hxxps://hello-world-restless-breeze-1237[.]0d5b[.]workers[.]dev/\?email\=\#YXN1dGFudG9AdmlyLmJpbw\=\=

Resubmissions

08-06-2023 18:19

230608-wx71qahe26 1

08-06-2023 18:18

230608-wxwmpahe24 10

08-06-2023 18:14

230608-wvldyahd89 10

08-06-2023 18:05

230608-wpbybaac2s 10

Analysis

max time kernel
274s
max time network
260s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
08-06-2023 18:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://hello-world-restless-breeze-1237.0d5b.workers.dev/\?email\=\#YXN1dGFudG9AdmlyLmJpbw\=\=

Score

10^/10

microsoft phishing product:outlook

Malware Config

Signatures

Detected microsoft outlook phishing page
phishing microsoft product:outlook

Drops file in Windows directory 2 IoCs

Processes:

taskmgr.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\4183903823\810424605.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\3877292338.pri	taskmgr.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 25 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exetaskmgr.exefirefox.exefirefox.exefirefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies Internet Explorer settings 1 TTPs 50 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0E1F7E99-0627-11EE-9346-FAFFD49130B0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3818636889"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "393012506"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz!	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3805138696"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31038003"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7019e2e5339ad901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31038003"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31038003"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\FlipAhead	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cd4e9f3a1f86234b9d9fab5457402ee900000000020000000000106600000001000020000000db4067369508d1384f7fef3a9ab5c9cdb4326d458cd1d72b60f92991c6e794bc000000000e8000000002000020000000c2aa29aad04d144288efbc69bb0df3744473ec449a65919d15010a6dd138c6d920000000e1541d9a9e4825cca549e0fb947448dac7fe941ae18c257e4d00601e1a19d79540000000c2b552c8bd3a87898597e53b57b88abc0f0aa462e26dc48c9b4a68c2fb17a0097a4208e3e41894b294f23c9c2b6c48d15eb305707f9e03b095d739b63a50b64f	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 3	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "393061092"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cd4e9f3a1f86234b9d9fab5457402ee9000000000200000000001066000000010000200000009531582fc61c07b56563f742dff1f1a48860a1e6b68f51629e4d66165eb641ca000000000e8000000002000020000000dead281a2d36a7d898811ef5e57499bf3cc531e58ed99067e39c5160dd3b70df00010000b821f0eaddf2ce6e2f2472e376e50a7a8ce34bc3a485f75085f99058b5855403f86ab240e2b4f23731955ea5a3a35a6b0d46fdaa28cc38b0dc37c2258db2e4b51b2c81e437ee2f53021946434bede2f175c4bffab7d5f909c0fcfd02ab63488f4f30b66eeaf55ee34bb281e99be4a148e956ee34edde51ae64183a0889b6d25afd5ea6916de7c590397b283c3ace02e69e1d602b6d325562b574d5422ee6f3712bc991512448ecf28fe44271fd927f028f07dbfadbd56ae7c7def2021c1ea0914daf4cdb4f6c05315ccfcd9fa31d17c025534997cd0e1851400a838d32d18bf5433cfdb0676780517475d55fc683c6181f55dbcdc8be34310553ff20cea415f7400000007b2cf7e56ec81edc5b92a03dd82615d31c4c790d4ce0e79c4354dc62ff03cb8820598c9e443b824d238d1576e164bc380c8226c92a5cc11eb70c3647d2db7385	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "393029100"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3805138696"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\FlipAhead\FileVersion = "2016061511"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe

Modifies registry class 8 IoCs

Processes:

crashreporter.exefirefox.exefirefox.exefirefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Applications	crashreporter.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Applications\crashreporter.exe	crashreporter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Applications\crashreporter.exe\IsHostApp = "0"	crashreporter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Applications\crashreporter.exe\NoOpenWith = "0"	crashreporter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Applications\crashreporter.exe\NoStartPage = "0"	crashreporter.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

firefox.exefirefox.exetaskmgr.exe

pid	process
3656	firefox.exe
3656	firefox.exe
3656	firefox.exe
3656	firefox.exe
3656	firefox.exe
3656	firefox.exe
1604	firefox.exe
1604	firefox.exe
1604	firefox.exe
1604	firefox.exe
1604	firefox.exe
1604	firefox.exe
1604	firefox.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

Processes:

firefox.exefirefox.exetaskmgr.exefirefox.exe

description	pid	process
Token: SeDebugPrivilege	3768	firefox.exe
Token: SeDebugPrivilege	3768	firefox.exe
Token: SeDebugPrivilege	1604	firefox.exe
Token: SeDebugPrivilege	1604	firefox.exe
Token: SeDebugPrivilege	4788	taskmgr.exe
Token: SeSystemProfilePrivilege	4788	taskmgr.exe
Token: SeCreateGlobalPrivilege	4788	taskmgr.exe
Token: SeDebugPrivilege	3464	firefox.exe
Token: SeDebugPrivilege	3464	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

iexplore.exefirefox.exefirefox.exetaskmgr.exefirefox.exe

pid	process
2320	iexplore.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
1604	firefox.exe
1604	firefox.exe
1604	firefox.exe
1604	firefox.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
3464	firefox.exe
3464	firefox.exe
3464	firefox.exe
4788	taskmgr.exe
3464	firefox.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

firefox.exefirefox.exetaskmgr.exefirefox.exe

pid	process
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
1604	firefox.exe
1604	firefox.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
3464	firefox.exe
3464	firefox.exe
4788	taskmgr.exe
3464	firefox.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
4788	taskmgr.exe
3464	firefox.exe
3464	firefox.exe
4788	taskmgr.exe
4788	taskmgr.exe

Suspicious use of SetWindowsHookEx 49 IoCs

Processes:

iexplore.exeIEXPLORE.EXEfirefox.exefirefox.exefirefox.exefirefox.exe

pid	process
2320	iexplore.exe
2320	iexplore.exe
2492	IEXPLORE.EXE
2492	IEXPLORE.EXE
2492	IEXPLORE.EXE
2492	IEXPLORE.EXE
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3656	firefox.exe
1604	firefox.exe
1604	firefox.exe
1604	firefox.exe
1604	firefox.exe
1604	firefox.exe
1604	firefox.exe
1604	firefox.exe
1604	firefox.exe
1604	firefox.exe
1604	firefox.exe
1604	firefox.exe
1604	firefox.exe
1604	firefox.exe
3464	firefox.exe
3464	firefox.exe
3464	firefox.exe
3464	firefox.exe
3464	firefox.exe
3464	firefox.exe
3464	firefox.exe
3464	firefox.exe
3464	firefox.exe
3464	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

iexplore.exefirefox.exefirefox.exe

description	pid	process	target process
PID 2320 wrote to memory of 2492	2320	iexplore.exe	IEXPLORE.EXE
PID 2320 wrote to memory of 2492	2320	iexplore.exe	IEXPLORE.EXE
PID 2320 wrote to memory of 2492	2320	iexplore.exe	IEXPLORE.EXE
PID 1380 wrote to memory of 3768	1380	firefox.exe	firefox.exe
PID 1380 wrote to memory of 3768	1380	firefox.exe	firefox.exe
PID 1380 wrote to memory of 3768	1380	firefox.exe	firefox.exe
PID 1380 wrote to memory of 3768	1380	firefox.exe	firefox.exe
PID 1380 wrote to memory of 3768	1380	firefox.exe	firefox.exe
PID 1380 wrote to memory of 3768	1380	firefox.exe	firefox.exe
PID 1380 wrote to memory of 3768	1380	firefox.exe	firefox.exe
PID 1380 wrote to memory of 3768	1380	firefox.exe	firefox.exe
PID 1380 wrote to memory of 3768	1380	firefox.exe	firefox.exe
PID 1380 wrote to memory of 3768	1380	firefox.exe	firefox.exe
PID 1380 wrote to memory of 3768	1380	firefox.exe	firefox.exe
PID 3768 wrote to memory of 768	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 768	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4948	3768	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://hello-world-restless-breeze-1237.0d5b.workers.dev/\?email\=\#YXN1dGFudG9AdmlyLmJpbw\=\=
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2320

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2320 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2492

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1380

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3768

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3768.0.1340186862\1663749063" -parentBuildID 20221007134813 -prefsHandle 1636 -prefMapHandle 1628 -prefsLen 20888 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {276492d3-891b-40cb-829d-c469eddef4b5} 3768 "\\.\pipe\gecko-crash-server-pipe.3768" 1716 19cd53a7958 gpu
3⤵
PID:768

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3768.1.1925103250\1678695969" -parentBuildID 20221007134813 -prefsHandle 2060 -prefMapHandle 2056 -prefsLen 20969 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4b7c2c2-32bc-4eec-92ce-6a92f247e02e} 3768 "\\.\pipe\gecko-crash-server-pipe.3768" 2072 19cd4010658 socket
3⤵
PID:4948

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3768.2.719825960\283685226" -childID 1 -isForBrowser -prefsHandle 2692 -prefMapHandle 2820 -prefsLen 21117 -prefMapSize 232675 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7eaf7c21-ee79-4e04-a512-7e0c2394ec18} 3768 "\\.\pipe\gecko-crash-server-pipe.3768" 2704 19cd8155558 tab
3⤵
PID:5008

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3768.3.623104281\371212140" -childID 2 -isForBrowser -prefsHandle 3524 -prefMapHandle 3520 -prefsLen 26562 -prefMapSize 232675 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc70f63d-3aa7-43d8-9041-6dc18c36cc75} 3768 "\\.\pipe\gecko-crash-server-pipe.3768" 3532 19cc1869f58 tab
3⤵
PID:4884

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3768.4.1483137522\1177655239" -childID 3 -isForBrowser -prefsHandle 4500 -prefMapHandle 4496 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {59d7e3e2-e68f-41cb-bd35-1b93d5c2e8de} 3768 "\\.\pipe\gecko-crash-server-pipe.3768" 4404 19cda3c7b58 tab
3⤵
PID:3968

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3768.5.1917383681\2120496132" -childID 4 -isForBrowser -prefsHandle 3672 -prefMapHandle 4768 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d309f86-3001-46ca-9672-a8f4c1419dbf} 3768 "\\.\pipe\gecko-crash-server-pipe.3768" 4784 19cda3c5a58 tab
3⤵
PID:4804

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3768.6.2100176812\251880875" -childID 5 -isForBrowser -prefsHandle 4956 -prefMapHandle 4960 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {908f9e6c-24a8-4cd3-b0e9-f299539ac8fb} 3768 "\\.\pipe\gecko-crash-server-pipe.3768" 4948 19cdaa33158 tab
3⤵
PID:2752

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3768.7.1677207790\739862002" -childID 6 -isForBrowser -prefsHandle 5132 -prefMapHandle 5136 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f453906-c271-4b93-b2ca-3d7fd124bce3} 3768 "\\.\pipe\gecko-crash-server-pipe.3768" 4524 19cdaa34358 tab
3⤵
PID:3652

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3768.8.1782321506\356380869" -childID 7 -isForBrowser -prefsHandle 5492 -prefMapHandle 5488 -prefsLen 26717 -prefMapSize 232675 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {81736525-0f18-4dd9-b49c-3438555a2d61} 3768 "\\.\pipe\gecko-crash-server-pipe.3768" 5500 19cda669258 tab
3⤵
PID:4272

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5112

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3656

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3656.0.940417220\851336384" -parentBuildID 20221007134813 -prefsHandle 1580 -prefMapHandle 1572 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca47c7e5-a2bd-4fd0-a553-5ac7ebfa7600} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" 1656 17190df9758 gpu
3⤵
PID:3348

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3656.1.1795293267\764183052" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1832 -prefsLen 17601 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf32c436-35d9-45c7-94af-f15ebd3abcf5} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" 1848 17191250e58 socket
3⤵
- Checks processor information in registry
PID:1116

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
3⤵
PID:3940

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
4⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1604

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1604.0.1560175698\573078020" -parentBuildID 20221007134813 -prefsHandle 1504 -prefMapHandle 1496 -prefsLen 20888 -prefMapSize 232711 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6275cb98-659c-4609-a8b1-d079a8e502a5} 1604 "\\.\pipe\gecko-crash-server-pipe.1604" 1584 1747b012758 gpu
5⤵
PID:672

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1604.1.1869312363\1384907892" -parentBuildID 20221007134813 -prefsHandle 1896 -prefMapHandle 1892 -prefsLen 20933 -prefMapSize 232711 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {80e57125-751b-4434-bb31-3d98f28a9b0a} 1604 "\\.\pipe\gecko-crash-server-pipe.1604" 1908 1747aa3f558 socket
5⤵
PID:5088

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1604.2.305408484\1968642916" -childID 1 -isForBrowser -prefsHandle 2720 -prefMapHandle 2716 -prefsLen 21374 -prefMapSize 232711 -jsInitHandle 1196 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b982b62c-1904-454c-a660-f308a5f3124b} 1604 "\\.\pipe\gecko-crash-server-pipe.1604" 2732 1747ed64258 tab
5⤵
PID:4804

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1604.3.916172224\867926760" -childID 2 -isForBrowser -prefsHandle 3592 -prefMapHandle 3584 -prefsLen 26130 -prefMapSize 232711 -jsInitHandle 1196 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f20ff312-71fb-4162-9538-b835cc63a7ae} 1604 "\\.\pipe\gecko-crash-server-pipe.1604" 3612 1747ceb1058 tab
5⤵
PID:1412

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1604.4.347976926\1085360752" -childID 3 -isForBrowser -prefsHandle 3788 -prefMapHandle 3780 -prefsLen 26910 -prefMapSize 232711 -jsInitHandle 1196 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c660944-26f2-4a28-8832-f4148d637338} 1604 "\\.\pipe\gecko-crash-server-pipe.1604" 3800 1747fc59b58 tab
5⤵
PID:3352

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1604.5.655745508\954902809" -childID 4 -isForBrowser -prefsHandle 4416 -prefMapHandle 3940 -prefsLen 27085 -prefMapSize 232711 -jsInitHandle 1196 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {73c2c9c0-2b5b-4014-b1c8-d71b93769e32} 1604 "\\.\pipe\gecko-crash-server-pipe.1604" 4420 1746996a558 tab
5⤵
PID:3576

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1604.6.1213371881\509070908" -childID 5 -isForBrowser -prefsHandle 4476 -prefMapHandle 4424 -prefsLen 27085 -prefMapSize 232711 -jsInitHandle 1196 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {93bb7a46-841b-46bc-a38f-a1ca4fd5d260} 1604 "\\.\pipe\gecko-crash-server-pipe.1604" 4732 1747dfaa258 tab
5⤵
PID:2996

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1604.7.41910209\1438529015" -childID 6 -isForBrowser -prefsHandle 4828 -prefMapHandle 4832 -prefsLen 27085 -prefMapSize 232711 -jsInitHandle 1196 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1461dcd0-bafe-436e-bbf7-861f248d1f4f} 1604 "\\.\pipe\gecko-crash-server-pipe.1604" 4820 1747dfaab58 tab
5⤵
PID:4136

C:\Program Files\Mozilla Firefox\crashreporter.exe
"C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\minidumps\8b6199b4-413d-46c8-af77-4afbb3501bcd.dmp"
5⤵
- Modifies registry class
PID:4192

C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
"C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\minidumps\8b6199b4-413d-46c8-af77-4afbb3501bcd.dmp"
6⤵
PID:3140

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4788

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2612

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3464

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3464.0.103172831\1110941522" -parentBuildID 20221007134813 -prefsHandle 1560 -prefMapHandle 1552 -prefsLen 20888 -prefMapSize 232711 -appDir "C:\Program Files\Mozilla Firefox\browser" - {42974fc4-4fba-4755-96f1-4a882217586e} 3464 "\\.\pipe\gecko-crash-server-pipe.3464" 1636 2ae6e2fd858 gpu
3⤵
PID:4852

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3464.1.2131713724\162341607" -parentBuildID 20221007134813 -prefsHandle 1944 -prefMapHandle 1940 -prefsLen 20933 -prefMapSize 232711 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3729526e-989a-4903-a808-c39ffc584d34} 3464 "\\.\pipe\gecko-crash-server-pipe.3464" 1956 2ae6dd41258 socket
3⤵
PID:1840

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3464.2.1990249818\484155923" -childID 1 -isForBrowser -prefsHandle 2520 -prefMapHandle 2708 -prefsLen 21415 -prefMapSize 232711 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {01d7c41c-53a7-471b-bab2-49781ebb4b24} 3464 "\\.\pipe\gecko-crash-server-pipe.3464" 2684 2ae5c36fa58 tab
3⤵
PID:336

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3464.3.2119914915\721771588" -childID 2 -isForBrowser -prefsHandle 3540 -prefMapHandle 3536 -prefsLen 26171 -prefMapSize 232711 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {64226554-96b9-4126-8801-4bce6539b483} 3464 "\\.\pipe\gecko-crash-server-pipe.3464" 3552 2ae7192d458 tab
3⤵
PID:2900

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3464.4.1808395946\1042764284" -childID 3 -isForBrowser -prefsHandle 3716 -prefMapHandle 3712 -prefsLen 26951 -prefMapSize 232711 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e80af9c-63c1-44dc-be3b-a730564daef9} 3464 "\\.\pipe\gecko-crash-server-pipe.3464" 3740 2ae724a7258 tab
3⤵
PID:2908

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3464.6.709883848\1111086332" -childID 5 -isForBrowser -prefsHandle 4684 -prefMapHandle 4688 -prefsLen 27126 -prefMapSize 232711 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce5de3be-df05-4ce6-a46b-4bedf56901a9} 3464 "\\.\pipe\gecko-crash-server-pipe.3464" 4592 2ae6e8e3158 tab
3⤵
PID:1036

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3464.7.747416758\1133526168" -childID 6 -isForBrowser -prefsHandle 4860 -prefMapHandle 4864 -prefsLen 27126 -prefMapSize 232711 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ca47641-099d-42ec-adaf-9ade8ccffad7} 3464 "\\.\pipe\gecko-crash-server-pipe.3464" 4844 2ae6e8e3a58 tab
3⤵
PID:712

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3464.5.810050432\1608059388" -childID 4 -isForBrowser -prefsHandle 4596 -prefMapHandle 4556 -prefsLen 27126 -prefMapSize 232711 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {30c7a76f-dde8-4466-b321-ebe6a5787622} 3464 "\\.\pipe\gecko-crash-server-pipe.3464" 4624 2ae6e8e4358 tab
3⤵
PID:4880

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize
471B

MD5
20e784043bf9dd5a4a234ce3703f825e

SHA1
178607f94705ec6161c2c3a88177ef6a5aaded49

SHA256
1455f3acd9f00c4a3d7fac6caf8566bdffb868aec09f86fea8acc17a525b6c72

SHA512
8ae93f0b68ee867a881dcac4628b8ad77c559925f721b46be904d40ec00f909916280057ce09cf8e28cb3eca938aab58d4e210f4c61e56e3443c3555e113f955

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DFBAB323384F2C1DDE7639FC988902FC_9C864EA4EA1CF5D240F7F8FD79C29C1C
Filesize
311B

MD5
5b270bd299875ebcbf62717a1993285c

SHA1
6827ded6e791ca356a20850c081ad017db68ac1c

SHA256
c4fd72e09093b864ac610d0a47b1098e14c182bbe7ce2ca62f33819a86562cdb

SHA512
f1b3f944d21e0744bd3dee0d6306f14c958ca216033b76bf36fdd1f3d193b4d6711cf13e3b6da0d4921b442d374e90e963d8fed105be84654c7c48af638c7871

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize
404B

MD5
854124de18b34c4047178238aac09634

SHA1
c0e31d313a145cabec5e2ca905733132907223f5

SHA256
f0f2555c1e695aef1b4bddebd349390e1f274421c0dc754c1d0ce76434044efb

SHA512
549dfd471041d5dbaa35057864db4985a48fdb3be6a0ed93029277c54c66bb385393a96e6b73af6fec3018a848016cd83f3fe618409612be2a00a20301ab43c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DFBAB323384F2C1DDE7639FC988902FC_9C864EA4EA1CF5D240F7F8FD79C29C1C
Filesize
404B

MD5
8dc2348230136b3088e84a03aae6d891

SHA1
9d71492eb8bdf99e5a3959935633252a387d9c6d

SHA256
4e177d1868e47ddbf7a39227dc3294bc6c05d266438b6a7dedc97e11c12b026d

SHA512
0b6c1f86995159993f81fb0cd01fbc85ff163fe89ef91023e1b82c3ab363851e9808133d5a81086b82a6f5c4c54dec4e3c62bbbb819368f480da9c577491116e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BMT3HFX2\suggestions[1].en-US
Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\9FASBUAA.cookie
Filesize
609B

MD5
6bb39e3fe0435848a30ef5a254343113

SHA1
915879c563a8b187f0bb41cdf5a5be7d0d324a10

SHA256
7b128fea7116882d7eef5f00974183e67cd98abfe29ae054b3c7f440a6cd2849

SHA512
52709bda51943685fe6b6ad0a7280db391e456e9215180cb13ecea528e65e075cb2c50ac97bc59b10d37b7bc41be89a0004fe69c39070bf57be93ba90a3ee54f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\JW3K91A6.cookie
Filesize
1KB

MD5
1a6e882fd25fc31343ea498dc4716839

SHA1
d7b6eb787ac57e9f635201a0ad33c139d71af511

SHA256
5fb638e5a901589794dd6b868596e299822aea081debd1d7ea1ecbcad067dfd8

SHA512
298e371632501afba6e5ba32443584d4ffab39a975b1e4497c2c28efb6226775070770e21de29c528d7a4afdf64df8afd7e53c714f8421a14c8df98b9fe7dc27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\Y9WFE4YP.cookie
Filesize
561B

MD5
e5c7ced6fbc4703aacc3e22646078bc3

SHA1
415cac3e5e0a9e21541ccce36a3868cbe65a48a3

SHA256
0a99bf6852bb7b6dfef4397e851941442736503b990e17498dae1b22f04a03d5

SHA512
4265172acebddff62816b676bfd89a65be72479d41e167d7e72be4447306190101f0aab1cc1e8e7be9cb8507b030ee81148016811c308c4dc21a796cf2020f01

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p4wuoroe.default-release\activity-stream.discovery_stream.json
Filesize
140KB

MD5
72a76bc890808d761d6eb7e5bc9f5a6a

SHA1
1a25566214e86db8e309bf311a24cd35fb299a84

SHA256
23242a61d38d200c89cea11669d8249511b75e5a3b887e062a0a7311e2b145f7

SHA512
a447d3587dc0045654ae9c7f1498a7c844154d623eebbc6a462a3197037635dbc1a3efeeffb671cbb9d8707a63e7e683c60d509288f722deed5d351eaa97eab1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p4wuoroe.default-release\activity-stream.discovery_stream.json.tmp
Filesize
140KB

MD5
d8f83a0852a8fbfc837ff4d346b6b129

SHA1
b225e79719da781d7f2da2d011e7670e367864dd

SHA256
591710ba5b10edefc5b4acde7f0fa4d82d80cabc25f3cfea422448e3af57e8ee

SHA512
d1daf783b4811a6fc10c3963369a136ef202027388429233d51563048ffc3b5f1cd820b5a12969f566335b79021a9b85fbf88e32386db31cd8370eed8bec6870

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p4wuoroe.default-release\activity-stream.discovery_stream.json.tmp
Filesize
140KB

MD5
686e0e4d4693c8eec16f1feae1a629f1

SHA1
5145bfcc46ec672493d68af13cccf699e2a9c17e

SHA256
c47383e69f1976f7187231edfd0e0fc7f908881629c83f658d8e4b38d8882dee

SHA512
cd3012cc9e459e29959bf265bce1bd057128b04ae8d6b7c0c46008a8f5bb399b341d22e1ff68ff06e04a2652fe73357bab4ddf6e1aba0af5d661c09e038f063a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p4wuoroe.default-release\cache2\doomed\24822
Filesize
128B

MD5
c0ea3d9c4b871eef7d96947d7c0c64db

SHA1
948f8f388e558a992c997faf354e49617bc6bf0b

SHA256
8734489a19e00046e1990383147e47eead0f4f8dfafe75e7df5f8aa64a519e6b

SHA512
d093f871ce20ecb337a5bdb80e4ab5d4aa7b3a4cb0d0d5eae1919f1a9fcdfea57a5f858461795fdbaa8d45fd98c4357a51745c55e9434aa47d51d35b906933c1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p4wuoroe.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495
Filesize
9KB

MD5
7594a5471b91d29980b78a9bf664c5cf

SHA1
6ec99304c7c52f93cdb6af2bfe0b79b189fbeb3c

SHA256
ba62f472609f84def30830df5d346b2436c965ed1c06273d1dcc169b16a50185

SHA512
6dcaea397cc95a4b1eeb96c31e4e1fe2844d6a87581decfe0b193bbfdb60176dc24a78c75bdd4506e5fa3d815623f3af9d12c987e522d1f4d89fcdd481b99285

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p4wuoroe.default-release\cache2\entries\38FF788A718C79DDC3D1E23EAA975517D9BA3BB0
Filesize
9KB

MD5
d6e75380704f8057d28d0d7888b87990

SHA1
1b36a816d6282b64e996e20f8a454a09198e659a

SHA256
6ce796e2f4d94a14abbd2f2b193e0a243bdd7a1ca1853d2835e14f24998df78b

SHA512
a3ef56579e99eeb4e5fba2cbc2de7e9774964a27f74b1c04051654bcb1d0d143efd974aa584848a30d7d94760e431bc3e7be039445080a9c097fe94f791a9295

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p4wuoroe.default-release\cache2\entries\58D46C4012E4AD3623A4EA72BB3C1CDD25B3FF87
Filesize
14KB

MD5
d997a333301a5fcde0f934baef099fb5

SHA1
f58563561e0eb695e43070510e4f388d13067626

SHA256
5b03f6510c13ec1210a79d3fe63721ff6050236707a70f01c35a551b14125b35

SHA512
f6995ba86507f56ecfa9885e1873a529378054ae2d1f5c2891d2b4e85d5483345925b1b8eb601b458bd2d9304b07f2acab670f087dc66a0e5769045bafaecb65

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p4wuoroe.default-release\cache2\entries\652D75619F47D22CB38E845DE56F25B5D1F62F6D
Filesize
9KB

MD5
1eb778313959776c795daf12eddc19bd

SHA1
e4375c75eb09c72818770dac292c626bedd2786a

SHA256
d041aa21cef5a3f7a91c74963abc0dfd9f4217d496d6aaf0da9ab2c47424c781

SHA512
33ee224ddf6edf68fa463e72cfabc6adf2c15cc0e994491c8b7c908fbde67adb304497c17823a718801ff97b88945c6484dbe03fcdcf00e8242bab987a379de0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p4wuoroe.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
Filesize
9KB

MD5
e771e924377af067fc4c620b3fc96c38

SHA1
b3bc9553abba51834f178a70d60d183a1c849c83

SHA256
b9abf9fe7cf7c645a17166b7af0af9a5cad3d29b5a3a78366d08c1102d16a5e3

SHA512
38975a6864ee7dd4d2a43319314272c9e079489e96f33d1995aacf8c1acad9f3e1466b44b09a2d012846943441039ce25bec948100f561d7bf3721369d8f234f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p4wuoroe.default-release\cache2\entries\9648808B6C63CD1AAD97A7B68F84F35C95682143
Filesize
9KB

MD5
6b4b7d7c6074c535a32266cb337b0181

SHA1
48039a04769ecb14d5375075ac41ffa5b1db697b

SHA256
9a94af81e5f4767d195c38b2df0e387d445382b8248717fc5f11328329b9e712

SHA512
ffeba69be3ef3d95e51d349f33df1b7649cca8c008e336209febc0f654b51b5801f544e96db208525cfe3a136bea599af55624cb381fc2032e1bc96772685b70

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p4wuoroe.default-release\cache2\entries\9D02F2551E90852979DE8BA424BE478D75FA6CA3
Filesize
6KB

MD5
a95e5a0a0c5abac78501746d75519ecb

SHA1
5cd1a0b23b6fe325611f659d55cb7d6c5ae697e4

SHA256
a8b32f34eeab73ec428670df7b5e83fef6a3cd77a8c396c9b434db81c7068825

SHA512
d4b0e4fa3af1f98483f6ab996deb629a8c2054f6a671aeff00ba6c504eb3be283bfce0c9b5cdd02737c53ee69ba7c568af15bf972bf1ca03b58ac61d1ccfc857

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p4wuoroe.default-release\cache2\entries\B71EFBEABEBEAFE2F49C19823886FC28E910F8F1
Filesize
35KB

MD5
b52fb6cd06653b12c17fb506218297db

SHA1
52d7256636819bd45c6e4a0bd1bc55025d1fe27b

SHA256
8a94e76ef90ea0015c9f5c495116db8ad910d8c612495b9e8919ee29b39ec976

SHA512
034d57796c163c1e71fc42d51b2ec06233759aac418216da073640b6f7cf9e2a7ae7632ec19b395a891601459ba419a6606e398a367dd340aee2f54dd2680e02

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p4wuoroe.default-release\cache2\entries\CB53B48FE84CCF8AFD0E4BEAC28C96254D15F763
Filesize
403KB

MD5
15c8a4a8678e731d116b289e7fcc8629

SHA1
f9c9ba06e388bda5d1115b1d537e4bd7eb8ca554

SHA256
de497aefd01b2bb629339d47c6710599668579eb9eecc83715ce982e1fac7816

SHA512
f5de67d0280e797fcf1f58a056272e10d49fb17c710d392923163ed89b15c294f1850732ebd2af8d5d6e5fb3af313799d21483e223cca87a6b3025ed396edd29

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p4wuoroe.default-release\cache2\entries\DAA6F7299E5A91DC50DC855B367C07AF432FFD27
Filesize
17KB

MD5
639f00ae17d551a790f64e6103709409

SHA1
5d2e33700d5564c6c718eefe08a5b7df4e64edd7

SHA256
b3eed973a51e5c1bc3d1d954485719862366e8771746d97a393884bf4d78f07c

SHA512
b5e369024393ada275fe89d15db5eadede592c6670d4ca12443bc77a28997904f014f35e24226b3976491c44a8eb2f99d2fbd6783b5819896264f1f17b58b1e4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p4wuoroe.default-release\cache2\entries\E78E3F76C38A478389988CA4F4C125CDF3D80965
Filesize
48KB

MD5
c6dc60d957bb583d7f500dbbf3141be5

SHA1
ee73d94453da219adcb6a8ccfe9ab056aea0f03b

SHA256
2effa2891681c32a30fa2e7b43de20a2cd86de1e30fa409d8a0e2ba01d814ff4

SHA512
2e90eaf1686d3f9a23159348fdd48b5ff7a6cd9f1e529e7430e2ead55377ca86805ef7a36760fbbb1f74e252acf3a1829bce66a5c4f1568d752d35303c492731

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p4wuoroe.default-release\cache2\entries\F9540C419E6109F197DC22BB30D69BAA42A4603B
Filesize
184B

MD5
c3767b7fb8ac538040eb7d488d70723b

SHA1
37b62cde1a5ba21a4542eeddac53a4911d29fa0d

SHA256
d865609b74664feffae6aa1b5772751eb645cd94bebe075fa2a919851441e2d0

SHA512
cb2c8a7717ad7917bd50466d2162d412866d800216ede208d8ee88dbfdc9579a0af76170ff554a78cc6e1112bb434f1b92ad82769c9dec3e39f8ad718725f2a9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p4wuoroe.default-release\cache2\entries\F9C0DBE0A2DD97EC6ED9169740F2359C288B0E4C
Filesize
6KB

MD5
599fcf9171ca8b857f9b3048317538fc

SHA1
0f178e87726d95f3043ebe1ced7c5cf7b48285f9

SHA256
1e3dbc705700a467fff5df97b1b9c042afb1fa336fccf533acfe389e3b402419

SHA512
0274bc13f4a616b87328b078459f8afcc899fe0e52eb9460209fe4d20ec8b31374c0eac207c537ab56b7d24f89e90b3b408e6a0e319bd9f65874e843a3bbb4b0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p4wuoroe.default-release\startupCache\scriptCache-child.bin
Filesize
464KB

MD5
67f22f27223d6a2da3760b5cf1a92340

SHA1
70ec506cdbb71d9777baca2232c1ac27d9ea4c93

SHA256
4cdd33a28c637663c53970683497e24af6acd0f8e3c8611b65caa3cff47bacd4

SHA512
aa218e6a5d52e175abd10da7fb2fcaa59aa1313acfdde24d8732554f8c036a540af8eb3660475b3b403494185e1a509cf42b3fce492b03b76e44d313ee2460ba

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p4wuoroe.default-release\startupCache\scriptCache.bin
Filesize
7.8MB

MD5
2cb709ff6adffe6b5849111b361eb082

SHA1
65c807f58f0c6c85799c29ab72b68f7785d6f387

SHA256
e03b8b143858906fa2f3d93d58e3459cb9976ea4b10a2a44458fdeca85f67384

SHA512
687564ee2d57d7ded0e264449adf0bd8081912a867b6c245525e0e9d8f05eb2c15c05bff63bc4a2578c949407b37d935354acbc7d52544971a003cb4db064975

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p4wuoroe.default-release\startupCache\startupCache.8.little
Filesize
3.0MB

MD5
38a3ca49aac6ef46cb12c3db713f79df

SHA1
2fbbbaf19b66003e245c064620acaa217e93f056

SHA256
e32ab175144d00eb1c171d77236c5f3ad89bb7e291092b4e07c70161efa15496

SHA512
9734b2c0e5a2de997f96a418415917ac00cb0a640bbfc9b2ba9c9a319a811f62f654a53bdd79edea5f3bfcfd6bc7c20e7f5ef7514f5b47f4a8822e544de48ef9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p4wuoroe.default-release\startupCache\urlCache.bin
Filesize
2KB

MD5
6de41190de0bb59dc94b3e03d171e1e9

SHA1
c6251481f1d1c3da40e3fb650ef80ae24e95347e

SHA256
e1c929fe5046de2b2544f75b9a80294e5fc7964504f103b02edbcdd1081af7da

SHA512
166c982b1acf8619b0164b71b752ea7c9a49190bcef54647e7f76f6441c4d1de0fbbcff03ba7585e7efb4720ab97a2314c0a6311f49bb2729d1061737f92fb81

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p4wuoroe.default-release\startupCache\urlCache.bin
Filesize
2KB

MD5
c7c555f4ee59016e7c9a2820f3d9dee4

SHA1
a0f94925db306b8fd62c04840a80607bc76fed07

SHA256
3c5b8912d2aa49a2858100a94bddba0c833a92994a4b954201ada5e09b50e914

SHA512
5e7b6f59bb5fe22c3f63f4589444df0e9e0a04eeaa2a26495808b272d987a89f45c2fc1654eac14f3e40b5e7b3446f6d3b4b85e649cc30db32e7758d9eeebd24

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p4wuoroe.default-release\thumbnails\2ecd133d185e71590a7eec4df07db9b5.png
Filesize
1KB

MD5
a4e3dec615867334fc01bb2b71796edb

SHA1
6ca3970f02d7ab704f5b82849c2f9163a9bdb9e1

SHA256
5fa0608bb3291da5006676cc5880c90c3d591c29e0f96ffad8a35cc961522560

SHA512
ff4192657fc611ae0938c3962a541eac877a66d372924a8df62aa8e99f6be4431c6b706df232aff96269746a448fa8a23e7d1c8a9d809d74782baa78a0af62e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DFCB14C474F9379D5A.TMP
Filesize
16KB

MD5
847009059266863bf02293d4945fa3fd

SHA1
7db02edee0f5525efd0916c4ddd6c598235be325

SHA256
87808ff2cc031be5d44fef5c7a7ac143949762ae6492eb3f4f0bbc5c26378f21

SHA512
31f57fd9fd759f2e3d5c2fd517f01f0f5125b774a69931cf629042d16a5398e8c75498a07c53547d7c4df1e71874a9313ff0bdd63f4c77e436dd0ed1b90a5e41

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\LastCrash
Filesize
10B

MD5
36243fd4cd636f3145c1efe52ecef141

SHA1
b2221ff4b57913df1cc728703accda12c2123413

SHA256
a925c2ccedb05f706be09b06ea9cd6055960a79666da9e230815e79c67cfc0fb

SHA512
3482f238470de47d2829580bde0efc9edcacf4b4d69faeef1ce061f0640a88d261ee6697d5dcab34930c925ab46e07217b188b7888b812829e1564131f7d50f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\events\8b6199b4-413d-46c8-af77-4afbb3501bcd
Filesize
12KB

MD5
d70d904db7aa60d0bd5dee79a267c19a

SHA1
0fcdef06813772fa46374239ea08edb3bb628c66

SHA256
938e0e8ec848ce7d97275e1b6f3b042e1ac2b63c0213e71d31bd4f23deff6722

SHA512
101b71e1981e8e3ed21a4df187eb6d800874eb450d60721bd6983c0f0b5f93e0245441eb4ee4ba0728103d666fae4e8be6fa04011812fe4040053d7a1328abe9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\addonStartup.json.lz4
Filesize
5KB

MD5
f250c684a241935c2794c30ae164ae52

SHA1
ea384bb1ba6744718b3bb8180800365d19887692

SHA256
ff08fca842608945bab874f225d809065a58d1eda82f37f80f727bff95bc00a7

SHA512
e16698db5705fb140ab0579c4ecbe51ba7fd2d494bf987c23bc5c46294e84749a3f1b43d0ef43fa75e7ce0d1b67ac3c22421717506be6fedb4dac49e2e7870ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\cert9.db
Filesize
224KB

MD5
6f1660cd8e4eb533b0583e08e456a4a6

SHA1
3a28040257b36f8c285a20e1bdb276fd664b9e8d

SHA256
a91dd7b8acd2996b3e55192690d8e569f1d1971b816f94b5492db91839910b06

SHA512
b7bbc8cfac4a51733c4996b868d73ff0e492d2d06f1e87bc0c237804881803982522f705a099bcece438fd1b010fd46d9e7f740ff5f24489746ffb916b8b721c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\cookies.sqlite
Filesize
96KB

MD5
eed20b7b6790dae8685d7dfffef5cae9

SHA1
23462ae0ba04f45c70c8c9f10f50932f665439e4

SHA256
099f2d2db37746a3d574e9b3363588a74fdcf804846e478ff2af602309766812

SHA512
1ee3c31edeb9c6cee1a3317e19c530dcb854e4d92b8172e016a4d6bfd419c3d0fa1e0fbb8a0ebda2417876ac7ceedf86f187caa5afd68e635ee5c866cb087604

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\cookies.sqlite
Filesize
96KB

MD5
fb25d62fd6800bba7e9e376b9a1cf9ce

SHA1
0a95a22efd75b9ef5b7726e3ec2aa569214ae375

SHA256
e2316d6696358128e905fbdafb9f6609c78246861cf753d0470aca571f857f9f

SHA512
40c1d3c017c47c6be7a514172f1b9efc7b68a4f9702db308f0f619b8e2221815ad04a2143e152945feaaa63e43677a9e727a073cf6a4c210ffd11d6b69981378

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\cookies.sqlite-wal
Filesize
160KB

MD5
511d116a030b4a6abfecc8276d161d56

SHA1
2ca82163d52852ef1c3b99f248bf5e15a26c30ca

SHA256
dc7fec84b76f80452751aaaa5df0ee903dd7f80b2a7f5d554bbe43824d904fbb

SHA512
896eaf8a5fff77a168421c02544378e2fcdaa0c7770bfc96d895c5f74c76730609cdaa21674a78730d3927f36dbb04330ae5fa7e84ec79b5780ecbe8a7809759

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\cookies.sqlite-wal
Filesize
512KB

MD5
dfe9eeaec25c0226c8e925949f3435c2

SHA1
fb7fcda1c2fc21fc38e860645cb7d5fe1f25a0c9

SHA256
692af8bd54bb2357a44998565a05a0511a456c8f11906961510225fc8fbb5f7e

SHA512
e2433770cefeae329c5a2509259f0978ab1441625d113ebef9815810ef004efd5faf4fd99697b888ac41149b719490223d976890ba7d245b712d7a6728b09e3c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\crashes\store.json.mozlz4
Filesize
66B

MD5
a6338865eb252d0ef8fcf11fa9af3f0d

SHA1
cecdd4c4dcae10c2ffc8eb938121b6231de48cd3

SHA256
078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965

SHA512
d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\crashes\store.json.mozlz4.tmp
Filesize
66B

MD5
a6338865eb252d0ef8fcf11fa9af3f0d

SHA1
cecdd4c4dcae10c2ffc8eb938121b6231de48cd3

SHA256
078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965

SHA512
d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\datareporting\aborted-session-ping
Filesize
49KB

MD5
04c15ae90b0333b1c04b1f4a9eba2aa7

SHA1
244776e113954148fd40a4c18a3fcd4fe2706f90

SHA256
33ba15bb5f396ec354c0f38d5867932a259f039cfbd3fe773f1d239b72742d33

SHA512
95b9dd94c7177c11f49a56625c40ef5996ff22037e0b9ac154b3a4f8e98dd52ed8459d82cc38c242fd4cb23e0f5be0f2f055b4fdbd68f0c744b80ec76780171e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\datareporting\glean\db\data.safe.bin
Filesize
182B

MD5
63b1bb87284efe954e1c3ae390e7ee44

SHA1
75b297779e1e2a8009276dd8df4507eb57e4e179

SHA256
b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a

SHA512
f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\datareporting\session-state.json
Filesize
161B

MD5
00034262ab3d44b32b9d96631ea7c802

SHA1
abd2e62f9bc00df558b2fee64c75ecef71792cee

SHA256
60ff3dceada8f9d7857f0739d89333ca34675e4b3c2aeb402abe3982083c5990

SHA512
e0b02d6227c4e9beb168c14181fc0b398783874d3f0111e2b05fb73908262c27f0b2f27e2fecb8955c0812fe028c94230cc6ec076459ce35bf4a63525cc5989a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\datareporting\state.json
Filesize
51B

MD5
3e32e2cc1ed028dd8ff9b06f50a4707b

SHA1
b3910351bd8e13ad1479db699cf6fac6544a5bef

SHA256
4a3a666d98e61b5fe06fecac56807137a0fffb4bb71d4c3b16baa8702dde738c

SHA512
4585ee9ec04adf138727cd039a9cbe78db6cf2926f6ce92524312a42efd1250100848a919ec4b833f9a013181ce93734575b86eed37f1bf32effa3237eba84db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\minidumps\8b6199b4-413d-46c8-af77-4afbb3501bcd.dmp
Filesize
487KB

MD5
2787511eb92e48385563c8fda5d8bf9f

SHA1
91378368c60095cf9ec3dfd6dec694b34fd161aa

SHA256
83bfd0b9327f73ff67e8dc5d2aafff7c9e63f87cef7e343dd661da2678e2be3d

SHA512
7a41abd117174c4c2a1a4715a30422e1e15a20b55fcc44663c0afe6b29405188854ef65dc1befc537b5d970b113fc60a9614616df68f6e5cea32e716f944456d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\minidumps\8b6199b4-413d-46c8-af77-4afbb3501bcd.extra
Filesize
13KB

MD5
35bef71723986cd4d9ae90d05e572ff9

SHA1
ea960deb302dbf61d092ac47e60bd679f48b8ae5

SHA256
12f277d062a3ad27fa4d0c9193abce4983de6b2de54cb89d3b03a69f61cafd7b

SHA512
8dd078f7b2ad31107f9ef2fadd92d503775f607df7648686e7a357eeda0dd75eee16ee478b7c15bb447b24547962e933f546c9174f2a955f683e6dfa159a5bd3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\minidumps\8b6199b4-413d-46c8-af77-4afbb3501bcd.extra
Filesize
14KB

MD5
6c05a2a831db000cb7789abb07fb22a6

SHA1
33244661254027d01b96e03bbdade647415b2e9e

SHA256
00ac907bece345ae2e26e0fc41a923aa9de042c066f8251003a49a3451d5a583

SHA512
94aed5c8f6dd1131df7f6c35bddc4c649d3685b8749a62063e72fb50911f2a90a4e452f0b8f8a804a520c7858da53199f110d51e549eaa993a20027d52ab8cdd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\permissions.sqlite
Filesize
96KB

MD5
6c7f7d6d905de9474aee5ad52c667a26

SHA1
f6ce1d35b5e94e5236bc56c57d065123eabec314

SHA256
73ae120bd7fe76cd4b865f8645739cc9f558dab76c6de775c406fc6fa7167249

SHA512
d71afe030bf3b3115146067c644c9080885c1c0479097a3bfea1c6a9b06c2a1e2de06a2789b9d626bb4d57c8a6281de12dc3ecce3eda6f2f956a569f2a945288

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\places.sqlite-wal
Filesize
480KB

MD5
1eb37072c3fd3d5d9a6e0b22409e60d1

SHA1
6fc796730b5de9035572ca6e43a6b4f6955df08d

SHA256
f8817b8b020e47828d2da2263746aeb0b3f4bf1a6c74976b38d5575cb5dba513

SHA512
0e07078490470778834ffa1b9191b83eb2fd33e336a57b62d7ffa292ac31844f2179b80c99e799cea0fee3020fa876668a6972512a34351ee1399100279aa36d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\prefs.js
Filesize
6KB

MD5
fc03769491e92557713bff75b3dcae44

SHA1
a4f4687575dba8a950a014c93d8f9f086a2b68d6

SHA256
3e943e423e8dd73d3afd2444234e9c1ca4eebd430da878f5bcc15e2141da7375

SHA512
8e2266f0af8f7833397b36b31482a43a4bd798693e069f8aeb823d12b767bcdac3aed772ce10b8907fca777436e4efc39ecb5172e81d2672f1165a2427b709b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\prefs.js
Filesize
6KB

MD5
fc03769491e92557713bff75b3dcae44

SHA1
a4f4687575dba8a950a014c93d8f9f086a2b68d6

SHA256
3e943e423e8dd73d3afd2444234e9c1ca4eebd430da878f5bcc15e2141da7375

SHA512
8e2266f0af8f7833397b36b31482a43a4bd798693e069f8aeb823d12b767bcdac3aed772ce10b8907fca777436e4efc39ecb5172e81d2672f1165a2427b709b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\protections.sqlite
Filesize
64KB

MD5
c85d1bbdcb2505d7f5c6bd0dd2b06492

SHA1
b045492af83bf1549827343014eae43cc0a817d7

SHA256
a5cbb5daa9ea1b98935ab288b6293bd08abab25a4576a400334c68e6b781c64f

SHA512
7343830acaff4a89de4a47e71e10f9a99539d075fcfef3ca0d9e9701f6a8fbfbfb8ad342764314a01a171a1acb3b3d5eb404817d40ca5b0a2444c06e8f925f37

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\search.json.mozlz4
Filesize
296B

MD5
033eb0645837c8b618a593f7b9a72642

SHA1
cf4c2e7ccaa275ee47cdd945a7bd1f8b57c61172

SHA256
3409fd08295094b37673d748a0374cf0afaecf1671188b2ed012626cad67a582

SHA512
27dd0743306b0845c06b3be3e3ae2f515777dced4bbf91a4864bb95c5873e2d6351d99be36d4762a2ba8262130c6d139db3f4f5272afb8717e02b09c1e39c2b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\sessionCheckpoints.json
Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\sessionCheckpoints.json.tmp
Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\sessionCheckpoints.json.tmp
Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\sessionCheckpoints.json.tmp
Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
e973d892770631be1f35b89c03bbbf5c

SHA1
a39414d9eb6d7dfa3eedd081a7cf6cf488b01bf5

SHA256
1177bd06ecc4806a81bbc0ca60ad05c6ac9c40487876b042e84b7338d8b79c32

SHA512
15d51c8d193f217118c238c12894c4d2aa3b3a335da39949458f891c1a587e7e7fb1e72b7b760ae375237e3a9291b16a6eb506696e680deb9943e89da21a3dbe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
80d4f490e164a17acdd33fea97146d30

SHA1
3dd900c1f8667a3ca08bb729e430d3adb464d5f7

SHA256
2db09b5378aca198b4365e87836dad048f88a6ec108aeb1e6e7440f8a1885cbe

SHA512
0dcf9e5247042f972c6da6440ed5ad3c275b086d9f410485e99f1737332373b271d6a4981a8a9d6ce76cd85cfeec90958d45ff038a434a1670fe445d758b6de8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\sessionstore-backups\upgrade.jsonlz4-20221007134813
Filesize
1KB

MD5
05650d9c47b0a3414633c4b8f30f50d7

SHA1
69f326ea997d4a07846015304f3c70f71a96c765

SHA256
3e9c7f9e50c926c029e01bf6f59b974367fbccc98ef0b946bbf988180a9da160

SHA512
fc55822cba89bed318ee968a757e3dc76d5b88f235bbd7bee28166140f5bfb1c6268ec2ecec0a2e6bb75ec78ef0d24feb7a76dd8ef4565d7dc86c7b09e50322b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\sessionstore.jsonlz4
Filesize
1KB

MD5
05650d9c47b0a3414633c4b8f30f50d7

SHA1
69f326ea997d4a07846015304f3c70f71a96c765

SHA256
3e9c7f9e50c926c029e01bf6f59b974367fbccc98ef0b946bbf988180a9da160

SHA512
fc55822cba89bed318ee968a757e3dc76d5b88f235bbd7bee28166140f5bfb1c6268ec2ecec0a2e6bb75ec78ef0d24feb7a76dd8ef4565d7dc86c7b09e50322b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\sessionstore.jsonlz4
Filesize
1KB

MD5
05650d9c47b0a3414633c4b8f30f50d7

SHA1
69f326ea997d4a07846015304f3c70f71a96c765

SHA256
3e9c7f9e50c926c029e01bf6f59b974367fbccc98ef0b946bbf988180a9da160

SHA512
fc55822cba89bed318ee968a757e3dc76d5b88f235bbd7bee28166140f5bfb1c6268ec2ecec0a2e6bb75ec78ef0d24feb7a76dd8ef4565d7dc86c7b09e50322b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\storage.sqlite
Filesize
4KB

MD5
e754fbe11ba0e708fa319a0396ff4274

SHA1
46687e5fe95275f8d9512e64659a7ad985343553

SHA256
33f31db8b6798aad9d7752c69ddbf9c4b97621fb924c9171f7f8c4d4e6c59704

SHA512
e02fc85d8b3bcc22c33e93dda90993122df5be0dcdff02302577978f47fb202ecb20cfaa899c2c67f4d09c6381b076eae6b2e0af682de10b8df7e187e735bdab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
Filesize
48KB

MD5
075c07b014f3833c0bb020e39dd41209

SHA1
e09c27263d4359590fae8f0e191a456e4f76d3ad

SHA256
de10073908ec212eb645b4b2a4ad7b333d25f63b6ee2611fa0a8cd4dc14efc08

SHA512
0c7b413439893f03c776fab2210b0d495fd7fa648e1ba7a86c00b5860fef41a4733381f9dbe6e34278c383e9c10272a82c079418c4a93312c1f6977a71036001

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-wal
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
184KB

MD5
c42bd020bea6ef3bcd3298f8b0ceb003

SHA1
70c12e8866072ab158a3b0413097eb3a623a465d

SHA256
bd7db3881121bd086bf012a0e2f4a280da5a78fcc246f2bdc8a99f0a1c5acd84

SHA512
ae25db4e32df732a44942d4ecfc9749a79cf3aacc88fd1bb4bb30dfc6c2f1f00b9173f167193c4010070e88a242ba06d9ffe428b3d36cb5196becd62748e1b0b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\xulstore.json
Filesize
215B

MD5
bc94ce1ed38b7915dbba789fd8279653

SHA1
777097600be6a7ced0ae4441aefdda9efd950de3

SHA256
b4bda8294ff110261635d68193bb00e2feedec98ea3f4d433547c9a10bc0128c

SHA512
43e74b6c00d21c23c9d9af65353364c1277030221f288a15fab2bf2eeb8da61420ad7dd9cc46e835a94e5fca009087c0e7eb7afd66800e27d97b51ddde232ee0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4wuoroe.default-release\xulstore.json.tmp
Filesize
219B

MD5
75d103e0d2c95934eb4053654c6fabd3

SHA1
42b903e3280865f93c5feb00f727934139c4291d

SHA256
807f9c92e8b53d9790743ea091866f3530f4c54ca194133ec8227be8b19223c8

SHA512
c7a80b86d2edc5d2ab3e9472cd7259e7a862f5be088a2709930dd1fa58e409accee7cc4d05fcccb66bee6bc03d032958e3e9a2ac2551307137a6910ad258f5a0

Download Submit