9fad424430f1b2daebe476220d89751493682e182db0fdfafb9c646fd2355e86

Resubmissions

21/02/2024, 12:33

240221-prk6fafb4z 1

21/02/2024, 12:30

240221-pppqvaff59 1

Analysis

max time kernel
143s
max time network
161s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
21/02/2024, 12:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

search.html
Size

4KB
MD5

0593697919765ddb4f8d74e993c4ca78
SHA1

a1f8fc79267a2ca9bc479310d52dabd457a43228
SHA256

9fad424430f1b2daebe476220d89751493682e182db0fdfafb9c646fd2355e86
SHA512

f767d5554b73a472618e70c3c041c55fcf88b63911012723dfea96d11621adcdf1175e688bb66d34b16e76e59daa27ba26b15eef05e94fbe916449834a9d3d52
SSDEEP

96:3g4aiGYQmQRXRkFHeU8zOzAdJ+J6dLZ4dJYJ6dEzbD6Y96y:3g4yYQdRBkIjv46JZ4vC6C/D6Y96y

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1454216376-3069400526-304058712-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1454216376-3069400526-304058712-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1454216376-3069400526-304058712-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1454216376-3069400526-304058712-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1454216376-3069400526-304058712-1000\{1D96102A-FCD2-4EED-BD3F-347C3DD8C254}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1454216376-3069400526-304058712-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1454216376-3069400526-304058712-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1454216376-3069400526-304058712-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1454216376-3069400526-304058712-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
2952	msedge.exe
2952	msedge.exe
2116	msedge.exe
2116	msedge.exe
5672	msedge.exe
5848	msedge.exe
5848	msedge.exe
5288	identity_helper.exe
5288	identity_helper.exe
5524	msedge.exe
5524	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	3100	firefox.exe
Token: SeDebugPrivilege	3100	firefox.exe
Token: SeDebugPrivilege	3100	firefox.exe
Token: SeDebugPrivilege	3100	firefox.exe
Token: SeDebugPrivilege	3100	firefox.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
3100	firefox.exe
3100	firefox.exe
3100	firefox.exe
3100	firefox.exe

Suspicious use of SendNotifyMessage 15 IoCs

pid	Process
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
3100	firefox.exe
3100	firefox.exe
3100	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3100	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 3344	2116	msedge.exe	38
PID 2116 wrote to memory of 3344	2116	msedge.exe	38
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 1420	2116	msedge.exe	78
PID 2116 wrote to memory of 2952	2116	msedge.exe	79
PID 2116 wrote to memory of 2952	2116	msedge.exe	79
PID 2116 wrote to memory of 4764	2116	msedge.exe	80
PID 2116 wrote to memory of 4764	2116	msedge.exe	80
PID 2116 wrote to memory of 4764	2116	msedge.exe	80
PID 2116 wrote to memory of 4764	2116	msedge.exe	80
PID 2116 wrote to memory of 4764	2116	msedge.exe	80
PID 2116 wrote to memory of 4764	2116	msedge.exe	80
PID 2116 wrote to memory of 4764	2116	msedge.exe	80
PID 2116 wrote to memory of 4764	2116	msedge.exe	80
PID 2116 wrote to memory of 4764	2116	msedge.exe	80
PID 2116 wrote to memory of 4764	2116	msedge.exe	80
PID 2116 wrote to memory of 4764	2116	msedge.exe	80
PID 2116 wrote to memory of 4764	2116	msedge.exe	80
PID 2116 wrote to memory of 4764	2116	msedge.exe	80
PID 2116 wrote to memory of 4764	2116	msedge.exe	80
PID 2116 wrote to memory of 4764	2116	msedge.exe	80
PID 2116 wrote to memory of 4764	2116	msedge.exe	80
PID 2116 wrote to memory of 4764	2116	msedge.exe	80
PID 2116 wrote to memory of 4764	2116	msedge.exe	80
PID 2116 wrote to memory of 4764	2116	msedge.exe	80
PID 2116 wrote to memory of 4764	2116	msedge.exe	80

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\search.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0x100,0x110,0x7ffe58ae3cb8,0x7ffe58ae3cc8,0x7ffe58ae3cd8
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,11936238585194479090,9953719915931561761,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,11936238585194479090,9953719915931561761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,11936238585194479090,9953719915931561761,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11936238585194479090,9953719915931561761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11936238585194479090,9953719915931561761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11936238585194479090,9953719915931561761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1912,11936238585194479090,9953719915931561761,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1912,11936238585194479090,9953719915931561761,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1912,11936238585194479090,9953719915931561761,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  PID:5840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11936238585194479090,9953719915931561761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:6128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11936238585194479090,9953719915931561761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11936238585194479090,9953719915931561761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
  2⤵
  PID:6096
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,11936238585194479090,9953719915931561761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6996 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,11936238585194479090,9953719915931561761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3244 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11936238585194479090,9953719915931561761,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11936238585194479090,9953719915931561761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11936238585194479090,9953719915931561761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11936238585194479090,9953719915931561761,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,11936238585194479090,9953719915931561761,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4856 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5300

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1732
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3100
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3100.0.230379021\1894658523" -parentBuildID 20221007134813 -prefsHandle 1816 -prefMapHandle 1596 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5287cd25-d732-420c-886d-bed4d9ddc0bc} 3100 "\\.\pipe\gecko-crash-server-pipe.3100" 1916 17d71bdd458 gpu
    3⤵
    PID:1284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3100.1.149446431\201219705" -parentBuildID 20221007134813 -prefsHandle 2280 -prefMapHandle 2276 -prefsLen 20783 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cfc085e4-3b80-4081-9031-fc4456ef9484} 3100 "\\.\pipe\gecko-crash-server-pipe.3100" 2292 17d5e4e7658 socket
    3⤵
    PID:4532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3100.2.1157939205\1931635831" -childID 1 -isForBrowser -prefsHandle 3228 -prefMapHandle 2840 -prefsLen 20886 -prefMapSize 233444 -jsInitHandle 976 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a521ec1f-fcfe-4394-80a8-840372429a96} 3100 "\\.\pipe\gecko-crash-server-pipe.3100" 2808 17d76bd9d58 tab
    3⤵
    PID:2404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3100.3.1623680934\1036265669" -childID 2 -isForBrowser -prefsHandle 3452 -prefMapHandle 3448 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 976 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79f1e128-69b7-4d07-b147-0c03e80699e6} 3100 "\\.\pipe\gecko-crash-server-pipe.3100" 3468 17d74206258 tab
    3⤵
    PID:484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3100.4.1871201304\1385758794" -childID 3 -isForBrowser -prefsHandle 4636 -prefMapHandle 4640 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 976 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f54f2baa-f1ca-4063-b604-8d2b4e60afb4} 3100 "\\.\pipe\gecko-crash-server-pipe.3100" 4660 17d78c91e58 tab
    3⤵
    PID:2072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3100.5.1514477843\1702305264" -childID 4 -isForBrowser -prefsHandle 1764 -prefMapHandle 5064 -prefsLen 26283 -prefMapSize 233444 -jsInitHandle 976 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe910c86-e2bc-4d8b-8a0b-8db41ee693b7} 3100 "\\.\pipe\gecko-crash-server-pipe.3100" 5164 17d78c94e58 tab
    3⤵
    PID:4796
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3100.7.631555917\196944099" -childID 6 -isForBrowser -prefsHandle 5464 -prefMapHandle 5468 -prefsLen 26283 -prefMapSize 233444 -jsInitHandle 976 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4769bc20-297c-4bfc-a37e-1d6655cb1b73} 3100 "\\.\pipe\gecko-crash-server-pipe.3100" 5096 17d7904c458 tab
    3⤵
    PID:4236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3100.6.1161898906\178817649" -childID 5 -isForBrowser -prefsHandle 5284 -prefMapHandle 5288 -prefsLen 26283 -prefMapSize 233444 -jsInitHandle 976 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae169683-5ad8-4d39-9b1f-e68045462d41} 3100 "\\.\pipe\gecko-crash-server-pipe.3100" 5272 17d7904c158 tab
    3⤵
    PID:4424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3100.8.2072991036\1958703835" -childID 7 -isForBrowser -prefsHandle 6036 -prefMapHandle 5800 -prefsLen 26283 -prefMapSize 233444 -jsInitHandle 976 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00263642-0436-451c-a883-a25aa06ceeb3} 3100 "\\.\pipe\gecko-crash-server-pipe.3100" 6048 17d7a7ba258 tab
    3⤵
    PID:5896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3100.9.519937922\906921151" -childID 8 -isForBrowser -prefsHandle 5468 -prefMapHandle 5084 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 976 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3abb4536-61dd-4ec4-87a8-3dc2d7fdc644} 3100 "\\.\pipe\gecko-crash-server-pipe.3100" 5144 17d5e45bb58 tab
    3⤵
    PID:5680
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3100.10.832880048\631731860" -childID 9 -isForBrowser -prefsHandle 2724 -prefMapHandle 5296 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 976 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1406be2-54c5-431e-ab4d-fd2fbeb627da} 3100 "\\.\pipe\gecko-crash-server-pipe.3100" 5468 17d79fd6d58 tab
    3⤵
    PID:4808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3100.11.366887478\179789889" -childID 10 -isForBrowser -prefsHandle 4496 -prefMapHandle 4728 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 976 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b84ef60-442a-46a1-b841-9db4341367a6} 3100 "\\.\pipe\gecko-crash-server-pipe.3100" 1700 17d7a16c558 tab
    3⤵
    PID:3764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3100.12.1027873200\666752847" -childID 11 -isForBrowser -prefsHandle 2828 -prefMapHandle 5584 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 976 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {939d93c7-4f7e-4dc7-8bce-e078a74d486f} 3100 "\\.\pipe\gecko-crash-server-pipe.3100" 4536 17d719ea358 tab
    3⤵
    PID:4088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3100.13.1879118594\394024366" -childID 12 -isForBrowser -prefsHandle 2868 -prefMapHandle 1624 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 976 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a1f9994-a497-4ec9-82b0-8dee234c350d} 3100 "\\.\pipe\gecko-crash-server-pipe.3100" 2924 17d7b82dc58 tab
    3⤵
    PID:1092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3100.14.1903833045\698396971" -childID 13 -isForBrowser -prefsHandle 10104 -prefMapHandle 10000 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 976 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f0918e8-c97c-4ede-83e4-d08c041928f2} 3100 "\\.\pipe\gecko-crash-server-pipe.3100" 7120 17d79980a58 tab
    3⤵
    PID:5864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3100.16.298220272\756134776" -childID 15 -isForBrowser -prefsHandle 6912 -prefMapHandle 9948 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 976 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b653f305-21cd-4233-af25-7ea910b909b8} 3100 "\\.\pipe\gecko-crash-server-pipe.3100" 9776 17d7bfdf358 tab
    3⤵
    PID:740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3100.15.1501013660\546263007" -childID 14 -isForBrowser -prefsHandle 9932 -prefMapHandle 9936 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 976 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee27aebb-b3fc-4383-aab3-04579e61ed68} 3100 "\\.\pipe\gecko-crash-server-pipe.3100" 9920 17d7bfde758 tab
    3⤵
    PID:5184
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3100.17.220393168\284528482" -parentBuildID 20221007134813 -prefsHandle 6648 -prefMapHandle 6740 -prefsLen 26775 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c062c1d6-88d4-48a5-8caf-c190945dc002} 3100 "\\.\pipe\gecko-crash-server-pipe.3100" 9440 17d7c1a5458 rdd
    3⤵
    PID:5664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3100.19.1897155122\554422137" -childID 17 -isForBrowser -prefsHandle 6448 -prefMapHandle 6444 -prefsLen 26775 -prefMapSize 233444 -jsInitHandle 976 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95ed7df2-68c5-4123-8dc1-478344604452} 3100 "\\.\pipe\gecko-crash-server-pipe.3100" 6456 17d7c22f358 tab
    3⤵
    PID:5040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3100.18.346892939\291807547" -childID 16 -isForBrowser -prefsHandle 6764 -prefMapHandle 9524 -prefsLen 26775 -prefMapSize 233444 -jsInitHandle 976 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {418b8f17-c07d-472d-8e4f-3eadd270dd8c} 3100 "\\.\pipe\gecko-crash-server-pipe.3100" 9236 17d7904d058 tab
    3⤵
    PID:4820

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3c7088b345d89a8f65508a536d470e64

SHA1
c7f144ced04a66047253a5ee4124985adab6375c

SHA256
70807a89747f1c04394549aa800fedd6a737647bbf95af2cf087bb53e066724f

SHA512
8d6491e8da8c117f527feb6cc01612aefa0819d35d7b961bac8bf41154a1b525438ad928af70bbb06956f02ae3b0b1495347d33c769fe789496b8f4d4232853e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f68bbc73bc793da646fdb4b127313d6f

SHA1
8f32c71af00b61b4a11845aeea1a4f0be65c2cb7

SHA256
1eb452582ddfe59325eaf4f92dfd65a06da3466449d60ca2cdbfa89100d69d1c

SHA512
4c500b22978ab03c29fb920f68b7d98cbd9c4a34f85f809d77dc083bae147e3ed610ae846045f83e8d843f3196f73585365d1c707107a08a0e597732c65580f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7ab189a1a49e1de85ecc6fb7d00b9e6c

SHA1
045d7846d63937e7a8243ae5054fad71943debce

SHA256
53ed0607c18fcf51a9097c7c6a79770e329d12c9204feaceb4560ada89b1f442

SHA512
18a8faf6a33d4fc04762dfce6ec14e835fcf80213e2d040598fdaa2dad89d6dd3c7e25add1d9d0d4b9b295be41e01b8d1048b9be5bd74505cd8be1232a7c664e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
315d2c85b492590f22485cc32ecf7c35

SHA1
4515e0748fe499862ece7fa4b1e3d9a447a44232

SHA256
b2ca6fa3c54fdb42a361ec132cfb942cf3d7c8291af493bc20392b069c3989b0

SHA512
85adc9f5f31ba29ef971497733dec893be5133ffaf33feb220145e46228981c31507076938b37811283edf967ccb4e151799e6d50cad73b2ac19d57df6be6b70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
a73a27fe4e406bae8ea5f5e04129a2c7

SHA1
ed324510688f8b08f30475e0a38e885e1dcbaa2b

SHA256
312d5b5397d0523ed36b5d93a6f7fde0435cb41390e4ed233f5e57b9b9df717e

SHA512
72c313af632bb252ce84ab419f0a19be9a47bee9a0220127063ef79ec4d305e12d6ec4be740bd4c77fce01cf1c1737dbd58df261914a9ae6b51775f805c567cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6e79c97c5947a0c3189f89b861e881ea

SHA1
a59621a6b6806fbabf9a001f1793531e938fb307

SHA256
57664778b62067a844f4d15ce2ebf0495fbe3defd46b79e759b659c2c0503944

SHA512
5dc90631230c2867964abb2afa30c6b1dbf5d3305b1ae9c6454397c71f6a92749683020dc9ee929908b25e2dc4dae0c2d943792cbd317945ed79c8322adc287d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1f99534d5e4356f90dd1638cc403a34c

SHA1
9b08d3c1056164163d9271320ffd1c3629fd5467

SHA256
8ea1a54e224410975a84259c559df71ba62f422d5205c2727b6863727120fc3d

SHA512
b96676db13bba232df7f9d1f71f83257496c9c826b3172109c4be3cfbeaa5fc6e11ca1485e8bcbd6c432c7e106f1759ae1ca154209c0ff297122f884c34ff782

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4idil8qh.default-release\cache2\doomed\13835

Filesize
9KB

MD5
8d0b363243d7c0c05eba786a91798340

SHA1
0bfc0e3865d50e0385b228ba7f27eb7a39f3ab5b

SHA256
7794bd1016ff9985c7df2bbc72c090349deff9df6b2d92fe0c51a286793e15c9

SHA512
8a29a27eb0c985d01255555fb88fa96e1db67080ea8ee556a0034742a5d48341137f0e9001cd47909a2f8d0b5347ef6a789abaa3225abce950cdd0b7979c9771

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4idil8qh.default-release\cache2\doomed\17101

Filesize
9KB

MD5
233df7307b51be3038bd31ffbe892011

SHA1
758633baf0d6f1f0b003ff67cc134e2de19068aa

SHA256
dbabcde85c251bea41fae344642f726fc501ff963c8031e5ed0e7c3719d2f7e5

SHA512
88e5d32ac6e1dedbd5cb60d284d3665c8a6adb03d5768c740cfcad266e72ff09e750ffdd2d624404678415da85dd4c957538b791cf8fbf340474f0c1dcff0d11

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4idil8qh.default-release\cache2\doomed\19073

Filesize
9KB

MD5
b436f421e813ee4903ffc49e059ca0d1

SHA1
6079cf8af4ce1f8ca41cafc82f2492acebf4f65a

SHA256
7a67a1282900e06a4cdba56647da36c0654d68c394969b08442588e8773df90d

SHA512
273be05cb788b18a3bd4773d14faa97365b91f39d749477c6af74177d7cff528638bc11ffa0c2932a6905bcdc5e11ade5d5edaec16735794bed676d9ba9ae183

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4idil8qh.default-release\cache2\doomed\20060

Filesize
21KB

MD5
980477b5e3d214bce69fd5fda5addced

SHA1
92ee944322f1a3c584e67dc21342b49a202ac143

SHA256
09118d6ce04adaadc0b28c113e76ac7b44a2ae91e01c63f18656f081e9565632

SHA512
db52919066deea70f54b58c767b40aeb180d744864e5000c894f07b65273e35d2ceffa63b4cbc1ee57fe6425b7edc04b13debebbfdbd8e3fb3a21f3df9f3b206

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4idil8qh.default-release\cache2\doomed\4435

Filesize
21KB

MD5
e8bdb000e2f6d12396bf265bedadfbab

SHA1
5dec45270257cdba6f0b054a92a45ac0801e158b

SHA256
a9522866a7c2534be40f9ec91fe11936fd20c244fbaa08c3d10e55d73a6438e7

SHA512
b8de84af4f44ef46214ccd35e2e10d4bbdaf7b5fc3d24597ca7583e1177c19bde4b73aca24a9495f05c2c2282417131b88eabfc3ad6844fd155eed75b0fab1d7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4idil8qh.default-release\cache2\doomed\7476

Filesize
15KB

MD5
bbce414cefd96ef85e1f31e3d702e5a9

SHA1
17d7dd3a6d2b08da7f20975afbbd6454f3914fcf

SHA256
bb083d2493ef3aa6a616ea49e0b8331fab27f14e7f2a204a5c7cb38d44ba6769

SHA512
510edd21a5858ce2efa2aa69e3cced27d7e6b204fd3fef8c1efb0ccbe7e693782c9b0dc446ffea657dc90b526636d46b28310b2c8983d3d8471825ea901cf47b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4idil8qh.default-release\cache2\entries\1E05BAA472FFA6C40699324D7604875B4603F9E3

Filesize
171KB

MD5
e8d6cc44642f0c93a94df7e37901b7e0

SHA1
c9de2203b7cb6072866d7478885c82228e101d74

SHA256
ff37bb41b33d0fcb52c484546f575fb4aff3855dcb3068a78919d75d34424f02

SHA512
3c5654ae8eda323210019b8fc5293e8e5828467920ad2455892e4d9ff7cd841f845fd27d2f284115a205cde3f145ab6c430fd76a85eed2f3885e3a7dd6572f92

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4idil8qh.default-release\cache2\entries\51ADC04B6B3A8FE1A6C361C60E4BC3463A39FDBF

Filesize
74KB

MD5
7e42661fb57aa7024cb101d9b96c8ad4

SHA1
916162c334ec380a4c698f0cd10c5701e63ad774

SHA256
33bfc9961086a5ccc7a15ff20fca23e0ec13ad9f7248a5f62487f39c6bbb2ec2

SHA512
90e5ba8093cc633a3ba7e6f3a5abb85de7dbd3358f5cbef2aa445101de695cbf3dba65dc3316e0a810c88e17ff1e783a4770c1124595831ea400ef089f01114a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4idil8qh.default-release\cache2\entries\DF0FD9942BD74B42C1D5922E4CDFD25EAF36107E

Filesize
38KB

MD5
58eb7a2ac39bc1d128ac6935428e239f

SHA1
bc21166a739452ffcc470766c8065a871a41a6dc

SHA256
f2cb5fd724f584e6e7ae303108026ab68b3c8cf40be372d17d17981a6d90fe85

SHA512
a78a7ebc570f18cc20c1e03ba866b2a773f5a0b5cf5d68c40429edd44905a93caee8344c59d514edda04089b3021d62b37761cfa2f08d7460f8d9f6d2c5c6352

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
5357948376ba73b714563f0e09490003

SHA1
dfed1c357d06ef69b0107e2f447ef98fb5f09bfb

SHA256
1fe220fb0dc02a1c54d521a395ed7c2adf5b346a037dc7d8e2188c053a7fdbe5

SHA512
5d8b306f3a7a6385c3a5c3cddc7820c57b4e5e6cc34d1019c89a91949a7ab7356bbf84db2bfaada3b985e4ab26434ae62f369c05d818a893eb190a206c5e1dfe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\datareporting\glean\pending_pings\2a576e85-6e85-415e-9d42-389923d6d095

Filesize
746B

MD5
d6ff3c947dc4efeffba1f1c05cb40cd8

SHA1
e108c44e2d0ef850c2332bc19bd847e4774b0f1c

SHA256
09916416109cdc825696bc66adf3d7f3514525ec2711f20b587174035a1ed250

SHA512
873cb11dd6bfe4a737f20a30920a6fb5cc21a797ad20bb6cda9728182a66f27406249bd45108f5686526fc9a81a4345b5c5f38eb9f280347385edfb342b37b7a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\datareporting\glean\pending_pings\a5f17b1f-ea2b-47fb-a593-174f485ae1e2

Filesize
12KB

MD5
5c236ecf4a8300cae9600afb60af884e

SHA1
b234d2727a43a58871c0c5ecc26da7adec21676e

SHA256
17daac809db33f9f60d34e185b5d05a90c7468180e425caa11d4419605590ed5

SHA512
594752aee94082183477d2c81759878780e38e94b06e19eaf71ed4db85cc0d8cd509e6ddd7c6e71a56b7b0091a0d8354b55ce87b2cdd3985f1169c826a50bfb4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

Filesize
827KB

MD5
29101e5cd90ea948c0de0ac60b7e688a

SHA1
56f694dba039fbb82ded953a24909f1f4d6c0b29

SHA256
6b8a1b308850c69bb40ecbd88669a9ee44bdded0398bc8a256b89c3df43c6147

SHA512
b9d7c3a65e1ef879d2da8049ce292657425ee1d08726008e9d77d5fdeae5bfc1f6c89cc90a0a9b85bf5df79f0bda8b4e303f9ee243b38c38bf92075dcc0a1b4e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
896KB

MD5
9cb9f1e98b04a6a7f8af93bc0a4f3b0b

SHA1
9d3caa1e311297ea9493adae3cff7cc7a73b3d81

SHA256
2db13b836c183bab3249e10dda3275437504aab6dfdede4ab110d13318e9f5d4

SHA512
e63fe97a81cfb64cfb1b3932b2bbfc39f1ff07d7328e69d6c2a774ad77f45251072eb5f69c2e6ac380685a82945594c597352409ee19b28b6e47afc52e4b8c35

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\prefs-1.js

Filesize
6KB

MD5
5861c9340926eb3456e9d3144474219d

SHA1
5d0b124944bc9fc8db5fb56cdd34c5dfd01ec85e

SHA256
a358f89cab2b83790da40d28789a2a3b28f3b849d44d06517ad98b492b69c71a

SHA512
207b396000b04abaf351741a4ae436015e80a7bc0d66c61ca14eec8d6de68fc89db938e843f443fd1703c032de7a7f1a57a81926a878a8dbe9aae744c1653a92

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\prefs-1.js

Filesize
6KB

MD5
02112b64958ee9141d08e8801f990326

SHA1
e3d86156515d3c3957c79e2045f84ad78463a233

SHA256
0523ce3d5093ba716c8f239b3a24baf5efc1582ac8b1e65496f207828e3832ee

SHA512
d032f494b41aef1904409dc8c67bc03d6aa43d7d04415c7cd6fa123d6475bf101cf229d2099f1585490c21fb116e7af10e7aaa18bc53b9344f389f1eae83aa56

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
28092b422cd7f000e93bd5fd2d5ac1d8

SHA1
d0a24e1f0ac56e1dd5e7168f2fe586cc3ca8f1f5

SHA256
da6d5d334a68ee3f5e70d30ecc023c46adb3640ee88249404a38e964b3283de1

SHA512
2b0f246d0038a3924538a58b05424497e584bbf06ac67a6c79228a1a9c312bd647ab9d149f723d3f8b3888f685367e4f8a109fbe476edf42ae9f17a4fa11fac7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
cc24c300fd1317543f968e3115f204ea

SHA1
4bf04e2f9f6dcf1f9124372eef3efb741ba6fb5d

SHA256
ac8b1397d464dabec467e6ec9b2bce972753feacc4ac566ab8c37e3254994707

SHA512
20dd48383f05e585111a13e8fac3d6e3ff6f85c03632fdef6abebb08b632db85e9518354e099d18a37ef067aff0e7fe367ff6eb518636bb1c36088eb15e24ab2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
47077a4221733d2743372704c253e180

SHA1
2383f55741ab5e518bd3baa49e253920409c4ce0

SHA256
6fe88b192e347c294c06e7bf1d00067c7ba36d62fde18f2f9a25e0cf2811bb48

SHA512
4bcd23cda2bf1987cb4e16e4754b462b668211e430b08e71c854bdf38e2112afcf591026bf52390fa6109b39103a9c161ce0495d12c7d57ef988410b901b81e8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
e0b5d22c2101de102811882b1c52ed79

SHA1
6056897a9c63249be5b22265d9d90b1a540f8588

SHA256
345a754748d7943c4dfa9400694fc1ca483f63d8741d884d76f8ad8ea5b9f06f

SHA512
cd59a20bc6f99de45ef02584a3e844df359e3a864409ebaa48315637612f0e57b89cf1171aed18435c120cefa5502a00d7b4e43739b39a5827e43e27d5b0315c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
17KB

MD5
7132232741ac3b76b140ee761c489f24

SHA1
001ede978968128a3f2751e1e23fdb10161217e7

SHA256
313b966086849000dd3447be2751f879d8791f570620d66358e37492aaf36816

SHA512
67ae96d250558d713656a0fb0ce290a912e7651d3e2112576c0e46bfe7244e781254a542c1aaacd5b1bfa471c2bf75bf56269db702fc95d2bbce4ad92e7e5085

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
f7b5518fd7d27287f65bee2cf4d2cfae

SHA1
38320771c496a30de71c94b140e62c2223dbaca7

SHA256
279d122b43f75da1924e47d0a263f1e8d0b9be77b431b7ce42cf0c894f32c09a

SHA512
3f8d6cddc4c90688b54c9d0f050c7aa6a248f1094adbbbafd706784e0c644d279fc284129d094fb234b99240a6888e43a6ae36befdb87505df148fbaf44f8ac4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
19KB

MD5
1f4cba8537bec6eb3f94b1d97190e2d2

SHA1
4c7fbcbb79c8673b81c445a5f948a3ab5d8f43e5

SHA256
51784deacd429dee4d8db3e681832084d02bb7f588f6eea7a185e6ba0ae74346

SHA512
57ad9daf9f78a1f015e25626afeffa434e6e322b1fd35bda80b80b1796abd29ebbb7def16123d4f33c0f9d4e67ca6e564337550baaf0b9ca9ebac10741da3738

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
3856f3fb3aad81ea57712892eb206346

SHA1
2aa9404feeca1dfb7ac4540432b1250e99e9a714

SHA256
a015b97db87b68cb117cad04a388b96f129ad310b543f776a393665549819846

SHA512
7d9d93c921a08bb70cac71abe274d965cb0835b1944fea8714a5f096014fc98dee0dfc10914f49325f80dd7e288ee7556d8dbaa4f567389d1cc81e1ce1c43a33

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
0cdb6fc84840de13e86c0820b60efb66

SHA1
35be655d65577427f1ff2a696906c07a59d7eb47

SHA256
e6620c0457c38b5b88a19b1e2036d04b185e4a4d32e6e904341aec9fa5020124

SHA512
0b3c953f32ba7bcf3fd3cd807acdf4a14d5c62c39655f8ecb8688ef2f787fcfd0323b722052cccea602cb41e9f6847311a30fc806b22d191f6d0cdeb8d10b1a2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\storage\default\https+++core.arc.io^partitionKey=%28https%2Cprbay.online%29\idb\112462418acr.sqlite

Filesize
48KB

MD5
2114b83273e20a872b1ec817d7c44b4e

SHA1
160af6c6c9831f5522ed4f73bb0eccf1dcf31933

SHA256
6d128ee5ec3a692ab42b0ed06090289ede16df52b02b66a9bd1f8893f96c4608

SHA512
04bc2de79d91cf3ff5b89c3ff9375b40a83bf0cf86c0d05a257345a0e13546416173e0eaa848cf3019ac28457927077d23fe684ffb101f51cd3ef86f1554b99f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\storage\default\https+++prbay.online\cache\morgue\114\{6915ff10-b4f7-4741-806b-428f9badc172}.final

Filesize
1KB

MD5
bbc13a2727a5012ccf279d012eb78fd9

SHA1
c73959c09b4e447d16d3a17a4413da08ffcf4486

SHA256
efb7bb901b5bf0996398ac1f93e88b330c5cb5b16af8d9a4d34468465eef79da

SHA512
e337ef50ce577369c4f3efb2fa58066cb35bcdaecfbd39cd6c01b9d04bd959c372d62eadd901cb0327955b2fd35b938ce774f7b60ade0f952f9440f99f30c608

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\storage\default\https+++prbay.online\cache\morgue\60\{44e5cc24-33e2-405a-8524-b5b743a11a3c}.final

Filesize
120KB

MD5
1c1e70cc6185714c16d53244af06cddf

SHA1
8a8765acc16855c83bea2a9af78a99146c3a5c43

SHA256
ddc091cdcf5ad112a87cc121858769c8adc3a76dcb6f536e6dcb0f9ac27f0f83

SHA512
062a6dfb5a3b62bb9195934f3323d9394b0e0dc03c4167bccb615f67ff778d45fa3287c12c80808f9ae557001ba4cf645e86592efdb3b5912b817fdc970a5352

Download Submit