18f551d22cf8aabb4a1e84dd9b447c6fd1451f80459c766de37ee08f693d28c4

Analysis

max time kernel
255s
max time network
248s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
21/02/2024, 20:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

brainlet-windmill.gif
Size

2.3MB
MD5

3144eaf4ccb50cd5698cfa17a8c9a189
SHA1

e266adec3b433c03dd890c91521aef486fafaad6
SHA256

18f551d22cf8aabb4a1e84dd9b447c6fd1451f80459c766de37ee08f693d28c4
SHA512

1fa5e3c4d223cf3aefc9c686cf1286bd3b53f852d2cadd7ba701760e32a819703602b873c36239c9c059f260a112fe14478a63ccf03781f04683c11a11fdbd0a
SSDEEP

49152:ZaaQEVl/5grqVpg0pSzQN10QT1aPI0FL5ae6EvQqpF:saQELxgrqng0p/0QTcPFeSvP

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31089927"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10b0ff290765da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{55151008-D0FA-11EE-AF9B-6A34E6582500} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "695126848"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "695126848"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "700612794"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000740ef7389e92bc418120e6d18cb0b201000000000200000000001066000000010000200000004a05b59a675300717a429ed767909e7a7c9e10aa8c011ee50ae3d31b31433353000000000e8000000002000020000000acca81e1b99ba7b990fb3033d28703728167cb6e79a3e36d611be7ae40eccfdf20000000a4ee546dacb27aaedde7252979511fd0e1cec275174203738c0ca8a192e1c47d40000000ef7180bf649b4da19e5c3e352f86f63daccc927f8f961056a81a80947cdd0f985374b44514fee016a683cd1825177213a414d7991686ea44ef3a1fa4a91ae1ff	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31089927"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "415313383"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31089927"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000740ef7389e92bc418120e6d18cb0b201000000000200000000001066000000010000200000003ca149ba6924807b96c9dd60fff4a4e37d94d602e6081afa7bea6258a7730b12000000000e8000000002000020000000552b1eacfc2bfff2de3a425327078b5278877bb85ce047423672e09c323a71d020000000eabe4f2797d2ba0be2389736d2d58e814910e66cf3d55aa9f895e3d3163766314000000007b0bd107f7c8280b3cb7856555b946093785fea6b52c0db7965e92cc1484004140320a47fa9138296d77e364f528d192a74bd70b2568c7e21bb5a571c71a86b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2066fd290765da01	iexplore.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	1152	firefox.exe
Token: SeDebugPrivilege	1152	firefox.exe
Token: SeDebugPrivilege	1152	firefox.exe
Token: SeDebugPrivilege	1152	firefox.exe
Token: SeDebugPrivilege	1152	firefox.exe
Token: SeDebugPrivilege	1152	firefox.exe

Suspicious use of FindShellTrayWindow 9 IoCs

pid	Process
1780	iexplore.exe
1152	firefox.exe
1152	firefox.exe
1152	firefox.exe
1152	firefox.exe
1152	firefox.exe
1152	firefox.exe
1152	firefox.exe
1152	firefox.exe

Suspicious use of SendNotifyMessage 7 IoCs

pid	Process
1152	firefox.exe
1152	firefox.exe
1152	firefox.exe
1152	firefox.exe
1152	firefox.exe
1152	firefox.exe
1152	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1780	iexplore.exe
1780	iexplore.exe
2440	IEXPLORE.EXE
2440	IEXPLORE.EXE
2440	IEXPLORE.EXE
2440	IEXPLORE.EXE
1152	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1780 wrote to memory of 2440	1780	iexplore.exe	85
PID 1780 wrote to memory of 2440	1780	iexplore.exe	85
PID 1780 wrote to memory of 2440	1780	iexplore.exe	85
PID 556 wrote to memory of 1152	556	firefox.exe	93
PID 556 wrote to memory of 1152	556	firefox.exe	93
PID 556 wrote to memory of 1152	556	firefox.exe	93
PID 556 wrote to memory of 1152	556	firefox.exe	93
PID 556 wrote to memory of 1152	556	firefox.exe	93
PID 556 wrote to memory of 1152	556	firefox.exe	93
PID 556 wrote to memory of 1152	556	firefox.exe	93
PID 556 wrote to memory of 1152	556	firefox.exe	93
PID 556 wrote to memory of 1152	556	firefox.exe	93
PID 556 wrote to memory of 1152	556	firefox.exe	93
PID 556 wrote to memory of 1152	556	firefox.exe	93
PID 1152 wrote to memory of 2752	1152	firefox.exe	94
PID 1152 wrote to memory of 2752	1152	firefox.exe	94
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95
PID 1152 wrote to memory of 3088	1152	firefox.exe	95

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\brainlet-windmill.gif
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1780
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1780 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2440

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:556
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1152.0.415934257\9581705" -parentBuildID 20221007134813 -prefsHandle 1916 -prefMapHandle 1908 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {92553128-83f9-40db-a76d-3b8253d85404} 1152 "\\.\pipe\gecko-crash-server-pipe.1152" 1996 2cd4c9b8e58 gpu
    3⤵
    PID:2752
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1152.1.1640123896\4201990" -parentBuildID 20221007134813 -prefsHandle 2368 -prefMapHandle 2364 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aab6ce35-a5bf-4856-9967-9d7ee87b2997} 1152 "\\.\pipe\gecko-crash-server-pipe.1152" 2396 2cd40272e58 socket
    3⤵
    PID:3088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1152.2.1111283954\635899895" -childID 1 -isForBrowser -prefsHandle 2980 -prefMapHandle 3040 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aef149ac-c27d-4c78-9ed2-0fb19c5368f3} 1152 "\\.\pipe\gecko-crash-server-pipe.1152" 3164 2cd50bbe158 tab
    3⤵
    PID:2432
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1152.3.268798862\1516456768" -childID 2 -isForBrowser -prefsHandle 3588 -prefMapHandle 3584 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0fee85bb-15e3-4937-ab11-53a5107509d2} 1152 "\\.\pipe\gecko-crash-server-pipe.1152" 3596 2cd511a7858 tab
    3⤵
    PID:4024
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1152.4.1881712560\1322943180" -childID 3 -isForBrowser -prefsHandle 4544 -prefMapHandle 4540 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b477c2d0-b137-4986-90fd-a079f6f1b797} 1152 "\\.\pipe\gecko-crash-server-pipe.1152" 4464 2cd526a2958 tab
    3⤵
    PID:4364
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1152.7.1242881630\118131938" -childID 6 -isForBrowser -prefsHandle 5444 -prefMapHandle 5448 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ca1398f-a592-49d8-ab1e-2e37b8b8bf4e} 1152 "\\.\pipe\gecko-crash-server-pipe.1152" 5528 2cd531e0758 tab
    3⤵
    PID:3644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1152.6.2124453382\1270594631" -childID 5 -isForBrowser -prefsHandle 5252 -prefMapHandle 5256 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58c3f450-0d8c-4272-87f8-71f5d2eb45be} 1152 "\\.\pipe\gecko-crash-server-pipe.1152" 5336 2cd531dfe58 tab
    3⤵
    PID:692
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1152.5.1370854199\1817082300" -childID 4 -isForBrowser -prefsHandle 5100 -prefMapHandle 5064 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {21081c7f-0627-46a5-9fb1-fb6c8f7f42b8} 1152 "\\.\pipe\gecko-crash-server-pipe.1152" 4972 2cd531df858 tab
    3⤵
    PID:3392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1152.8.864448477\1247420299" -childID 7 -isForBrowser -prefsHandle 5992 -prefMapHandle 5988 -prefsLen 26550 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e0c6f51-8e97-455b-aa60-d6f4476cbfa2} 1152 "\\.\pipe\gecko-crash-server-pipe.1152" 3552 2cd53fead58 tab
    3⤵
    PID:5060
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1152.9.1897809779\946294666" -childID 8 -isForBrowser -prefsHandle 4648 -prefMapHandle 4660 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc46c887-322e-4ab0-9fab-fdfec63ad3c0} 1152 "\\.\pipe\gecko-crash-server-pipe.1152" 4612 2cd533e1758 tab
    3⤵
    PID:2912
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1152.10.702050364\676674092" -childID 9 -isForBrowser -prefsHandle 5308 -prefMapHandle 5880 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {016a3f96-f915-491b-9c33-9408e32f1730} 1152 "\\.\pipe\gecko-crash-server-pipe.1152" 5772 2cd4db79d58 tab
    3⤵
    PID:3216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1152.12.768831132\1518070085" -childID 11 -isForBrowser -prefsHandle 10080 -prefMapHandle 10076 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4aa0c37-7fda-492f-a207-4174c33396f1} 1152 "\\.\pipe\gecko-crash-server-pipe.1152" 10088 2cd55c7c858 tab
    3⤵
    PID:816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1152.11.1383714561\409045998" -childID 10 -isForBrowser -prefsHandle 10216 -prefMapHandle 10220 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ecc9f34d-0358-40cd-b4aa-3a685345dfe8} 1152 "\\.\pipe\gecko-crash-server-pipe.1152" 10208 2cd55c7ce58 tab
    3⤵
    PID:4772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1152.13.1779224537\772346539" -childID 12 -isForBrowser -prefsHandle 5436 -prefMapHandle 6084 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccf58aa4-8535-4950-aee2-5d5055323a98} 1152 "\\.\pipe\gecko-crash-server-pipe.1152" 5356 2cd40264a58 tab
    3⤵
    PID:4896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1152.15.1554202196\1133897824" -childID 14 -isForBrowser -prefsHandle 5188 -prefMapHandle 5212 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {496e4791-c1f6-4122-975d-44f6ab530614} 1152 "\\.\pipe\gecko-crash-server-pipe.1152" 5240 2cd55c7ce58 tab
    3⤵
    PID:3616
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1152.14.1172930931\46327506" -childID 13 -isForBrowser -prefsHandle 5612 -prefMapHandle 10100 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f0fc36d-3b8e-46de-b8b4-cee7ed0ff3c3} 1152 "\\.\pipe\gecko-crash-server-pipe.1152" 5544 2cd53fead58 tab
    3⤵
    PID:4424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1152.16.105591241\2112928614" -childID 15 -isForBrowser -prefsHandle 5124 -prefMapHandle 6164 -prefsLen 26734 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d68f96e3-641e-4929-b6bc-a24846989957} 1152 "\\.\pipe\gecko-crash-server-pipe.1152" 6156 2cd4db78558 tab
    3⤵
    PID:1580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1152.18.633403145\221929243" -childID 17 -isForBrowser -prefsHandle 5356 -prefMapHandle 5568 -prefsLen 26734 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {96572d54-f24c-40e8-a48c-a4102754ec10} 1152 "\\.\pipe\gecko-crash-server-pipe.1152" 5668 2cd5474cb58 tab
    3⤵
    PID:2140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1152.17.1773385624\960546962" -childID 16 -isForBrowser -prefsHandle 5324 -prefMapHandle 5656 -prefsLen 26734 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24f981a0-82d8-4a3a-9bf7-b89b140bc84d} 1152 "\\.\pipe\gecko-crash-server-pipe.1152" 6232 2cd53fead58 tab
    3⤵
    PID:1704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PTB8EEY3\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvnvyogb.default-release\cache2\doomed\16624

Filesize
14KB

MD5
22415c16946d1ea3d34c13fe611120a4

SHA1
3ddb43b57ad47f875ccc0a636ab9567997c1b00c

SHA256
0f39c86858989588f562b0c476c4a6f73d86041ba3172565970126a321db0754

SHA512
ddca45b7f65228af9f6e3cd34601b9bb1ad0499670bb02b8e8483b3c2085123bdfec902b36b48cdd835a6f9efe9b7e3024cb957e432b02abefaccebc8b91c605

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvnvyogb.default-release\cache2\doomed\21678

Filesize
14KB

MD5
90410be57addc1aa1e89f298b00b0d7d

SHA1
df97fbd0d4f869e036772d45e7168dd3a5a53cee

SHA256
8e2232683848c2575b7afb01bd7f17677a828e1f7564dd1c32ef9676fdacd6bf

SHA512
c4b313c4fa2a58a7c17f4d4064083637d93a4484ec66d84ea3e9691e10cc1b9d4084a8c7bab76999e20c0f5893fb915bb8663f4d6fedb7ea2664a8032e3e946c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvnvyogb.default-release\cache2\doomed\23426

Filesize
21KB

MD5
a7f99ce43f78f726f351557e6c489c42

SHA1
5188aa1648462a6a89e50a3111ff0a3b36785fb6

SHA256
b9987b6799fd5505f75b90b6e56375092cabcff11165f1192a6717f63271779d

SHA512
5cb4b4cc0dad49219317265d47f77f129851508b03b5a248a6c8eede513e14c439f946a7d9feebdee71cb01b5def104fd05acf6ac93d674475c1906f585897a6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvnvyogb.default-release\cache2\doomed\24979

Filesize
18KB

MD5
f38df4334e2070e7f335a80e2c6df6e3

SHA1
3d59b2bd484cdff325804468fb8f24d9cb76d98f

SHA256
45ad3dbb18e29c7eb69d6c9aadb5901121584967fd541d483a01867449347490

SHA512
59d1a0b4ffd4b56fd1e06957e5e407fab2a56fc8ea9a258a8c45b9b037c005c974ce0f6f22a2fec569e1bf198fa6e8c16620da680df947756bf0b9d2d42463b3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvnvyogb.default-release\cache2\doomed\25756

Filesize
18KB

MD5
eda89111e8c7bc103603bbcdddf314fa

SHA1
3d9b337b41895c51c12fdde5a086d88ef26cc7f5

SHA256
472fc4969ea721995b36f62baa8999c99b016e57b7c1ad7d6116ec63f6234615

SHA512
bc8ca6d63ec578c97e93fd2084c93eda3de8f28f0c079a54283c9095b2092fae6de3d690c2665a0ad267ac7f74eb4ae31ae2ea0616858c0f8924b2903e78d4af

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvnvyogb.default-release\cache2\doomed\27529

Filesize
10KB

MD5
5b26cdd5ba1d6d3f755bb5dfb38fb4b8

SHA1
0482ebf0051ab14e804db5520510597fd353e410

SHA256
a78a77955257169c80fba7f939acc2beca5ce4609682f31257714829bbf6ccbc

SHA512
f28dd0641edabd41fe14241ec392d919b954989e4598d93e009312385d7f591900d4533fb984f311efbc1b0630d18bdc28d192fd1253b3ab1aee006ce1d2d9b4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvnvyogb.default-release\cache2\doomed\29126

Filesize
9KB

MD5
fe6813161891228001638cf72809d52f

SHA1
6ff1077d7e73511e799924f7f19dd79f2a8bd309

SHA256
5081624049364ade7a258e30bd85ffb104045048141047dcc366bcd34b90532a

SHA512
dc864324816a8dcc737f69ea67dd04e243c4c72e8fac761b870ad61602ba3163e64b9c4edfe42af8dd82db2aa9b518078fd355c04e4875a6901205b15dae0684

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvnvyogb.default-release\cache2\doomed\32721

Filesize
21KB

MD5
398924658d01e7363d4144b4d0d25689

SHA1
a3eea8dda3d1b37a70ee860b2e270b93ff81dc4e

SHA256
4d8d37beace85f50fb95975f5a8482dd92557db09eb0aac1410ac063bd54fcd8

SHA512
7efb10063c106ea0a84b08e038cc958efc393b3e7682e40f0298145c0b5e49bda19988ce15b21e5e240a7d366e6afd18d997ee6a7bf714b3317207a903f832c6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvnvyogb.default-release\cache2\doomed\6457

Filesize
18KB

MD5
cc9f4181c959347bd9479b8ed37d3ad4

SHA1
3f2de0b51c3c12ae65b61ab1365fa478085545e7

SHA256
5b357cfd9a9bef2e262267acaff902150daf3eac3f11eb403d08a1857e6914c5

SHA512
fd1051ec105ff73ce08366fab4cd80095ff57586092d46723146e72e3337737e334c838b3ee5fb4472c35b4657be6f7f7a03d66bb0187a919f49df52189c0f65

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvnvyogb.default-release\cache2\doomed\7943

Filesize
9KB

MD5
9d8240e247e3546d90f1a5cceab16712

SHA1
aa2c3e6453ac08b96838ca0f685f554b29858b3b

SHA256
29f4dc7aac2820e9c4d082c493938b7828e8b146941f89471dc9546432de61f3

SHA512
72c4458a901719f0c21e7f1f8ea322f89e7b086c78dc241a106985d103824599083ceaa8a65b7f92602ec9e08647e4456a890ecd851789f7c1ded8de12ca81de

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvnvyogb.default-release\cache2\entries\00CF19FD1DBFE6690E1849860BE1F6545057ABAB

Filesize
733KB

MD5
003a3763e36ec164c2f343d5831b930b

SHA1
1d2240fd14c803dcee4cd8fed29b3ceaaf467ea6

SHA256
f71a02a79eb61e08194e6c58a73084e37518e088c8239c05591049c18d928e86

SHA512
a6c45b3b69ca6bd7240f9e5ccffcb16b4caf120be9cb3f2a86424947ebae8de99041e4bc93739cf2581868742ac64d6473d7cbb018e907bc112ab3c4c868501a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvnvyogb.default-release\cache2\entries\5B7F718C2B443DD28FB18F63FEC3D87FBF339D1F

Filesize
114KB

MD5
7a9e5e021702d4f2a5d5819bf0d45631

SHA1
6b8555dd3097829f516573281c1f5a4c42494a45

SHA256
dd3167f9362b7721bf464174bb682a96ee8044517866782887d81f78a9b8c716

SHA512
054beb1352b42bdc3883bf5bb232903e0ae2a99d2f4ddbc439a627fb010bcef1cf3cab48964281d9b5bf974af35b824f82b60c8bec4966c2a14e9ed92e62b8c7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvnvyogb.default-release\cache2\entries\5ECF2F30DC1AF77A77E94FF6160FA00AF1B6272F

Filesize
132KB

MD5
fb90a6d883953f8ae926b20f047f100d

SHA1
bdf8616d5c5d8a7ff87a5da50f511bcedf3bc480

SHA256
20553a2e96696a065e3ddf3812087848de2fcb7b23e10117a4c93f3f536d0e7a

SHA512
1de63d75a4fe4ad9199d352799ec52035c3a0e8700e9bd7f2463c4b891a25034bc1e1a75bb7367cfd193cfb6a781f9062caa9229fc1741651fb59e27a0bffd27

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvnvyogb.default-release\cache2\entries\602298E4E91203CD31EAB4F9F2D97C311E5CA5BA

Filesize
119KB

MD5
b16fb3a982984dc0f09f5d81a7a39458

SHA1
6f3caa1e9e485456488b5dc2942d4bbbadb40da8

SHA256
02e12670d01493077c98af23b08ff3253e91df9d79d1cd40f43990def5cfbf6f

SHA512
4a6b1c81c69c12fe6d5aa89854008c77907d90c22fd4dc4cc77a766a110d01b77c25e1156a3eed86a5c3617cc0d02764b44986bea8fd475a8c0ff8052299559c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvnvyogb.default-release\cache2\entries\A73969A6D98ABA66BBF224929FF4CBB098EAFE91

Filesize
1.0MB

MD5
d263741a6d95c89e42f18b0c87140cf3

SHA1
c93a995999607a2fe1a476dbe35a1b5e7d745bc4

SHA256
63fe41bd07d6bbca89a75ec1c906860049df55430e3af9200649d3b15a2b7ceb

SHA512
a704161b3e19a7e3a99cd430e65d7f4a9947073ec7e8e9f11498848c213c0935eb96b2e9297a9a57495f162876df2484d023646627b36f69d9ee19c9ccd4d856

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvnvyogb.default-release\cache2\entries\B74C48B9EB02087EF866AF76C86631655E379508

Filesize
198KB

MD5
0664dc4192943627e28df759777fde6f

SHA1
1da0ef23b910b9351835efb145d97508be74b480

SHA256
93c4485fd8bf555a483d79b2f9dc5f335d562060ec05eda3aa898b108b201c4a

SHA512
121a4fced43468f21e6c80470cd3e51497756a3ac764bd9a40edad2ddd59ff30b6450d3fa0ccb3375ccb1e58af53c01d73149e041ee4d4cd1000c9de17bbfef2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvnvyogb.default-release\cache2\entries\C8031BDA95DF29424A051B83396A5B90020E57C3

Filesize
204KB

MD5
91565ebc517e0fe6297550b3bf07e194

SHA1
d9b27d4d13cd380cee3ae68182a21d370207571e

SHA256
49dda09a78bd985745ed1eba8359f224436ced5db6b5e3bd12f79be3b89de349

SHA512
27b45160f2e5bfacd999317cc0eb90f4afc2d91d32ab921b5d5a442b037bb6eb2b4b35a60e5acb2ea2286c3af53a5b4b04e0c623ca6ddd0a511619fa8aa0300a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvnvyogb.default-release\cache2\entries\DE54ED6D3369665CA7A0A900BE225066FEF4666E

Filesize
32KB

MD5
4602cc120d49c155bd542ccf5a96ee06

SHA1
9f532756233724c0c818a806bf25cf162fc4b998

SHA256
09b935caf033144f8b27940bf261abed21b80cc318c3f573c3f97206ffa2a0de

SHA512
18f76ba26f776049bffff61e75f12837da832cb79adcdbe814aecbeaa74127358e7fbec56c0d161e343c8791778b7a0feb4a8b7107e90658245df13d3ba3dfda

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvnvyogb.default-release\cache2\entries\F39ADF2A6144976D912863C55E1C170126AB8D89

Filesize
42KB

MD5
cb7ef6ccf6249a4bf41283a57f7f5041

SHA1
09b523f725b307537675f48572efc45192cc8095

SHA256
d06b9920f153dc938043491a88873aa32eff77024ed35f80068e4da789dbc00a

SHA512
14d90c1ffdc3451a1d663867bb26e8bcf7d3ea388709a5c0b2f675504cb82f26e9a39cc5002d2f06e5b45c53259f905786a09ab1d0a9dab25464bfcc9fff26b1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
14KB

MD5
d99a8c73e2e9035ba26fde9e63645349

SHA1
5c6111cd815e55e043e33132e34aa554b5177699

SHA256
e3fb55db011ee907c227735545469f5f0e93641b93b97450743587119bfbe8a7

SHA512
a050bebcddc1bd57a313640cd1badb9c9c8941f50c1b47a27dc5894be8c222e8810d340a72a1a4a620ce88d3349f73fd04bbf68ddadb2db4d5549eaf7918b36f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
15KB

MD5
075d16fe1527ca0f5410601852c22688

SHA1
b32975121b807f42242d4f4eeef5c0c55212d9dc

SHA256
41fcc877843262e55c735a3cc24d3ab7cb5fe9477a56e4606d05c85def0b2098

SHA512
83e041398cc42237476b058de0930c9977076d409478b545de0b32617029848c4df21796023d20e8d0065144c0dd21b816b099d090ef093108a8df506cf3f46f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
4069a6893ec7013e8815503ba6f109ad

SHA1
c22f4698b8434fd4a23b5565cf3e51bc81492317

SHA256
5890429708a61a0dcc10efd50039c683d20555b45a6273bb1296d2f4dc2abca4

SHA512
cd93c653b21082b04dd4079910490db16d718e81c484223ca7c11891d9a95bc15202645580a1d7dbdd997966d5bbe94876103327b20f08dc2913a2a1a7514c7e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\datareporting\glean\pending_pings\2c24ebac-1a9e-480f-a1de-ea9c10ddc893

Filesize
734B

MD5
59ff97536852c48438f3c77fbb474441

SHA1
46095c0a75561312d288c9e3e544d8dcb5a7afe8

SHA256
dd0dab28f2fe74da95bade101bea317c68dab740fd4777e4e2efdaea0b83f12c

SHA512
442d95c3829a1c422e184de044c963f5bbbf99c72588f745c232682b925ea6cab0ed7da06b2477bb10f16a8ef5f0ae779335a0a7d073a8628a6744c8a109a9a2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\prefs-1.js

Filesize
6KB

MD5
0d0bffb66641f0dcf786a4abebd48bc6

SHA1
b1cada45a80f5f5aa922177c9b5e79f918e42946

SHA256
9fcc6048fb379c0222a10a0c1b0e75b0094f864145190d26092c9b276399a568

SHA512
a9bfdaea4fb017fcddd83b5ca987ec38bb576f77291ae89fc81a4e3509cc22ce4a27459a84548ceb69c7dd95d51e324a86dc5fd722d546776cf6458fce74f569

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\prefs.js

Filesize
6KB

MD5
6344c37290220d88d8e7ae8940633d3b

SHA1
0074840f4e5e73f3652331a8bc24d5a207d200c0

SHA256
ab6ccfbcde532dc19aeb832fa22cd290b458d6fc28768f25cfbb04906a1d407b

SHA512
54b1377b6f46d2451a7495dc617c714fa119f44fcaadb4d32f72d4260081c9df70074519555929d810506de13d7e4b9e5e6fbb5045d936b6219ec432302652bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
eef9c8ac06e45f99ffa09c1f5bdedbb8

SHA1
4ee515210270c32cacd20cb20b6c65ccdcc99e7f

SHA256
bc0e14707a6106ad5c8070743d40811faf254e205227085a68de85516db0de3b

SHA512
599f9f9941f25d56e29ffcf9578d225b5e74123689716a8577106db4b07acd9d0cfedb36f80ecf63a5bb809a8710340b2700a81a920fcd09cc661a1dbb58854a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
230faeb6fe48847e7ae8ea0e66250866

SHA1
c99d4d2ee6c8ea793406b7d767795e30ed7fa4ab

SHA256
4e8810aecabfd98da1dd3caeebe27e5074c7cd19aaf2c60a4bdaf7bb8a840084

SHA512
c0ebdcf69dab2abf844c108c4f06fdeef3614a865ca6666a3b241572b04f499ca1ae3cc31b10024ae4be1856225d4bb7925eb717de27e52fca8d079ec34c640d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
63e0806b8896630c29381f3c5dea4b65

SHA1
00350f4fdcf77df3f11bb619d9dc41f0435214e6

SHA256
2e3071071da90760d96681172dc3a043bd3e11cdc142ae73a78ab5166c429e60

SHA512
9e91ef4e7e079dd36b983bf6a9169b6b423f4b81ae9018f44ee3ad9a46a88bccd9ad2bdabc568449a44220fd262fb68b07c33fa7c5c4f77754ddb2b94fca822e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
ff945df201cc576b1740436287375082

SHA1
65998d180ae16ebe3a1ed1e7ac5dececf59744fa

SHA256
4ec3813f90d2116353d2c054bd39c1af7882abe66df5f1a4e27a36f7d955c9c1

SHA512
4ed0a767de3c4dba1ab68715f92b4ec472397e2d9d59262ed938f1cd42b00516359f4942ff8b1596f7ecbefdcb06dabf256f0406bc6ce36a2700c4ee5841d550

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
39KB

MD5
bfcef2f326beeb2ed12af77bcf1f3a3e

SHA1
6dfad48dc59b175386819e28be3e6c3a81c0f613

SHA256
242da3683b82223fbef4def6a230b6bd199a2e471012202349c64bbc5ba14e90

SHA512
5500beed2b99ea32e313cb3e50392d384ff48a5df83b79d331438241547b00001100263bb848abae9f1b094285e47cc717065d19e3583c4069d1b8f4da79520c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
39KB

MD5
d08194b92fb98ebcd2579c732bfa9901

SHA1
301b9bf5b21fb7f700eda8f0d792e1bda08996f1

SHA256
4e3abedbbd550f67beed878d807150d38dafbc9458bd61d02582b709a0e7dfaa

SHA512
c95323e978c622cdee173bf2f772a033cad8e1b81243fa99b907e213f7b40899d9660b914fbace0f23555617586f226da93338113f52bcde25ae1e8f72bbd10d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
38KB

MD5
a3da4f014c421d5d60b7fdcf2440dd71

SHA1
3cc772019934f50f6288525c75d18da467e39811

SHA256
22b016b7fea9adac433ef8d6efab07acf50f6e1b550674b0117d9a0024f90ae8

SHA512
7f52224fcf68a1a5ade2984a83e54c258bc0e8375fc9827a0cf3b6b9085b2e463fa6762a55ce036b6f59b530965165949099425a0bde7821f6d267d56bdae930

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
39KB

MD5
524a3e6a9d0b004bd1d2d2131479f57c

SHA1
55734a379b71a04a43c076a08d38e9eaa6e79cad

SHA256
c173309dbc78c671a5a278f116733e79c73e47450c926a54b8411f55713a611d

SHA512
22a0c09e7e05e47b26ab01ca16013c8fd91bc93f9372a70a1ba68ddebf9e530104762e86ecac5d26a6b17c5b87b54b2037e6f1f5501b532805091e5d2a39d3b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
38KB

MD5
7a3d85fcb3024815ae90134ff96558db

SHA1
fcc129d52c10be3d98e0d149e6d3e24055806daf

SHA256
7441fe1598f15fec554d5ee65423c01e58d0b12faced286b732f658123a6989a

SHA512
929d3aadfc877d5d912af6f1c719f2a3f87efb6bcc4e597ffba7c7032fe65c93c6b50ece3aae5d131d55ab6c161dfd7b802d94af6b47363b572915ed809f2740

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
38KB

MD5
42960e029ddde6dc67d53fc9637172de

SHA1
43e2882082ea954696cda81356a27ebfb22d9ff5

SHA256
828564fd65c1155a655b5c5eb4457493894a4b91c22f97c2445331c442d92b44

SHA512
440adc65e9d688eccef0fe31a6456a3b4a1c825f2c15ff7eb04c0ed420b9a16985dfcaab35e447733956ab2fee58c9beb7002894c080e4fce15112d92c4d19b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
38KB

MD5
18bc34d11cfb2887d4d8a4f0971a62bf

SHA1
87a1e99fe4fa6083320479d9ad62b7fb34c183d4

SHA256
0363e1c44281bdcfad94f793213a2a2f9a9306db8246f0c9723a430534f49f21

SHA512
1e79fed486dab067aac7ca8b12cfcaed5bdb523fed7cd014986e0f31464359848facd535e80090bb7348ee3db4c9650f709a48fc50f707e0f4b247dab230b669

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
38KB

MD5
1d46ea199060c03307a6c9cbc65a0a4b

SHA1
a500e585fc663cf8ed68e8823ec7c52fc4861c0a

SHA256
c8f4ca8bcb2f49abfcad4434646e2c70a6bea7ead062a59e9f0f663b3926980a

SHA512
0a2487553c95e030c00db631b4229a72832ac575c32fb254ff48e0ac45fddf24785bad487cc0c36900791c38474093e93fa00c05d66d5867804496f6337974ff

Download Submit