Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
30/04/2023, 10:56
Static task
static1
Behavioral task
behavioral1
Sample
Memory.vbs
Resource
win7-20230220-en
General
-
Target
Memory.vbs
-
Size
2.9MB
-
MD5
dc41ef27fd74ade70d62e7bfcbbe2de2
-
SHA1
e8282edf1205c6cfccef3cdf41ea4303a45c5745
-
SHA256
ad9a2790803eb17a4e3977c514c4ca98e520cb38f00f8103ee5f2cc1ed209b47
-
SHA512
ae779c4b20616e92080ba02167b1105d73a001bbf612efadbe7b84be355918f6aa1d582e7ae45478d84d8349651db99efd36b4545a85334e5945382c90875d36
-
SSDEEP
1536:khTJiTSxGdQkVHgnlUTCAmTzZQXEXtXX8XZXDKcZtDRRj7aqDfR/wyihW9Qk2vSj:C6uECAm0wyihW9Qk2vSk8BtaN8wRnX5W
Malware Config
Signatures
-
Blocklisted process makes network request 5 IoCs
flow pid Process 4 1588 WScript.exe 6 1588 WScript.exe 8 1588 WScript.exe 10 1588 WScript.exe 12 1588 WScript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 15 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000_Classes\Local Settings firefox.exe -
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 WScript.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 WScript.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 WScript.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 WScript.exe -
Opens file in notepad (likely ransom note) 2 IoCs
pid Process 2012 notepad.exe 1824 NOTEPAD.EXE -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1584 powershell.exe 1644 powershell.exe -
Suspicious use of AdjustPrivilegeToken 10 IoCs
description pid Process Token: SeDebugPrivilege 1584 powershell.exe Token: SeDebugPrivilege 1644 powershell.exe Token: SeDebugPrivilege 1056 firefox.exe Token: SeDebugPrivilege 1056 firefox.exe Token: 33 1380 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1380 AUDIODG.EXE Token: 33 1380 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1380 AUDIODG.EXE Token: SeDebugPrivilege 2884 firefox.exe Token: SeDebugPrivilege 2884 firefox.exe -
Suspicious use of FindShellTrayWindow 11 IoCs
pid Process 1056 firefox.exe 1056 firefox.exe 1056 firefox.exe 1056 firefox.exe 2884 firefox.exe 2884 firefox.exe 2884 firefox.exe 2884 firefox.exe 2884 firefox.exe 2884 firefox.exe 2884 firefox.exe -
Suspicious use of SendNotifyMessage 9 IoCs
pid Process 1056 firefox.exe 1056 firefox.exe 1056 firefox.exe 2884 firefox.exe 2884 firefox.exe 2884 firefox.exe 2884 firefox.exe 2884 firefox.exe 2884 firefox.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1056 firefox.exe 1056 firefox.exe 1056 firefox.exe 1056 firefox.exe 1056 firefox.exe 1056 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1588 wrote to memory of 1584 1588 WScript.exe 31 PID 1588 wrote to memory of 1584 1588 WScript.exe 31 PID 1588 wrote to memory of 1584 1588 WScript.exe 31 PID 1584 wrote to memory of 1644 1584 cmd.exe 33 PID 1584 wrote to memory of 1644 1584 cmd.exe 33 PID 1584 wrote to memory of 1644 1584 cmd.exe 33 PID 1828 wrote to memory of 1056 1828 firefox.exe 36 PID 1828 wrote to memory of 1056 1828 firefox.exe 36 PID 1828 wrote to memory of 1056 1828 firefox.exe 36 PID 1828 wrote to memory of 1056 1828 firefox.exe 36 PID 1828 wrote to memory of 1056 1828 firefox.exe 36 PID 1828 wrote to memory of 1056 1828 firefox.exe 36 PID 1828 wrote to memory of 1056 1828 firefox.exe 36 PID 1828 wrote to memory of 1056 1828 firefox.exe 36 PID 1828 wrote to memory of 1056 1828 firefox.exe 36 PID 1828 wrote to memory of 1056 1828 firefox.exe 36 PID 1828 wrote to memory of 1056 1828 firefox.exe 36 PID 1828 wrote to memory of 1056 1828 firefox.exe 36 PID 1056 wrote to memory of 1124 1056 firefox.exe 37 PID 1056 wrote to memory of 1124 1056 firefox.exe 37 PID 1056 wrote to memory of 1124 1056 firefox.exe 37 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 PID 1056 wrote to memory of 1800 1056 firefox.exe 38 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Memory.vbs"1⤵
- Blocklisted process makes network request
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:1588 -
C:\Windows\System32\cmd.execmd /c ""C:\Users\Admin\AppData\Roaming\WindowsServices\EHKOZ.cmd" "2⤵
- Suspicious use of WriteProcessMemory
PID:1584 -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell.exe -NoProfile -ExecutionPolicy Bypass -Command C:\Users\Admin\AppData\Roaming\WindowsServices\FWVCX.ps13⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1644
-
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "-file" "C:\Users\Admin\Desktop\SubmitUpdate.ps1"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1584
-
C:\Windows\System32\notepad.exe"C:\Windows\System32\notepad.exe" "C:\Users\Admin\Desktop\SubmitUpdate.ps1"1⤵
- Opens file in notepad (likely ransom note)
PID:2012
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\ResumeWait.css1⤵
- Opens file in notepad (likely ransom note)
PID:1824
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1828 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1056 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1056.0.355683166\1439975545" -parentBuildID 20221007134813 -prefsHandle 1204 -prefMapHandle 1184 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5bd52bb5-877f-4dbc-ad78-3efb17012623} 1056 "\\.\pipe\gecko-crash-server-pipe.1056" 1280 13a1a558 gpu3⤵PID:1124
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1056.1.1983110839\2001939041" -parentBuildID 20221007134813 -prefsHandle 1464 -prefMapHandle 1460 -prefsLen 20971 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6844763e-1e12-4d28-8e63-84124af3e7ac} 1056 "\\.\pipe\gecko-crash-server-pipe.1056" 1476 e6f558 socket3⤵
- Checks processor information in registry
PID:1800
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1056.2.1475014733\127366613" -childID 1 -isForBrowser -prefsHandle 2000 -prefMapHandle 2016 -prefsLen 21054 -prefMapSize 232675 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b67035fa-a9f7-4cc8-893b-39a5ce12219e} 1056 "\\.\pipe\gecko-crash-server-pipe.1056" 1808 19fbae58 tab3⤵PID:1984
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1056.3.1287878395\355019885" -childID 2 -isForBrowser -prefsHandle 2420 -prefMapHandle 2416 -prefsLen 26564 -prefMapSize 232675 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cd0de9d-6fea-42ba-8e6e-6361e934310f} 1056 "\\.\pipe\gecko-crash-server-pipe.1056" 2432 4138f58 tab3⤵PID:1136
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1056.4.1165467229\1441273700" -childID 3 -isForBrowser -prefsHandle 2772 -prefMapHandle 2768 -prefsLen 26564 -prefMapSize 232675 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {72cbba45-d7c9-44b7-a961-8d7099897e90} 1056 "\\.\pipe\gecko-crash-server-pipe.1056" 2784 1bcf1758 tab3⤵PID:1672
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1056.5.672143395\642375073" -childID 4 -isForBrowser -prefsHandle 3616 -prefMapHandle 2916 -prefsLen 26623 -prefMapSize 232675 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {533ace37-d913-4f66-ac72-26f99e11762e} 1056 "\\.\pipe\gecko-crash-server-pipe.1056" 3628 1cbbbe58 tab3⤵PID:2396
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1056.6.910910768\1580800364" -childID 5 -isForBrowser -prefsHandle 1052 -prefMapHandle 3500 -prefsLen 26623 -prefMapSize 232675 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b7a40a9-1a1d-4df9-81dc-22e86304b869} 1056 "\\.\pipe\gecko-crash-server-pipe.1056" 3616 10cf0f58 tab3⤵PID:2404
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1056.7.981082481\1417938795" -childID 6 -isForBrowser -prefsHandle 3908 -prefMapHandle 3912 -prefsLen 26704 -prefMapSize 232675 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {019d1575-50cd-4c65-8b6e-a9a9ef6c37df} 1056 "\\.\pipe\gecko-crash-server-pipe.1056" 3500 1e041a58 tab3⤵PID:2632
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"3⤵PID:2872
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"4⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2884 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2884.0.377399218\593084186" -parentBuildID 20221007134813 -prefsHandle 1064 -prefMapHandle 1056 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0014f58b-9fe1-49b6-86da-85e1527bba3e} 2884 "\\.\pipe\gecko-crash-server-pipe.2884" 1128 f6f0358 gpu5⤵PID:3028
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2884.1.208494050\88516281" -parentBuildID 20221007134813 -prefsHandle 1272 -prefMapHandle 1268 -prefsLen 17601 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c22fe55-96e3-4915-b4ac-eae3030b9c58} 2884 "\\.\pipe\gecko-crash-server-pipe.2884" 1296 105a0b58 socket5⤵PID:2112
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2884.2.1231732284\180934228" -childID 1 -isForBrowser -prefsHandle 2324 -prefMapHandle 2320 -prefsLen 21493 -prefMapSize 230321 -jsInitHandle 820 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {61a754c9-f1ce-41ed-95f1-e36dd07f0238} 2884 "\\.\pipe\gecko-crash-server-pipe.2884" 2336 1a156c58 tab5⤵PID:1256
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2884.3.2104324689\1936221637" -childID 2 -isForBrowser -prefsHandle 2512 -prefMapHandle 2516 -prefsLen 21600 -prefMapSize 230321 -jsInitHandle 820 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b9f9d1a-3d25-428a-8270-a8b9d1e4b267} 2884 "\\.\pipe\gecko-crash-server-pipe.2884" 2500 1ad38558 tab5⤵PID:2584
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2884.4.825854934\262093466" -childID 3 -isForBrowser -prefsHandle 2744 -prefMapHandle 2748 -prefsLen 22682 -prefMapSize 230321 -jsInitHandle 820 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {370dabd4-fb5c-4677-ac0e-643bb06132a2} 2884 "\\.\pipe\gecko-crash-server-pipe.2884" 2732 1b5dfb58 tab5⤵PID:2868
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2884.5.443566454\278560463" -childID 4 -isForBrowser -prefsHandle 3048 -prefMapHandle 2580 -prefsLen 29253 -prefMapSize 230321 -jsInitHandle 820 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {16332c54-7d89-4ce2-a052-40f20368883e} 2884 "\\.\pipe\gecko-crash-server-pipe.2884" 3260 1c447b58 tab5⤵PID:2608
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2884.6.1040841536\438826198" -childID 5 -isForBrowser -prefsHandle 2576 -prefMapHandle 3272 -prefsLen 29253 -prefMapSize 230321 -jsInitHandle 820 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5261da38-0481-4e53-b6c1-fdf48807ca56} 2884 "\\.\pipe\gecko-crash-server-pipe.2884" 3236 1059e758 tab5⤵PID:2552
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2884.7.1994786650\398112011" -childID 6 -isForBrowser -prefsHandle 3508 -prefMapHandle 3144 -prefsLen 29426 -prefMapSize 230321 -jsInitHandle 820 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d9eadae-bc71-4bdf-99f4-1ee6b9d70570} 2884 "\\.\pipe\gecko-crash-server-pipe.2884" 3236 119b0f58 tab5⤵PID:2636
-
-
-
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x5181⤵
- Suspicious use of AdjustPrivilegeToken
PID:1380
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Desktop\Old Firefox Data\g9aaxljs.default-release\cert9.db1⤵PID:1900
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵PID:268
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
PID:1096
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json
Filesize102B
MD57d1d7e1db5d8d862de24415d9ec9aca4
SHA1f4cdc5511c299005e775dc602e611b9c67a97c78
SHA256ffad3b0fb11fc38ea243bf3f73e27a6034860709b39bf251ef3eca53d4c3afda
SHA5121688c6725a3607c7b80dfcd6a8bea787f31c21e3368b31cb84635b727675f426b969899a378bd960bd3f27866023163b5460e7c681ae1fcb62f7829b03456477
-
Filesize
62KB
MD53ac860860707baaf32469fa7cc7c0192
SHA1c33c2acdaba0e6fa41fd2f00f186804722477639
SHA256d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904
SHA512d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f429f80f6903d82eb1f6194e6f4c1a7d
SHA1bcaaaa07e8fc46d1be8b46a4d8ca23466f013d81
SHA25616521a622cb808af84e0cc61c4505bfa11c98060432ade4150f8159221584962
SHA512b2b03922bbce74aa1e11722b550db6dbc9cd6a55a3d15132740eece13b55c543929c2dc76992ea283012319404946ffa4302078a3f6f21d6d51cb1638c9b528d
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9aaxljs.default-release\activity-stream.discovery_stream.json
Filesize147KB
MD5d1d9d229d644f201038881ffb3d2736e
SHA1251e6dab646450ded1dcf2804fa6d32ba87caba8
SHA256819c16770d108d85be02ef1acf0c3dcc703ee2710001651175a655c8d4aea9af
SHA5129e0f1c10ebaa2af2c8b9144bb7e6bfa6dc29bb7fc71929643a4e3bdf9bf8535657c74a6bd8467a5fd2f08ef6c05d8cb7799aacbc43b8294d7f8594c265ae425e
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9aaxljs.default-release\activity-stream.discovery_stream.json.tmp
Filesize147KB
MD5d78f44afbaad99deea718fe7c42c2367
SHA1f6c70e6bf06d38e3aaf4d41651d74cef989d363f
SHA256afc121866da59521dc3038d962ff6f08f02f2b798e5dbd4a1124acb4839e51d1
SHA5121e8b527945dab2789e205d6d714516fa775600968764de5bf5c5d39a27979edf84200e4a9a4ba9619b4a146548e94e7deabbfd09a2d0cc257743122502392252
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9aaxljs.default-release\activity-stream.discovery_stream.json.tmp
Filesize147KB
MD5d78f44afbaad99deea718fe7c42c2367
SHA1f6c70e6bf06d38e3aaf4d41651d74cef989d363f
SHA256afc121866da59521dc3038d962ff6f08f02f2b798e5dbd4a1124acb4839e51d1
SHA5121e8b527945dab2789e205d6d714516fa775600968764de5bf5c5d39a27979edf84200e4a9a4ba9619b4a146548e94e7deabbfd09a2d0cc257743122502392252
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9aaxljs.default-release\cache2\entries\250EE2BC03AFF526F1A1C3DB212A79DE3EB60D5E
Filesize14KB
MD58316df323309fe187d32c610792d0a83
SHA19fe0792eb7fdea3012434040725b3a908143aae5
SHA25640b871911938ac8bab3d192892c8c5e5e4265911efecc0b005b3c6f305624106
SHA512ec7d84b036897636997066f7c6ad01ca3b2647a78a7c5aedc6af9965084697801fe2c1a7155307d21b09f07611f8cb729dc857271e01256276414160ed48002d
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9aaxljs.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495
Filesize9KB
MD5ebc623262a276ee5884ea538dc98d0a1
SHA19e36db6690a1da19085053730757682da401467c
SHA256331a0fcf626d52219e0a97cd79c83e423e0325b134a696fc99c82b49b1cc1901
SHA5122ae5da7e05bbc2cba40fcbe5f6d3385fb44935814424bcb650ca0457d962deb3a6a4c6f2e21d020544b5421e971370ac0c0aa552323404ab8d3d2fea4ccd4699
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9aaxljs.default-release\cache2\entries\38FF788A718C79DDC3D1E23EAA975517D9BA3BB0
Filesize9KB
MD599d167315a03942df010eb064c51ae36
SHA100067968427a8ac0b7f0e87de4713f0ef94bfe45
SHA25653b4c3d392d32e012840fa90d1092f9bd4d6abe8e144d5132d7d2c8a565c5ecb
SHA5121e626d1fa1147a6a8e1622d47b31014a25eb8ae0026a612fef9f2fa4dbf2755792cd95869a5e2de7b793cceae649e0789270c710c7482b60d314fc210df79fcd
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9aaxljs.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
Filesize9KB
MD5d03b660c08d1e3d97d4ac95573f7166e
SHA10446f49236afceb1345ea6dc12ae84fd793904d2
SHA256b0715af9e152177d6273d233dd3ab5bff46e9aa25d9e8c442fd8d552fe940591
SHA512a3047208ee4c99f5ed98ec0628e46e57ecd6e371a86c767a9d0545d3b4a9e4098f04f8bbefb8748ff4d20a51ea074a413cf92172e69cdde710336c4f6cbf614f
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9aaxljs.default-release\cache2\entries\9648808B6C63CD1AAD97A7B68F84F35C95682143
Filesize9KB
MD543e1435d4eb0933972719453cd4942f1
SHA15bee7c682a074587979aa1d852beefc3da62575e
SHA2560033c93abf7465a58ddbbe1e946f74e273b1b179d0d6ae3e0b825839f56c097b
SHA5128857e58329f9abf9b83d2e14cb33e58fc04d359416ddbe71b564036cbc74d1849a077163db5e72376a5de334402d38782b562fb64d9247a2aa77239f71f67f98
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9aaxljs.default-release\cache2\entries\E78E3F76C38A478389988CA4F4C125CDF3D80965
Filesize52KB
MD52d68e5101d94bc1a94545190a6927293
SHA105fa54bf7f847f3e227ec6b6c9cc9663e21caebc
SHA25609a58b57f60d36c1c2cfa0a563ddcede96c2003e47112742fc88aec262515cfb
SHA512dfb35d01aec8711fe3137b031e12e8164ef6f466f430bcced19bde2c43285aefe0913446f507851b80aa8f3e8b6e342575053ea63963fb9b9ac9d7a4108e5696
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9aaxljs.default-release\startupCache\scriptCache-child.bin
Filesize464KB
MD567f22f27223d6a2da3760b5cf1a92340
SHA170ec506cdbb71d9777baca2232c1ac27d9ea4c93
SHA2564cdd33a28c637663c53970683497e24af6acd0f8e3c8611b65caa3cff47bacd4
SHA512aa218e6a5d52e175abd10da7fb2fcaa59aa1313acfdde24d8732554f8c036a540af8eb3660475b3b403494185e1a509cf42b3fce492b03b76e44d313ee2460ba
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9aaxljs.default-release\startupCache\scriptCache.bin
Filesize7.8MB
MD573a366e845038263c490ffb092e82423
SHA112680da9656c65914c7fa5fe4a17373b17672f8d
SHA2561ec929e8aba4787b56907fb963eca22f3fb30e32d312fbbcc97260040a316ea4
SHA512ecf469302ddd2d61d4b87470363b0c2e1e26df049a5a0e1d2e31ff72570da55ce87725e85aa709356ae2803eae6ac4671023c9bce384d5874f4355da2d4c0c0c
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9aaxljs.default-release\startupCache\startupCache.8.little
Filesize2.1MB
MD54f83f6c96a302beaca0b28cd463334dd
SHA17ffe2c2050987517134cc27417f6806cdceed9d2
SHA25662e5a4f573e3e97d400d7fc2b1b190e5319a5299c25efaccb527458b83956645
SHA51247e83001b5f15fb22a060f3b8641dce67856ced4393ae2c6c03f6fb38fe90c8b53608b4635fa3ac87714fdbf0c1a1774c0aa261238fa2f7bd686bf1eef048d76
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9aaxljs.default-release\startupCache\urlCache.bin
Filesize2KB
MD53d60125048b9cfa0a8b3efd93926061c
SHA1c75f03b24ce180625cc1ff90c0edb3c7be8dbe6a
SHA256833009f721b8fb136546122525536fafa0263bff00ec606762f97d0d6c715f96
SHA512dfeab9502ac524ec4262cf970b87942fccfe86eb8773d0498f9373268fac4e69d5ac442588f42ce51daebc1b3acf42afce1b8a5547a71e43a2d2f637aa828bde
-
Filesize
61KB
MD5fc4666cbca561e864e7fdf883a9e6661
SHA12f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5
SHA25610f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b
SHA512c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d
-
Filesize
164KB
MD54ff65ad929cd9a367680e0e5b1c08166
SHA1c0af0d4396bd1f15c45f39d3b849ba444233b3a2
SHA256c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6
SHA512f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
Filesize7KB
MD539f9ba615eaca3db8b3d96ef4fa12e91
SHA15773d78b0f4c3161965169d0fd6f4ab428da15dd
SHA256631c4ae8cea0269a16be04d977973a6650060ca403dff3e26d9144cd9c27936d
SHA51257d1b9ce1ceb7e75454c8d83ae01a2fe6d8e09603186aaa9b239a1efc6e00ba1178920a21f5fad68e970d5b8d12f9aa4f5aa5cc32e32777ef42a1c81b7f13284
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\EDR4AM71O4V3H9V7TWI5.temp
Filesize7KB
MD539f9ba615eaca3db8b3d96ef4fa12e91
SHA15773d78b0f4c3161965169d0fd6f4ab428da15dd
SHA256631c4ae8cea0269a16be04d977973a6650060ca403dff3e26d9144cd9c27936d
SHA51257d1b9ce1ceb7e75454c8d83ae01a2fe6d8e09603186aaa9b239a1efc6e00ba1178920a21f5fad68e970d5b8d12f9aa4f5aa5cc32e32777ef42a1c81b7f13284
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ansawjgd.default-release-1682852295562\containers.json
Filesize939B
MD594a3843fad8c45c48b0e07342df3dfdc
SHA1d55b650208bda884d573afebd90830a3f4d7c201
SHA256854ff2076f71097b030c302a1ea71d8e851d2920b9ff5fc8dc8f16c91ba95b72
SHA5124d2a6b2a223ad81bb97195abb27685cf88453caf5769de154b373486d5245f02e0c0f664281d8e3bb33bfcdf1d6f7b3d9602303864d4e56481382adcb0b932db
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ansawjgd.default-release-1682852295562\extensions.json.tmp
Filesize36KB
MD5f8448afe670d34c00541147321c3ef73
SHA12b6cf01c05fbd72faa06df0f2d95ebe34df9c1e0
SHA2568ddcd30853fab6209c96197d367086d7e088a4576a8a76fc2874e5e5e7034c52
SHA5121fca17d5dc47642d717bbefeee97a9ebd087988258dd24ec054500c2e823a30b1ca7ddaa27d2e3e752d9ded42adce361efc18e466e46e1bfa06c2a0d301f267e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ansawjgd.default-release-1682852295562\prefs.js
Filesize579B
MD54975ad0a555ed22e5ad5aaaaf8100e86
SHA163ca75b845088fb227cc48f77ef940b3aafa479b
SHA256191c36b735e89340fed0439669b8e6ddaaf1b531a08dd1d02245a5c648411c33
SHA5124b529efb5a6f31b8830ee618e8858d94a1d5ed0e1452c49c578685ba7a3ff224752bb728196900a60cf10f0ed63a553a435fa597d22632af2136b1ba281c20a0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ansawjgd.default-release-1682852295562\sessionCheckpoints.json
Filesize53B
MD5ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ansawjgd.default-release-1682852295562\sessionstore-backups\recovery.jsonlz4
Filesize660B
MD53c59a0de7132364fe7302d4e5ca455d2
SHA1d4e9c4249c1fcc015ef2a3b9bf32d74116c641ab
SHA25645c5063174858f5a2f833aa497ba6db64099d8d32ec6290f8dae6812cfa1b05e
SHA5127061316b3d4b94930f4a6e8f76b5f57f65f4a94e8003d8a8a842f848b1b1b72e5ea7c00a970fb610a9c0b7ceecfb46680238bc2c9bd41c08e55322f5738eb9b0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ansawjgd.default-release-1682852295562\sessionstore.jsonlz4
Filesize266B
MD54fdb7f9a51ba177262d07d38c0238915
SHA1f12c5a74467bf624164ac77ab7af517ce46ace8d
SHA256a641f5701e0ccb2fc22a9f4323c96d899db4397fc08c63fc5de852d9aadca9d7
SHA512fd0e72672b280e9f362cd8ba4a81c795fd741163020cd2c62a104c3f8e006883ac592951db85f364f3fece2d9af386f635b93ced301e12b4418e1e0a7fdd9c09
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9aaxljs.default-release\SiteSecurityServiceState.txt
Filesize324B
MD50b9408c8752ef9eebc0143cb48d53166
SHA11a5712cb1e6385ba83e5de2bd5dd89efb855baef
SHA25677d004e17508b882bc9aad9956d7a6f69730263f80fc25f53e53f73c481a4da4
SHA512e0d9bafbe76adb9c2ac64cc25ad0d784fd1c415ca156a39ab5e17646efd9265921b2010c01729e838e989ae62c3ae3480cf1c0dbe1fa52658c87216072b26b65
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9aaxljs.default-release\addonStartup.json.lz4
Filesize5KB
MD559dcce454c0c0a82b845fef9edd61e5e
SHA1847355725e6a4973d5a13891c5a2eb8f2c87c411
SHA25678b13cf29159018bce25348928a06f9a11a2974ba00bb920a1759331c82a1c74
SHA512b133df155cde99ba5ba45d319e14f37cebf14a82e419883debb6991ea7e2886e05575ad6b5c5bc293dcfee2fb5eb0c00ac8fa3ef090047068a9ac2687e26e36f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9aaxljs.default-release\crashes\store.json.mozlz4
Filesize66B
MD5a6338865eb252d0ef8fcf11fa9af3f0d
SHA1cecdd4c4dcae10c2ffc8eb938121b6231de48cd3
SHA256078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965
SHA512d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9aaxljs.default-release\datareporting\glean\db\data.safe.bin
Filesize182B
MD57fba44cb533472c1e260d1f28892d86b
SHA1727dce051fc511e000053952d568f77b538107bb
SHA25614fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf
SHA5121330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9aaxljs.default-release\datareporting\session-state.json
Filesize161B
MD57497ea3f7ec2453adbba4af6e4eaf60a
SHA1ceeee89795825431d1cf3db9062e8997aabefba7
SHA256ee71adae2b451a2a0e59c9f23e4e7d3756c3116203dbfac657d9d88c6fe7cf28
SHA51226ac018211ba6f499b313f1d3273867f224b3187f42953f054a9b637bb07b67245d6418f4da681fb39777a2c005367b2c1a008481910ab2411123afac93ff4a6
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9aaxljs.default-release\datareporting\state.json
Filesize51B
MD53e32e2cc1ed028dd8ff9b06f50a4707b
SHA1b3910351bd8e13ad1479db699cf6fac6544a5bef
SHA2564a3a666d98e61b5fe06fecac56807137a0fffb4bb71d4c3b16baa8702dde738c
SHA5124585ee9ec04adf138727cd039a9cbe78db6cf2926f6ce92524312a42efd1250100848a919ec4b833f9a013181ce93734575b86eed37f1bf32effa3237eba84db
-
Filesize
6KB
MD5580aaebcc2926902dc1a82b71a1c70e5
SHA1844e9d6832ad15e30e1f1e02b2fc1978c3955cf4
SHA2562f8cfc1df1a4d6d9a5a338f79e811bf5e3584e5a62fec47638de62bde69cd5bd
SHA5126a3004e1dba88f2d5cf2adda5939379bfdc94fc77557fb28ab116da1056a2982a0d2c3d9f1ad4b9a381917cf801a6edade445f2daa7771945fd30087b90a2086
-
Filesize
6KB
MD5580aaebcc2926902dc1a82b71a1c70e5
SHA1844e9d6832ad15e30e1f1e02b2fc1978c3955cf4
SHA2562f8cfc1df1a4d6d9a5a338f79e811bf5e3584e5a62fec47638de62bde69cd5bd
SHA5126a3004e1dba88f2d5cf2adda5939379bfdc94fc77557fb28ab116da1056a2982a0d2c3d9f1ad4b9a381917cf801a6edade445f2daa7771945fd30087b90a2086
-
Filesize
64KB
MD5c85d1bbdcb2505d7f5c6bd0dd2b06492
SHA1b045492af83bf1549827343014eae43cc0a817d7
SHA256a5cbb5daa9ea1b98935ab288b6293bd08abab25a4576a400334c68e6b781c64f
SHA5127343830acaff4a89de4a47e71e10f9a99539d075fcfef3ca0d9e9701f6a8fbfbfb8ad342764314a01a171a1acb3b3d5eb404817d40ca5b0a2444c06e8f925f37
-
Filesize
296B
MD5033eb0645837c8b618a593f7b9a72642
SHA1cf4c2e7ccaa275ee47cdd945a7bd1f8b57c61172
SHA2563409fd08295094b37673d748a0374cf0afaecf1671188b2ed012626cad67a582
SHA51227dd0743306b0845c06b3be3e3ae2f515777dced4bbf91a4864bb95c5873e2d6351d99be36d4762a2ba8262130c6d139db3f4f5272afb8717e02b09c1e39c2b4
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9aaxljs.default-release\sessionCheckpoints.json
Filesize53B
MD5ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9aaxljs.default-release\sessionCheckpoints.json.tmp
Filesize288B
MD5948a7403e323297c6bb8a5c791b42866
SHA188a555717e8a4a33eccfb7d47a2a4aa31038f9c0
SHA2562fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e
SHA51217e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9aaxljs.default-release\sessionstore-backups\recovery.jsonlz4
Filesize1KB
MD5d562fce347017aabf34e7455a0564357
SHA1e0c551369d24ae8297ed78a0cb21e365cd275867
SHA256ede6673cf45ef0869e682fb9db666abd3fd8590000609f2ed5cd3af6f1778c6f
SHA512413d5eccc8578f8b00522b4e10b306f86b56f7457b61163ac410162dd6ca5970ebd451a0b731b280fcaa98af0daad0309c8be6ac5ea750f7cf459fa4c3265d5a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9aaxljs.default-release\sessionstore-backups\recovery.jsonlz4
Filesize1KB
MD5d562fce347017aabf34e7455a0564357
SHA1e0c551369d24ae8297ed78a0cb21e365cd275867
SHA256ede6673cf45ef0869e682fb9db666abd3fd8590000609f2ed5cd3af6f1778c6f
SHA512413d5eccc8578f8b00522b4e10b306f86b56f7457b61163ac410162dd6ca5970ebd451a0b731b280fcaa98af0daad0309c8be6ac5ea750f7cf459fa4c3265d5a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9aaxljs.default-release\sessionstore-backups\upgrade.jsonlz4-20221007134813
Filesize835B
MD535056e82731b50e23b2c9e85f9b210aa
SHA11bdc6a9a56e41bd3a86d3eeaf7f5d8a97d61ea23
SHA256719e438c7b079b97d969f780b3aeebcee87397c35d54dce3cdcdf3fc82bf1a53
SHA512e82a5d99d447fcbd9951445f69cd9339bdf1e1311f28c1c2d26f15dc4d5882499b87f9bb136038c68dd9d27fd84fe442078f923a4c4475286ef749c32b381625
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9aaxljs.default-release\sessionstore.jsonlz4
Filesize817B
MD56702e13c604c2eb0f0b913c02164fd4a
SHA1b2b75b353d88fc618696eaf9a5f216660f3b87be
SHA256645973b1f03c8050eda4c452cd7231c91ad223df66e50a5d0c8b7565b425f1f0
SHA5120e93ba7e4fcf7d15629ff3ea7581422f35da02102461f0e6285d59443b52890ec17b11e7687511734ebf8c23f98a802800f2a0ab4c2e5fe4ef93379065ce45bd
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9aaxljs.default-release\sessionstore.jsonlz4
Filesize817B
MD56702e13c604c2eb0f0b913c02164fd4a
SHA1b2b75b353d88fc618696eaf9a5f216660f3b87be
SHA256645973b1f03c8050eda4c452cd7231c91ad223df66e50a5d0c8b7565b425f1f0
SHA5120e93ba7e4fcf7d15629ff3ea7581422f35da02102461f0e6285d59443b52890ec17b11e7687511734ebf8c23f98a802800f2a0ab4c2e5fe4ef93379065ce45bd
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9aaxljs.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
Filesize48KB
MD55c3b3d0b5f8bdf86259ea405a76e5e8a
SHA1686b4d30930f08246ef7604b8db9db56210eaf6e
SHA2565e68e79aabab2cfd7206f08f6414508fbda7b3380b27dcc68ef91803e21e70ef
SHA5129979b17f4701c876f0ef4d3d7293948a296477dd5b916239fe238000346d0f96dda9d089ecee80c2480a86daccccbeef893a18d938d0de6391818b5ebc0970ca
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9aaxljs.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize184KB
MD55e5a18eaac548ba3347e3ab67c72a38d
SHA1a21e26197f207b4fdbbb3efb7b193ad2d98b0ca2
SHA2564bd071dc6a47da7a12ed292bfe405a88a401c441ef562e994799c034193ac6a2
SHA51275e262bbd65f7a17f4a017f96009730df780ba5a19bfb4495437fecd3ee18ff039916729fd505fb9a0f1fd3e29212d0ec9c3141fafda933a44af2010ecc2c7fe
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9aaxljs.default-release\targeting.snapshot.json
Filesize3KB
MD5c34daf237836f1858cf33a4d79bd3075
SHA1d1f1cfd953dadc6f1d0b394114e65b313294bb7b
SHA256390392f4714a7d898de5308b32212f69824742f2ed754a52defb83e055e3e49f
SHA51266b6f479cd1ae291cfbe1cd6dcf46124041de425ee9ef5fe2be50ba1e900fd048ce699b3f6e5c67475e398daf3e3006a84821c925c2a7c3ec24cd37c9b0fbabe
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
329B
MD519379f55161819bd6c3511da08104471
SHA191e85210a63d53bfc57c9215a3a070a61c0dbbff
SHA256535770987c037c0cb13fd1d2477ea5633402a0dfe44c2957d63c83919ceae4c3
SHA512727eb8b7776e98592ec25cb33323416f62391423f58034ffb9d18e7bd31a9be58f30e1321fe753e7eccc18c08791e383e301b893951f178d42bc6dcf0dd00e26
-
Filesize
75B
MD50c4f14db483f17cc1842aa6d7762fe00
SHA1582e6d58bee7b124cd6b0b4d9514f73ce68d374c
SHA256c3aa7a1a4b7ff07c05c5c630853c1b9ce4110481a4300a05536e501f198fb4f4
SHA512d5136d78b29667cfd3a6e2c050ebf95509e7acf032a192bc7eca8510f7c3d4b1e98aea1bb34cbe2d2cd54da87ee57dd2b93c4da27bf3ea30b5b32f5fe20f2950
-
Filesize
75B
MD50c4f14db483f17cc1842aa6d7762fe00
SHA1582e6d58bee7b124cd6b0b4d9514f73ce68d374c
SHA256c3aa7a1a4b7ff07c05c5c630853c1b9ce4110481a4300a05536e501f198fb4f4
SHA512d5136d78b29667cfd3a6e2c050ebf95509e7acf032a192bc7eca8510f7c3d4b1e98aea1bb34cbe2d2cd54da87ee57dd2b93c4da27bf3ea30b5b32f5fe20f2950
-
Filesize
205KB
MD55136fb951b17f99d700ee1816764f255
SHA11ffa5721e100a286752da77bd203ac9d76573eec
SHA2564c300f1601a8baa0a9bedf7048f960425ad7e1fe899b0ebded0f5628acdd0743
SHA51229cacc82c91c194a8ca3df15aad8983d57c4bf563b9aec5b74cca0c99c8b42b49ff8ff182c42313ad7aee8d2fe3c2a6819dbcb0bef43eaaa01af53519b986566
-
Filesize
5KB
MD559dcce454c0c0a82b845fef9edd61e5e
SHA1847355725e6a4973d5a13891c5a2eb8f2c87c411
SHA25678b13cf29159018bce25348928a06f9a11a2974ba00bb920a1759331c82a1c74
SHA512b133df155cde99ba5ba45d319e14f37cebf14a82e419883debb6991ea7e2886e05575ad6b5c5bc293dcfee2fb5eb0c00ac8fa3ef090047068a9ac2687e26e36f
-
Filesize
66B
MD5a6338865eb252d0ef8fcf11fa9af3f0d
SHA1cecdd4c4dcae10c2ffc8eb938121b6231de48cd3
SHA256078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965
SHA512d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c