b21d76986f22614cca5bfcb01252858ff05e5855f729cc89225c1d8a61b632d9f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\xulstore.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/1352-238-0x000001E920400000-0x000001E920410000-memory.dmp

Filesize
64KB

Download
memory/1352-237-0x000001E920400000-0x000001E920410000-memory.dmp

Filesize
64KB

Download
memory/1352-226-0x000001E920400000-0x000001E920410000-memory.dmp

Filesize
64KB

Download
memory/1352-224-0x000001E920400000-0x000001E920410000-memory.dmp

Filesize
64KB

Download
memory/4120-126-0x0000012CAFB40000-0x0000012CAFB62000-memory.dmp

Filesize
136KB

Download
memory/4120-172-0x0000012CAFBF0000-0x0000012CAFC00000-memory.dmp

Filesize
64KB

Download
memory/4120-179-0x0000012CC8A00000-0x0000012CC8A1E000-memory.dmp

Filesize
120KB

Download
memory/4120-173-0x0000012CAFBF0000-0x0000012CAFC00000-memory.dmp

Filesize
64KB

Download
memory/4120-166-0x0000012CC8F00000-0x0000012CC8F76000-memory.dmp

Filesize
472KB

Download
memory/4120-155-0x0000012CAFBB0000-0x0000012CAFBEC000-memory.dmp

Filesize
240KB

Download
memory/4120-149-0x0000012CAFBF0000-0x0000012CAFC00000-memory.dmp

Filesize
64KB

Download
memory/4120-148-0x0000012CAFBF0000-0x0000012CAFC00000-memory.dmp

Filesize
64KB

Download