umbral | 10dc10518c71d9ffe98d058f8e8c7f597f4164f2ed5ce38920254498f2700d86

Analysis

max time kernel
1049s
max time network
1051s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
20-03-2024 18:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MapColor.exe
Size

11KB
MD5

96105cbf8b1663718b07e01a112ad1d7
SHA1

190a352854f9e35a37082fc03afd917f25a1d595
SHA256

10dc10518c71d9ffe98d058f8e8c7f597f4164f2ed5ce38920254498f2700d86
SHA512

dab3e690633587669c1367a877724c44bb7ce29bdb6d5021de5aa9ed16a20317dfe1cf7e6c39503852f86395ffea11fa507ff2a0dbc37f2f9a10813a1111fbe1
SSDEEP

192:2DLp5j7Mpmi3OUBRRTB56mEPMD5psbE4P7IuiVMDflhwY:snW3OUBR756OpsbE4yVsflhw

Score

10^/10

umbral agilenet spyware stealer

Malware Config

Extracted

Family

umbral

https://discord.com/api/webhooks/1220069539069563050/zxN4Ew3bBFIRZqePrUxrfkpmDDY33Gr-evzJR44SuGBJ33mnvW2lhPf61k1Eo_Z2Cy1C

Signatures

Detect Umbral payload 2 IoCs

resource	yara_rule
behavioral1/files/0x000200000002a7fe-305.dat	family_umbral
behavioral1/memory/928-307-0x000001B0E1BF0000-0x000001B0E1C30000-memory.dmp	family_umbral

Umbral
Umbral stealer is an opensource moduler stealer written in C#.
stealer umbral

Executes dropped EXE 1 IoCs

pid	Process
928	Umbral.exe

Obfuscated with Agile.Net obfuscator 9 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
behavioral1/memory/1920-239-0x00000203C52B0000-0x00000203C52D0000-memory.dmp	agile_net
behavioral1/memory/1920-243-0x00000203DDC90000-0x00000203DDCFE000-memory.dmp	agile_net
behavioral1/memory/1920-240-0x00000203C52D0000-0x00000203C52F0000-memory.dmp	agile_net
behavioral1/memory/1920-244-0x00000203C39E0000-0x00000203C39EE000-memory.dmp	agile_net
behavioral1/memory/1920-247-0x00000203C5320000-0x00000203C533E000-memory.dmp	agile_net
behavioral1/memory/1920-246-0x00000203C52F0000-0x00000203C5300000-memory.dmp	agile_net
behavioral1/memory/1920-245-0x00000203DDD00000-0x00000203DDD5A000-memory.dmp	agile_net
behavioral1/memory/1920-248-0x00000203DDEB0000-0x00000203DDFFA000-memory.dmp	agile_net
behavioral1/memory/4040-258-0x0000015B46A00000-0x0000015B46A10000-memory.dmp	agile_net

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
43	discord.com
31	discord.com
35	discord.com
37	discord.com

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
39	ip-api.com

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Detects videocard installed 1 TTPs 1 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
2776	wmic.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Umbral.builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Umbral.builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Umbral.builder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	Umbral.builder.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\MRUListEx = ffffffff	Umbral.builder.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\NodeSlot = "5"	Umbral.builder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Umbral.builder.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Umbral.builder.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	Umbral.builder.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	Umbral.builder.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Umbral.builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Umbral.builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Umbral.builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Umbral.builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Umbral.builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	Umbral.builder.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	Umbral.builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Umbral.builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Umbral.builder.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Umbral.builder.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Umbral.builder.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Umbral.builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = 00000000ffffffff	Umbral.builder.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Umbral.builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Umbral.builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings	Umbral.builder.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	Umbral.builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 = 4a003100000000007458ef96100061736400380009000400efbe7458ed967458ef962e000000e6a20200000003000000000000000000000000000000b86dab00610073006400000012000000	Umbral.builder.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	Umbral.builder.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Umbral.Stealer.zip:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe
1920	Umbral.builder.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4088	firefox.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4088	firefox.exe
Token: SeDebugPrivilege	4088	firefox.exe
Token: SeDebugPrivilege	4088	firefox.exe
Token: SeDebugPrivilege	1920	Umbral.builder.exe
Token: SeDebugPrivilege	4040	Umbral.builder.exe
Token: SeDebugPrivilege	4088	firefox.exe
Token: SeDebugPrivilege	4088	firefox.exe
Token: SeDebugPrivilege	4088	firefox.exe
Token: SeDebugPrivilege	4088	firefox.exe
Token: SeDebugPrivilege	928	Umbral.exe
Token: SeDebugPrivilege	2968	powershell.exe
Token: SeDebugPrivilege	772	powershell.exe
Token: SeDebugPrivilege	3360	powershell.exe
Token: SeDebugPrivilege	4900	powershell.exe
Token: SeIncreaseQuotaPrivilege	1416	wmic.exe
Token: SeSecurityPrivilege	1416	wmic.exe
Token: SeTakeOwnershipPrivilege	1416	wmic.exe
Token: SeLoadDriverPrivilege	1416	wmic.exe
Token: SeSystemProfilePrivilege	1416	wmic.exe
Token: SeSystemtimePrivilege	1416	wmic.exe
Token: SeProfSingleProcessPrivilege	1416	wmic.exe
Token: SeIncBasePriorityPrivilege	1416	wmic.exe
Token: SeCreatePagefilePrivilege	1416	wmic.exe
Token: SeBackupPrivilege	1416	wmic.exe
Token: SeRestorePrivilege	1416	wmic.exe
Token: SeShutdownPrivilege	1416	wmic.exe
Token: SeDebugPrivilege	1416	wmic.exe
Token: SeSystemEnvironmentPrivilege	1416	wmic.exe
Token: SeRemoteShutdownPrivilege	1416	wmic.exe
Token: SeUndockPrivilege	1416	wmic.exe
Token: SeManageVolumePrivilege	1416	wmic.exe
Token: 33	1416	wmic.exe
Token: 34	1416	wmic.exe
Token: 35	1416	wmic.exe
Token: 36	1416	wmic.exe
Token: SeIncreaseQuotaPrivilege	1416	wmic.exe
Token: SeSecurityPrivilege	1416	wmic.exe
Token: SeTakeOwnershipPrivilege	1416	wmic.exe
Token: SeLoadDriverPrivilege	1416	wmic.exe
Token: SeSystemProfilePrivilege	1416	wmic.exe
Token: SeSystemtimePrivilege	1416	wmic.exe
Token: SeProfSingleProcessPrivilege	1416	wmic.exe
Token: SeIncBasePriorityPrivilege	1416	wmic.exe
Token: SeCreatePagefilePrivilege	1416	wmic.exe
Token: SeBackupPrivilege	1416	wmic.exe
Token: SeRestorePrivilege	1416	wmic.exe
Token: SeShutdownPrivilege	1416	wmic.exe
Token: SeDebugPrivilege	1416	wmic.exe
Token: SeSystemEnvironmentPrivilege	1416	wmic.exe
Token: SeRemoteShutdownPrivilege	1416	wmic.exe
Token: SeUndockPrivilege	1416	wmic.exe
Token: SeManageVolumePrivilege	1416	wmic.exe
Token: 33	1416	wmic.exe
Token: 34	1416	wmic.exe
Token: 35	1416	wmic.exe
Token: 36	1416	wmic.exe
Token: SeIncreaseQuotaPrivilege	4964	wmic.exe
Token: SeSecurityPrivilege	4964	wmic.exe
Token: SeTakeOwnershipPrivilege	4964	wmic.exe
Token: SeLoadDriverPrivilege	4964	wmic.exe
Token: SeSystemProfilePrivilege	4964	wmic.exe
Token: SeSystemtimePrivilege	4964	wmic.exe
Token: SeProfSingleProcessPrivilege	4964	wmic.exe
Token: SeIncBasePriorityPrivilege	4964	wmic.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
4088	firefox.exe
4088	firefox.exe
4088	firefox.exe
4088	firefox.exe
4088	firefox.exe
4088	firefox.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
4088	firefox.exe
4088	firefox.exe
4088	firefox.exe
4088	firefox.exe
4088	firefox.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4088	firefox.exe
4088	firefox.exe
4088	firefox.exe
4088	firefox.exe
4040	Umbral.builder.exe
4088	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4420 wrote to memory of 4088	4420	firefox.exe	80
PID 4420 wrote to memory of 4088	4420	firefox.exe	80
PID 4420 wrote to memory of 4088	4420	firefox.exe	80
PID 4420 wrote to memory of 4088	4420	firefox.exe	80
PID 4420 wrote to memory of 4088	4420	firefox.exe	80
PID 4420 wrote to memory of 4088	4420	firefox.exe	80
PID 4420 wrote to memory of 4088	4420	firefox.exe	80
PID 4420 wrote to memory of 4088	4420	firefox.exe	80
PID 4420 wrote to memory of 4088	4420	firefox.exe	80
PID 4420 wrote to memory of 4088	4420	firefox.exe	80
PID 4420 wrote to memory of 4088	4420	firefox.exe	80
PID 4088 wrote to memory of 3876	4088	firefox.exe	81
PID 4088 wrote to memory of 3876	4088	firefox.exe	81
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 3260	4088	firefox.exe	82
PID 4088 wrote to memory of 4768	4088	firefox.exe	83
PID 4088 wrote to memory of 4768	4088	firefox.exe	83
PID 4088 wrote to memory of 4768	4088	firefox.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\MapColor.exe
"C:\Users\Admin\AppData\Local\Temp\MapColor.exe"
1⤵
PID:1236

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4420
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.0.1594345331\1379704803" -parentBuildID 20221007134813 -prefsHandle 1748 -prefMapHandle 1736 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48737544-6981-431f-8ea3-8bfba1e9285a} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 1840 28e961f9a58 gpu
    3⤵
    PID:3876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.1.1308328183\435985047" -parentBuildID 20221007134813 -prefsHandle 2204 -prefMapHandle 2200 -prefsLen 20783 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28197b03-49a9-4585-b26b-a02053876b2e} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 2216 28e8a16f858 socket
    3⤵
    PID:3260
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.2.1621058403\1168195396" -childID 1 -isForBrowser -prefsHandle 2808 -prefMapHandle 2708 -prefsLen 20821 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {548b5991-4d81-49ec-820f-6c00a838964f} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 3076 28e96160658 tab
    3⤵
    PID:4768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.3.36407703\1872585436" -childID 2 -isForBrowser -prefsHandle 3436 -prefMapHandle 3432 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4fdefe0-4bdd-4a20-b9d9-754d21302174} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 3448 28e99f10658 tab
    3⤵
    PID:2760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.4.1986340396\565108665" -childID 3 -isForBrowser -prefsHandle 4340 -prefMapHandle 4336 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {93461625-61f0-4bac-97f9-b0624c094430} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 4348 28e9cfbb658 tab
    3⤵
    PID:2312
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.5.1746894982\524076362" -childID 4 -isForBrowser -prefsHandle 5056 -prefMapHandle 5052 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd94e325-f36b-4eb2-b5b2-b969a1eeacd0} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 5068 28e9d78d658 tab
    3⤵
    PID:3636
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.6.223535923\1098299641" -childID 5 -isForBrowser -prefsHandle 5188 -prefMapHandle 5192 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {243c72c2-c95d-4613-a8db-1bc11ad8ee4b} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 5180 28e9dc87258 tab
    3⤵
    PID:4568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.7.857206043\1480295630" -childID 6 -isForBrowser -prefsHandle 5376 -prefMapHandle 5380 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f6080ef-47ea-4891-8f5c-cd4fc2d4d2c7} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 5368 28e9dc87b58 tab
    3⤵
    PID:3364
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.8.1742767046\1397449251" -childID 7 -isForBrowser -prefsHandle 2800 -prefMapHandle 6096 -prefsLen 27472 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {05fa94ec-9d9a-4b9b-b861-551d98fc8883} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 6080 28e96170b58 tab
    3⤵
    PID:1976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.9.1254737250\732038814" -childID 8 -isForBrowser -prefsHandle 9876 -prefMapHandle 9848 -prefsLen 27472 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {054c437b-bab1-4d72-87e8-eb7e4c7085ac} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 9824 28ea1989b58 tab
    3⤵
    PID:4028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.10.725471958\883198722" -childID 9 -isForBrowser -prefsHandle 8696 -prefMapHandle 8652 -prefsLen 27472 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ccb99c7-3c20-434f-951a-6df251075f21} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 8668 28ea5361a58 tab
    3⤵
    PID:1040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.11.222381513\1525029760" -childID 10 -isForBrowser -prefsHandle 8396 -prefMapHandle 8388 -prefsLen 27472 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4fad6f01-bb9e-49c7-8d55-d7d51be9c30f} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 8324 28ea56c4558 tab
    3⤵
    PID:3728
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.12.880458933\656710509" -childID 11 -isForBrowser -prefsHandle 8752 -prefMapHandle 8372 -prefsLen 27472 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {62d5615b-f76e-40ea-88b0-c5e82651f1c7} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 8556 28ea56c4858 tab
    3⤵
    PID:2616
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.13.1723089758\1259760888" -childID 12 -isForBrowser -prefsHandle 8252 -prefMapHandle 8248 -prefsLen 27472 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6942ee62-b015-4f82-b56c-87ee15f0704a} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 8260 28ea5957b58 tab
    3⤵
    PID:3924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.14.1576941188\3183168" -childID 13 -isForBrowser -prefsHandle 5368 -prefMapHandle 5556 -prefsLen 27472 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {29ca0398-4193-41c6-a99e-4351b4fa7e31} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 9344 28ea5af1258 tab
    3⤵
    PID:5172
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.15.1621953737\1153477929" -childID 14 -isForBrowser -prefsHandle 9372 -prefMapHandle 9368 -prefsLen 27472 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ee90329-e5be-418d-a4b0-86e38157bd99} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 9384 28ea5d96e58 tab
    3⤵
    PID:5180
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.16.1913794049\1325540523" -childID 15 -isForBrowser -prefsHandle 5316 -prefMapHandle 5328 -prefsLen 27472 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0bfd6180-7023-46f4-bdef-76ae38705d6b} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 9888 28ea5d98358 tab
    3⤵
    PID:5188
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.17.518988922\611361467" -childID 16 -isForBrowser -prefsHandle 7808 -prefMapHandle 9252 -prefsLen 27472 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59a13d4e-3b35-482c-bfdd-61fed727a83e} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 9848 28e8a16eb58 tab
    3⤵
    PID:5392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.18.1852825978\1444408845" -childID 17 -isForBrowser -prefsHandle 9184 -prefMapHandle 9096 -prefsLen 27472 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76714d70-365a-4cd5-b35b-16ccb59b04b5} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 7712 28ea41f9858 tab
    3⤵
    PID:5720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.19.934848120\255577522" -childID 18 -isForBrowser -prefsHandle 7560 -prefMapHandle 7556 -prefsLen 27472 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a266a345-f498-404d-885d-85735f744d25} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 9384 28ea40e7a58 tab
    3⤵
    PID:6040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.20.1255618672\1699226489" -parentBuildID 20221007134813 -prefsHandle 7320 -prefMapHandle 7316 -prefsLen 27472 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {60cfcb58-7078-4379-ae4c-7606e310afc9} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 7328 28ea47ecd58 rdd
    3⤵
    PID:5400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.21.879230642\902402430" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 7344 -prefMapHandle 7560 -prefsLen 27472 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {089028b0-0b4f-4938-91ef-167df5b70425} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 7196 28ea60cd758 utility
    3⤵
    PID:5336
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.22.1758565429\1734082833" -childID 19 -isForBrowser -prefsHandle 6860 -prefMapHandle 1332 -prefsLen 27472 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4bfd0970-b418-49c8-a7e7-b42f6fbc3c5d} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 6848 28ea70f0958 tab
    3⤵
    PID:6820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.23.236578068\696019759" -childID 20 -isForBrowser -prefsHandle 6732 -prefMapHandle 6832 -prefsLen 27472 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {347eb33b-7259-444b-903e-15da8ee43ef6} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 7000 28ea70f0058 tab
    3⤵
    PID:6828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.24.1021853305\1275784781" -childID 21 -isForBrowser -prefsHandle 6720 -prefMapHandle 6724 -prefsLen 27472 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {572426ea-d280-47da-bd97-f28f6b9e0487} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 6984 28ea70f1258 tab
    3⤵
    PID:6836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.25.433235143\1506430430" -childID 22 -isForBrowser -prefsHandle 7060 -prefMapHandle 10460 -prefsLen 27472 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c31f0142-eaa2-4f7c-ae9c-56b65a8ad8f2} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 10464 28ea7616758 tab
    3⤵
    PID:6448
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.26.2082091143\1595612198" -childID 23 -isForBrowser -prefsHandle 10616 -prefMapHandle 10620 -prefsLen 27472 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4a93fff-cc88-44bc-a77c-6385320ab6b9} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 10608 28ea7618e58 tab
    3⤵
    PID:6480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.27.52277528\800204765" -childID 24 -isForBrowser -prefsHandle 9024 -prefMapHandle 9332 -prefsLen 27472 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6151d37d-33a2-462b-a6e0-8d0600b616e1} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 8280 28ea5921f58 tab
    3⤵
    PID:6264
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.28.55090177\1815557293" -childID 25 -isForBrowser -prefsHandle 10848 -prefMapHandle 6992 -prefsLen 27472 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e373015f-57ea-42f8-b8ed-21bbda5a76a1} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 10100 28ea7283f58 tab
    3⤵
    PID:6748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.29.1834121823\1440468100" -childID 26 -isForBrowser -prefsHandle 7544 -prefMapHandle 6640 -prefsLen 27481 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9cecda35-d671-4d60-a7b9-aa1eb044846b} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 8288 28ea41f9258 tab
    3⤵
    PID:5356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.30.834903547\1208397720" -childID 27 -isForBrowser -prefsHandle 6952 -prefMapHandle 9588 -prefsLen 27481 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b9982bc-3735-4774-a954-32eab35c9669} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 6572 28ea5f49158 tab
    3⤵
    PID:6136
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.31.1599836352\2115389829" -childID 28 -isForBrowser -prefsHandle 8836 -prefMapHandle 9792 -prefsLen 27481 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad0e4380-6c35-437c-b74f-2192607d132f} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 11192 28e9ee6f658 tab
    3⤵
    PID:1160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.32.1729051204\1683615595" -childID 29 -isForBrowser -prefsHandle 6400 -prefMapHandle 9064 -prefsLen 27481 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dcdae9cd-ecff-44e0-bf60-964b3a37dab5} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 6680 28ea8a85e58 tab
    3⤵
    PID:6132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.33.473297430\299582764" -childID 30 -isForBrowser -prefsHandle 6436 -prefMapHandle 10136 -prefsLen 27481 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae6e841a-3816-47d7-b705-44406ec8f5a6} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 11112 28ea93d6f58 tab
    3⤵
    PID:7032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.34.1114051499\1914714096" -childID 31 -isForBrowser -prefsHandle 6864 -prefMapHandle 8088 -prefsLen 27481 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {93ff1580-5176-49de-a888-7b084f85c19a} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 8068 28ea8d72258 tab
    3⤵
    PID:7048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.35.347892421\809923848" -childID 32 -isForBrowser -prefsHandle 10464 -prefMapHandle 5748 -prefsLen 27490 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {34b0762f-0a7b-44bb-97c1-e8766fef1a7f} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 11192 28ea11ae858 tab
    3⤵
    PID:5904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.36.1506353545\1992533542" -childID 33 -isForBrowser -prefsHandle 10668 -prefMapHandle 8652 -prefsLen 27490 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a49ed23-cb47-4c68-90bd-b547b9288a62} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 8664 28eaa957b58 tab
    3⤵
    PID:3132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.37.654040498\615969007" -childID 34 -isForBrowser -prefsHandle 9428 -prefMapHandle 7312 -prefsLen 27490 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44c54687-d626-468c-8a84-dc4ec94b3d0e} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 4304 28ea4444f58 tab
    3⤵
    PID:1052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.38.186200942\392618748" -childID 35 -isForBrowser -prefsHandle 9428 -prefMapHandle 7312 -prefsLen 27794 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfb837f5-283a-410e-8bd0-5d4e6868de48} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 10160 28eaaa06d58 tab
    3⤵
    PID:8172
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.39.1578905010\64789813" -childID 36 -isForBrowser -prefsHandle 6928 -prefMapHandle 7824 -prefsLen 27794 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {01f270f3-f094-4d6a-b6ab-e977a0af732f} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 7908 28eaa30b958 tab
    3⤵
    PID:5988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.40.1530716022\1617338437" -childID 37 -isForBrowser -prefsHandle 6460 -prefMapHandle 6564 -prefsLen 27794 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {396b72c6-0bb0-44f3-b773-fc597c89c025} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 8416 28eabb5db58 tab
    3⤵
    PID:7916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.41.1819540817\1819330716" -childID 38 -isForBrowser -prefsHandle 5400 -prefMapHandle 8664 -prefsLen 27803 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f64fe34-6bbc-4de3-a0b6-b2f7beba1d4c} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 8140 28eac3ede58 tab
    3⤵
    PID:7964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.42.136670457\1814244487" -childID 39 -isForBrowser -prefsHandle 4472 -prefMapHandle 4392 -prefsLen 27803 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2005272-bee1-459b-8dc3-ecb9edcad157} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 4460 28ea1357a58 tab
    3⤵
    PID:8072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.43.1432042076\19826061" -childID 40 -isForBrowser -prefsHandle 6956 -prefMapHandle 7388 -prefsLen 27803 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {06b86ada-6824-401a-8f7f-f320180faa78} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 6972 28ea1b70158 tab
    3⤵
    PID:6680
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.44.1878347635\1619146728" -childID 41 -isForBrowser -prefsHandle 6480 -prefMapHandle 10644 -prefsLen 27861 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3dcaaac-fddb-4c32-b20b-e80271c6ffc0} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 7768 28ea18fde58 tab
    3⤵
    PID:2452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.45.683573159\368604589" -childID 42 -isForBrowser -prefsHandle 9300 -prefMapHandle 11120 -prefsLen 27861 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c789a55b-f21f-41e0-855c-2e28ec329da8} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 5788 28ea18d0458 tab
    3⤵
    PID:7708
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.46.981461518\86135172" -childID 43 -isForBrowser -prefsHandle 11096 -prefMapHandle 4524 -prefsLen 27861 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {304e2972-73a1-4080-9f67-706b3389182f} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 6424 28ea3fa2e58 tab
    3⤵
    PID:8132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.47.1730239107\2052166026" -childID 44 -isForBrowser -prefsHandle 10152 -prefMapHandle 10480 -prefsLen 27861 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b285a41a-1d94-4ebe-b1a9-9583b8249260} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 10640 28ea56c5758 tab
    3⤵
    PID:7620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.48.1392480299\382521831" -childID 45 -isForBrowser -prefsHandle 6416 -prefMapHandle 10872 -prefsLen 27861 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5108268-27cf-4b62-9a46-fcb299b81806} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 7512 28ea0983558 tab
    3⤵
    PID:2964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.49.1767488437\1788481196" -childID 46 -isForBrowser -prefsHandle 10872 -prefMapHandle 4428 -prefsLen 27861 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2f7f36f-e3df-43c4-9ab4-26383d56c2cb} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 9176 28ea1879758 tab
    3⤵
    PID:6564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.50.91299412\649732907" -childID 47 -isForBrowser -prefsHandle 10148 -prefMapHandle 5348 -prefsLen 27861 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c2f4606-dc5f-46e6-b3e0-798915f202a7} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 4000 28ea1b71c58 tab
    3⤵
    PID:8124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.51.1032667020\543312399" -childID 48 -isForBrowser -prefsHandle 6860 -prefMapHandle 6664 -prefsLen 27861 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {407d2df6-7a81-4f2e-bbfc-9d8bb4067062} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 5348 28ea5132558 tab
    3⤵
    PID:7528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.52.1540786970\1286660836" -childID 49 -isForBrowser -prefsHandle 6716 -prefMapHandle 10572 -prefsLen 27861 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a30811f5-50e0-4f11-a5e5-0aa6b33735ed} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 10620 28ea520ff58 tab
    3⤵
    PID:4480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.53.870080136\899025257" -childID 50 -isForBrowser -prefsHandle 7196 -prefMapHandle 10256 -prefsLen 27861 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07f875d8-2781-4dbc-b1e0-b886588978c7} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 9600 28e9d78eb58 tab
    3⤵
    PID:5780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.54.1678029110\543623157" -childID 51 -isForBrowser -prefsHandle 4260 -prefMapHandle 4268 -prefsLen 27861 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67bcf3f0-65ec-471b-9d45-68ed0dd026e4} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 4256 28ea1a7ee58 tab
    3⤵
    PID:4420
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.55.1644794793\307224766" -childID 52 -isForBrowser -prefsHandle 10984 -prefMapHandle 7312 -prefsLen 27861 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d570f943-b8eb-4675-969b-812913565106} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 10524 28ea45a7958 tab
    3⤵
    PID:784
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.56.747089225\525521581" -childID 53 -isForBrowser -prefsHandle 11076 -prefMapHandle 11032 -prefsLen 27861 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9099ed14-97f7-4f66-859d-b633bacfae95} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 4476 28ea5347b58 tab
    3⤵
    PID:4824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.57.273604012\1722641096" -childID 54 -isForBrowser -prefsHandle 5788 -prefMapHandle 6108 -prefsLen 27861 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b15f098-56b0-4b74-9503-9710fae014b2} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 4368 28ea550db58 tab
    3⤵
    PID:7900
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.58.1650350293\1689198359" -childID 55 -isForBrowser -prefsHandle 4396 -prefMapHandle 10160 -prefsLen 27861 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1de2f266-78a1-4b84-8f03-5951b047c446} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 8452 28ea1988658 tab
    3⤵
    PID:8068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.59.148044110\788590266" -childID 56 -isForBrowser -prefsHandle 7388 -prefMapHandle 10144 -prefsLen 27861 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0180a4db-90ac-432a-b3f9-e40e6a64786b} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 4656 28ea5345158 tab
    3⤵
    PID:7516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.60.567625425\441500644" -childID 57 -isForBrowser -prefsHandle 9936 -prefMapHandle 8416 -prefsLen 27861 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ec90f95-c231-4c3b-9413-921d9b886547} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 4272 28ea1814a58 tab
    3⤵
    PID:6604
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4088.61.1059233059\729134508" -childID 58 -isForBrowser -prefsHandle 11072 -prefMapHandle 6716 -prefsLen 27861 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {92f50de7-c460-4bcb-9ff5-dc82d5805c41} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" 9040 28ea1443158 tab
    3⤵
    PID:6544

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3564

C:\Users\Admin\Desktop\asd\Umbral.builder.exe
"C:\Users\Admin\Desktop\asd\Umbral.builder.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1920

C:\Users\Admin\Desktop\asd\Umbral.builder.exe
"C:\Users\Admin\Desktop\asd\Umbral.builder.exe"
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4040

C:\Users\Admin\Desktop\asd\Umbral.exe
"C:\Users\Admin\Desktop\asd\Umbral.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:928
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\Desktop\asd\Umbral.exe'
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2968
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:772
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3360
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4900
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" os get Caption
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1416
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" computersystem get totalphysicalmemory
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4964
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:3656
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
  2⤵
  PID:2132
- C:\Windows\System32\Wbem\wmic.exe
  "wmic" path win32_VideoController get name
  2⤵
  - Detects videocard installed
  PID:2776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Umbral.builder.exe.log

Filesize
1KB

MD5
b4e91d2e5f40d5e2586a86cf3bb4df24

SHA1
31920b3a41aa4400d4a0230a7622848789b38672

SHA256
5d8af3c7519874ed42a0d74ee559ae30d9cc6930aef213079347e2b47092c210

SHA512
968751b79a98961f145de48d425ea820fd1875bae79a725adf35fc8f4706c103ee0c7babd4838166d8a0dda9fbce3728c0265a04c4b37f335ec4eaa110a2b319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
627073ee3ca9676911bee35548eff2b8

SHA1
4c4b68c65e2cab9864b51167d710aa29ebdcff2e

SHA256
85b280a39fc31ba1e15fb06102a05b8405ff3b82feb181d4170f04e466dd647c

SHA512
3c5f6c03e253b83c57e8d6f0334187dbdcdf4fa549eecd36cbc1322dca6d3ca891dc6a019c49ec2eafb88f82d0434299c31e4dfaab123acb42e0546218f311fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
1a9fa92a4f2e2ec9e244d43a6a4f8fb9

SHA1
9910190edfaccece1dfcc1d92e357772f5dae8f7

SHA256
0ee052d5333fd5fd86bc84856fec98e045f077a7ac8051651bf7c521b9706888

SHA512
5d2361476fa22200e6f83883efe7dcb8c3fe7dae8d56e04e28a36e9ae1270c327b6aa161d92b239593da7661289d002c574446ecfd6bd19928209aae25e3ef64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
948B

MD5
45741c307af2576c6437c5fdb24ef9ce

SHA1
a6ba7a7705db14ac29a18a98dd7deb4cc759c3bf

SHA256
7887859f7179e194ff9b78f8d8fa3830790110a01597f21ff48c84cd935e49d2

SHA512
39fdc5931563cbf826e8b643b5f0dcdf45bb6f95a8eeb460499257ca41b3dbee4c692eaacc3fd33bddf4b6ff0c828981ed7e9cd080007bbb9f0b28e7d0d66941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
7332074ae2b01262736b6fbd9e100dac

SHA1
22f992165065107cc9417fa4117240d84414a13c

SHA256
baea84fda6c1f13090b8cbd91c920848946f10ce155ef31a1df4cd453ee7e4aa

SHA512
4ae6f0e012c31ac1fc2ff4a8877ce2b4667c45b6e651de798318a39a2b6fd39a6f72dffa8b0b89b7a045a27d724d195656faa25a9fec79b22f37ddebb5d22da2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
00b5dac0faabd946e46411c68c4e4b54

SHA1
ebffe4f7312c6a3ea1a5bfb8e36e3716b73a71de

SHA256
ba0bccd5b683d96eda6d4000424147e0dddaa1e6c87dd65566721f4552397133

SHA512
25a291425f8ac169440d5a6250b2eae67261d599bd35aa3e02c742deed5aedea7d4e88910947116068759e3b8cb5fd82c29b6360d86b663fc536b09bd69ac9c0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\doomed\14814

Filesize
8KB

MD5
d12202d6151e168a3e16df2d7d8abde5

SHA1
aae570c89c31c728364c65d7c4d46ef3e7bd1439

SHA256
75ac21e45569a0a8a8288fef8d7ea41b9a09966cee81e59a596bf0d1a0a53d4f

SHA512
54d20b4e7574954496ccf7437238c9616b34f507fae3306f049d607ac98537ef0ec0756bf9c988fb0ba0bd007cc311e1c5acd3490edc1ab3d0f800208a1ec2ee

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\doomed\16609

Filesize
13KB

MD5
c417a126fda75b1a7c2f3eda9524a59e

SHA1
1df0db4916a0bf145bc9a92961ae6c65875f201d

SHA256
8ccf6de6f0a6c585959c5686885bd3169b31deec6372c367a1d1d15d918225d2

SHA512
328e702894e05093c0cee7e4740294a17e478b766430a9ce0116aa9a0ca2d9421ef150dd5b3f1ad316afd3894598881393e4c0a20d733e0ebfa06e9e8c947f8b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\doomed\24114

Filesize
32KB

MD5
3f9e4fb39021f0fc56e7f440b2c9bf98

SHA1
be616081eb0f4836e1f030293162b434f52d00be

SHA256
17a0dcfaf134ba466cf8716298188938317d26df100303adc3273ce00d7f82b2

SHA512
8fe6331e879efbb7506ae676c388d32360eba0c77fa9c66616e787aa46998d6f7ea93878afe9b84835235b289031701c28ebc357097e4f8f83833113e43012cd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\doomed\6007

Filesize
23KB

MD5
236516654a26ad69b59c1681adc06bb9

SHA1
0fdfd48a70ba418eeb6b01912c4b3dd37c581975

SHA256
4cc35057dc20707e52793f4535dc6b271870d206974a2d495c07ddad4f5fdd07

SHA512
609ae839db1cd54d97d76ef7fda70a766edc553b1dc63980b1333fe9a24b643a1d5adca19a209c679d837ccae74cbc91b082c56953785a1282ad3b467af92fa6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\doomed\6027

Filesize
13KB

MD5
f7ae389201fcfa4be794058d1f827cfd

SHA1
21c38bb5bdf05ca85698fbbacb04ffd531fabbaf

SHA256
fb48faef7f89a3cdf67b2090430d88c042a476ca3e6316e14e865929df2f2cf9

SHA512
091a00285f32f4ae9fd7a22f2ad84b8ecd0c54b3490c28951b8dc9de9c88d6cde7dbaaad8a6f486134fd564f98a3602a03d04506ace0f8d10c64008d839f4088

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\entries\24A9211782884A75B1A9C1BF23368A4DC47F6659

Filesize
53KB

MD5
009e3feee03deefa1c68baf86866574a

SHA1
783fd27e848a8740294d9ccb54f5f441e89b3ebd

SHA256
a7d699de59f3abef628316944353f7f95d0a496e8a02cbe678c71905850a64ae

SHA512
65f6487e0cadf3cacd5ccae3630512de962a223d0b30b6a988df479407983a8940840f8dfe20e91aaa6bd00b9667b65c48a2bc015c56727cb58b564a43d53559

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\entries\509296CAF700D0A79992592D8906C97FF2BB5F06

Filesize
22KB

MD5
5e4ac01599853f86abab825cc452cd3a

SHA1
417c2a17472fcf41c025dacc0f748b3dc1e085c7

SHA256
0aa42468d93d7558cabee46b721a08fad0f51715c770b5d0094418004e4b1841

SHA512
1810a501fd28e3859e97c13aead9bee61b19734d2132f0c4392eafa68fa8d8c52f39a11062b3869e6f34aca27b09e8f6472d1f5da4974164e97156dc9cd6bb94

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\entries\576E2F4FBE7FBAF4A60ED96FAD0A3E2D1DF6E3B3

Filesize
21KB

MD5
87ab79a847938691e287f45a9d6d14d3

SHA1
7bced667e913c68eeb290bb3f67f4c68fcb72ac4

SHA256
7ae2e3af4f4afb87375815a3409cfbde4e84da504e6cd1321648c056ae08dd32

SHA512
b901aac4cec17f4305233937415ec3aa8c14ae61a7943b49fbf463f262e70728f347304acba7bcfba385dd37683f8a0cf1f8da78668b4b4bdb717346ea1d3e83

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\entries\6B81439978A03256B09D133C0DF683242AA80D31

Filesize
12KB

MD5
9f21e4a483f7c83d613d8c8f59c79205

SHA1
21520cb4ce1b89e46a59d0e119c1180331395a9e

SHA256
b696f7332c4260fb52bd8e29a3359b6cdc809f467ee36fdaa69b8b302cc3387d

SHA512
be808c29c81f315846f97feeb094d6af5e84133c1f37c165bcb6d0a13fefb2e47d1e648cb25190a36a6a9df3a4ed2c353b79f9d1342c891d9a4a39a99cc111e6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\entries\6DCA183A054C8B5EFD6889F6A4821EE013691609

Filesize
135KB

MD5
2d11019ed6bb803091ef1ebe2c092fad

SHA1
723c919c271dcd92cc56f10b894ea783a83050b1

SHA256
799c1a9a66a9048d2fcd1790c33838b48d326ec4dd218a7f39452e773d4a1b9a

SHA512
04b2090b0e2deefb94a333a3ae29b1c6a82588d49174e054182536f5667c4bb9f9de604b97645079cfa889c8db42eff785874bf0d8517722de4f8fe9863d6fa3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\entries\88A199AC03D16F7ACC420D7C193AC354900A91F6

Filesize
16KB

MD5
c7e9cbe6db91380293baffcb4a2d94b5

SHA1
52645de47c573fdf095bd65de3195163afdd6f07

SHA256
2599587106ec7216c851fb89f5ac2987161aa0dba420b20ee8fa31e8fea4499a

SHA512
bf348d2f4670903a80af1adb7d88a9bce007f3f2f3bd5eee65551b44db88c0b707209f6790be518c60e618eee1c59c01d99f21a9e1adc81b1b8532a0f6f33b71

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\entries\96DDED089D6DEED0DD772FF163742A2D74E2782A

Filesize
18KB

MD5
7da0db2e12dbf8e806055f29c236c90a

SHA1
71455b0f3a42b0d2cd06c3f53b5034bee4e5a0f9

SHA256
16a0a3f5c54e48940dbcdec4c40b4884b0978a00cbe5227e8b5f0dcece91135c

SHA512
e32d1db6ed530611ceb2ca71f802ec1b8a7d5f0735b5aab186a0ba46e14821818b2a8c6f78386256a80a6b3e2bae19130b3d284afa269edc01b2478dad953d8a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\entries\AAB61C8C105D61AAB71B7C9EFD199230D40C4DDE

Filesize
18KB

MD5
f868012681bb8a4b8f3e39cc3425409e

SHA1
146933d424b913005e967b5f69b481fdf8406970

SHA256
f453b191088f7a99d632f00d249e7629b0aca80b865a4a7a74bdd054f7aa107e

SHA512
037a6209f552269a462fc27499855137b29c7331cb500f273faed0517a4c98fb767a5a6cb44c96dddd3a7fde92ad855a3ebc1e644f9980379f137d4b9bc64157

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\entries\AAE6B67DB620E708C864E0874B53F3FA0DF9C144

Filesize
26KB

MD5
34d71fd16b71f2d086f174faf69b4470

SHA1
6e5ab05a0fd10c58fee8ed3e88875155b63a9ef3

SHA256
c6ad2043781c7a9593c02fc705ace70e81ffef090f37e5f5acc895ce7c421a91

SHA512
df91940ca940d4bf8fa472a5f8ce2417993255c3f18552a04e92b0cb99e808df53103acf6024e29398d4767c9cc5820df95bf649e77a15f744a944a0c4527a60

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\entries\B02E2F20BF6F3D73D50AA64282CC8CE867A22669

Filesize
806KB

MD5
17de06757157110c06c10443544188f4

SHA1
597e081e7b1b0dd4154c5c06a7f8ab3bef11ef28

SHA256
1d340b37f361d6c6831a5e4f6da50807eed345b3258bcbf04f4316f68bacc89d

SHA512
413bdb0d071c51f423a556e4a33c15eec1028e6354b69fa24bbe26f7c10173b7de6431c3c718a940950b078255939094e768a72f582402217d69efd7fe5b118e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\entries\B51ED3691C092E0C9623FEB9F0C4F26496F73F3A

Filesize
13KB

MD5
f683d3ce04e6df1e62defe92019bf569

SHA1
cd2f8934999eca7108e8407404b2b9f140236a49

SHA256
fe891ae186c174b24b05afea3e9827dd6025c262dbc07704f90776ff564c8cb6

SHA512
b6b7f73d96a1d8f3c63be990afc554fcc485da9ef61022b0895a1369a1e50bdda62123c5e85bcb405ea2966e178366f594decd682c91d139655a9e063e514a59

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\entries\B8B518AB8A474BECBCDB04B80D4EBE3256E7C05A

Filesize
206KB

MD5
741250395fc177b6295d97defa3d01d5

SHA1
654e9af2dd2eea8a67cefa7f71a93ed0d63a5530

SHA256
f44267dce5732035eb985fbed35632e0967c87f91cbda22e1dbeb63c75fb4eee

SHA512
a77d755f00adfdec698eba2e1a3f6d049989fc3c1d22ed5b7e7be18f40fa0d17e2128aef5419364cca2fb856f7c9fb74b6f41cff8606916965c99d31d1dcf6a4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\entries\B9F1F109F2249FA03D53FD1AF9E254EB46C901C2

Filesize
76KB

MD5
d51dc50b277a306cde0806c1d29a1fa4

SHA1
5d742d164f07abe865e5948ae7a3a4721db4f4ff

SHA256
bb7c436c9809d2233a06853b1767fcf4a96d4bf9eae63216a319e312fb9be2ac

SHA512
42438033f8a37c94dd8284c35b3065b24da8a6f05f2eeca06b6d2adffd3455631cd37e3b33b64da4e3d0fa03d6e6dba38e83744b54e1851f32561b37fcc87015

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\entries\BC739515A2DE8ABDB87A14062F2133E7CD45F6D2

Filesize
18KB

MD5
e7b666b6b0b8977e65dc67763880668a

SHA1
d9b2f0ef189c2c14f632bd212f4e30cf2357af89

SHA256
37ae6374073e41f030e0497342015b958aae33b573c6fa6043b3f7b2d4d061d1

SHA512
3c242e8c0e2b6a84c962c3720920d208b81eb10c5ea3513b4493ef394d578fa9677bd4de8a878fa8cc974e9dd3aaa5840f9b72f4e1de4d56f6dadd3003fad158

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\entries\BCB0EE1925D93E5DFE71C5A5A5EAB93C068CC63E

Filesize
22KB

MD5
65ad32bb1e1310bf9e33a63e22235005

SHA1
b0ce8a5096214106ede825ee6ed82fbb2012a641

SHA256
92ed034a3e5d88a1931c0dcdbb7b8a9a4e66ea964c78ce0ad10b556300337c44

SHA512
50258e32e51ff3c084d954f065fbae7fc91b52574674cfb4eb3ed1beba44da94b715443c488ad368f6643d4af084d64a2bda0cb2b339497f1ca8bbccdf5c2cd7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\entries\C5BE9596CF4D46E0924B4968E6A6C8C2AE7113AB

Filesize
252KB

MD5
a68eb3bc3821182f3581820396de04ad

SHA1
a065b3fae0e50dfffc65a2c178f29e94ed2c099f

SHA256
f00c0544f72e4b22181df1a30d17d6601bc3cefd6e01544f21862d2b94894593

SHA512
f4a1dd9c643b00a75708e247a0c89342c495ed8f4a6f9554a9c0c1f5dea6c5ec2a4a14ef904b43e8f2e374a9c69b64b4fe82652fafc26bc46443b6e92466a9a5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\entries\D28DE22FAC14939817047CA347A8530A61AE9CDA

Filesize
25KB

MD5
fab86d42d9caffb05653ef8f01366c94

SHA1
8623b1649a3d0cf67fa10792a8ca9baa260e41d4

SHA256
c557943ae875ef4f08aa454bfc0670d2737dc542609a45142bed40e64c2fd104

SHA512
7709e2acf0ff1ac49d9e53de5ea735d61ab4bedbe2878289509c0fc2b2973d33cc45e21f4f637d0075496722656af6ec2369fe2c0fa297d19d9a7408db72e54c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\entries\DAE814B5A041D03BABAA4BBDE1ADDD497EBF837E

Filesize
23KB

MD5
e9c92f26a4e4a77365aa02e07894a4c5

SHA1
516f9f6cb262d2811049c35ba31811a1210fb6d3

SHA256
74a67199a2f058605893b69b5f46cc7b3c27a3e9ef2c7cf03cd4bb68a2e3c428

SHA512
ee93dd541cc4f5739dee9174f9e8a671d71a85598683867637d2e5deff634ae958cd37c75228e3e34fecb4a4a013846c2195ccc9f6edd6a5b403929c5933d5e4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\entries\E3C843C200E427D06233CE7C99A6489A0A6891B3

Filesize
17KB

MD5
d08ad1103b215583216f30108249477a

SHA1
70bd10a03a52fdcfa5a73924dabe2fdb404b568b

SHA256
05c5b11c05214423c4f7576f2d0b5640203e7e651fbcaacc1902e4497c3b853c

SHA512
7aefa7d063a3f5a4542587a2f5786e1b3f6197c32e5984a4fec8cee9d20c4e25b060df61b32596cf0aaa30d530a36f4c212f5da79efd00300789bbf7674bcede

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\entries\E7977F6E10AFB3B4A8B829A51A5BF2749364C136

Filesize
115KB

MD5
ff5df7f957daf381e8cf1bff98f84ce2

SHA1
d2dc8d9456bdbdde7022337477728b0e5ef55ac2

SHA256
c51c3ff433b1567ea58726c310b36843be5ccf953da6faa35ea51a8308b9c469

SHA512
cbeb0c8e32e86982fbcd608e331895ac6874ac0d6e94993ddd5d4a8761d1ee2e6a0041de8c5e1be6ebd2d93987c039761f217134d33d80519ebe3dbd2889a668

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
7KB

MD5
c460716b62456449360b23cf5663f275

SHA1
06573a83d88286153066bae7062cc9300e567d92

SHA256
0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

SHA512
476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3qbr3jqc.pq3.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
8KB

MD5
5e985cb3a34e69a78efdf1397f2719ba

SHA1
73f1942327139207132f01137d07c7b9a8206609

SHA256
f23c3fde0fbb5a1b2248c483b7aadae1447ca30c55cfb6f4911d807f70d1c692

SHA512
f01b0af2375643d0df26a0c4aa7ba51e572260daf30cf091a77754cf1a49f1f43f74f3832e07c8018b02098af6ec42b63b2a8769f330185c40b22f49479d2841

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
10KB

MD5
0452a4076ef4f25cb86750607d0b8d8a

SHA1
1ce51b01827cf43512fc9cfe7427f61448aa3292

SHA256
f4bb767224f401fb951312b58dc44f76441c15afa5e73a76724731dd2b7b9fe1

SHA512
2989f39409fa65b179fe4d66e1cfb2d5503cc01e7046b593fa7c79d2e7861cf4b1079a420f6e8b368c47e33f9792d67e071efc4faf455119b29dc6b16bcda89a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
10KB

MD5
51e8661402d7a40ac615f59938d8868a

SHA1
a02c6154016cd55b264a58269f9abe3ad883c1e3

SHA256
8abee67cc6520d4b52ec9e1a4b11ed72e3d26f4b849f689d8f3a8cf307e68b0e

SHA512
e3af57931b85ca9942d3fb76cd547d0b21bb1c879d5f948b2d4727209e3b2e0a036bf7f259dc74a884411f5e500eb9828f729cd67b39ea032848e32a9b7061b6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
10KB

MD5
b1b36c672b97cb18a1bb2ec4660f47be

SHA1
dd4f0128f2ceb1fe7824cc1df8f2c1b57914564a

SHA256
cd2b7aa903fc319c2abcbf9f05124e08ad8ffd6d2d6e104e586ff36324d857cd

SHA512
8469df5d1009cbe6687163fcb595303810d41019b7474e5749539aa5e9ad9dfc5cd67c9db8cc54bed5a4b113ad3336c5833c22ab3c79fb04e2968b6e3714f3fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\SiteSecurityServiceState.txt

Filesize
451B

MD5
d28fd5d59c23c8940601586950ddee20

SHA1
0b5abb15fe557ef648e49716eaba5a8529567baf

SHA256
0e03a248a76caa14fe0aefaec3bc6e1d68bc61efd07931c421800827a38edded

SHA512
0ed6010f1b3e2c86be3c6d591b51229d684e2d072d049cff85954612f8794a63f3d50ad68918ee20d49c61dec23187bc8b1cfb169c8d17f3293ad0ed8d1937de

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\bookmarkbackups\bookmarks-2024-03-20_11_N0xM6BHq++u5-wrOHU0wog==.jsonlz4

Filesize
940B

MD5
f44774de3601ee6fe35adb9adbd6bdf4

SHA1
d359f57e8e0705736e4dbcc999c1a4c5dd5984b1

SHA256
dff76edd17978f820759ba7b8e74197c608d928aedaf1573ee1e191328d2729b

SHA512
527bc4d4b6c8fa6973faa760f263d17282d56df5126f34732508ca37596b5517e5622c8bb6c8b71e839ac3f13a3402a7d49556d29de95fba8fad83482da64e0a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
c8444459509acfbd43ec4fa865573390

SHA1
2eff6fdd936d24001086e15216ce6cc78416ea0f

SHA256
faeac8ee481726f833a81b4c1913f39f103db1d5e068fbcf878d455f5376982b

SHA512
63e56409868b6e64eedf874f03c05f812ed3d21445d468deda8c73cd4cb03972459429bccc16d3453a44eb52b31020edb4b38fb485c0b132b80450fb5c16518c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\datareporting\glean\pending_pings\26150a4e-eedd-4643-a2fa-d90d9c1dbf51

Filesize
9KB

MD5
1e3e81d68d6ca995f96c9d91887f8742

SHA1
5485e211ccc249498b4927b6ba967b4496c3adda

SHA256
8469af9fd13ea6825b6229dc71ffa9f3ff3a272a1e87506fb8e72e0b11ef6983

SHA512
130fdfef9f36b3e8008852a5ea4c2ac4f59bb898866664b1c5f190d4f1ebb33a10978de7a0afcffea6f1b6c617076e0d66d10f300c2121bf01ce103d602ea817

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\datareporting\glean\pending_pings\c70f973f-4b3b-49df-be31-48a42b3ec935

Filesize
669B

MD5
d26b2b0d620af4ac5485c265797f35f2

SHA1
8ebfd70268097f2cfe59bdeb24b60e0190851d82

SHA256
ac97ca8de49647e3fabc515df14909c0117f3c8e81c5e4e37e07766e12332c2e

SHA512
ef2dfe4a79eff82591ff8707f42eb12dec89e077a8c51db4931e5fdbb8a336fdb441070498d3cd44ea4267abff24ac70a95c78bbeff087062a9dcdeb98668dea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
8.4MB

MD5
bdf088e7e3754d1ae4712b4e4597e67e

SHA1
8729c8d7fa01549072e9b6037bfa99e8a61e07e7

SHA256
0dd45259e66b8e51178a0eb98f14aa4f44eb5ac0cc1d95434af8404af8c8c1b2

SHA512
e588d6fa41292ac549b5f00c1be05ac5dba45a9c6f899a4ada01c885c2853c0f7d6a1ed30fcd71bcc305808e41eed98484748bb36b4ca34be620cdc64f7f152f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\prefs-1.js

Filesize
7KB

MD5
f280e683efbb29fb8eab04efcf770113

SHA1
d6d849abf6c869300da0c9c56c1ace3977c4da5f

SHA256
bbdc6ed3a846b8003df7057f4faffbd043c60e06f3dbff080f18aaa7331f2644

SHA512
452a77317361e67590b87d23d7f2e3ba1254d1422cac31a32486be8d5a56f647d9921c28a596412b994b799cbdeb57fc029da51d36b892100d2889d49ddf015a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\prefs-1.js

Filesize
7KB

MD5
3606706c624c52aec14a60cd50da17fc

SHA1
fe5482c296e7a4241c2c3e5d0e4ebb369ca4517e

SHA256
c5121a1c4ef1c9ac053186f0b303d524d33899ec44c622a3f1cd62946107cfd5

SHA512
c13867377f1e08b63d3d6d1a65ed25edec6c45cd91374bad14c1f55ce69ae153c5d9a921db48eadcd9e84eaade83771332cf9c225abefdc46c358006d335f8fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\prefs-1.js

Filesize
7KB

MD5
990cfc8fb29664185edb219a374169b3

SHA1
b758173b7c36cd808b55f3db76b33e2e9f727ad5

SHA256
4338417cd731eea84c3936da9d9f299c43db095ee48b8e002416cf2910c0dfbc

SHA512
42ab6e1a3518992a6dcd741c2712302cae6ebd844aac1d1d7615f6c16a17ca80cddf96b3398ff9a1ba3ad4b424beff2cdb685c1c86be273d2d93c539af5b1a9d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\prefs-1.js

Filesize
6KB

MD5
cf1909bdb82df8456c182ed678b0dda6

SHA1
f56e377091684d337282968ff7756678b8e7279e

SHA256
8d8f2b55697fb62b0cbc07b0ca4ccf6b642d27320e052411606697aa8aa4afdf

SHA512
4271645b72ba64721b29d2ebf4bc7179c98bb4abdc7e8e68617c9420c59a6f5d0b777b6117fb9f94dfe6a880fcfec82f553075c72fbbc2c869b1d944afb5f83b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\prefs.js

Filesize
7KB

MD5
074677507d3aba37386011e9f7aaca9a

SHA1
8e0199d4827ae695e5580d31cafab959064804ab

SHA256
0817024a3a90d045fe4e3d334de539ee4df2c5be09fb5d4a4f632bb6d3bf8595

SHA512
d5754d8e498f62f92e63b6efb8edd5874897458abe97ffc8109844ced3cbf2c2bc4c02c0211c61b2574df154b7553a9ecff63596a4052e3dd1c87f5b496d8194

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
f0fbc34ed6f9faf1b810913aae37c068

SHA1
2bf2558436ae6d3e1b605d95e7f9cdc39e7796b6

SHA256
76f429be99d6db1fe885609df0c57e2f1d520a304034ff143bc9136b61b130d6

SHA512
df5868602d9f4845a7d458ba8696b7a3fa6b5aa90cb37caa8b104670961a6dd3d63b4d119c63852999f2194e8af3ea5424bf9efc1cb338ba0b209490026abe32

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
0979c5116d6afe0a679581331e3b1d3c

SHA1
652ea1b8aa58786914412baf3e34c8a9442b56af

SHA256
8bd0c27024b18bedb62fde55dc99128c42e68a284bc9e5c82ea83f9dd057ea8a

SHA512
94963ff820ad28b86f1812b2306f34df8ce030e3396446ef05da4f6ea1bbe8005edd05a237cf3da93c80f296cc4eb70d548446fdaa9c11a5dfaef35fe06a23c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
eaceb69be945fbd201ed0eca81cfbfe3

SHA1
091d8469de5c23276e1bad59095abdc4c3a8d56f

SHA256
77e68fedfe668d5226450e9756594b3604a6b82fd58ffa386be5744936772bf2

SHA512
4527983fef7134b39fbde07083c3eafce5a181ee3140a2c9f36f207d616430fc2af66d40cb8034f52705f6f94066c46adc6ddb8ec2714bdf24378250855ae615

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
7215b6d6fb0a67de9e7af8a12fcd871b

SHA1
a54aea90b911296dbd91742d4310d0b561e13e57

SHA256
c23dd43daafa6f3c015936c995b82e6312a7c56a630e1ad33b1090a710875310

SHA512
41505b402debb035ec7bb80c17ec3c949028b91eff6eab9bd55e88bf6722c88981acaa8a4547a81de3a44115677232dc4eac983fe62bb5619ac9c6d8a7c77abc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
08181e9a8bc0d133c842a5c5645a81e1

SHA1
48ade7c345c6bb1751559be123b70cffbda9e13a

SHA256
17dc9731c1acb3ee0bf69d938a1e335ecbccb87a7e3ec2d969b22cd68501a017

SHA512
7047b4cb926843c0afe4ff7b2b0af46fec2dfc3676e22078c04c1617fa561844356d8289ba393891b07cece7e2f22445f679ce07ba38a400296b18f008f60528

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
cbee05c45b5801f3029e53ba0feef410

SHA1
8ff796938d8c6d711ae73d88af6576e8ae1ee487

SHA256
442ee6fccca487f488750bf40fd27a248f7fde4328b21ddf892830ec3c9a86b6

SHA512
fe7b9607c59d13f50d3bc8802544f296bca5a9e050924cadd509610e1afe1d532698d9f44e46c1fcf88f0e653cbd95256fd7a3e09afe849509f2bbc54b46afe8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
140f283ab2d610f28ec7994af1caf813

SHA1
80486d3919fd9f99dab8bcd4be1d3c0f5c406f73

SHA256
0f4175bb68eeaa5c03946b014d353ad18052597482e8df91773f52ad859b0b7e

SHA512
c2dc23a5615b6ad8c5327e7fcc5de04cf6c30854dd57df31be04843154d4b17a82e3d218fcc91e8602f08c200e77073c2dae05d05f063f6882d0e2e5ffb9db7f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
9ded59dc58a916d6d51a1f57de88e62b

SHA1
09b49d8442b26ef13641c243680fa99a8005e1d3

SHA256
7bc0ff96e06d3c477e4c2f986e256c93e8171aa00ea5b0a44c8e8c6f9df68df8

SHA512
99f85aa983a95ea64cf281d376c64c6cb496212a09a0c0ac3f190625137a934bdecce44624deb83d380766478ff986b5ca6513f2598a00fa7bc4fd94e9f6d0eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
9486d01bd0c899ed360c469e03c697a1

SHA1
ad743720e1a392b59c6cbe669c5bb5aa8aee8288

SHA256
9eaef969f2edc0f09967e869bdec591fa9828d09c45ec040570bcb5f30850161

SHA512
db7cfe2d3b038275b89a0665aebf137eb48fcf30d2980a281e7abe56044ccfc2ee72f4bc23699e7c0f4b7242591e5921d4623af0b438ce1a8e82212a06066cf4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
be986d26fb16d3159caba4ee0c127e5c

SHA1
3eb7de6cfe94f3ac51d0f3aa9c6f2f734d42eec7

SHA256
13337f031ade35b5923af742a9e886822364c7711525f790797e9e912a279a36

SHA512
df2f467c6e67d8a2e90e27447a2edf481cb77cc92cd5116be25cfe71d65c84f11e05208c6c6b807eb4f0e14e5bdeb148ea2941919c7511f0cbb85a7d944b18cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
36b98360d6e3546a842da61988824641

SHA1
90b2a2d1f5dd815c0b07a8be76f3ee559c3a58b9

SHA256
883fbf7449021ec07afda40aca9cb25f62eac32caa85fa6d3f1f3e92a30b8c2f

SHA512
a87a367050c2b197cd15cff1e0af8ad84850608e42577758c45caac0f13fb873b1600423db6579db0f547fc589da07aeca7b70984a2eb7212a87c42c102057c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
6973c99fe8a1050aa3d71cded50d6b79

SHA1
5b7b07dfc08f0a6b43fd57ad166fd47c4e2be193

SHA256
318d6c1d040d4ae061e1f68cefb81716e2034fdba9df799d4fb25b650fd68c92

SHA512
da59d9680699dd0b5be5cd9648190df763290dab1eb18ec4f60c654486f70b81029f86e1fb3cd6fbc6894303f8b318eeafda1b38350040a03d97aeabd23a5904

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
bf91ecc1ed945731a8709f0b7f149f58

SHA1
6074fc6f2b5e22608c588d76bdbe0a8172bba7f0

SHA256
8578ca1baf3242e0011de9abb9401dd653e8e1e58855b76cb3f941699a5de031

SHA512
ad9df0ce13d783b630f8d872b1efeab563533dad4fafbf5ecb360a0af7170ab9ae1d574249975def586fc32bc47bce3fd51b10eaccf4ba0cefd01cc228d80070

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
9840414edf0312890dfb384a141fb573

SHA1
e4f06298e7bf49b09b4f907aef5cca6cb88dd957

SHA256
991c5508c15e333b7401f8f61b98d543f686a29d988431c5e135cb716a411914

SHA512
faa9d3d73144c6fcb449b9d48aa7312cd2e53dd33eb7993837f04695f8d9e652c906f0d6e873f9fe8672d1254e2a87710692d851383133c81dd2a3383fe3ae7a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
a423edd6b52db755b73927ada637b112

SHA1
b499b837f6bf7cedc3ed385caf9c64fe2ba55a8a

SHA256
294974633ecaf31d0aafd0fd3bc68fcbf2a40f84f8134972622492d19e0de92d

SHA512
7543e8a44161c02aa3f002191b47ff4dacbb70bf69848d080a56ead0adc1e50f01008590b4f72162ca329df5bbaf7b36d2f8222347bb1227b84100cff3ff361e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
d4954e4dc0df073ff00fb168d05801d0

SHA1
adaef8a27c161bd87c7839966bfa5969e1c54407

SHA256
8ec023e87f3ca484f45aa28d6ae6e7c7a34f3c420712e974c8493ec6769ac9bb

SHA512
94405cfe025fef1c4a66d1d540ba94951facbe552184a1f719757d98190d70ebf85850f3c5da369eccf91b0ad3145220ecd49f4d932bb4442eaeadc5a67b05dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
fc175ec4f26afe859aa6deedb7c99332

SHA1
81fcaafc82a6856187d49f83e41f316ba0689bd9

SHA256
152336b505912d28ebe23e75b762acade373ae6b220e424ef064cbd1bdeae706

SHA512
48762d001b6bfe2a6ce338625c30199cddbf79b019101e3dae194d81eb44b05bf93e70ae9a4f5f50e4fefe3f59f0c5e7d12d9eb24907309f9811f4e89c58c1be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
de09f361d14fd189773c13b64e963c6e

SHA1
ce44681cc8ed7bba351858de06bead815dc091e1

SHA256
7ecbf0f9a1835f986a0a1aa5fdb117281ebb60a750e8f3b1b8eeef64cbff881d

SHA512
12e7fc2c70ae930e6f532ef9a21fbac9febaa8123c2e3cf62092bcd7a16d51322486200b708362bc1bb5cf7a9203e14a707afec2c72cb076fc5e1e9d79dacbaf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
84b87e8d03947287db7c7c8ad84ec778

SHA1
9bf634e732110693d82c351fddf2621138bd4a77

SHA256
c45ff9a42abb5c84a54623b2955e2766b094aeb8a3cffe3397b2536777b7bedf

SHA512
9ff05a0a08d0203396f5a9d24df311cda648df2a7e8ada9affa22f2758116355d1aa8fd882c0d0bf64bd7bd6fd8034216fce24d010abc8e9eaeac14301fca0d8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
b8e9b9d0c6fbfed9b06000bbe28a82db

SHA1
b0f4e7caa01969a1b2a4f361c2b5249b618aa3e6

SHA256
f57577461e39e4ce28c2d08162d58a7b93218dcdb4d1d371be60d243325fd9fb

SHA512
799c3275c10bbdfdfd8684e803d400cc060e6c053c794e2223e4fd4145df4f431e054255aa9580d4be9fc923e2ec9569e6f70fb4f6c4ab66b7a6c91f6103b9d4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
00a517ddd459451914094beea5bda988

SHA1
ef1e003a70b6062f8c049e57a802dd593d609844

SHA256
23de1bb771f84513f99905945373c6294c828a1761d9bf20709374b7ca5543a1

SHA512
e020a968be89e64b0ec5da621da47a283fdd5d41f2e7d2e4b4fdd7dffe8c3e93ba736faa925243dde568c708ef30fa38516fa210c1a53832a2ce694730cc517d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
ff6207c5794279ac77145756c6f9fa4e

SHA1
d563c8ffea3b896193a3897e2a3c02007ecc4926

SHA256
11e0443f22b7cd79115afed6f6de3a005bb9b4d08d0aff2ce0ca4b51456efc84

SHA512
aad8d3802cd859c40bda399588c796e1827071e10cfd0b55c342d78ab8331f19495e120d2d47ff0d4890ffaf357b8dd76ce5d2d28df6fdda0ec6412dbf456e23

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
33b48194578003124979a5463a30234b

SHA1
6269751a983e2736fd7c9b5ab779d39dc7fbfd39

SHA256
97a5209c727d5e5308535b52887b62d667fd3891108af42857d01ccc76445232

SHA512
6515d854dca2be013fa89b285391d81931ebf37bcece5ef7636cdf30b1b8537703c8f2528d48eb30f344814d494061f9bf2e84b6d15854b2bce1136688077a08

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
7ca2d1328132e78adda2bad85eeed7f5

SHA1
b9773dfb97736c82131d76acec7125a2065a44fd

SHA256
d09dc6d5d4c49ac225c3deb14d341978b873cba0c52f2ad839703802bf88cca3

SHA512
bf018011213675d3ca3d719041cea5964cdc6958c2b64057e3bbf93fe0800bd038ebd14ea2b8d0b9d3fcb3b6080e78098b5cf4556f0e60e1e0496e24be6f52d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
9fed040c2a81ca3adb7fe7af0c820785

SHA1
645f1568ba5dc50c68a16a0f67da16167698e11f

SHA256
24a0234060a63af540d48f375a61775c98aaac79a3f7f9b515f29807efc229c1

SHA512
c1cb15c90bac02f4f593b3b0e63249518257e18b10edadb505c1a8be73a45e599903bf4cb71642206aa08d4bdefb616514cc26f9032923972d4b4feff16a6d03

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
92679d1cc277de3a2d7d7fcc93e7f310

SHA1
dbbf9c0df5571562c757ce60df5df7b1b6170d6e

SHA256
d54f9e1d1fb0cd889da9e4d23b4e39a4a8b2735b66379457b0f79af01479b59a

SHA512
fa9f34e868260a696c077ca0afbc7543c457a392ffa40bdd2a5d3b19dd2da2bb44bec1df12b7b974eb3ab026209c46ab20e1c3bd1d6d555dd7cf594fa973defb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
b4c13bb5ff3c3d9316e091449dc194b3

SHA1
fae27d47cbd84523f2accadd599605f1218fee31

SHA256
a2afac1da6d51678e0cb8a8e4a6f5c31e286907a80f982b23a44319293c697ff

SHA512
b39ba8f8bea24bf1874fcd5df87ee8a8287aeda9fd8a2e8a1c6e188216d3b2e5ff4d273529ab4ded0459734a804f66a228d69155008578625b142b93e5dab541

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
98fe8bc5c48dd672518da5057e59a8ba

SHA1
ff6ef3c49fcaece6d62108312f959cf8fbe76381

SHA256
99c0224446ed167304c35041df1f5074132aa0298db5a9283d04e558429d4e6f

SHA512
49cb44b856d92d38ac1bcd8d56e8b268fd224abc76fcc5991e9d4d307b8a0d94ccf3bcb1d6432a2d0d0c7e0dd7cc5e9403b7d8d018c4eab59227a39736bcd950

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
383c4ae2f82593619cbb085a78b19d55

SHA1
e99678e076b289fd88a0ca3a7dd200dbeedbf8e3

SHA256
882dcaa37dc1b431d699cf87c82e99063e80e2cd98c989eea2417c3a7cddf9fb

SHA512
bdb96f7f2e1ea891e8d6a1b923d3a664e6d75d86d785b9f2b5cd7826f9e44267ee15406a2ba33b0ab78d92540252d5a87c2a0219063ce312747052160919387b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
666d0bd18f3ca9a4a2a47a94ff2741b8

SHA1
05bfb12550a294a3acf882adf67a577fdd961d3c

SHA256
24310b4a6b5dbb24261b79f17cc7224e61447d48f34a5fd93d3a0643565c38e3

SHA512
166be20177e8facc1d629547d397a45728cff83d276a8dafe5eb3ce9e517fe9452543baa01317c569c83805d9a10ba663fb1f2ca9fb72143306f8eac38f7e0f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
9dd279da30427ddff82812b388698507

SHA1
a55556436c6b4d49005e89430445018a8414b7f1

SHA256
6e5a0e6d8cc82473581dbf9b3455c3c79956b96a266c3dc6e95e445689fbb61d

SHA512
c5117194e5848ee2b915e9a04a45e09af4c0638dd6a28e1fc68a48e52cc18de9a18868d6cbaafd3fa50be7ffee1473b8ad297a3e924f9033f0010d30f61987dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
f2d3db81e51783a117d2b2fbaae521a6

SHA1
3410f8d468a56c26a1e89488777962cefa3ad80f

SHA256
fe6ecdc151f8290febc3dda9ca7148c4103858ef1b0c3e801b60ea2ac8b4c9cf

SHA512
26400a7966bc3dc18ba7c4e7c3950a7263cfa9e7c150839c0c64343cb12dcd9c13fcffde5ba7d838860767c34470da65f9e6c08f9bda2028c536f27525243b45

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
7b8a195dff0d4915abd47a084b98d2f1

SHA1
f957f427a7b465325098ee9ff2c849d75f0352be

SHA256
0e40656b5cf29f9c50c5beb33e74e49b246ccf087386410847ef927b29f6a1cb

SHA512
b41cc6f90309b8ad283f52131b95d2860a9080599e5a2efa71b1ac4fab929387ce26a2619ed5cf4650d00633e54a6a6b081f039bd95f2c5d31f361182a8d39b2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
9b1bd5faf49544a1795a771b47ea69ab

SHA1
c9c5f543b0820950c0a0f6e852fab05717f51133

SHA256
3d51d846bd0e1e930aa5cd971ff8f4f4db0cd0908d346ceef751e0d6373d7215

SHA512
deb8c646cf0a3a1fba4f985fa8114159ca0407d5daf803fd7902dfb909b2de97db113e2712d7997aa5a527fe73a997aa73bca529f0024e5ab92af8a338034567

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
15effe836cb44750da7fb491045c9054

SHA1
565b6be956fe87befa818ecb7d4ca5d3c2d49523

SHA256
a55cb00b7db2adf84b8af576d4b496e8fa143579b3482cdc2d7542cf17519323

SHA512
5f58172e402cdd18d7082e9c6837233e9dbcd87041e54c0878c83e3c9113e6df082f844bb318b32eaaeed15f03af9a3d0b9cd0a1b5b91a63bd0e685b8f7d6ac2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
c1cbc8ce684195f1616c98646ff3c790

SHA1
82d536076bee7cb4a75c4db941ac42818e101227

SHA256
eda3bf8fdbfd0f290b584e97be261406bc1c716f0876bd95bd6ecd2e9c66bb09

SHA512
a00f70aca13903e8651b07c7b4767af6bf084a002349e28ca6654edbd3c4ac5bae7fecd501ba6b0b43cc9614f293add63696c7f642f211a3936ddbc51ad31e4b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
262ca2297be1b2409024cfcd4377cb19

SHA1
aa5343ab7a2c953a464da90a2d06ee3ac501a79a

SHA256
2bc8b99dd9392f24a519409fbe57295d8651f19cd68f894cb10fec76dfe0e878

SHA512
a8111b3b094ab4d29ac8b112811dffeec47fab2258c9e01e899ca9761b0d2c1ca2ed65350d5d6fa78cec3871d8ab2412cd7787112c235c76768abdaec007ff51

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
37933b4cb60a3cd27064b70716706c0e

SHA1
aafd050b45ce3aedddd922adaf854d8cc57fe6e2

SHA256
f0953d202e3fcd698b7db4fe48da63a9c5dfbccf18248bb8200da062db0efba8

SHA512
b312823fc728f4fde4de980b51072b85509153e9b1f82abde952100e828202cb21e4f66c7e1ce2597e92b0b4c2b2edb922a264720b541a21c8b5bbbe8c33ac3c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
2d685c468f386c47cd282ceb19259093

SHA1
20b2407ece658862e905abd54b1f60f2707f2621

SHA256
b2894cb4fa295d6c757400678dcdf31c596b2653865df106a76dc5dfae025343

SHA512
0bc2b238443df027a746db0b8307e69397610814129103379f1944acf8dfd57d33f15e1e68ad6278882aa69e237b2ab65fbff4d4ed1760e65c2287984e34a4a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
cf35a7b77c2111e2a2facacea80ef806

SHA1
05f59baf0a77822d2e4a5570e660e7e3a1149d00

SHA256
a7f8eeb485ec8063d85e6f2149dffc10c91f6e22e7c50a43b49d5d092346d738

SHA512
a3f40b74fd5f8cbb9e0b9fd9d0bef6fef816d280321eec743bca3a3054e22a2451481b269d1996fc091b8c5eca799160482225aa099540d26de9bc27b8c2b0a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
477f2aa331d175e7c8dbae71567bfb0c

SHA1
0eed98ab8e39c1b3ff48095fe8059423e6bcdf8d

SHA256
0e38ac86641fa090a3181bb008d6d84839fa380c75fe09223dd548335d6466ea

SHA512
f240b79584a23a115cba527eaaa5a145e5fe4eea307fd85108d3226627a3cc8178f92977b01714fe42ecfd9d29d2fb5b65eaf2a10a48387584071d18f992b069

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
d1b03cd39fdbaa637c2e74f7be46dc06

SHA1
864e001134b497806cdc6a239a465325fe62612a

SHA256
32d28bb8f78d01c42ae11d39f0e030b3fb3ec5a0442bf5de40ebf1385d58f3ec

SHA512
ebae34e0dae2cd7904ee883aa13843d96e0c0ef68cd9148ca2ad3c2a26d0732b382a166421f2024f74b135ba7cc7dbca31df116a674e5539fe8e16ae594da1c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
c43dd6da7e380fb161f016d989811ebc

SHA1
97aeb7c7d68e0f64a492ae78208bdc13b02dcbce

SHA256
11bb87a482df340166fb232717125850609324cadd84b4b184d4c1abe6b3e1df

SHA512
b7ba2a9288a96ef2260b83b12c484378c80acfae5167591038507e085d7e229b46c9e268618fbb87c89838b3ca9243303445ededbde60938136d9746e0f9c5c0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
5a64ce2c15cc7193ccf1f927757a0012

SHA1
b323e95b4038e8fdef34c4c299fad96e9ea65845

SHA256
978bbf666f7128781d63d2bcd41b835029ee72484702ef9784588a43251edb8a

SHA512
b7fa13ef4cb1b1bc742848499c0c2ffd9825e7f53a5df8b3888cbaafce579754f5ef46b1e6798354330d54ac047ee50e44161cca8f44de0f30a6b752be9cc07c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
0fa70ba384175d7acae5469330d77983

SHA1
48506fd7e21feb622f0762ada977777ef248fa56

SHA256
d20e7e4b1b825ed1564ce5a90fdfc364b95307336813bb23ddcd2fcc275526ff

SHA512
18dff76ebacfa31a0be0022fa453368c293ea55f25aa726275dc664ec7eb6b8f4f700b369603fbe8f75bb353b5a57df56fd7cf7266d04c76a9659d36c64835f3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\storage\default\https+++www.file.io\ls\usage

Filesize
12B

MD5
ebf76f96135ad6ef761434c1db2714ac

SHA1
24e5a9b6ddeeb0386b5519ab0db1cdc8276818e1

SHA256
759de450f3aab9c228f69378ad22114d2839ca4cada0eabd214abb9ae9cad2c3

SHA512
22c5dc5c46194e3364e2d305b8f7268387861ac5e020490e8beb5a9e2caebe59abb63eedafff73388410c3ef235bad97cda32420a730c0063467e0f829caaaed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\storage\default\https+++www.file.io\ls\usage

Filesize
12B

MD5
6d87cd2a0b3c15b6ec237fac562b7b8a

SHA1
60c798d0cbb9a6c5eacd9e7c7b25b87cc2dbe4bb

SHA256
06e89a9fd8b8bb8e93c6cf0da39d92ec252e16a19b350f13985dd79981e419d6

SHA512
bfe04af9c5243b5c3ac5e6865dde1d9607c711354583ecc723e31b693f20d249c55aff497ed6396d049e7b9979f04e84db4bc4089502b049aaf67413857298d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\storage\default\https+++www.file.io\ls\usage

Filesize
12B

MD5
771182df3ecf79cd0c20b55a3215a00b

SHA1
7e2c4823eabfedd05ffc7a1dee2744551fbd1cde

SHA256
9e3f81f08aec027d2b7fb6772b75998ace8ba65221857ca1c87aa2927fa720eb

SHA512
b5ae392ef219571d8151a147dee519202ab557294e5160615aebf7c476962566ba6a54ed3c553dbc65b0e4ec35d55ebf34e499f5571205579085a620a99dba11

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
22e2648b38d2c76047187b2c61ba4231

SHA1
2d41cfe139c3c67663b4a460b93eaae4ee87a754

SHA256
c4414438960023f40838764a7840b9eae4c776e3830da72b619777c74973fbdb

SHA512
de77bb263b8f653a35cc92b6075e27513b8dc3fa373206f4a5040f3d2567b526901d3970b5468457b39f0bb92c041a26676ece9632aa8f3d3c36e85d469cf522

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\targeting.snapshot.json

Filesize
3KB

MD5
2d6346d83aa73ee983f2cf8124663d35

SHA1
9e2e3d4c16b0e3ddc2cf3e50a74693e342ea2b48

SHA256
5e2b886a62f05dcd181d7cb7b50cf531f35a043ff03bc352aa28a3d14cab8c92

SHA512
c9f26a8c06b1aa45428e1f3bd70a200c2330c00de90e49e2cf056ae62342a7e6ed44f1e9fb89812f1e5c02fda7e67d17e8589b575d568940b8aa88ec512122b3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\xulstore.json

Filesize
141B

MD5
b847f28acdec63348ea376efd4278d02

SHA1
da4ae0ce914885ad7fe1f89aef3aa4f324747091

SHA256
7e63f727108182d4afdf0ae5131c9e0692d857b934fe8d93a7d4a8cea58fb834

SHA512
07b89826d35c5b9f056c8556ed5dd0a961f779d1aa7639321b90c56ef65bf6706a653a22f7790543b1482414069d5587c1f1c28215e92a7ffdf0fa4a55537c08

Download Submit
C:\Users\Admin\Desktop\asd\Umbral.exe

Filesize
229KB

MD5
832b0f69e45599345ea82ccb17b9dc2b

SHA1
095d58cb166db0b4cedfd6a608b486aabe973539

SHA256
d62d20e29a48e72a734f508da7e9f846d4ce86c508e1e35f5d6bf1bb79bb0903

SHA512
5627bfc2cff426cd75981616e263cded8bd1531a2301303199dca1a2836dacc42070767631bc2a766fc2187a81a002fd06c241531277adf4b07a2aead4dbb0ba

Download Submit
C:\Users\Admin\Downloads\Umbral.LEfSiwu1.Stealer.zip.part

Filesize
7KB

MD5
5f9f94dbf6f1b822d9aed72467c480e7

SHA1
cbbfe316622cffd0124534eecac8c09adab116a5

SHA256
4655ce406ae07b851a6cfed0a4313f0671204fca35412f16b43cd5f99d0b6c1a

SHA512
2a51699c39c7697a21a1f15028b6188bef8755664b2c9b5dd2be1729ae26348d78b003eefcd318917c7d8fe2e832e6924cfd61e3f1789abe06aa2c802b8ff465

Download Submit
memory/772-336-0x000002A96E410000-0x000002A96E420000-memory.dmp

Filesize
64KB

Download
memory/772-335-0x000002A96E410000-0x000002A96E420000-memory.dmp

Filesize
64KB

Download
memory/772-334-0x00007FF868F60000-0x00007FF869A22000-memory.dmp

Filesize
10.8MB

Download
memory/772-338-0x000002A96E410000-0x000002A96E420000-memory.dmp

Filesize
64KB

Download
memory/772-340-0x00007FF868F60000-0x00007FF869A22000-memory.dmp

Filesize
10.8MB

Download
memory/928-391-0x000001B0FC300000-0x000001B0FC312000-memory.dmp

Filesize
72KB

Download
memory/928-390-0x000001B0E3A10000-0x000001B0E3A1A000-memory.dmp

Filesize
40KB

Download
memory/928-343-0x000001B0E3A20000-0x000001B0E3A70000-memory.dmp

Filesize
320KB

Download
memory/928-363-0x00007FF868F60000-0x00007FF869A22000-memory.dmp

Filesize
10.8MB

Download
memory/928-344-0x000001B0FC520000-0x000001B0FC53E000-memory.dmp

Filesize
120KB

Download
memory/928-342-0x000001B0FC280000-0x000001B0FC2F6000-memory.dmp

Filesize
472KB

Download
memory/928-308-0x00007FF868F60000-0x00007FF869A22000-memory.dmp

Filesize
10.8MB

Download
memory/928-309-0x000001B0FC3C0000-0x000001B0FC3D0000-memory.dmp

Filesize
64KB

Download
memory/928-371-0x000001B0FC3C0000-0x000001B0FC3D0000-memory.dmp

Filesize
64KB

Download
memory/928-307-0x000001B0E1BF0000-0x000001B0E1C30000-memory.dmp

Filesize
256KB

Download
memory/1236-2-0x0000000005760000-0x0000000005D06000-memory.dmp

Filesize
5.6MB

Download
memory/1236-5-0x0000000005280000-0x000000000528A000-memory.dmp

Filesize
40KB

Download
memory/1236-0-0x0000000000900000-0x000000000090A000-memory.dmp

Filesize
40KB

Download
memory/1236-8-0x0000000074AB0000-0x0000000075261000-memory.dmp

Filesize
7.7MB

Download
memory/1236-3-0x0000000005290000-0x0000000005322000-memory.dmp

Filesize
584KB

Download
memory/1236-6-0x0000000005450000-0x0000000005460000-memory.dmp

Filesize
64KB

Download
memory/1236-4-0x0000000005450000-0x0000000005460000-memory.dmp

Filesize
64KB

Download
memory/1236-1-0x0000000074AB0000-0x0000000075261000-memory.dmp

Filesize
7.7MB

Download
memory/1920-254-0x00007FF868EB0000-0x00007FF869972000-memory.dmp

Filesize
10.8MB

Download
memory/1920-252-0x00000203DDB80000-0x00000203DDB90000-memory.dmp

Filesize
64KB

Download
memory/1920-238-0x00000203C34E0000-0x00000203C3502000-memory.dmp

Filesize
136KB

Download
memory/1920-239-0x00000203C52B0000-0x00000203C52D0000-memory.dmp

Filesize
128KB

Download
memory/1920-241-0x00007FF868EB0000-0x00007FF869972000-memory.dmp

Filesize
10.8MB

Download
memory/1920-242-0x00000203DDB80000-0x00000203DDB90000-memory.dmp

Filesize
64KB

Download
memory/1920-243-0x00000203DDC90000-0x00000203DDCFE000-memory.dmp

Filesize
440KB

Download
memory/1920-240-0x00000203C52D0000-0x00000203C52F0000-memory.dmp

Filesize
128KB

Download
memory/1920-244-0x00000203C39E0000-0x00000203C39EE000-memory.dmp

Filesize
56KB

Download
memory/1920-247-0x00000203C5320000-0x00000203C533E000-memory.dmp

Filesize
120KB

Download
memory/1920-246-0x00000203C52F0000-0x00000203C5300000-memory.dmp

Filesize
64KB

Download
memory/1920-245-0x00000203DDD00000-0x00000203DDD5A000-memory.dmp

Filesize
360KB

Download
memory/1920-248-0x00000203DDEB0000-0x00000203DDFFA000-memory.dmp

Filesize
1.3MB

Download
memory/1920-250-0x00000203C5340000-0x00000203C5370000-memory.dmp

Filesize
192KB

Download
memory/1920-249-0x00000203DE000000-0x00000203DE116000-memory.dmp

Filesize
1.1MB

Download
memory/1920-251-0x00000203DDB80000-0x00000203DDB90000-memory.dmp

Filesize
64KB

Download
memory/2968-324-0x00007FF868F60000-0x00007FF869A22000-memory.dmp

Filesize
10.8MB

Download
memory/2968-315-0x00000268415A0000-0x00000268415C2000-memory.dmp

Filesize
136KB

Download
memory/2968-321-0x0000026841690000-0x00000268416A0000-memory.dmp

Filesize
64KB

Download
memory/2968-320-0x0000026841690000-0x00000268416A0000-memory.dmp

Filesize
64KB

Download
memory/2968-316-0x00007FF868F60000-0x00007FF869A22000-memory.dmp

Filesize
10.8MB

Download
memory/3360-370-0x00000184DDF20000-0x00000184DDF30000-memory.dmp

Filesize
64KB

Download
memory/3360-345-0x00007FF868F60000-0x00007FF869A22000-memory.dmp

Filesize
10.8MB

Download
memory/3360-373-0x00007FF868F60000-0x00007FF869A22000-memory.dmp

Filesize
10.8MB

Download
memory/3360-369-0x00000184DDF20000-0x00000184DDF30000-memory.dmp

Filesize
64KB

Download
memory/3360-368-0x00000184DDF20000-0x00000184DDF30000-memory.dmp

Filesize
64KB

Download
memory/4040-293-0x0000015B4BD90000-0x0000015B4BDAA000-memory.dmp

Filesize
104KB

Download
memory/4040-256-0x00007FF868F60000-0x00007FF869A22000-memory.dmp

Filesize
10.8MB

Download
memory/4040-270-0x0000015B46A00000-0x0000015B46A10000-memory.dmp

Filesize
64KB

Download
memory/4040-290-0x0000015B4BDC0000-0x0000015B4BE1E000-memory.dmp

Filesize
376KB

Download
memory/4040-291-0x0000015B4BD60000-0x0000015B4BD6E000-memory.dmp

Filesize
56KB

Download
memory/4040-258-0x0000015B46A00000-0x0000015B46A10000-memory.dmp

Filesize
64KB

Download
memory/4040-264-0x00007FF868F60000-0x00007FF869A22000-memory.dmp

Filesize
10.8MB

Download
memory/4040-265-0x0000015B46A00000-0x0000015B46A10000-memory.dmp

Filesize
64KB

Download
memory/4040-257-0x0000015B46A00000-0x0000015B46A10000-memory.dmp

Filesize
64KB

Download
memory/4040-292-0x0000015B4BE30000-0x0000015B4BE4A000-memory.dmp

Filesize
104KB

Download
memory/4900-388-0x00007FF868F60000-0x00007FF869A22000-memory.dmp

Filesize
10.8MB

Download
memory/4900-384-0x00000193B9DE0000-0x00000193B9DF0000-memory.dmp

Filesize
64KB

Download
memory/4900-385-0x00000193B9DE0000-0x00000193B9DF0000-memory.dmp

Filesize
64KB

Download
memory/4900-386-0x00000193B9DE0000-0x00000193B9DF0000-memory.dmp

Filesize
64KB

Download
memory/4900-383-0x00007FF868F60000-0x00007FF869A22000-memory.dmp

Filesize
10.8MB

Download