hxxps://www[.]naturskyddsforeningen[.]se/faktablad/ostersjon/

Analysis

max time kernel
1199s
max time network
1168s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2023, 08:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.naturskyddsforeningen.se/faktablad/ostersjon/

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133373410977113734"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3272	chrome.exe
3272	chrome.exe
5688	chrome.exe
5688	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3272	chrome.exe
Token: SeCreatePagefilePrivilege	3272	chrome.exe
Token: SeShutdownPrivilege	3272	chrome.exe
Token: SeCreatePagefilePrivilege	3272	chrome.exe
Token: SeShutdownPrivilege	3272	chrome.exe
Token: SeCreatePagefilePrivilege	3272	chrome.exe
Token: SeShutdownPrivilege	3272	chrome.exe
Token: SeCreatePagefilePrivilege	3272	chrome.exe
Token: SeShutdownPrivilege	3272	chrome.exe
Token: SeCreatePagefilePrivilege	3272	chrome.exe
Token: SeShutdownPrivilege	3272	chrome.exe
Token: SeCreatePagefilePrivilege	3272	chrome.exe
Token: SeShutdownPrivilege	3272	chrome.exe
Token: SeCreatePagefilePrivilege	3272	chrome.exe
Token: SeShutdownPrivilege	3272	chrome.exe
Token: SeCreatePagefilePrivilege	3272	chrome.exe
Token: SeShutdownPrivilege	3272	chrome.exe
Token: SeCreatePagefilePrivilege	3272	chrome.exe
Token: SeShutdownPrivilege	3272	chrome.exe
Token: SeCreatePagefilePrivilege	3272	chrome.exe
Token: SeShutdownPrivilege	3272	chrome.exe
Token: SeCreatePagefilePrivilege	3272	chrome.exe
Token: SeShutdownPrivilege	3272	chrome.exe
Token: SeCreatePagefilePrivilege	3272	chrome.exe
Token: SeShutdownPrivilege	3272	chrome.exe
Token: SeCreatePagefilePrivilege	3272	chrome.exe
Token: SeShutdownPrivilege	3272	chrome.exe
Token: SeCreatePagefilePrivilege	3272	chrome.exe
Token: SeShutdownPrivilege	3272	chrome.exe
Token: SeCreatePagefilePrivilege	3272	chrome.exe
Token: SeShutdownPrivilege	3272	chrome.exe
Token: SeCreatePagefilePrivilege	3272	chrome.exe
Token: SeShutdownPrivilege	3272	chrome.exe
Token: SeCreatePagefilePrivilege	3272	chrome.exe
Token: SeShutdownPrivilege	3272	chrome.exe
Token: SeCreatePagefilePrivilege	3272	chrome.exe
Token: SeShutdownPrivilege	3272	chrome.exe
Token: SeCreatePagefilePrivilege	3272	chrome.exe
Token: SeShutdownPrivilege	3272	chrome.exe
Token: SeCreatePagefilePrivilege	3272	chrome.exe
Token: SeShutdownPrivilege	3272	chrome.exe
Token: SeCreatePagefilePrivilege	3272	chrome.exe
Token: SeShutdownPrivilege	3272	chrome.exe
Token: SeCreatePagefilePrivilege	3272	chrome.exe
Token: SeShutdownPrivilege	3272	chrome.exe
Token: SeCreatePagefilePrivilege	3272	chrome.exe
Token: SeShutdownPrivilege	3272	chrome.exe
Token: SeCreatePagefilePrivilege	3272	chrome.exe
Token: SeShutdownPrivilege	3272	chrome.exe
Token: SeCreatePagefilePrivilege	3272	chrome.exe
Token: SeShutdownPrivilege	3272	chrome.exe
Token: SeCreatePagefilePrivilege	3272	chrome.exe
Token: SeShutdownPrivilege	3272	chrome.exe
Token: SeCreatePagefilePrivilege	3272	chrome.exe
Token: SeShutdownPrivilege	3272	chrome.exe
Token: SeCreatePagefilePrivilege	3272	chrome.exe
Token: SeShutdownPrivilege	3272	chrome.exe
Token: SeCreatePagefilePrivilege	3272	chrome.exe
Token: SeShutdownPrivilege	3272	chrome.exe
Token: SeCreatePagefilePrivilege	3272	chrome.exe
Token: SeShutdownPrivilege	3272	chrome.exe
Token: SeCreatePagefilePrivilege	3272	chrome.exe
Token: SeShutdownPrivilege	3272	chrome.exe
Token: SeCreatePagefilePrivilege	3272	chrome.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
4120	firefox.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
4120	firefox.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
4120	firefox.exe
4120	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4120	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3272 wrote to memory of 4928	3272	chrome.exe	68
PID 3272 wrote to memory of 4928	3272	chrome.exe	68
PID 2412 wrote to memory of 4120	2412	firefox.exe	87
PID 2412 wrote to memory of 4120	2412	firefox.exe	87
PID 2412 wrote to memory of 4120	2412	firefox.exe	87
PID 2412 wrote to memory of 4120	2412	firefox.exe	87
PID 2412 wrote to memory of 4120	2412	firefox.exe	87
PID 2412 wrote to memory of 4120	2412	firefox.exe	87
PID 2412 wrote to memory of 4120	2412	firefox.exe	87
PID 2412 wrote to memory of 4120	2412	firefox.exe	87
PID 2412 wrote to memory of 4120	2412	firefox.exe	87
PID 2412 wrote to memory of 4120	2412	firefox.exe	87
PID 2412 wrote to memory of 4120	2412	firefox.exe	87
PID 4120 wrote to memory of 4216	4120	firefox.exe	88
PID 4120 wrote to memory of 4216	4120	firefox.exe	88
PID 3272 wrote to memory of 3712	3272	chrome.exe	90
PID 3272 wrote to memory of 3712	3272	chrome.exe	90
PID 3272 wrote to memory of 3712	3272	chrome.exe	90
PID 3272 wrote to memory of 3712	3272	chrome.exe	90
PID 3272 wrote to memory of 3712	3272	chrome.exe	90
PID 3272 wrote to memory of 3712	3272	chrome.exe	90
PID 3272 wrote to memory of 3712	3272	chrome.exe	90
PID 3272 wrote to memory of 3712	3272	chrome.exe	90
PID 3272 wrote to memory of 3712	3272	chrome.exe	90
PID 3272 wrote to memory of 3712	3272	chrome.exe	90
PID 3272 wrote to memory of 3712	3272	chrome.exe	90
PID 3272 wrote to memory of 3712	3272	chrome.exe	90
PID 3272 wrote to memory of 3712	3272	chrome.exe	90
PID 3272 wrote to memory of 3712	3272	chrome.exe	90
PID 3272 wrote to memory of 3712	3272	chrome.exe	90
PID 3272 wrote to memory of 3712	3272	chrome.exe	90
PID 3272 wrote to memory of 3712	3272	chrome.exe	90
PID 3272 wrote to memory of 3712	3272	chrome.exe	90
PID 3272 wrote to memory of 3712	3272	chrome.exe	90
PID 3272 wrote to memory of 3712	3272	chrome.exe	90
PID 3272 wrote to memory of 3712	3272	chrome.exe	90
PID 3272 wrote to memory of 3712	3272	chrome.exe	90
PID 3272 wrote to memory of 3712	3272	chrome.exe	90
PID 3272 wrote to memory of 3712	3272	chrome.exe	90
PID 3272 wrote to memory of 3712	3272	chrome.exe	90
PID 3272 wrote to memory of 3712	3272	chrome.exe	90
PID 3272 wrote to memory of 3712	3272	chrome.exe	90
PID 3272 wrote to memory of 3712	3272	chrome.exe	90
PID 3272 wrote to memory of 3712	3272	chrome.exe	90
PID 3272 wrote to memory of 3712	3272	chrome.exe	90
PID 3272 wrote to memory of 3712	3272	chrome.exe	90
PID 3272 wrote to memory of 3712	3272	chrome.exe	90
PID 3272 wrote to memory of 3712	3272	chrome.exe	90
PID 3272 wrote to memory of 3712	3272	chrome.exe	90
PID 3272 wrote to memory of 3712	3272	chrome.exe	90
PID 3272 wrote to memory of 3712	3272	chrome.exe	90
PID 3272 wrote to memory of 3712	3272	chrome.exe	90
PID 3272 wrote to memory of 3712	3272	chrome.exe	90
PID 3272 wrote to memory of 2932	3272	chrome.exe	91
PID 3272 wrote to memory of 2932	3272	chrome.exe	91
PID 3272 wrote to memory of 2092	3272	chrome.exe	92
PID 3272 wrote to memory of 2092	3272	chrome.exe	92
PID 3272 wrote to memory of 2092	3272	chrome.exe	92
PID 3272 wrote to memory of 2092	3272	chrome.exe	92
PID 3272 wrote to memory of 2092	3272	chrome.exe	92
PID 3272 wrote to memory of 2092	3272	chrome.exe	92
PID 3272 wrote to memory of 2092	3272	chrome.exe	92
PID 3272 wrote to memory of 2092	3272	chrome.exe	92
PID 3272 wrote to memory of 2092	3272	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.naturskyddsforeningen.se/faktablad/ostersjon/
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae5bb9758,0x7ffae5bb9768,0x7ffae5bb9778
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1868,i,13331802082658909353,3983706133311001534,131072 /prefetch:2
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1868,i,13331802082658909353,3983706133311001534,131072 /prefetch:8
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1868,i,13331802082658909353,3983706133311001534,131072 /prefetch:8
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2888 --field-trial-handle=1868,i,13331802082658909353,3983706133311001534,131072 /prefetch:1
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1868,i,13331802082658909353,3983706133311001534,131072 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4760 --field-trial-handle=1868,i,13331802082658909353,3983706133311001534,131072 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4936 --field-trial-handle=1868,i,13331802082658909353,3983706133311001534,131072 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 --field-trial-handle=1868,i,13331802082658909353,3983706133311001534,131072 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 --field-trial-handle=1868,i,13331802082658909353,3983706133311001534,131072 /prefetch:8
  2⤵
  PID:5188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4576 --field-trial-handle=1868,i,13331802082658909353,3983706133311001534,131072 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5224 --field-trial-handle=1868,i,13331802082658909353,3983706133311001534,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=828 --field-trial-handle=1868,i,13331802082658909353,3983706133311001534,131072 /prefetch:1
  2⤵
  PID:600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2876 --field-trial-handle=1868,i,13331802082658909353,3983706133311001534,131072 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4740 --field-trial-handle=1868,i,13331802082658909353,3983706133311001534,131072 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6020 --field-trial-handle=1868,i,13331802082658909353,3983706133311001534,131072 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5888 --field-trial-handle=1868,i,13331802082658909353,3983706133311001534,131072 /prefetch:1
  2⤵
  PID:5716

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2412
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4120
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4120.0.1617600972\1919238776" -parentBuildID 20221007134813 -prefsHandle 1928 -prefMapHandle 1920 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6a6c8c4-9f06-4e81-ae1b-61d92d5ac524} 4120 "\\.\pipe\gecko-crash-server-pipe.4120" 2032 22b4b0d8458 gpu
    3⤵
    PID:4216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4120.1.32285354\890582037" -parentBuildID 20221007134813 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e75809df-3be6-4a66-bb2d-597f84c4a5d5} 4120 "\\.\pipe\gecko-crash-server-pipe.4120" 2424 22b370e5758 socket
    3⤵
    PID:4620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4120.2.1269296737\22949252" -childID 1 -isForBrowser -prefsHandle 2988 -prefMapHandle 3148 -prefsLen 21012 -prefMapSize 232675 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {02a24808-a23c-41d0-a9a2-cc7101cd5eda} 4120 "\\.\pipe\gecko-crash-server-pipe.4120" 3124 22b4b061658 tab
    3⤵
    PID:3644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4120.3.1266575344\1439687717" -childID 2 -isForBrowser -prefsHandle 3484 -prefMapHandle 3480 -prefsLen 21118 -prefMapSize 232675 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e58a402-f1b5-474a-a651-371440d18820} 4120 "\\.\pipe\gecko-crash-server-pipe.4120" 3496 22b4f255058 tab
    3⤵
    PID:4248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4120.4.1259884746\529961475" -childID 3 -isForBrowser -prefsHandle 3632 -prefMapHandle 3636 -prefsLen 21118 -prefMapSize 232675 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f5af4c6-e36a-430d-bf04-0e072d04a4a7} 4120 "\\.\pipe\gecko-crash-server-pipe.4120" 3620 22b4f256858 tab
    3⤵
    PID:4256
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4120.5.177162860\1169189897" -childID 4 -isForBrowser -prefsHandle 3808 -prefMapHandle 3804 -prefsLen 21118 -prefMapSize 232675 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5773297b-548f-41e8-868c-cdef1599f56d} 4120 "\\.\pipe\gecko-crash-server-pipe.4120" 3852 22b4f2cce58 tab
    3⤵
    PID:1440

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
180KB

MD5
497835d373e12af4cd257487dd5d3612

SHA1
425950e9427926ac0aa7940c4a18a44ab59df47a

SHA256
e11ff08dff0a884b311133e2469146b2a54319cf60094511e098df0c3677c4e0

SHA512
aa05611f56185e02289345f9c286ca98f96d5e1d24c8d152605e866e60013dc2945fc60f826e81459003ca9c2b7d439c0f6fdd173cbee57cd751ee51b18d2bf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ca3f62f4693a8637d4b5fa59faea02c2

SHA1
01776a6601f01d71c7e180ac4f14d89347b266d3

SHA256
fb86f65245b45e114783bf1bc1df445b6685995bbee7f20b7af5b73b041f6a92

SHA512
99c86514f08efd22dc084945666194251dacee22e041e9d5a10165f3068955caa0099441567f221473a63365d0f13389fe17449a7d3bb2107045b43dee72327e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c18464e9861bbdf08b9b8cd417834824

SHA1
69b4e9baf314a58a39e50b68c4eedda5e94ca9dc

SHA256
05111ff8d9924c3c0915422637bb785d1377b438943c36b12b81c8a0f7a69378

SHA512
44aeba495ec6d94875321c2085e7ab5f3046828594e7c54dedd335fcb76ac0ce618c8335c513bd21b7b8d0277d42d1af9f70afa36602ccec9eeee1cf6d685fbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5594771176ec627d346dbf6576cc70ea

SHA1
f013a8f8b2b9f76d3b7f8efb328e355a896ff058

SHA256
75baeacf55adf00cde81f80e3c3bb7b6566f0cb705ec1d5f0abd711ca22dcb76

SHA512
4c12426a15ed622b6149d6dfd87388ca76b1f949d1db019b22cc6784ba1b6c5c61ceefd3c013792a5419c046dbc128d7d964b557c5af44c9e1a680f3481c2443

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
dac3caf329c482e1d6c87814cebffa45

SHA1
59f849256952577984dabb406314442ff1425a18

SHA256
83525248f1944c37fded97561cc6322a72a3d41034802910fb318b0cca94b0e0

SHA512
e33c14fcc4106fdd5f993c6698000f22d473abc4adc984b10f135b06070712ec6e2cbd61fb6cc910bc507137b550b73ed94767e1dede86aa33c1e9d331a152b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
632baa35b983ffe281a1c3c11aeb5fa1

SHA1
546b1e3ba406d216245a3d6ceb01a2a59f7b387d

SHA256
b68abde5c973dcc73994de810577827cd8a023b2afa9e4a5bb1f21d632fcf10e

SHA512
e94d3d84d188d6f121c9143fce78e60f9553e13a85710d20e6f5aefb8ac95bd07b287890faf5a311d1bb8669c40f752e8a76730a4d41c98a287e6a152da582f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
afc924bb1b10b7db40e90191445542c9

SHA1
d5fcdbffb2e7d63438871a62e60053406547246a

SHA256
be79cb0e36c39a0236c891883306cbc921ad106da733ce60d2d4126845d8c4ab

SHA512
11c5164f13d2540aa4cdf4830ad63707b1666b8881061e4b3c79b00f8af31a879a625c870fa83928c185a47a78ecd7f94ef6c6949cf504585a546dcf4b32397e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ac9e33c23e4d3ef2f5a8b7f66ad0f274

SHA1
dd17bddb3994f4f306194b4afcb8573328e437a1

SHA256
bbffa0d882c4729a78910429b78d5afc31fa471c0910f6ec0b9f0f0747aa51d1

SHA512
96eb8f4f662498e2d63578b51d49b041f9ccfd70009d0afa86737c0a4560f2deddc61eb1aa0a782ef858c3a7fc34c2c370c741399c4608746660374eaa94ea2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
cb4ac4e28a91ff830bf1f94fd030ce9f

SHA1
318a2fae834dc06603dccbaa973dd8fbe0c2f0c6

SHA256
b01cb82f63617b0d2546942a33361a21d3796c1830e6f6396d5d623dddd73e90

SHA512
05cde7fb67088a54bb0567035a2a3e3bda036691a9e74785061e696bc942708382e58efb3659393f7e566c37b193ab2229758688606b5a3146c1ec6592b8c383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
634d1d755d07573eea20f545bd2666d6

SHA1
a2457fccc68503fa77bbc96f879dbc2aae5d6d6a

SHA256
a4212117a6cfc72deb20f2c1775e6f8b68be3cc977244bd52f528db4866a2e55

SHA512
743453a7aab4745484644a91bfb6290d90241a356fe1ac4185da9b16c57bc227102a52f6f4c12c044ad0578b56aa546750d2701adf863addb8631fcefba381a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
112f3d8557b996a7cd1090990a11da56

SHA1
cbb3aab5529078bb16efc07c8951f68fbe309c2d

SHA256
d026716a674cde30351cd44722861c840015e77d59862f9bc25fe0562d546354

SHA512
2d10708d505f6bae7e9615aeeb56d50884d0ecf8c5a3f63b0c83d695120bf4f977e0405aa2df071baa6eb6f2fc782e402f3a05a5e58433b1ce18ed97b9b4cfda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
8f920c49c53c34383bc06fe19e10a949

SHA1
619452956827b736e4d788e3d6af3c74476d9ace

SHA256
e64c3989a834652591bc5077eca3d53f3c3b9d1149963c28ff72475413765be3

SHA512
7657c08d09554eaec1d561e19786b7c0594d5962f6dd80ae9b1abda83ca681e379bcd56c61de35f1e45fddda0b2d8d4e5d7eff3ef295f712de4c335f48bcd301

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f952894d3bc47851c2dc831a8b229567

SHA1
adac93d81fd52de1775763de4e7925199cf16b43

SHA256
7665e52e7c2fa7c1dcda825e4b0498a4d7d47cfe2c9a1fc29b12189521296146

SHA512
62483f88f37d4b298e34ac5cf56dd2ec9aaa659ac917bd2f29530f82689aeb4d478b7850870b9a6876f48cfcdc7dc26ecc7d748d96fb5c8a8d1729cb826c6e7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ec5eeb17fd986ba61aed98cc98d7ee6b

SHA1
1066711f4f99bbadcfb44d1cb4434f689c1c552d

SHA256
47f4fcc982f001eb0435bb58ae6682decb0923485cc7bf99a137999b739da100

SHA512
2a69ef70021b09f6cfb9c72d1a766779b622aa06c2dd3b23e838f02f720df6da279d516e61ccb435d150fea9f3d013bccdffa08f3f54161f0afef30809df66ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
7aeb36b68afaaed4f15f26e821201dcb

SHA1
1e4a56aa42a8def890cd8e3e1373fb8beed6a6e1

SHA256
9ce43d5998d5138a5ee9414eee99c59c1b7c0e2664dcbf9c14dff2bda8b6eee3

SHA512
a9cb03e02ae51f7bb2bee41808fe2d4fef7d44aaa15f5aa59ce53bfe15fbadd10e86fa430747a5db1acd641dfa754b8113868df3f115dda1ff4922b97f0fa8a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
19e6de4e4a7f1adcfff393e1a0744719

SHA1
41277f6ab27596e5318cbdea59d9d8dc26205296

SHA256
1f1b52241051a0b2cea979d99a2d4de706c8d35d0228049e72cb1f716ab36057

SHA512
5860c33328d997124d67b677ca2c3f3ff91372168b6c17f9aa3b593e50f5ee9a1909a50e9741307f6a949a40151f82af9bf7c08323d4c5354bb2a054132c5bc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f380f9fce85a898ddb3b36bc6c0447e6

SHA1
e69811c6d4278047e351a56a9aed8290dab520d6

SHA256
f77cf9acdf0a15ed8703a400d55fa10f112030541327594e0f4b86306d4079ab

SHA512
5cc03bb605e081f257c886c9b891ca426db53c2b7fc4eab4a39ff189cc81faf6b8c8410f4bf755216816df3dc0ae8242bef77f1fe261cbed5c338c9406508879

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ffc372ff2e2a4119525b54d50c460171

SHA1
b34b7b89a237507930f69388d00b483967520fc1

SHA256
6d07e25e1f9ba28ea782b1e43aed01d38dfd133ae9c9ab0ee53e3c33c2aafe1b

SHA512
6c1cc08a051a65104a44edde3f6e10d1f04657602c2d7827800eac11832b06089fc49478f97550fd9033219e3c9946997937aa67cc01b486e4f8fcdccdb66264

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3887b2a78150d3cfce529de3aed09d14

SHA1
7e894ca1ed58644d0038e1c8153005116daa626f

SHA256
69c9c0af801d7429507d18d876ce9b4139a0f8db0cc932ce47df2e2ef6b23f88

SHA512
fdbe3c1eaa67d6aa915fdc6a93bb0a0448d3ef2d88077d4f446865a227768675030d61bc61f1c89b6f2e4507d312008a9d64f8a2def662bcdc35cf92891e4970

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d97e54e034855ff67e1dcc2c0dcf1b5a

SHA1
96d47be616e0898c7556602494cb5d99eb88d3fd

SHA256
02e451d4e774c9fbf08f00fc21a19db21b2592f644b6233ea9d1e1c3e3080ca6

SHA512
f12a0557f5a157a2a1fcc41bea952aa0d684b776aab16246a9fb0e89262261ac39518efe6b077ff8d1f72cfc6a0c1f99a12a93f82f99c44528454fd94a5df074

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
cb1a730085cde5bb8a788e2aab2d136c

SHA1
7c6e4e17907e79c77bf54e167ae7abb7148ce07c

SHA256
e875000db65b57554a6ade1a7a8f2ffdb5be779c4bb88c76cde267bc5bb5cde2

SHA512
0523b7cd3cc2a905fe1a0a5e82129c0eb985be1a939fa7919213fe0d6c3144ab2628cae64c1a2052a8bef2abacab54a58c0820f5f46241e8343584a1217449b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
faa1dbdf55be83a502420649ec6b1bf3

SHA1
2da018d102a02607b91b78c3076758f1311ad9bc

SHA256
76893a03cb3ba5b180cf1dcdbee866ba2e20271e9767a166de90a0868f3d57cb

SHA512
6982dbe0c8fd99651d75e1b9beed46894366a5f45cb80b4bec4a096fe1cb806159f2f37c2e5d1a975e36c738c4e1489d6ffa88b857357374f32eb7f24e81fcab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0d33d2ca6116f81d9313fe1b80d60406

SHA1
f75c5b64436fe9fa03417a56cb35fd3194249da6

SHA256
c3dc07fe312441196191e2b4a25820bc3a11e8ebee2cb6eda10fe81bf77d4a47

SHA512
67486b3235518e757ab79d1ea97f37d1c7392a729d30cdaeacb435afbc1e361bfaa38e4bd117e7628d2794ffb6e4cc1637f18af50b4772018592a8b715524b2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
8212d6d5aee757bec3122eb3bb571778

SHA1
b9e4349213331155300359ccbd41f30810ebda46

SHA256
8e06b3e10ea8668a703b1c35a1d1f6ead415dbecfeef4174068ac6d884d310f4

SHA512
bb25732460cc3c839a59e1589330856785e8adb409c1bdb02f58fd56435b5f7621e1227aa076918223d649bc4cf1c941db9681011eff1b249951d5010db8a054

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a67b4.TMP

Filesize
48B

MD5
f2111448989c9931966c174b59c81b3e

SHA1
a31f8b6a70af50370aa00842e0c019186f7a1c2a

SHA256
2b991df26414b4fa8f3521c00279bfbb13125ac8fb14a106e0dfb33e5bd22dfc

SHA512
236cbd21d45d4a816d0b2edd48a8839c2fc4114dce017e0af4ac10b5239fe2905b6ae4f2d92d1c6d1282f075e07f14dd5f65dd6c433eaab583ad55ca2f1430e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
c6e347f57e187e0ac2629fff91bb8857

SHA1
aafd21cbdfea5b35142c049032c7ebea6bb6ffae

SHA256
6ab777e82163baeb9d8cf77dcf2e7f1cf0483a86961e5d9993e530725ba4c5ae

SHA512
4e2208683e7511b234ef8488d3420d8f6cdf8e1bcb0acd9393f88a06399b0b367cd518f78eb6783b3daed1c2ac8f97e376b616f47f61e404d06dda926f1245fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\cache2\entries\70DBE5F90BD35EEC6D4A07D16DB46EC38E379124

Filesize
13KB

MD5
9a6b3724af75ea793b0abe03c5f99630

SHA1
8a9cdcfd2491f4d3be912254a909ccaf284d21cb

SHA256
970c8898302de03a842cd381726cec53780023b40de75e1080e561d08d2e3fd6

SHA512
78119f8089cc7bf97b1f2d40d258154df9eb3e898712feaeacc671b5d3fa3f0956e6ab95693ee0f169832f0c75dab43f0c7bebf1c6079e5a292726ae512a1eb0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\cache2\entries\FCC030F57940296B4C989D2C74BA07DCC70A995E

Filesize
13KB

MD5
75db3eb45176bd7fbb84d532ca7edf61

SHA1
3e364b8cb28b801ca45b0962a325fbf26633ae24

SHA256
90c6caff9a3045555d60503517e10076e585c3d891dafba7a4310a855eefe0aa

SHA512
fdaf75ee197bfdfc50dbc9fd6495d716e180adb82439775915eec6151298b162e8e1f29c7580d68782a6d4b52b738189b0d3029aa09832a25382fc0dc8cc6d6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\bookmarkbackups\bookmarks-2023-08-24_11_LD5QI6px8hKMnQ5QvCX5fg==.jsonlz4

Filesize
941B

MD5
6d65598d17a98ff38af1cbb847266e5e

SHA1
0874e2b5da234eeb522371f973ac7a408d23f967

SHA256
e0c0610d2deca9bfe2e69ce446ae6b661a0736f1391f79b38bd2ebe93ebc535b

SHA512
e4c08f1d5e9fc27968d7a9b449dffc3555be50d9a1776260273abf07db61608ffa67ebb49df3aa74c5c538a5f560e198ca9a3a3f4a4d109ed492f7902d3880fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\prefs-1.js

Filesize
9KB

MD5
5432d183391deab2c852734f37ec111d

SHA1
efb1dce14d02c1500a44fc30f85b3981bc0addfa

SHA256
51d843573902aba391ac005d3869076b0309bd1c87456125540e6f2c23684656

SHA512
ed099438b42dc27c03173518f989e46e36c2b15462a1f00f445f99788cff6c2df3dc1d99eb7c5890b214f893ccbe1ca6082feda22c492bee212ca922b53aff99

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\prefs-1.js

Filesize
7KB

MD5
efa66810f470482dd25c6c5c0159a4e1

SHA1
9b815f1078d8c37f43517e622c0f7b8e9b5b1263

SHA256
af7064d1f85839256fb2390c4e481038edd474ef2ffbff7a3113678a0959532c

SHA512
01c7497f763db899daf1f8634a7228b29a451137aa13bdbeefa45bc0e97542f4ea10dbeb25361ed1fd93a9afa6f167e66a8085b0adcc43cb4147f484acb2b510

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
272B

MD5
63777fddaf0085da9fe92f03d3d0b472

SHA1
140161b91432409028822b1633fc4d3e4022cdf7

SHA256
f419b1bf3b94e03b7bcfe5571bd1ab12ba37e30d95d83dae2880f65ad12e658e

SHA512
8d7ed6950a11f3f8989b59301c5935cb721dc1aa2b2b5662da4f6cb790f2e8a9365b5b83b6e672ee1db581bdd637fecdc5d2d40d1a136194e7ef3981d8ffebac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
440KB

MD5
18ba6ab7e85a61623ca79779facf4af8

SHA1
18e7148b53f2f076fd7f976b17fafafbf35273b4

SHA256
552c8776c705bbe3594162a87a247b5eacc4a17712f5868952b8a26cce55b3f8

SHA512
dedfa534957473f0a4f0f1f776447ca60fa3301a2cbe86231691fd8c5316959d116972ebbe2a1b358a92b5735f524958ecf23239bf5c0281508cc74044941441

Download Submit