ba914995f45d3c8ed85a9568cc8fd79e1e42f93ff4a538d2fbaf5bd8319307fd

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2023, 13:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Chromeleon_7.2.html
Size

47KB
MD5

9946abd3366993890beba38329da38de
SHA1

e7729b1507775d319a823da8bd61076ef24c0a25
SHA256

ba914995f45d3c8ed85a9568cc8fd79e1e42f93ff4a538d2fbaf5bd8319307fd
SHA512

cbab4bd376e5563011fdca2a50f52cdb9f6ba11df898af0468738a7173f5682322ca175de66de8eb8c47b8b30018a3161d98f45c069ee3904d9bf3d28b6c4c1e
SSDEEP

768:XTRPkpb2Gu+FkvS3r8qs8k0+uUFair8iueKZoLJGacLayWVioZHDZ:XTI2Gu+Fkv08qs8k0+uUFaQueKZoLJGI

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
688	msedge.exe
688	msedge.exe
612	msedge.exe
612	msedge.exe
4616	identity_helper.exe
4616	identity_helper.exe
5916	msedge.exe
5916	msedge.exe
5916	msedge.exe
5916	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1516	firefox.exe
Token: SeDebugPrivilege	1516	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
1516	firefox.exe
1516	firefox.exe
1516	firefox.exe
1516	firefox.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
1516	firefox.exe
1516	firefox.exe
1516	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1516	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 612 wrote to memory of 4648	612	msedge.exe	37
PID 612 wrote to memory of 4648	612	msedge.exe	37
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 1464	612	msedge.exe	81
PID 612 wrote to memory of 688	612	msedge.exe	80
PID 612 wrote to memory of 688	612	msedge.exe	80
PID 612 wrote to memory of 3840	612	msedge.exe	82
PID 612 wrote to memory of 3840	612	msedge.exe	82
PID 612 wrote to memory of 3840	612	msedge.exe	82
PID 612 wrote to memory of 3840	612	msedge.exe	82
PID 612 wrote to memory of 3840	612	msedge.exe	82
PID 612 wrote to memory of 3840	612	msedge.exe	82
PID 612 wrote to memory of 3840	612	msedge.exe	82
PID 612 wrote to memory of 3840	612	msedge.exe	82
PID 612 wrote to memory of 3840	612	msedge.exe	82
PID 612 wrote to memory of 3840	612	msedge.exe	82
PID 612 wrote to memory of 3840	612	msedge.exe	82
PID 612 wrote to memory of 3840	612	msedge.exe	82
PID 612 wrote to memory of 3840	612	msedge.exe	82
PID 612 wrote to memory of 3840	612	msedge.exe	82
PID 612 wrote to memory of 3840	612	msedge.exe	82
PID 612 wrote to memory of 3840	612	msedge.exe	82
PID 612 wrote to memory of 3840	612	msedge.exe	82
PID 612 wrote to memory of 3840	612	msedge.exe	82
PID 612 wrote to memory of 3840	612	msedge.exe	82
PID 612 wrote to memory of 3840	612	msedge.exe	82

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Chromeleon_7.2.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff66a246f8,0x7fff66a24708,0x7fff66a24718
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,7667273417334335835,11752708884328141313,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2564 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,7667273417334335835,11752708884328141313,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,7667273417334335835,11752708884328141313,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7667273417334335835,11752708884328141313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7667273417334335835,11752708884328141313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7667273417334335835,11752708884328141313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,7667273417334335835,11752708884328141313,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,7667273417334335835,11752708884328141313,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7667273417334335835,11752708884328141313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7667273417334335835,11752708884328141313,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7667273417334335835,11752708884328141313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7667273417334335835,11752708884328141313,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7667273417334335835,11752708884328141313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1792 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,7667273417334335835,11752708884328141313,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7667273417334335835,11752708884328141313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7667273417334335835,11752708884328141313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7667273417334335835,11752708884328141313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,7667273417334335835,11752708884328141313,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5176 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1460

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1132
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1516.0.515847961\475886468" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 20860 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c47c4be3-4209-4190-8e0d-8c8b2dde80b2} 1516 "\\.\pipe\gecko-crash-server-pipe.1516" 1980 1857f1f5b58 gpu
    3⤵
    PID:2588
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1516.1.1049944284\1976292470" -parentBuildID 20221007134813 -prefsHandle 2348 -prefMapHandle 2344 -prefsLen 20896 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42fd92c1-eb24-4afd-a618-783cc2084716} 1516 "\\.\pipe\gecko-crash-server-pipe.1516" 2384 18500189e58 socket
    3⤵
    PID:1268
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1516.2.814268487\1352963606" -childID 1 -isForBrowser -prefsHandle 3092 -prefMapHandle 3108 -prefsLen 20999 -prefMapSize 232645 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f03b2d92-a1e7-4566-b266-3b77947ef8ed} 1516 "\\.\pipe\gecko-crash-server-pipe.1516" 2888 185030acc58 tab
    3⤵
    PID:5324
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1516.3.1659752774\1543326797" -childID 2 -isForBrowser -prefsHandle 3760 -prefMapHandle 3756 -prefsLen 26359 -prefMapSize 232645 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd63db36-90d5-46d6-9da7-bb5aa559da4d} 1516 "\\.\pipe\gecko-crash-server-pipe.1516" 3812 185033f2558 tab
    3⤵
    PID:5392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1516.4.291000862\148036700" -childID 3 -isForBrowser -prefsHandle 4912 -prefMapHandle 4908 -prefsLen 26418 -prefMapSize 232645 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {642c3930-246e-4543-b755-cf4b370a9ed8} 1516 "\\.\pipe\gecko-crash-server-pipe.1516" 2920 18503f26a58 tab
    3⤵
    PID:5788
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1516.5.1495454084\920172066" -childID 4 -isForBrowser -prefsHandle 5056 -prefMapHandle 5032 -prefsLen 26577 -prefMapSize 232645 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6554c3a5-963d-4972-948b-080b27b03101} 1516 "\\.\pipe\gecko-crash-server-pipe.1516" 4908 185041fdb58 tab
    3⤵
    PID:5236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1516.7.804671014\1248444226" -childID 6 -isForBrowser -prefsHandle 5512 -prefMapHandle 5516 -prefsLen 26577 -prefMapSize 232645 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1a96dbd-f19f-4e8a-8974-77d12cc1dfa6} 1516 "\\.\pipe\gecko-crash-server-pipe.1516" 5504 18505c57e58 tab
    3⤵
    PID:5260
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1516.6.1102852338\1797694565" -childID 5 -isForBrowser -prefsHandle 5384 -prefMapHandle 5380 -prefsLen 26577 -prefMapSize 232645 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c555c3b3-0981-4b63-9e57-f5295b40e388} 1516 "\\.\pipe\gecko-crash-server-pipe.1516" 5392 18505c57558 tab
    3⤵
    PID:5252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1222f8c867acd00b1fc43a44dacce158

SHA1
586ba251caf62b5012a03db9ba3a70890fc5af01

SHA256
1e451cb9ffe74fbd34091a1b8d0ab2158497c19047b3416d89e55f498aae264a

SHA512
ef3f2fc1cedfc28fb530c710219b8e9eb833a2f344b91d3ffb2d82d7bbedbc223f4b60a38bea35b72eb706e4880ffcbb9256a9768f39bae95c5544be0f503916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
86KB

MD5
7ab59f1e9a2dcc399f708c96cf61c095

SHA1
061f7ab52d90c17b26ff4a15e9d251c0da4090f7

SHA256
d71b00f7677f7e0324cd6bfb71d6210bc5785a88329cec7f348bf82ff6f8d4cd

SHA512
9676e5d6ac08eeb06e0cdbf4a01a4478a53f61800c1694fb9b18149036cc69e48979b158aa06180d6f7c148311fba2cad2ee4908c437357f47f64c4d6d408a62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
120KB

MD5
55cc0d24c5c821dc016c1b361da84f73

SHA1
4d3a6f5e9da2e234721ae8dc4c8c3f2200b03f3a

SHA256
5e4b023554ccba21f483ccfdaa9fb9fb3a262911fb4478ff8875abd1644f9023

SHA512
2299d509f29a42ab6bf6c273184992619b8e7de193825482142d7ae2156f199173cd072adcbc3d7038b62c1c6c0b7ee705ad02d36f925839a111878d322c3c85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
73KB

MD5
07b27a276a43c51242aa5368960f3641

SHA1
079b75dab81a7c0325397a69b6696b2cc188eee9

SHA256
a6abd539165630d52ce8cfcfb12601dc119869ccea3b6c6abb6b9cf198892abf

SHA512
9add89662c903f66df1f4c978fefae5ed40a16ae70f76a2c2509a032e0b9e46e2b662e2ce32ccaacc62cd01fe90257db0415dccf8447f888aff6c284d1dec03d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
33KB

MD5
27303d38150ee982ca1dce8abd7f3229

SHA1
a5347623b8f8e2d997ea149ee56f1a2c8852f604

SHA256
6f9c51040a10cad76d7d11febe8fafd11755fc47c468caff632fa7f336ed87af

SHA512
184c7208f936bb086fcf454e673e21260f6ed097118d419c4e6bc312c156236020472b8e1d5f5b173cb47eea83eae1c24cb285367c44a543a789df862bc04e73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
186KB

MD5
49a8ac5ce3805d233c4519fb0e3765d5

SHA1
f7e72e355232d62d8a4bcfdafd13e8fea80e9f00

SHA256
a33be195e0090aea823b17ba6ff1c322cf8001670a9908602781cb0de93d9136

SHA512
3ecf6c0388bb162ecf42e1ce69f65e0f67910bec6a6eaa32f1411e5f20e3b7eb514457e8aa23d05daf8a61dd853c8c0a4eb10fe7c0d89603195a1fbc794f91d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
90KB

MD5
f70376c6c19f29411968bbcc43f727a6

SHA1
af9ed1e6b9ae7b3d0df39092a1da2af074ba94d5

SHA256
e349962e7d3035889133737807991955ce16a7af1c115e010935473a031fbd43

SHA512
308e7cee6c334acc46fcf1fd08df5f69e15ddd80d9472e2ef8a5ab900e96646d26a0560a12535078b9948759646746761b15c997312878c85832ca6a4487bff3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
52KB

MD5
6fdecc331d1c8eac759eb16cafdd91ca

SHA1
88ee401f8174e0cd08005c0dcf5b8241dc6986df

SHA256
db40a84bedda90de0d0186138b963f7acc59cb8ff72e36e186ace20354ff79fb

SHA512
073b8f3d656d91322b31dd45fecaa5065234e78ad30ec7f19edbb258f799a99e6bc3f70af8a29a5b7adad63794d54af40a73aa2d04b90e5294bbdb8fabda9195

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
81KB

MD5
9515f34c6cc723c289eb6e93f2555a2b

SHA1
6476b490c3989c65ee4847d061ce9174875a9324

SHA256
73189cba901778a73a19ecf92b12bf81c7e4010c8d6c95f422e950c8968e0edc

SHA512
05a66a1a42423aaaf0b42fa61a3c0928aed1e4e9977f573ac13b60d50be18588af56a9f9ae0f09da06913962ae5cc5e3ca9f81f3f6c3e3f83513f0101ce5fdf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
61d580478fd9598a0f00feea36e9c504

SHA1
e246587978d2e01de4c00f6e91837abdf00c6730

SHA256
9f641c6bbae17a83d93c7f2ed93842e0a05b5c9527463c1b22a72c26e5cb7f6a

SHA512
db8e5f19eadb3083df1e1937ceec75e243b751ada9c64dc695a47753d7b92313a2c6f88593ed7fcf34dc4e64a0e45f6f5b4f38c029d32a5b55c0f33b9acd205f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
470B

MD5
07c44e651edd3974c44cef98ff13edac

SHA1
df7f362e32e891e50b1b4c2db068c83f369618eb

SHA256
fe5eb2387938c588ddd349210b14f933a67f6032a29c478b39c7a84c3c84c84f

SHA512
c24b0732239375a12967b4e59edfd9760d526cdf18496fc9f0ff53d776562b66d10b802b6aac6705915fcd7c9bbb4c16bc7798ae31a2ba02e1d37bd9dc82117e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a3facb4d710f3eaab1461100b0fcff79

SHA1
7ed511bb90f0b122189929ddb3bcc2af6c6e678c

SHA256
1a3903139c8cc388815cbeed2566ecbd0c207c0b2de6870f60fff12534f89369

SHA512
831b5e871359a1c43d6a73a6565eb6b4a28cf99ddc1d99a04af75bffc2842629d8713b884bc8915b38dca1fa76118b3fcfcba796578dda4b6bb86a1611de35b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
76222387506cbc66feb1aa75663e0196

SHA1
423a936d0e5edf96541d0aba07531e5b53709bff

SHA256
31119abe5d5921df98459af71008bac68cba3a902150acf69b7835e208ce2383

SHA512
0456086fe696abdb349ba732b2da901f158a553dfc08d3ddcd7709f147daf63a279e12a2cda61fef14087b2484911cba17430bcf0b96f33c99456d5840e30d81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
de131ba6609cad7d57ac632edc8ce810

SHA1
d2f649852704019c8b64410a9cf8a53bde7d7235

SHA256
e79b957bdf1eb5294b4ef919d390217a9b690611fad310e38365c9c08449bd93

SHA512
c350f78bed896fd41259b4b26e3c17718164772df3b98d4d2231e3a8ee42d0329a31b808ca40caa25d0780c723d9c841a4edf935e23ae6fc9af06ace7aafb6e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3e70c44366989f2d17a6f70b7b12f851

SHA1
0f50f4c9b2a8eb631046bcd8a9d001bcfd15b58a

SHA256
f22eeb50b39f1d2241f6cc9fe27750067cd62cb0f983f4efc7f3eb5b8f1e4e81

SHA512
1acb9d269eb298fb2650d28e725a61a5a43768731985e671edd6221549285008fdca2f0cb6eaafde8608be43350931e664b9c9bc5f94e884aa70ef591c4d72d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a6cf249dd6ea0a83dde0e5548948706e

SHA1
ce917d0b3a4d743a21d419e0d14f47c548b27973

SHA256
cffdc68ec371dd0220c351c5769b9b5520d8902ee9bb0d4fa2a39240749ed94e

SHA512
648bf6132a21bfe3cac0600cacb2be55aa115ff052141a3ac53668bb01dbb0b158e95b0e4a9ca28c06e305b71017d2104dd27ad190f615857d10692c94b2bf2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0239e850bf6fafb3439e29f053440c1d

SHA1
451583d62d7d17bf7cae7eb8e594c425d89e1735

SHA256
0384346a53c28110b277efd978d6ca5265c102e36e5f30786938b392ea1ee27f

SHA512
53c85862e01bb8058df2650a3371276974904dd0944ef28cb005d93ff2199d285680f3ded6a1293f5455fdccd084ebbda43e67f453d32379bd75e7d65ec6f97b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
68b044988003e8b2e0b695aa767124be

SHA1
3767148d1dec92ae9fec059d8692db574bfdaf7e

SHA256
1d84461cef52ffd24a0cb89e54ebd7185537323c419735529f21adcf7a5cae68

SHA512
e9aab7a2581834df198d5bd9c3bbf366897ba957dfa73fa9818933de57871bcbb30c553b6523ab2b2c053261fc9ac5378f3d911440ca6359b7bccfb4e606b6c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
056642f76f33213300b0f79e0a989dfe

SHA1
a4270db681a70f247d6fdf3a411e6f0597749544

SHA256
829740a11b172220f5b1ac26d77d3135b1e4b2ae070a78a7ecf75d7885337634

SHA512
92044407b85daa65adfd7547dda36d794feae929324804e00a8dbd61d36a0d9ea1112fc58c28486ede2fef6031fd0a72fd4e3a5f8f967d639f2da17f6dd3e99a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4072c716f5e89f771a00acb8a121aeac

SHA1
ef5499d0db1073aa6b0da8ef418fc6b101fe1484

SHA256
a5f81715f5075f75763982df5e10e7e516bda6e5b0e9226e417baee77a70ed04

SHA512
6319ee25bd6c36a827c022731d0405f9170c831fa39fdec43ea20c1ad1c27e482aaef9d5d39ad12ec73cec20dbf10c58c808290ca5bf7a51dae84850459a3d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
15ad31a14e9a92d2937174141e80c28d

SHA1
b09e8d44c07123754008ba2f9ff4b8d4e332d4e5

SHA256
bf983e704839ef295b4c957f1adeee146aaf58f2dbf5b1e2d4b709cec65eccde

SHA512
ec744a79ccbfca52357d4f0212e7afd26bc93efd566dd5d861bf0671069ba5cb7e84069e0ea091c73dee57e9de9bb412fb68852281ae9bd84c11a871f5362296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
539dcacd5af0e90b4f2b9d136be8f281

SHA1
7466839caa29ed758593a526efd92595696afd9e

SHA256
2b46678060c0ed06834490e428272c99c2368f248e18f596cadd82b32adfd98e

SHA512
84757df6915dbf8f39d7ed86717947e4e345da71769d80eb217a0bd8da62b3f8fe1b0afb0d9a940ffc1955610808096b8a98646e7276e5de4fd00090e214b224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
c2ed0872696ed6998f00829b58d4e722

SHA1
bf8433c6865e21b692c103ad05357258ca93d98a

SHA256
6b8d4cae6805ac1aa7a125e0c0a4071e5b78f2b326efed9fd95db477a17282f0

SHA512
dd913e2b85d4eb10ce90cd2baedf25132ac48b2f6d5dc3e8bfcc816515aadf143df6af90931e84b272fe610f7fa7f3c9c2436a59908d97f2b6b0a2cd2f348097

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
901db2426a2e021b4e4d33586003d9e0

SHA1
ccd4a9d026011b588d97ce10f5ae208fd1e42d6b

SHA256
0eb125a52bf15a8bfb6930e20e4b590a24ee3ed2508bdee1976b77633c76a738

SHA512
7700cd0ca963260ad7a795e7d8c179e27b5ebfc9f3449198bfdcf491f89ef1b4b5951fc58f1db131c4ced07356937501eb6567093a6b9bd7f7284b79ff9115e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
93b325fa2cad9d64ac0d13ac3f1d3520

SHA1
38bba1a4ed6de66598ddd33806f01aeed4dca0c5

SHA256
0cede445eb134cd1bfce643405ad04b175ac3bb6718aaf7d94abdaeac31c1cab

SHA512
4e7aaa370858bdb6d39bba7cc3d52134784b9406561d2e7558b071a0fd34b0f8c5e875e5004d3c5f56b5bf139f6818fe3add6d48aabe198204949c94b406dc37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
402fa0087e8acabd1bd2a70d4495ecf0

SHA1
587490e083836e7eacb945932192970ab0df2489

SHA256
9697150de62529966b632e64aa4b579a413f45bd9466b03fc310562c2ac5284c

SHA512
18572ac2abd9c9d161e0d2b02352994365b66fa1675e2cb27f7f2af19b506eda8ce3b1395d1e28b3621d0245e835fd2d3fd044c0b74ce1c1f4e98345f05805fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589853.TMP

Filesize
371B

MD5
ac95f502278b28a275b6d7a3706ea4ca

SHA1
354caebb06d4a974318bc1128a55c2e3c98628f5

SHA256
07b6d71ab57bcfc62bd7cad4553a62f27cd9500c17539b6f3deaa21eea8994c7

SHA512
92505db99028a1e2de10cd87782b4677b31f23eb79b030455dd8795ad7c5ac6406f409072f1ff33edb28a6c533477fc2c5d1872fb86c6f2568ed3658d7c95809

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e13c7821ca597402d85610b28700758d

SHA1
cccc1e28daff9bbeeb050ce6d62ca7d4f09127d1

SHA256
dc83a9388b93b1efca075a7da44a91781c684a37c479730e4dfe65a3aef40900

SHA512
33d3c274dc0cc3eca2013894e2e40963ab724c63a42cb608a5489d4d12996e7d7b769e82396e7805c5e9d3579d7cfc6cb94a033a3810b741c52c62eb369d343c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
367724702dac8b80e3ef28de3d813361

SHA1
418bcecdc3acd05100b43ec2742a2462d2d09672

SHA256
55798a28008461e2bf64e1698d82be9cea3f16855634ada16c374b125035878a

SHA512
f19f024c2ae75447fee4ac29b4502b4267e0b23ba594bab5138211dc8e652226bad0a0837de3fb87ef3a6d6122ea4a911e5cf9166890c51d55d1d24e531ea4ab

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uzw33i5d.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
84cbe90ea50c438a892a38a3fd8f44f5

SHA1
36700c4a3e5d84d2dc937f2420ecbc07ab9e99e8

SHA256
9eb4fbf47083083d46e6104028896627e69448f4c6c686cca6694fbbed8398d8

SHA512
f267de73145289ad093fc86ac2cd8e942d2ed9b9c932612a2095e2c494b27881d074fb8345d5667b237a8d2689705762a4a5eb0c93403ab01d5919b49486e043

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uzw33i5d.default-release\cache2\entries\58A756A796A86993036E1F0F79183245EE2ABF58

Filesize
13KB

MD5
a6096b1a89fc03ef11279b0ea3ff14e8

SHA1
a97156fadfd75097f4701f0b52ca3898045792f9

SHA256
13b1691ea13cfcfa2d5881c11d7477c8034cfc95eecf8f812081a0af0ce0e752

SHA512
936add3dbce0177db72f841a780e5e65a65108f2e77eeb22a6bce90151531743d3b8862d8ca57e1b431d66f92855fff91b307cad56a2536f8b87086dd319af9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
576KB

MD5
91661f65fa6777b9f34b40cbb46f88bc

SHA1
e26f6486dffaf0d5f03b1b1345c9ca8d3a6b2425

SHA256
9d68d86af459481d96282cdebb205ffb894fce7a735d6e72b17c79f6dab0ac24

SHA512
fe84459d20621678d5baca4fada1db9ea86b27d40f899084ca7c297074d6e56a50e1709985e7710e5ba41dfa5105a695e429059d6c56345adfbcabf0558206ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uzw33i5d.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uzw33i5d.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uzw33i5d.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uzw33i5d.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uzw33i5d.default-release\prefs-1.js

Filesize
8KB

MD5
f23479658371e35c949d0e6662074264

SHA1
2df35f13794c0ee8f9300137c8b6bc57762dd619

SHA256
c7b394a3fb38aba02800dc5ca4d6838c9a2058177c0f761845ecbc00af91bafa

SHA512
912da6cd2deea63eb2a520971a298e7abb754f2c18e640249c2affcd03afb9af3fa6861d5af3755287a847bde42c69ddb882af7c562309dce1df91c010e83d50

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uzw33i5d.default-release\prefs-1.js

Filesize
6KB

MD5
86b7c19bd60350486c23c876e7f19c77

SHA1
bb102433d1a94022d86afe8691fef7c5100c0747

SHA256
660d4fa969630635fcc4f969d39e9c8ab3f72e52cb14c19bec46df11d5af54ed

SHA512
64e509959115341156ca19e8c5e5feb48a50fc66fa7255238957d48bf2191e03e444ea8bde298890b425abadb4c4d52dc9bfa80305513771f283d72f04220e6a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uzw33i5d.default-release\prefs.js

Filesize
6KB

MD5
942956d5269c74bd5e8bf59de988f5ed

SHA1
6aaaeafa22aa1fad95f1a8ab3fd2cebe3e50123a

SHA256
3ae67bf01c19495d993845d48a9b3f80e38aa27286d74784bf9366ef0f3b37b7

SHA512
8fea58baf90c47d03bc45bc4edad55c4487123c90110106e04b3c245d861fb80aed47df33e55d1379200b379e213b9a84eea0eff63b8e5741923fe578fb7bf6e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uzw33i5d.default-release\prefs.js

Filesize
6KB

MD5
3003bb369616e10d2aa311124acde9b4

SHA1
fcb728ce3b1a9ab04e9c0337966f38097c1723e5

SHA256
ebae65231f3f057823737de4280314c5c30ecbc2b6ac47aaf7e8627d29885c2d

SHA512
350ac2e0ed43b8c78e8bd25801a59a19a525f0d8399360662f76d470f8ba35f78c678391a19a3c2d906baf9dd238c196d60d67e8ac97e2e06b6929707b466f57

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uzw33i5d.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
5a68109b2d764002fa1f5d77586c626b

SHA1
257d76902fe2376d499a7c9396e97a92cfa333fe

SHA256
68918a19f7d513338aeaa9bc6f380d3c0bff0636ba2548f353bb530fc4c8246e

SHA512
a85b5cec3c63618ab56f6d2b6cbf84d0232b42bb240537b8928ba030f93fd61ca91ab7fd70762aa91fb9f438565098876c413c778cb5ecca6ed72c58d27be883

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uzw33i5d.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
1e931fdb6b2ba8fd95ed40e0f847876c

SHA1
a9438720e8f8a87e96c1dc19b2a9717df57af455

SHA256
eee5e9f75a70cc7bb34c5aad7bf048b3b029219bfb394e14d7ebd1004e15e899

SHA512
92a19a2e5d36f061a69af0c1088b80e8d30cc1b5b1569882844b98f836a748d317c3d44c8ad3b82029ac246f298000d624294578193f6ba8519ff383d8fea507

Download Submit