hxxp://www[.]google[.]com

Resubmissions

13-05-2024 11:35

240513-np5lmacf2y 1

13-05-2024 11:28

13-05-2024 11:25

13-05-2024 11:20

13-05-2024 11:16

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
13-05-2024 11:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.google.com

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

Processes:

firefox.exeAUDIODG.EXE

description	pid	process
Token: SeDebugPrivilege	5068	firefox.exe
Token: SeDebugPrivilege	5068	firefox.exe
Token: 33	5400	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5400	AUDIODG.EXE
Token: SeDebugPrivilege	5068	firefox.exe
Token: SeDebugPrivilege	5068	firefox.exe
Token: SeDebugPrivilege	5068	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

5068 firefox.exe
5068 firefox.exe
5068 firefox.exe
5068 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

5068 firefox.exe
5068 firefox.exe
5068 firefox.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

5068 firefox.exe

pid	process
5068	firefox.exe
5068	firefox.exe
5068	firefox.exe
5068	firefox.exe

pid	process
5068	firefox.exe
5068	firefox.exe
5068	firefox.exe

pid	process
5068	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 4100 wrote to memory of 5068	4100	firefox.exe	firefox.exe
PID 4100 wrote to memory of 5068	4100	firefox.exe	firefox.exe
PID 4100 wrote to memory of 5068	4100	firefox.exe	firefox.exe
PID 4100 wrote to memory of 5068	4100	firefox.exe	firefox.exe
PID 4100 wrote to memory of 5068	4100	firefox.exe	firefox.exe
PID 4100 wrote to memory of 5068	4100	firefox.exe	firefox.exe
PID 4100 wrote to memory of 5068	4100	firefox.exe	firefox.exe
PID 4100 wrote to memory of 5068	4100	firefox.exe	firefox.exe
PID 4100 wrote to memory of 5068	4100	firefox.exe	firefox.exe
PID 4100 wrote to memory of 5068	4100	firefox.exe	firefox.exe
PID 4100 wrote to memory of 5068	4100	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 2356	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 1528	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 1528	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 1528	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 1528	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 1528	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 1528	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 1528	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 1528	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 1528	5068	firefox.exe	firefox.exe
PID 5068 wrote to memory of 1528	5068	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://www.google.com"
1⤵
- Suspicious use of WriteProcessMemory
PID:4100

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://www.google.com
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5068

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.0.2106906933\324585644" -parentBuildID 20230214051806 -prefsHandle 1756 -prefMapHandle 1748 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {febb56d1-2931-4ec8-bdb3-029495e54f52} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 1836 1b170220858 gpu
3⤵
PID:2356

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.1.351243554\351437122" -parentBuildID 20230214051806 -prefsHandle 2416 -prefMapHandle 2404 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c6fd599-96e8-466f-ad79-d74be25dcfa3} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 2428 1b15bf89058 socket
3⤵
PID:1528

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.2.1573307641\1147764679" -childID 1 -isForBrowser -prefsHandle 2996 -prefMapHandle 2888 -prefsLen 23030 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb7de63f-b4f7-4765-afa5-3dce061f1c5d} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 3120 1b173344858 tab
3⤵
PID:4356

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.3.884886290\336537311" -childID 2 -isForBrowser -prefsHandle 3648 -prefMapHandle 3644 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ba61291-32da-4d5b-92e8-eb1da784b4bd} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 3660 1b174b0eb58 tab
3⤵
PID:1596

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.4.567352220\449860963" -childID 3 -isForBrowser -prefsHandle 5128 -prefMapHandle 5132 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c31915f4-69ae-4052-9db7-e940f5b3b6c8} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 5144 1b1769d5b58 tab
3⤵
PID:3244

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.5.1900660837\580538115" -childID 4 -isForBrowser -prefsHandle 5280 -prefMapHandle 5284 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0eac469c-1221-4555-ac8a-2f919e47e95c} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 5272 1b1769d4358 tab
3⤵
PID:2912

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.6.1573078105\1450136766" -childID 5 -isForBrowser -prefsHandle 5328 -prefMapHandle 5332 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c636eeb-e2f4-40f0-bf04-51d52b6bfea6} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 5484 1b1769d2858 tab
3⤵
PID:1540

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.7.1367312611\1667018583" -childID 6 -isForBrowser -prefsHandle 2940 -prefMapHandle 3308 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {791e252c-e428-4e0e-a648-8edf568f5032} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 3000 1b177ed8558 tab
3⤵
PID:2672

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.8.461034698\1243811650" -childID 7 -isForBrowser -prefsHandle 5584 -prefMapHandle 3920 -prefsLen 28041 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b4ba73e-88f5-4c10-a290-0b5b810c12e0} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 3808 1b1781bf658 tab
3⤵
PID:5880

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.9.480262429\860506485" -childID 8 -isForBrowser -prefsHandle 9828 -prefMapHandle 9832 -prefsLen 28041 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1aeb8f3c-8976-4b7a-8e10-7d053746726f} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 9816 1b1784a2c58 tab
3⤵
PID:5268

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.10.183659534\725942805" -childID 9 -isForBrowser -prefsHandle 4520 -prefMapHandle 9248 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfa3d01a-896d-4af0-ab79-4db085a8d693} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 9228 1b178683358 tab
3⤵
PID:4184

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.11.377478869\1090392503" -childID 10 -isForBrowser -prefsHandle 9808 -prefMapHandle 9792 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7eeb5634-59bc-4681-8d7c-97d2c14d3abd} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 7524 1b1733bc858 tab
3⤵
PID:1868

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.12.1692390137\1719153265" -childID 11 -isForBrowser -prefsHandle 8832 -prefMapHandle 8828 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66f84697-68e1-4132-9cd0-f13be8f6919f} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 8844 1b17493ae58 tab
3⤵
PID:4260

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.13.1875642194\1850374967" -childID 12 -isForBrowser -prefsHandle 9428 -prefMapHandle 5824 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {57db3b5b-853d-418c-b3d0-07353893ecc7} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 5936 1b1784f4c58 tab
3⤵
PID:3096

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.14.1183851486\1032709113" -childID 13 -isForBrowser -prefsHandle 9180 -prefMapHandle 9232 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f9d6a18-3898-4e8a-95e7-4d242bc9027d} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 8832 1b17901a558 tab
3⤵
PID:4380

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.15.1546922773\1415622088" -childID 14 -isForBrowser -prefsHandle 4796 -prefMapHandle 5176 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcec65b0-ef25-4ee6-8978-f8aad551e96c} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 9380 1b179ddc958 tab
3⤵
PID:5936

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.16.1311891081\1640052366" -childID 15 -isForBrowser -prefsHandle 5684 -prefMapHandle 5568 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ef6cac8-a665-45d2-9061-58f28b9dc7f9} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 5324 1b175a6ef58 tab
3⤵
PID:3244

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.17.250451209\1646478749" -childID 16 -isForBrowser -prefsHandle 9848 -prefMapHandle 7500 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fae5c621-0afe-4c5b-832e-4b7b623e7327} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 7484 1b175a6f558 tab
3⤵
PID:3656

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.18.844912036\1112426671" -childID 17 -isForBrowser -prefsHandle 8536 -prefMapHandle 8552 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f9a4c61-7b5b-4c8d-9684-8837acea6bae} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 8540 1b178609858 tab
3⤵
PID:5968

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.19.1734575209\304898392" -childID 18 -isForBrowser -prefsHandle 8696 -prefMapHandle 8440 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0fb55ca0-6fb9-4542-b5b2-213a687cc7ec} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 5876 1b175a6f858 tab
3⤵
PID:5460

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.20.227578813\1780184377" -childID 19 -isForBrowser -prefsHandle 9328 -prefMapHandle 2764 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2daea24d-c751-4cfd-a019-bb7249732118} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 9060 1b175cd4558 tab
3⤵
PID:2008

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.21.1860259341\2090713288" -childID 20 -isForBrowser -prefsHandle 5876 -prefMapHandle 5676 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7af5d1e4-4f2a-467f-ad95-406506e445df} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 8424 1b179b81b58 tab
3⤵
PID:4808

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.22.2000312494\110266890" -parentBuildID 20230214051806 -prefsHandle 8272 -prefMapHandle 8232 -prefsLen 28177 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {024ba0d2-40e6-488c-8810-3e92ac0e2f67} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 2744 1b17a575858 rdd
3⤵
PID:3180

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.23.663862363\2082047532" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 9384 -prefMapHandle 9448 -prefsLen 28177 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fa4f811-0d51-4345-9040-0ca7f380aada} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 9132 1b17a6ad558 utility
3⤵
PID:5676

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.24.439212941\539968487" -childID 21 -isForBrowser -prefsHandle 8596 -prefMapHandle 8380 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59c11a63-1347-40d6-8143-7a36a1e491c2} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 8588 1b17a572558 tab
3⤵
PID:3568

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5068.25.1152004996\1391219784" -childID 22 -isForBrowser -prefsHandle 7776 -prefMapHandle 9632 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d417fab-810e-4e82-9ff6-a34bc3e083ed} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" 7760 1b1795a5658 tab
3⤵
PID:1540

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4cc 0x4f0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5400

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\activity-stream.discovery_stream.json.tmp
Filesize
22KB

MD5
c2010180ac9c824cd1826c380b7e5fa6

SHA1
7eec1be96758fe94299c53ca7fa9bc6da44bd8d7

SHA256
18740113c23d31537b060d4cc4b4fb35f34042a3ea5d0ea52dc6fdcdc7f5cfa7

SHA512
90b8b6bfa54b289495d113525a1adce7ba86c065e6ed6236c83c4b383050a071d9c4888302e14a43c2110138b02dcdd9deb080b4ca0c2ab6b2957e54f56e4787

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\doomed\10871
Filesize
10KB

MD5
63287acd8d234f626726448689418716

SHA1
38244cc87a8ae12bdbaab7ce0d50303243693850

SHA256
fbdf47e613c1f1a79f99691cbfbdeb2a37d7ff9f910871d1c6ec7c979f881f3d

SHA512
3955c19f08f9efb52920c566a13567b0d2d6127232c0fd9b5e0d7c2bedb46fa8c1b1bd32bd708542fce917c5e49c1b96a7a84aeb8ad67efa7e1eda71b28dcd5e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\doomed\11765
Filesize
6KB

MD5
c094de1d2f9c9197dc370b57b32f01ca

SHA1
f9cab52a377910208ec0ad318b5e387a86fbb9b2

SHA256
669cdd6c98f227efc13c5dd3395fb54163c175892238321ca182b9df864b5c92

SHA512
9dd016d28f07c0d8a731177d6406c647fbbe9a77885a066f05c3945c07a59173c41c71c479798323410a707851de18b401af09176835a5912b7790937036d71e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\doomed\12401
Filesize
16KB

MD5
55c9266d5b585a1cdd68dd932c3ebfdf

SHA1
e0d939333ea3071efe6a6c8bdca24abc4315e20c

SHA256
280cc7c79528bf3d2b9595f1ce44ce7a1c3dea2d8621dfa297074d58baed5785

SHA512
b3617bfc253747712abb145d8f594a4f22f12e95a5c2e794317e515c86fe6c0a5673c9918cb1bee85a1764dbc29bf399283f9fa277d40697fdb80eaad581086d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\doomed\12688
Filesize
16KB

MD5
a8a6ace0b6867d65cf55d820a7ee5acd

SHA1
8a63965200e144a332a9f8abd1eabd103b7f7cfa

SHA256
767c173df4a0d09665b494489d68e190bf12aa284cb17200fd973925c6f58978

SHA512
cc682436ed5872e1947a4792bcbc066489329bc72456dbde9531bfde9d24e0a102f58143600cce84e1348aa37da8bc779e55ee7cc803184d90f85f1e71786547

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\doomed\12700
Filesize
7KB

MD5
ff4c26eb2c604bc9b9e586fdea1f42db

SHA1
79bd21ecd90696918fedae090c41568aac38c519

SHA256
f55bc6dddfa19d3fdc5194c96f5bcc16d1c8647f3461d37071e04ea3cf4f1617

SHA512
8b128183ca09a53d454b5aa42e1da30a66eb4ac7cd7444cd277fbfcf96c204462e75488795bd95ab1408decc17538a49857c6d8f81cc476c7be24632ab679c93

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\doomed\12896
Filesize
15KB

MD5
09319cef7b453795840367398b0f4869

SHA1
41af6e441f3c19f073a482efffa6f01b583277fb

SHA256
801b452a75c8e54fd11b93252ae1b4374dd20de9ae0ac08b064ea83db6f760a3

SHA512
940cd994dde3e5dd8269fbd8f5d6514e2e2220b9a0e3b1aa396aa81145f997a22ed283f7a7cfdf9ca2c537afe11257e8276f831322d8bf352552d93934a34602

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\doomed\15886
Filesize
15KB

MD5
45f2b1bcce60df019357d404b6ba09d5

SHA1
a24f54a6e7bc1fe2a7860dec47fa174993d3f195

SHA256
3ab9a939330b58f624b1747ee09878cf6de92cef1e08288b21c61ecc0b0df29c

SHA512
bd1c254eaa1ba6e6f53964f5bed1a0105f2b517bb106534952a21c7cc65c6a2f81976488054ede1b09518899e1e4a80fd3c91f7281596a69626ee2b24629e949

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\doomed\16188
Filesize
69KB

MD5
ab1710efd188747e9a5e87e7e6201b34

SHA1
2c85344c3e03231d5eeca71a76e17db2f4032be6

SHA256
9680bad165d3c9a03638fca411f8f5195c05cd5ca88e9d34cf39ed2cd9802ff7

SHA512
65180c131f0919f0ded90d51bef5bb25ea97e68c644fbb13cbb8651f861192b5c1b8ed4349c77f5613a2a42c58014810d59427ae76118a353c45f448a9e11ed9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\doomed\1975
Filesize
16KB

MD5
debddd3597ea5878eb32edeef2909876

SHA1
f8057ef603211e4e84690e852c395c35a1a68ed2

SHA256
6421a9dd20fa7d045ad435acb324e3e7a870c21d2643cf7732c444be0e9172bf

SHA512
a5626dbe9f940b4a9cdc627ba13e5504f0508a3296a86c633c559b384e5349375e1ab3edebe3771d39482a0fc2b24345d98ede3a14d4517576faa793fa1b7fbc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\doomed\19960
Filesize
13KB

MD5
4074d25bad8e34ea8b7f9fc61ccba67a

SHA1
36188fd1b51c8a2d19615960742f38741ae8fa0f

SHA256
e0bfe26bb555f841d03a01a8c42c21d88e728155685c8b16b1456e15086b65c7

SHA512
b4782a43f3db4b30c294c44ff97908a98380db3f7d228305686777a42a8a53303a7babb73a6566e620068bdd8e3eba7088a63bcc4d5c049a6619b7589b71dea1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\doomed\20191
Filesize
15KB

MD5
5a13abedd8a2ada3d6ec1e70d67e68a9

SHA1
9d8075dd8a98d6a8bf9628a2004aa6a8ddfa7039

SHA256
6734449a7716169c9f289d04cd28830fd339756b602ee9c85d25543012a871d2

SHA512
091de51c8512a4575b90fc08dd813af4fe7d83f0c101e03f24ac16c8f512bd9ddc92a78f90c040b7f291eef6000c71feb2963d98279ff42d9aa2fcc8c1f8f8d4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\doomed\22664
Filesize
15KB

MD5
ff541dd05ee5a95202acad2a61f473d6

SHA1
3f6016a5792be8b45847971595aab13411721a9f

SHA256
2e1ae029bf7112f16cc1063269e16cc499f1d03ccf65e3ec527a0605cc21c855

SHA512
0bc9db24fabd247430bab45d683fd1abcdbeff926ea0b3812e7369ec3edb9d7ce68f105eac70db3391b5b6cbb22db1f8458c3612a7c1b1310c98e756bcadf1cf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\doomed\23727
Filesize
16KB

MD5
f0b5c29876c8120dc59ce57ec80fdfe5

SHA1
b25907eb3bcc231e0c3795da511a3452da3631dc

SHA256
090bd47d1bd34e558404181b0592cd73d92a11d2c15afb3e1f6bc401e7bc44ba

SHA512
5c0d5f2f2d8ebbd7c984d96ea605019013be90b63387969b416ffb336cc92e8bb913c562792ee9e6719a3bfb0d9b638d27ebd130690b1adc44722d098aeeac4f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\doomed\25458
Filesize
7KB

MD5
1f26238efca93501585945f800d79291

SHA1
c394310208e7c38f57207152d75b440c6a44033c

SHA256
3e4bc0fd08f7541e467270cb6b0de0e2b6264c823cf892fcdb560e300b65ebd9

SHA512
3e360f52e51f2c3d73cfd71721be6d689ccad08760678b9de12942a517b51ec996605a590d20ccaac5ebfdcc7134d3062f2136ccb9e96f7eeb3f67d168e23309

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\doomed\25912
Filesize
21KB

MD5
0d724d6a13efd0de169f8fdace0231ff

SHA1
608be865763ea1f771d304e133b74292a79f8cdd

SHA256
b3a26030a3a1462642c402f4fec822b94b726f6510763ececbea1ec95f0c4047

SHA512
41cd4fa23a2015c8d46c723ce9a2589a039116a0203fed46bc7b67c0384768f0bcc849d84f9496864aa77729c2996451aa563d750fa19b099e2885d8373be0a2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\doomed\25958
Filesize
15KB

MD5
ac02c5c4aae6bee20e1ee2defb6eda3b

SHA1
614db4abb2955737f5c7932229c9678c483085c2

SHA256
3c75dad3b09a1579a87b5905245de906e8e220d7bb4860da8abce6af29f91da1

SHA512
108ba0f08dbf7714548053a55b4633c7f016352d903a8c3b8ae517c8712381314e4d3a150f8b2b998d875c0179b843975401178a85fd5049c7c2226736c5273f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\doomed\26491
Filesize
10KB

MD5
4ba2cfeb86fcf5e5ed085beb7ce65e30

SHA1
4d43cfb9edca6f3c24479eb874780eba96109ef7

SHA256
f2cccba89dc8280be23c0211078b0eba26d3a324038dfde05aaf3590abde4544

SHA512
5cd3531af03e055150cf5a7a42ea0cd0af489af7f4ad3c81e495ab216f919120f1df57f059779c6f0e3e49bb50406fb5547fdccceec8067414109f1dfaae8448

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\doomed\30371
Filesize
16KB

MD5
b9a29309b054cb31ef74162956262491

SHA1
d885bbd456d15414c20efa72a8cd630a732138fc

SHA256
d0b4767085f82c3f6c9ac21420d42f8e90078023596c68955005c20ef19d7021

SHA512
c9663de9ea45310de9effb5f5ee9919873886595f55fb10620e9b01038422852163d1cb1501d000a7621350fcaa8520264b6f0aca3151a958425e909980a5f57

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\doomed\553
Filesize
15KB

MD5
c8cbd0e19ce8fef2953415999d5da0c6

SHA1
c6f68aa4e55b40be55cdd912ae45919838ab1a43

SHA256
6f992ee3fccd7766ed5d516f57f4103d64da2138109ec9b53794148ab2ad4535

SHA512
4e0e06a23b931631cfeee3b1e0b8b2b1b8eb94d7bb0930eb90dc8e955480dc3599d72933555ddb6ec41cec690c6bf8a68c1550aed322b83913b2b4fbcc0c420e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\doomed\8394
Filesize
16KB

MD5
bfe18b65f15a50f1ef4278ae96ba4c3a

SHA1
a6e8379ad92ccd9291d9529b7c7f2f921addc9f3

SHA256
258fcce63727b1f4232a603114d3cc234b38e724cb1f87479e182cd491d14643

SHA512
9f9a2dfe97a9438b01bb615a5dc32101bf25436655cedbb084b56a15bd150d26745effa8045f08bdf61722f7970427981dee30a49d68d2064a115903dc3b7364

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\entries\20568CCC2EB2B05CA2DF776E7C53A57F6B8F20C0
Filesize
172KB

MD5
c8eadc3652418f7d5b7ed0d097a9017e

SHA1
7ec81ca0558919fcad19083e9d6ee18e6a4fecd8

SHA256
c76b20484a08fd75cb50b860460eeff162b2e5addb451620015a4847f4d60385

SHA512
82526160cdbacafab56b172e30edc1d631568cbe9bb6c956e067e8612172c2ecb29d1dce9cddf2ad0ff88769c672609ead5f7a827b19c31f37f0dadbfc7628fa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\entries\41AB9980D5DDBB6C969778D71A4B34624E803E01
Filesize
17KB

MD5
5d612945e3977c046de5623fd0381ab3

SHA1
4c0d1932f973a12fd53f6c5311bbd3a40a06f86b

SHA256
2f222f5b8fee41f09780317aa160f029173b73182a4a9ba17bf59ab041c94db7

SHA512
b35d9641a430ad5720120a86922c75f6ac226ff2fb92ac89979e4622a6c432dd95fbde687e313b71abd35abba7beccf3227c79701639c8bfd56fc18865dd897f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\entries\42980566CAB22072566CB15316B62DCA5C89F72A
Filesize
12KB

MD5
6a9b1653ca748e1ca77d21a468fb323f

SHA1
5662ea5fb88f6afb329a2af95a6dda158435b18b

SHA256
fb92b90a1ea293400b0a01541cbda9c39b09af58e7f3f2cd4650176f0689d02e

SHA512
26977d17665d426b6de5123dc40cb4d4672a91ba07646805a4fe32ae7344683695bfdff26d8d8002263f12087d700feb0656e942dcdc6fcec965cb5e6ded9e56

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\entries\51055FBA67EC5DA10D2EB110194E9FF264CDD27A
Filesize
183KB

MD5
9c8893f9fb3bb59395202f58116fe0ee

SHA1
e6cb946d86f91e39f4c82be6712c40756381e593

SHA256
c270fbd56483d1c58b47076a02b508a66bdc54e3d8a4818d4c9ba194de1842e0

SHA512
259b6cca25f322b7d6414813e662936522832ce97c99bb77ab780c0ddfab82124eaedb83a4c878a22b3b09db5307f9bdcaffdfcad075be98b5a37667d349ab11

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD
Filesize
33KB

MD5
1d350d5df60132a19a21774e80aa4952

SHA1
5a54f6f7a7fe6a14da940238334b0aa5a1920d03

SHA256
d89bf101306e932affcc3a484655521e5f5785788b4f7048f09e289c59b21ed7

SHA512
89ff75d12e42f512a79a87ea6687b2bd9f263d1b03999e0841f34cd375dfb7eb52f6b4a554af0f80dc5bd1c86f76217b91b3317378896c921c30bf3f758e6bdd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\entries\6F5D297BCC13E2DB00EFE844328280C94E7CC52E
Filesize
180KB

MD5
c0ecc83be285885020879186ed79c02f

SHA1
e283ecde11d0d3593953db13fdeb1a3bfea7b4ab

SHA256
660ab34c9edced5ca30b5ea0cc2b8f57d90ff2e488d3695eb0bef91ed2ff20d1

SHA512
6677df229ea7872f5e1e9db95fa189d22ab3842b999b3b2afe58c93a655f83571e23a95b4bca7aa68ee404d65b7e2a47032158feda6deea6239f93c35df68c7f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\entries\F4B3ED574280E16FD3205B3D5B76FFA5425CE8B5
Filesize
15KB

MD5
9d1abf9c52a886b2f3647c853afb0344

SHA1
295c44d48c443369b6ac1ad86ccd2d916b87ec32

SHA256
bbb4f0cc51cee56745b57fa58dd1067738c8b3fd229f30fc772547e73fbb6b6e

SHA512
3bd6f90439950b8ee81725154d9e9a574a69a99b45b8971a7e8304dd13999bf1f5d86cff0fca0746de15d1ed95e3cbead9f865b7111da72a78ac5421c8ceb4d2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\entries\F960FD2025D5DA87617369B93B7B3860C8377447
Filesize
264KB

MD5
036846f0e0431cd34de8d03a6a98cfb2

SHA1
323725c9d19d00d4ab96c23fcfb1a04583b986f9

SHA256
4bcfd6c59fd90b2255231861390d39d94d80ca6a31a1889026d78bbaf1fd16f1

SHA512
6ddd4f60957424e5455967b1490df13ca7e05b66a4d74fbe423f9fcf2c503bd8df35ffe42e14eaa427e489a344cffb96b70a2e78cc6bf22266bb6b6842ff04f3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\entries\FEC88CE4335B954C53FAFB549CF02A945BE79545
Filesize
45KB

MD5
75c1f30d8ea3fa12dcf2803359f4f0b9

SHA1
fe910d20296cd48139067734c2d13d7cea727c0e

SHA256
516d1027265a480af7895628c63366ccbdb6efc770ec85c4a69ab29d82ea21c0

SHA512
14f9e154fd1e169a27d2af4edd5aac786146125c34eef2f001256efa7d520efdc965fa9a05e57e7ba4d1c2c1e9c4c9d97bb1f912e03d2a16fd25f921eb4b5fb1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs-1.js
Filesize
6KB

MD5
1d9c67e2470edd9d5ad1218f4e4a303e

SHA1
b1c95bea09069c7a6118b23b90d592b9e7532742

SHA256
1bad3235a8a5d6c0d90228cb326780f0467e65411457625d9db6cbd72ef4d895

SHA512
c66cb0c8cc7ac686b938fda8e17bd9eacf9344602c8a9d554770011a7ecfbdb8edf4e25093b711bfce98470651ae12a9f96f19de3e5e0d81dae4b8157957a079

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs.js
Filesize
6KB

MD5
b3461e0a274131835e8633ebbf381411

SHA1
ce231f20de97602b7b98623b97bd36d6892bddcb

SHA256
28c16bbb0d7475dcba6a88aa9fe5111698458f5f02b8194dd8fe3afee75e6649

SHA512
9af2c7e687dca270a61c082842a44225a19e7d630dbc6b6e90a23d81bdccefdaaac0023708ac2c2bd48e379855ff7d212a66e51746eff18b93ee0c3fabce1292

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs.js
Filesize
7KB

MD5
f7dc88cf0c8a8ab38ca7932cb4005b3d

SHA1
a8d591804143a049a48308b89b385ad8bdeec89d

SHA256
e3bf015c2c4b1e1d4b7767084dcbd9ee581ae1ad49142e69cd8dc2d6dc63e7d5

SHA512
c8a49641ecfa4bacd3e14e9a01788ed31dbe9448b3db62a937f87ec32815d73c49a5255e3e81d4709923864f531785a303e5bed67d7155bfbdf03e7db7b20e1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
f463972a5ff2badb7ac764e767412777

SHA1
fb21e91c5b16b462194e21441e3fb36958e24897

SHA256
5d62eeb3d811ee52b5f2462ea753e344d5f8b7f3ef9b6ad8357b4f85fe8e9d7a

SHA512
38155fd3a70f01e751870058257553f642e137d17be94cba6d70a860947430f5eea29dd4653042a6f78453f4653ef07d16aba4f04ef5f90c510e657b24e4c9fc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
7KB

MD5
c11b140a000a2e1197723c26eb7725b0

SHA1
1d6c8d3877e4a604e92be980204d5521381a9973

SHA256
be3dbfd937179feead23bf48901030631556b2f4bf03c34a0d6f7298c03fdb9b

SHA512
8a8f82db657a60e87a569392251abfa9e8656dad9b55197bfb3749eb5dfce43d6197ceacbc0b2352efcaa3f2dcf467cabc649b1ab3f4b96e2653718a737613bb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
15KB

MD5
07e3a7ff5ba1bc3b8e6d61e7de50c121

SHA1
e9a9a17adb8f990f501062cfc454de36ee654a8a

SHA256
339a09777f985c3fbc5cfb6fdb902d1b5a6d7fad6dd44a00258595c86cea4c50

SHA512
3f88d413ee6f1cc77b593d70bce11d0eea2d75727c48cbd8802a73c4afdc664310918364f3d0641870c6fd8f70bab8cfe6fe702dd2c0e725778d41887ec75f59

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
24KB

MD5
df32d11496027efb30ed08f742c4ccdc

SHA1
73c7252e113a7a1ecb3e15252fdc1c308404ef5a

SHA256
8619318e929121c10b9a6f6dc130b637c4689f5e2d3e47fa33083359c3aba1bd

SHA512
10afe29dac52b81ef84cfd95a52d6807b2e7e1d1aa43481d9d812c346ce690d6d0ace22f55b07b5bf1245474cea23fc176d9e5a4f8ed299ded8df8db8fd0d78f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
7KB

MD5
340e7930812f799034abed70aaee0b13

SHA1
78a396a45916cb766bba69193f45c576990135e4

SHA256
e6caf8568ebbef321b0b37fa41dc091267fb97847ad09581881139af4746317c

SHA512
3d266bee528d3c8f83bb900feb6527b7b5cdc6744bfcca5c6d8d2729d5166a7284b04f20323a901c309ec76dbe62a8bab896aa148a707ea1c5f617e8ef53c56d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
35KB

MD5
c17949cc2a7f30c4567d8c39e53ef0f6

SHA1
662afc54aadd1fa9ac465183d440598e677027a2

SHA256
8452987932988584c43a57ab39ba4c573f74c6b5b77c8723289b324d37747ac1

SHA512
3c2e557b2e23bf3b9eec8b50e641b89d9e11b522eb2335f92d7ef7f41b636885f958c33b6c128d83c8082a9a27e7d375156f9745c157bdd5e46297a3948205f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
13KB

MD5
360516b500d3b3bb95e82f8008d3df35

SHA1
2206dfdcd829c3f5ae0a57f5b9b9fb2dc97fdf35

SHA256
7ba0ea846eb6ca200e4271f6596b0db9369a926b0b2274894ec61ed2fb359b8a

SHA512
ed1eed02d8a3051b872905c4f49e9577da685111c722ba5159e50420f76ca126c9c1f3324e0b0098eb8c44b8621802c4e5cb534a7f728c79aab9b41d51dd4cda

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
20KB

MD5
c9e89a492a781f69600bd05695742a0a

SHA1
371be21d616869ce86d01b04a1c2338da0b8b89c

SHA256
cd496dc6eed342071e4e6333e1a9cfa47aee2058c0fd50a9661f175664f24f1e

SHA512
00713398149572d6b9eaf744710d3014230119d10157ef811dcc5054aa9e556d59dd379457b3eb434696e5506339b192671df2ea45f92cbb6761df22867582cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
33KB

MD5
eb6ea4c569d426aba84af147d8059dab

SHA1
6c60e12b9e5fac0b1371242d5301fee7f791f997

SHA256
9d229557d89be8b5089b2b0de656cdfc29c00524ec78d97b1cb58243866da3c8

SHA512
a247df97911d1d82fc4c485ea41bde29c928d75e02b3bf178f4d1ac0a3e7fbc81b5bcc642344596925fdf606e37de5ab2e9f2978b1c0de041f9aed83aa2e72b2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\storage\default\https+++apps.microsoft.com\cache\morgue\152\{1839e025-2c7e-4abb-8206-c14abed27798}.final
Filesize
29KB

MD5
9f0bafed34785b89c8ec89afc94fd928

SHA1
7d750f93ebc49b53f5eb347466c29405bde580f3

SHA256
947d630abe94b2b1baca2af65db5789fd6636abb35a8ee582cf9ec44cfee19e0

SHA512
11b1a98b2d41b9fe68ffb53c7aea5bfc54c324927cc628cd943fb5c82fffe2edae81a148114acc54e353b54302102d64fbe3232b5adc403b66e4bf2606fe7ef4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\storage\default\https+++www.xbox.com\idb\3155603766SrterledanmaCHlgioeLn.sqlite
Filesize
48KB

MD5
0be2f3da6b798d11d262155d387122da

SHA1
747f8cabbcd2e316fcd10447ead2dafe488f3649

SHA256
d598a4ee5be0040114728801c518bed428bb2552aa61a2d2091d34122e9e92d8

SHA512
7df59b42862bf04a0214816f1fd7fd51df0b9558a1daa604816a36362caff73762cff210ed23b6eb04fce651d098ce1b78df529b773899205e0a1d95ffe57855

Download Submit