11cba394b9d865919df1ea8d709bcebe88905cc1d9890b92671e325e165f771a

Analysis

max time kernel
190s
max time network
195s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
21-02-2024 21:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

2.4MB
MD5

991711852831d127fe3239e9d2653fbe
SHA1

74d9afa5816622bf0e6b306bd69773523fbd0712
SHA256

11cba394b9d865919df1ea8d709bcebe88905cc1d9890b92671e325e165f771a
SHA512

4338f9789ff052c309e55566cb7733e660e19adfef816fd32188558d063ad3ee1ad3243d6d9ec68e52a94cd87166f914cc8b312c910f06f6d2fd753caae81b02
SSDEEP

49152:6ifG/bu+0GRo2MvsdFELYiYsfvOw03Zt81f1dNIv2TCxJ:EfK2YmOLLYsfvOwMZt81f1dNIO

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
110	discord.com
111	discord.com
112	discord.com
159	discord.com
161	discord.com
109	discord.com

Checks processor information in registry 2 TTPs 13 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeDebugPrivilege	4156	firefox.exe
Token: SeDebugPrivilege	4156	firefox.exe
Token: SeDebugPrivilege	5064	firefox.exe
Token: SeDebugPrivilege	5064	firefox.exe
Token: 33	4324	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4324	AUDIODG.EXE
Token: SeDebugPrivilege	5064	firefox.exe
Token: SeDebugPrivilege	5064	firefox.exe
Token: SeDebugPrivilege	5064	firefox.exe

Suspicious use of FindShellTrayWindow 12 IoCs

pid	Process
4156	firefox.exe
4156	firefox.exe
4156	firefox.exe
4156	firefox.exe
5064	firefox.exe
5064	firefox.exe
5064	firefox.exe
5064	firefox.exe
5064	firefox.exe
5064	firefox.exe
5064	firefox.exe
5064	firefox.exe

Suspicious use of SendNotifyMessage 10 IoCs

pid	Process
4156	firefox.exe
4156	firefox.exe
4156	firefox.exe
5064	firefox.exe
5064	firefox.exe
5064	firefox.exe
5064	firefox.exe
5064	firefox.exe
5064	firefox.exe
5064	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1772	Setup.exe
1772	Setup.exe
4156	firefox.exe
5064	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 780 wrote to memory of 4156	780	firefox.exe	77
PID 780 wrote to memory of 4156	780	firefox.exe	77
PID 780 wrote to memory of 4156	780	firefox.exe	77
PID 780 wrote to memory of 4156	780	firefox.exe	77
PID 780 wrote to memory of 4156	780	firefox.exe	77
PID 780 wrote to memory of 4156	780	firefox.exe	77
PID 780 wrote to memory of 4156	780	firefox.exe	77
PID 780 wrote to memory of 4156	780	firefox.exe	77
PID 780 wrote to memory of 4156	780	firefox.exe	77
PID 780 wrote to memory of 4156	780	firefox.exe	77
PID 780 wrote to memory of 4156	780	firefox.exe	77
PID 4156 wrote to memory of 1192	4156	firefox.exe	78
PID 4156 wrote to memory of 1192	4156	firefox.exe	78
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 212	4156	firefox.exe	79
PID 4156 wrote to memory of 2208	4156	firefox.exe	80
PID 4156 wrote to memory of 2208	4156	firefox.exe	80
PID 4156 wrote to memory of 2208	4156	firefox.exe	80

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1772

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3356

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:780
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4156
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.0.1998143862\72993194" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1692 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3970255-64d1-4ff5-ad35-ad944e2d12c4} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 1796 1b85ddb9858 gpu
    3⤵
    PID:1192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.1.297504987\1211775133" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dcbdd101-756f-4e9e-a346-4c8dad24e49b} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 2152 1b84b972558 socket
    3⤵
    - Checks processor information in registry
    PID:212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.2.240254318\639647979" -childID 1 -isForBrowser -prefsHandle 3012 -prefMapHandle 3008 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3f9112e-cbd2-4045-9540-95b54cbb4dbc} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 3024 1b861ec2858 tab
    3⤵
    PID:2208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.3.1394926228\482473324" -childID 2 -isForBrowser -prefsHandle 3480 -prefMapHandle 3476 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e35c6b8b-586b-421a-b32a-453734bf9720} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 3484 1b84b961f58 tab
    3⤵
    PID:4792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.4.1724211888\374222198" -childID 3 -isForBrowser -prefsHandle 3636 -prefMapHandle 3500 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {30833ba7-6c88-4a83-8a6a-934a0c673cc9} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 4188 1b863ca4b58 tab
    3⤵
    PID:4328
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.7.1122641507\1255624251" -childID 6 -isForBrowser -prefsHandle 5048 -prefMapHandle 5052 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a698add2-7310-4f37-8fb3-178a750689c6} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 4728 1b864438e58 tab
    3⤵
    PID:1396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.6.539622545\2034206949" -childID 5 -isForBrowser -prefsHandle 4956 -prefMapHandle 4960 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f79717bb-fadd-4cc0-b1fe-9623a90566aa} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 4948 1b8640e2e58 tab
    3⤵
    PID:3408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.5.1087874222\1210296615" -childID 4 -isForBrowser -prefsHandle 4772 -prefMapHandle 4816 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5c3a0f1-71a0-4613-b41c-a3fac1277c48} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 4740 1b84b965958 tab
    3⤵
    PID:3656

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1468
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5064.0.259143679\460550727" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1664 -prefsLen 20747 -prefMapSize 233491 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6cf6c9b6-c269-47b3-93bf-adafb78a843d} 5064 "\\.\pipe\gecko-crash-server-pipe.5064" 1780 1b96c9d6458 gpu
    3⤵
    PID:4264
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5064.1.1939885629\610202513" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233491 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {faf2a0a4-9996-48d4-92f4-67f2b22db4e4} 5064 "\\.\pipe\gecko-crash-server-pipe.5064" 2136 1b95a572858 socket
    3⤵
    PID:2948
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5064.2.602760138\1722423891" -childID 1 -isForBrowser -prefsHandle 2812 -prefMapHandle 2784 -prefsLen 20931 -prefMapSize 233491 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {623c0971-4596-466e-b2ed-5840c41f83db} 5064 "\\.\pipe\gecko-crash-server-pipe.5064" 2708 1b970b9ed58 tab
    3⤵
    PID:4316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5064.3.1274700353\1916410211" -childID 2 -isForBrowser -prefsHandle 3192 -prefMapHandle 3100 -prefsLen 26109 -prefMapSize 233491 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccc407fa-2ca8-4527-b6cc-6373d16549de} 5064 "\\.\pipe\gecko-crash-server-pipe.5064" 3408 1b95a530558 tab
    3⤵
    PID:3320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5064.4.846645096\1911776929" -childID 3 -isForBrowser -prefsHandle 4428 -prefMapHandle 4420 -prefsLen 26168 -prefMapSize 233491 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a33742bf-6b96-4ed4-b49d-05355064a556} 5064 "\\.\pipe\gecko-crash-server-pipe.5064" 4436 1b972f24158 tab
    3⤵
    PID:2504
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5064.5.1314794100\1673363158" -childID 4 -isForBrowser -prefsHandle 4712 -prefMapHandle 4196 -prefsLen 26168 -prefMapSize 233491 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {501c758d-63fd-4bd7-935d-fb9400f2a205} 5064 "\\.\pipe\gecko-crash-server-pipe.5064" 4256 1b9711d8858 tab
    3⤵
    PID:1016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5064.7.595002906\2076545450" -childID 6 -isForBrowser -prefsHandle 5072 -prefMapHandle 5076 -prefsLen 26168 -prefMapSize 233491 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa3ccf2e-ebf0-4bac-a896-94ef1aa43126} 5064 "\\.\pipe\gecko-crash-server-pipe.5064" 4256 1b971cbec58 tab
    3⤵
    PID:3220
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5064.6.1685390856\74726058" -childID 5 -isForBrowser -prefsHandle 4880 -prefMapHandle 4884 -prefsLen 26168 -prefMapSize 233491 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {493b567b-30d6-4886-9865-59ca8649176b} 5064 "\\.\pipe\gecko-crash-server-pipe.5064" 4872 1b971cbef58 tab
    3⤵
    PID:1204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5064.8.1999487712\1521618405" -childID 7 -isForBrowser -prefsHandle 4924 -prefMapHandle 4964 -prefsLen 26433 -prefMapSize 233491 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c11e801-8b3d-4618-8054-27ea6b52d1c2} 5064 "\\.\pipe\gecko-crash-server-pipe.5064" 4912 1b973f26258 tab
    3⤵
    PID:3300
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5064.9.2077898494\1990305488" -childID 8 -isForBrowser -prefsHandle 4868 -prefMapHandle 4896 -prefsLen 26608 -prefMapSize 233491 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab6d993f-6a07-430f-9c03-50908b3d7640} 5064 "\\.\pipe\gecko-crash-server-pipe.5064" 4852 1b96f3f5358 tab
    3⤵
    PID:2900
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5064.10.758202493\2038741102" -childID 9 -isForBrowser -prefsHandle 5804 -prefMapHandle 5284 -prefsLen 26608 -prefMapSize 233491 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c32b3367-2415-4c76-b8d7-fbe02b99c1d2} 5064 "\\.\pipe\gecko-crash-server-pipe.5064" 4516 1b95a55b558 tab
    3⤵
    PID:2124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5064.11.1668342240\189509002" -parentBuildID 20221007134813 -prefsHandle 5964 -prefMapHandle 5004 -prefsLen 26608 -prefMapSize 233491 -appDir "C:\Program Files\Mozilla Firefox\browser" - {20ee4e0b-78ad-4f01-a80e-42d65d06f0a6} 5064 "\\.\pipe\gecko-crash-server-pipe.5064" 4968 1b97426a258 rdd
    3⤵
    PID:3056

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x200
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3zaw7kso.default-release\cache2\doomed\13824

Filesize
8KB

MD5
fe4b3413caab8664bf9f87d65d84b4d0

SHA1
9ffe705481f537088f08d959776d801dfc823ae6

SHA256
7a13218619bdbd1e969409951970ff7d61db07baf80969f1e07e224cdcbfcf49

SHA512
6ee6b559d17cfb0b0d681e7a42f986be1751cfccbef1dbf478f4b8c52bb28e59faf2cd71b8db15f23ebdfdf03f8701697194e10a1a6b91f622c692684eefad6b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3zaw7kso.default-release\cache2\doomed\14023

Filesize
9KB

MD5
c167819b3708d65af33eda73c5ef54c3

SHA1
ed2a78404c2a687c5326ad41edb9c80e43875dcf

SHA256
a0a128b18f0de40e293768d5274a15e9dcc501be9e36c304e85db56446ec3778

SHA512
aa4393c6be80c00ddb2903f0b38fef84d90b7419a82f5eec5e45e45ec65ed87c892ca739a99fc44f5331e1fdfe7116d945fc073af92dfa74d68acc72888def7f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3zaw7kso.default-release\cache2\doomed\9230

Filesize
15KB

MD5
9031c5838facef45afaf4b8c12f9ad92

SHA1
c7062c1721c2a451e32985247e1030d3e1add6bb

SHA256
be8c1a8d251f64bbe9b5df6f679bb5034cd20738d4dd42a8a0ba61afa659147d

SHA512
7a59b030d647bbf1395d6abedb996516727c54f02f0b0b580da2b1b5ad0c19f2dad8c0a498aa2f2a22ee50cdd235b5f0ab197868f0bc95790d47afae6a25fcad

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3zaw7kso.default-release\cache2\entries\100E4F205CA11E878C76CAE6999A265E20FF1B60

Filesize
204KB

MD5
29d53823b05982d06facb227c3d30690

SHA1
5b3a1a0fb63fda6500ab01ae89bc7c892fc9c3f3

SHA256
05dbabf6e22519c59397f1de05cc069fe45f13c5452f017194247c80ae43e03c

SHA512
4ef48c559ecafc4fd27b17a803e288c8ccbf198123cd7bacb71c68fd8fcea599951a78fbb976ebc639fd056e1ea8b4d7a8db068638b42689d5cad5d7a6a3ee53

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3zaw7kso.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
d51946e9e54cdf87d224b022da316365

SHA1
c292e896b31afa3d667235643011fc569ee650a8

SHA256
b13e919befd47923d0e0a9b4fef15c3cd7fc565ef79420c70877bc8049f401be

SHA512
2f3e25424ba52b7f32aed277d9dbb2d803e293fdbbdcb37d715ffc76867b2aa93ecc39e23a4bb0e620b29a62f946beb6bac3464c86f0bffd9b5e364fd7fbc2b8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3zaw7kso.default-release\cache2\entries\460B04961D75CFA3D8D439646FC2123B8ECEC0B6

Filesize
195KB

MD5
1279549125ab8b8f4392d6a8c19048ac

SHA1
ba264837bcfb13aafddcdad500ffb43173b3eede

SHA256
d8582f7a9f170f7edbd14317b4b1afc814b1f6b148a52c003dba04290e5f2b39

SHA512
fbd628d510f31b564beebcfe4b7d3d3b0e2bdb18f8d4bfc216a64caefdf75f703b30c1490b61b1bfae0d1522f3c7c1b57715c39d3bd06756ff26dc96a9f39575

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3zaw7kso.default-release\cache2\entries\4832D199584363B876D3E7D57CA02A9B0F4D91CD

Filesize
13KB

MD5
f2f2ce7cfffd641f72cb2f1c2383e8c3

SHA1
aeb35a5aeeaf9c84510723835f17b4eeb726e869

SHA256
476d9792e2d67105283d7e04a3de76a5893ee6c4fe0c16ad4ee833dcc1ff6f2f

SHA512
70e665cc47b5d1165085d7e56ffd990eab843c5a2542a5112c4f8928dfcfbb1aaedc25e41aa35e08cfdcf593691b827e55b4eb4932837d088df74688d36a567e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3zaw7kso.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
9KB

MD5
bce9b7eee809e8904c5c4adf179c292f

SHA1
dd65707ec30b9918e1d9e682324280cb34711923

SHA256
cf6af70b0f6cd9c6a7b86e4fbf0ae3de115d23ac3ed91c6efd067c005ee4f260

SHA512
4e9e9233787a01b2b47bebb85e35eb299fee42d3b860b0e7f953cd4097f7c664043c8bb5657674aa405a92eb7d2d33dbdd93a7083ebacc8c014e164027cab595

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3zaw7kso.default-release\startupCache\scriptCache-child.bin

Filesize
464KB

MD5
b1c0b3951a7abee30fb0ab72941beba3

SHA1
3d996cedee1d6eb87d144f8e220d41740978247e

SHA256
41edcec5320de0978c90cc2563ad07fd3e1e39b00be164ec27a299885b71299f

SHA512
dc2f9b4b5e4a81d9537d47372763b7570e8dee1b25e80131548ad816c8823424e9e2e298975932ea2d36e680922312cab5e65ee6c5715ba078a4c28d11b8829f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3zaw7kso.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
9f367c078ce1a223ab068d6a22c26ae5

SHA1
0afd2a9a6a3e33252abe00bc266b0cbf1a334885

SHA256
095f7db4da9e86bd328f126345db79b3d435f3091b972c9d77c00ef9cbc67804

SHA512
2374e01b2d8ccacc7339fac7b19dac8d7e4ba2cc7f3bf4a2f90ecaeedd5319e6227889b84d21494bcb54a6fa423e478b3c72291883e5bf4b72eed4c4d0b795c3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3zaw7kso.default-release\SiteSecurityServiceState.txt

Filesize
324B

MD5
2f079e6a170bca6b051081244ea21a88

SHA1
e95bf2e7e583f51f222c06b64334ecf25b352b44

SHA256
bac9e301cff5792058f462bba3b98a1941a9b3e1aa3840228318bb5a34395e95

SHA512
0e97638260238e199b0453d0935602629c631a64749323d2b62a9bb915d94a055af4d2945aa1491dbc525f6f4055be0c81af2fc56f10f3c8cee1afef7f6e24ae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3zaw7kso.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
dfe3b31a92da177310be5c8d5822144f

SHA1
916c9fb06d027d609e096cad65567b308c296f82

SHA256
bad4e384a93ef73912df809d8716d96cfa3780e367aec88cfd5da4b06ad19af9

SHA512
e8aa17dba155f0327d11a37e6c261b2e6a046b78f1f4b4820b7f7e6dc1c1dd99fc33a87b5b34709ee14060c4e0569a521d159961d3b6b7ef573523597a43ad0a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3zaw7kso.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
7f25da839843d9cf0be53a2e4bc1bcd9

SHA1
5314d5b02aefff3dce8a7fa575d50260fe32799f

SHA256
5e5980972bc894fbcaf63e90a0fd25f3cd4a38afb04fbc15499bd344f57d5d47

SHA512
4f842d576b32a485462d02ff2786105f1381105ea08402ed367662778c968c29776d23efc437b2080572efec6878975d57c6838ced29d17712956c25ffffce86

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3zaw7kso.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
a638a7206529bb79c0209904cab6d7e1

SHA1
9408e89b09a5594802079b7a84a58c20d3dd5bbc

SHA256
c5ddc05956e76d3ad7ab846530359ab7feb0f948e57d8d2e2d3a08bdca55867d

SHA512
3def27b1bb29ce4a7363a6a951882e1e411e573ddd2a8090ccaf33ffb7e2a99a0d6fa3ab46da51461cf434c48e410815c7c420f6b604397bc84014e7f976f8eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3zaw7kso.default-release\datareporting\glean\pending_pings\53088636-e6af-47f4-b9f9-9eeb5f2b4ea2

Filesize
657B

MD5
eeb9d8a1a436439939fb85cc8b87bf82

SHA1
bb7b45ef77abac96ffb887132ab16deab42568c7

SHA256
7b8de71680ac711d74afb244f2b389d4f03c94da5c78c8ed1f5d7a3b8430872d

SHA512
eff2aff616175841a5b3c0ac7797e6348abf638cf355f51c4a1493afbe2de6d1c046fa781274776274a7cc4dd0062a310ec9488951548338b94c2ed97198541c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3zaw7kso.default-release\datareporting\glean\pending_pings\68edf4be-b5d0-443d-81da-1d95684ca667

Filesize
856B

MD5
16ebc07429aa17c4e22a2d63f68fb309

SHA1
e4424d91957144963590f7b4a0d6587be9b84ade

SHA256
3283cf3b87c3c17f843870e673af057b3fd74fdc62145e30844be83f3b3893da

SHA512
fb0c2d1c5ab265bc1bbe71fc71d4f3a72e3700434959579953cd45ca316baeb045a564732f58cc63edf0f96082745c996efc9fcdcf0d627f039d05d6ae707f43

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3zaw7kso.default-release\datareporting\glean\pending_pings\7513d880-4a41-444f-a647-bab5cbe0ca39

Filesize
1KB

MD5
84a104ca1fc574f9525ab1a7e4c6a41f

SHA1
ba209f3814e34bcaa1bd6e3ee65a85042f50b1b2

SHA256
e721f86e7a6ad3653c3f67c959bbe69671ad75e8c24176a90d9480b1281aa0b2

SHA512
d616f5c02fdf85850477560c4cb041a89c2cffc8753f01b767bbe181d392eccf8374acbccc241e94c905aaac5498121997f96b2cbd574daa2c0c5cad819f1a6f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3zaw7kso.default-release\datareporting\glean\pending_pings\e4ab2b1c-c880-4345-bce6-b20ca8c95f72

Filesize
734B

MD5
3815555ac959234e6060577b6096b5d4

SHA1
0281edb441fa73fa9383a72f04b0b37e3e2b0f4c

SHA256
ffa8e6f7a39d02a7cb025767c9589a9f8da59bef1c03c02f91030922068d23b5

SHA512
2cfe976a192ad83f8e1ec66405e7a49620d82c3ee8760895c50e278ac84f7f3b7b0ea6c588fbd2883e95cb572278d16e42950ec56b17f6eeac0972071e92f4fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3zaw7kso.default-release\prefs-1.js

Filesize
6KB

MD5
a4640178b4f6cf1555b2d05cee7f7229

SHA1
75b664296606ca5665faefc7549005908494e2e1

SHA256
8c77a8dd77ec8fefed0027d7abb068c700fb65073e2b4bcbf909596eeec45e58

SHA512
8563a829fc30b5583d3014ac7c5f07574486e7b576f0d9cf80290e090008031c5d63606dfdade02e1fdcb1e5900f7e1eeaa1cf97ef2e7d34d54c064e26608918

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3zaw7kso.default-release\prefs-1.js

Filesize
6KB

MD5
e28bb92879a281677caf887be677a980

SHA1
ecdb881aff862159e2a9476d599d82340882fe71

SHA256
625c6c94d8d920902c4cbd71bc4d3a99c154ab8bfee78a920dfa70356eb3abf3

SHA512
ea33d829ee3367356d6534eb301a0fb2ae47cf1801ce511bb631117e88fa73604565cc42463583694199efa9f3e03e41ecd6c5b9c3d6e156c37bb441cd9eb121

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3zaw7kso.default-release\prefs.js

Filesize
6KB

MD5
dce9e57bd0aa277f4b2a966c065c9bf0

SHA1
e34c9b57efc87a40e494324ee780a226bc4cebc9

SHA256
1de267973f401c9fbdd899719494af6d4525193159f9afabd97f3dc4d194ef65

SHA512
baa0d9ab8cb4ad110f98cbc78c07cb13ca1e5e91178a86b085e33cdc11f4134fc8fecaa801bf6aa23b404d5a4dfa72f77db0227011fad7d087cc7f3c054e640a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3zaw7kso.default-release\prefs.js

Filesize
6KB

MD5
c955739b003b90a5b76643df841f39d1

SHA1
de4530b8be1e1934c9c1efb9b2ff5c89be26aa09

SHA256
3c4449b9105095ceafb10a56fef2270dbd841edabdce111264be2fa57b6de8f8

SHA512
f65159064167bceefbf8d523260d0682422a88864a563ecc6346b12865f20dd933151cee9642c18741cd9f4861ca6fc141154a80d7375b693075c06727ec6f44

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3zaw7kso.default-release\protections.sqlite

Filesize
64KB

MD5
deeced8825e857ead7ba3784966be7be

SHA1
e72a09807d97d0aeb8baedd537f2489306e25490

SHA256
b9f022442a1506e592bf51284091a8a7fe17580b165d07e70c06fd6827343a54

SHA512
01d303232d6481af322137b44fef6c2a584f0643c48bab2836f9fe3193207015da7f7514fe338500ae4469651e3d9618293858ae507e722198a249257677099e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3zaw7kso.default-release\sessionCheckpoints.json

Filesize
288B

MD5
362985746d24dbb2b166089f30cd1bb7

SHA1
6520fc33381879a120165ede6a0f8aadf9013d3b

SHA256
b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e

SHA512
0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3zaw7kso.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3zaw7kso.default-release\sessionCheckpoints.json.tmp

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3zaw7kso.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
9bffbb3bbd3af1c19eaf083b9702ea42

SHA1
b29d9ed3f8947d73208122e07dbcf4ca3d29c70e

SHA256
56b061a2a423deb42b8564b988a2a1bedc31b206e51d9d19d02dbcf9df876711

SHA512
2e2bb818e36213bdcc39753ca05b5294542c4fd3c3bbf66eddd68d5ce67d4fd7cafe897a292a5bc9add3b5833fc69a665cbc8c9469aa15b023fd1fefca6f315a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3zaw7kso.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
5f6aa94aaf4acfbb7ee8bf78cdc10ab5

SHA1
862385d467ecd315a285b01eac8ceb13f21e5cb1

SHA256
9bd0078a9822764fab15ef0a484fa5f90857b5e703dfa9d8b399fe024c9f8fa1

SHA512
646cbc2e191b4a14612a06c6f33bed82ee3cefd3c9eb30a172dfc2d80b4632f1aea1654afd08400f9c82eb00e2ed45458bf5f2676fa152c3062786154e1a24a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3zaw7kso.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
176681c902bfdc963d5936f258c6451c

SHA1
ceafbabf9cd4a14a3e130a36fddbecdfe1bffc98

SHA256
b1875797e7ddec8bb62ed2eee5d74e765d1ca4bbbae1af0ca0a609e083d783dd

SHA512
b3a99045358fe14c2e19ef7d888033ad0b11b8810bbff3ff34679b2efdf9a15a219e442119cdef3d609b2ce32da776a46bac70b448337a4f2f3a9adcbf14e2cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3zaw7kso.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
2c575376793e721782f6a77b2c544a2e

SHA1
b5856f6390d83d7c7ee4c036f3e205d7b22c1bad

SHA256
bd7fb07f8ce3199feafa7c9d8dba613bb9e48b89ad1217d1e3f1bcf0808d109c

SHA512
68112b3f644ad8b29e12f19179df0ea4ecce46aa2397a847cb624a6b2de198f526bc5439a4c25d7ac301d6aaf399e5b695eda10ccff15c88a14153ee94062cde

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3zaw7kso.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
89baccd42535a618b80eba0c42b2ab1a

SHA1
a757fac2b67dd8b6b93b6ca03b522e0bbfad04b9

SHA256
d4c076492fce26adbeed63b2bb18ef93d0bf7a5a51222b686138560e8e3e4114

SHA512
63697480e999564f44d132902ef02b16d310b8f3f6bb238d897a9084815b3fd4d1ba786c8b4b3a90feec942218aab19da46d022347a0405377e4a922d66ebf8c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3zaw7kso.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
13KB

MD5
91f5c4f4f315f8024d772fd3e724cb12

SHA1
08e3b5f739c7ef8f3d7820cf639f2494c491bbaf

SHA256
111a54f9e160c38709e8b8ec2746fcec82c63cd6de19f36cd98480b6d1f83219

SHA512
413b78b9c73a51160798e58ef8c353f77fc71c654b99e701b67650ffdd8e3dfc90796227d20a1cd52d77496f2ed39b1e8b75abf7e135bcece99fcaae4f11826a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3zaw7kso.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
40d7906473ffa5356cdccd4d2c1df901

SHA1
e96d333d1d7bcae7f0eb4c025fde2a373284ad49

SHA256
73ebbfe7497fbe23ede947e29e5ca13a2d2bd30501cc2bfc6a9a13493b5aafde

SHA512
a49fd3339c8b7112d9fd3dad012f30ddaa19e88f9c00599a16955cdec5147637bf6eb06566c1dddd44fb693a853b1a484dd2e9f5aad721ec10e5f581ff9e326f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3zaw7kso.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
25KB

MD5
7418a6bc4cc42c1137049da20d4095ae

SHA1
57b9e7f70fc203196b7da04e40fa0eb80580d55b

SHA256
bcd792fd1787ee0631568328104ab4ab7037a560c52f8b3f7dedbe250323103c

SHA512
356f4d420d0f19b5c462d48711b3f512f73eee5212fef8308921ac9efa5043a490b5adcdaadd0247b376bfe5bd010c011956c0d47b5c35763443c16dde3d4f98

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3zaw7kso.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
14KB

MD5
56624e53a9476e3e325956492040fbeb

SHA1
93719d3db57aab2d78545c8991b0f2e34d3b65eb

SHA256
df937c0e2a864d2d700ae10e4068372b75f06a75f70f47ef27560765cf0f965b

SHA512
e7bd154c8175e54a5abc3c77786cd3121c20d9fb528dce33fd97c21967219bcefa177b2da8f35777d9debc3e0f1eb0adc0f1555859443ac6a55352ecd7de159d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3zaw7kso.default-release\sessionstore.jsonlz4

Filesize
880B

MD5
03912bc3d17186fbd240f1f391481093

SHA1
c4b9c454e40ad968b74a533e8cc76388309284d2

SHA256
613c9764743d03113e0845ad5a229157af2c506fda99ecfbc8474ac6f72ada9c

SHA512
27de10a5cbe7a8792b9927bcb6372674cc7c9ec38e3f3b93136ba9630c331742fa8450ee9dd5c6a1ddd83254fb3db51b15aea626ba2a442992cc595ab23c332d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3zaw7kso.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
4a0d5fdd5b1d93b2119d61dd9383028f

SHA1
05235540ea90429cafe70767ff8e0b155caf21cd

SHA256
61cdd1aa21c1ad5a405ec1ed49077b6073c64f6180436a3f7b056cb2a565e678

SHA512
ada1d06e6e87230c74385c10353b445e180e608cbafe1b6e77f9a770407331ee167a89757e0a71811f06ea4c3272a68ff1fa8cccde4f737235457e81304e70e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3zaw7kso.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
ce1b0261b3a96606e78b97231c68e507

SHA1
d0a062d79b1675849a38057ca1dad85a8d94895a

SHA256
eb50bb217d2735974dd9717103f3660cd9f1b3aa5a4fb3e9a184b92dc5bfb163

SHA512
4ed325daa5e8c25f58c7d430ae2c41019412a2d9fd385ff86fd2782d2eb659d324fb18ed3bef0fe398bb57f4d29cebf7af03302e3cc601faf7dbfaf671126dcf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3zaw7kso.default-release\xulstore.json

Filesize
120B

MD5
05e1ddb4298be4c948c3ae839859c3e9

SHA1
ea9195602eeed8d06644026809e07b3ad29335e5

SHA256
1c2c5d5211674c3c8473e0589085499471399e53e9a85d7dd3b075fef6cbb6be

SHA512
3177b48cd0c877821419d7e5eb247a4c899bc37258994f22257ceaafefb316e6f5959faae02e380e432d7752f0218d45d56d6878c1e751d201d9fdb3ff98612e

Download Submit