hxxp://techsta[.]link

Analysis

max time kernel
313s
max time network
312s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
17/05/2024, 08:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://techsta.link

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	2756	firefox.exe
Token: SeDebugPrivilege	2756	firefox.exe
Token: SeDebugPrivilege	2756	firefox.exe
Token: SeDebugPrivilege	2756	firefox.exe
Token: SeDebugPrivilege	2756	firefox.exe
Token: SeDebugPrivilege	2756	firefox.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe
2756	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2756	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1448 wrote to memory of 2756	1448	firefox.exe	78
PID 1448 wrote to memory of 2756	1448	firefox.exe	78
PID 1448 wrote to memory of 2756	1448	firefox.exe	78
PID 1448 wrote to memory of 2756	1448	firefox.exe	78
PID 1448 wrote to memory of 2756	1448	firefox.exe	78
PID 1448 wrote to memory of 2756	1448	firefox.exe	78
PID 1448 wrote to memory of 2756	1448	firefox.exe	78
PID 1448 wrote to memory of 2756	1448	firefox.exe	78
PID 1448 wrote to memory of 2756	1448	firefox.exe	78
PID 1448 wrote to memory of 2756	1448	firefox.exe	78
PID 1448 wrote to memory of 2756	1448	firefox.exe	78
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 1628	2756	firefox.exe	79
PID 2756 wrote to memory of 2344	2756	firefox.exe	80
PID 2756 wrote to memory of 2344	2756	firefox.exe	80
PID 2756 wrote to memory of 2344	2756	firefox.exe	80
PID 2756 wrote to memory of 2344	2756	firefox.exe	80
PID 2756 wrote to memory of 2344	2756	firefox.exe	80
PID 2756 wrote to memory of 2344	2756	firefox.exe	80
PID 2756 wrote to memory of 2344	2756	firefox.exe	80
PID 2756 wrote to memory of 2344	2756	firefox.exe	80
PID 2756 wrote to memory of 2344	2756	firefox.exe	80
PID 2756 wrote to memory of 2344	2756	firefox.exe	80

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://techsta.link"
1⤵
- Suspicious use of WriteProcessMemory
PID:1448
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://techsta.link
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.0.151183821\2127211308" -parentBuildID 20230214051806 -prefsHandle 1740 -prefMapHandle 1732 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce74e77c-6da0-4bab-a9a9-701522b324fa} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 1832 1f0a77f5b58 gpu
    3⤵
    PID:1628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.1.1739230390\1461693784" -parentBuildID 20230214051806 -prefsHandle 2364 -prefMapHandle 2352 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2bdeca31-1786-4239-b668-b131d7b895ee} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 2376 1f09b985c58 socket
    3⤵
    PID:2344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.2.1802383023\1424301055" -childID 1 -isForBrowser -prefsHandle 2956 -prefMapHandle 2952 -prefsLen 23028 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {307bda56-0b79-4f09-8c18-ebae99294eaa} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 2968 1f0ab636258 tab
    3⤵
    PID:500
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.3.474376818\1590633598" -childID 2 -isForBrowser -prefsHandle 3644 -prefMapHandle 3640 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55d37f03-3e7b-45d6-99b1-2082bb90f083} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 3656 1f0ae39bb58 tab
    3⤵
    PID:4488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.4.644465115\1104295919" -childID 3 -isForBrowser -prefsHandle 4956 -prefMapHandle 4952 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {006e3465-793f-4815-b3e7-2ab078646fdd} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 4968 1f0aaa4af58 tab
    3⤵
    PID:1168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.5.876207463\1087691936" -childID 4 -isForBrowser -prefsHandle 5112 -prefMapHandle 5116 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {497e161c-219c-4e33-afb4-289d042ba947} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 5096 1f0aaa4b258 tab
    3⤵
    PID:4480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.6.1827477233\1588283888" -childID 5 -isForBrowser -prefsHandle 5292 -prefMapHandle 5296 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0fa96ab8-15e8-4e44-8c7b-9721cc6992bc} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 5376 1f0afa5f258 tab
    3⤵
    PID:2800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.7.1088578589\523766229" -childID 6 -isForBrowser -prefsHandle 4956 -prefMapHandle 2988 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de684dd1-cc81-4788-97da-872ffab7c34b} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 4596 1f0acd7ce58 tab
    3⤵
    PID:2592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.8.1585799972\1259872220" -childID 7 -isForBrowser -prefsHandle 5940 -prefMapHandle 5912 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0db7698-5070-4cf3-86ac-7c52b0cd4b0b} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 5952 1f09b940f58 tab
    3⤵
    PID:4660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.9.736592233\1634320643" -childID 8 -isForBrowser -prefsHandle 4152 -prefMapHandle 4148 -prefsLen 27774 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e519d9b-b643-4492-9f9e-652e4d3b0f5d} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 6168 1f0b13cbd58 tab
    3⤵
    PID:3200
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.10.104253482\1775022977" -childID 9 -isForBrowser -prefsHandle 3024 -prefMapHandle 3236 -prefsLen 28175 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec04827c-7d73-400d-878a-8d6710b3a4f6} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 4584 1f0acd7c258 tab
    3⤵
    PID:1800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.11.1623930453\93011920" -childID 10 -isForBrowser -prefsHandle 5308 -prefMapHandle 5768 -prefsLen 28175 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {036e815e-d1b1-4b97-9e03-7e0403bd9eb8} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 5688 1f0b01cb158 tab
    3⤵
    PID:4852
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.12.324006708\593313054" -parentBuildID 20230214051806 -prefsHandle 8148 -prefMapHandle 5260 -prefsLen 28175 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {28d71ead-b632-4466-b297-0f07009303b7} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 8136 1f0b22c2f58 rdd
    3⤵
    PID:2584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.13.864772105\2000313303" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 10396 -prefMapHandle 6476 -prefsLen 28175 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ad873a9-68e1-4dd0-a67a-7e1dbfb95767} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 10388 1f0b22c3558 utility
    3⤵
    PID:4132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.14.135329391\369192270" -childID 11 -isForBrowser -prefsHandle 7952 -prefMapHandle 7988 -prefsLen 28175 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {92aadc47-e206-45ef-a01c-e41e93eda586} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 7944 1f0b193fb58 tab
    3⤵
    PID:1936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.15.545637584\179405517" -childID 12 -isForBrowser -prefsHandle 7892 -prefMapHandle 7896 -prefsLen 28175 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d22f911-d364-40c6-bc0e-7a95e396328a} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 7880 1f0b296d558 tab
    3⤵
    PID:868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.16.745002605\1042991548" -childID 13 -isForBrowser -prefsHandle 9984 -prefMapHandle 10096 -prefsLen 28175 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9945d87-3bb3-4334-b0f8-2ccb5c7acc2b} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 9976 1f0b2d53e58 tab
    3⤵
    PID:1368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.17.254613333\912435071" -childID 14 -isForBrowser -prefsHandle 7956 -prefMapHandle 9960 -prefsLen 28175 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a26f8312-a582-410c-990c-1bc8c44496a1} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 9904 1f0b2d54a58 tab
    3⤵
    PID:4412
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.18.1919578587\713276209" -childID 15 -isForBrowser -prefsHandle 4636 -prefMapHandle 9960 -prefsLen 28175 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2668246b-a3b6-4b48-bf03-ed7868b2dbdb} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 8000 1f0b36e4b58 tab
    3⤵
    PID:4536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.19.222217728\1333480567" -childID 16 -isForBrowser -prefsHandle 9784 -prefMapHandle 9776 -prefsLen 28175 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1abb73ee-95c6-4c22-97f8-753cb81f8649} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 9792 1f0b36e5158 tab
    3⤵
    PID:1096
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.20.584123293\1832530890" -childID 17 -isForBrowser -prefsHandle 9680 -prefMapHandle 7364 -prefsLen 28175 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {953c3616-8e5c-4900-919b-c6416fcbac0c} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 7324 1f0b3dde058 tab
    3⤵
    PID:5320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.21.1993432695\544297620" -childID 18 -isForBrowser -prefsHandle 9544 -prefMapHandle 9540 -prefsLen 28175 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d8d9a16-c1f3-4097-927e-1c4577345329} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 9552 1f0b3ec0258 tab
    3⤵
    PID:5328
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.22.2065063000\682326614" -childID 19 -isForBrowser -prefsHandle 7192 -prefMapHandle 7188 -prefsLen 28175 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2a8607e-d668-44df-924e-430a91d05990} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 7200 1f0b3ec0b58 tab
    3⤵
    PID:5336
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.23.82856647\730482282" -childID 20 -isForBrowser -prefsHandle 9456 -prefMapHandle 9460 -prefsLen 28175 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ab48198-ff41-496a-9f17-f4ac2030cfc7} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 9444 1f0b3a0ba58 tab
    3⤵
    PID:5408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.24.981642187\831029790" -childID 21 -isForBrowser -prefsHandle 6780 -prefMapHandle 6840 -prefsLen 28175 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d102665-aad3-4603-bbf2-7cf2c0379915} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 6948 1f0b3fc2958 tab
    3⤵
    PID:5808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.25.1611382683\549214168" -childID 22 -isForBrowser -prefsHandle 7144 -prefMapHandle 7140 -prefsLen 28175 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65e53ab6-5b31-4621-8b60-3629c6aab008} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 7148 1f0acd7c258 tab
    3⤵
    PID:5348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.26.257175886\1838369198" -childID 23 -isForBrowser -prefsHandle 6572 -prefMapHandle 6576 -prefsLen 28175 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91f149c7-965a-4f90-820a-70bde6467817} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 6620 1f0b13cb758 tab
    3⤵
    PID:6064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.27.79512808\1903036923" -childID 24 -isForBrowser -prefsHandle 6580 -prefMapHandle 6564 -prefsLen 28175 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa6f2f55-cf3b-4871-915c-2d8f9dd9e27c} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 6528 1f0b13cdb58 tab
    3⤵
    PID:6072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.28.1097656854\2038509373" -childID 25 -isForBrowser -prefsHandle 10552 -prefMapHandle 10556 -prefsLen 28175 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a04f02a-8a5e-4c6b-8b16-03e05dfccdd0} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 9320 1f0b13cde58 tab
    3⤵
    PID:6092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.29.467543476\1190571798" -childID 26 -isForBrowser -prefsHandle 9964 -prefMapHandle 6480 -prefsLen 28175 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {813b7aab-c6e8-4e3e-83ef-2fe7784076ff} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 964 1f0b01cb458 tab
    3⤵
    PID:6788
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.30.2081081502\1190382774" -childID 27 -isForBrowser -prefsHandle 4664 -prefMapHandle 3032 -prefsLen 28175 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a70c0b2-d70a-4423-8428-3c781daa0de3} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 6368 1f0b1357358 tab
    3⤵
    PID:5036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.31.876131284\995714756" -childID 28 -isForBrowser -prefsHandle 6400 -prefMapHandle 5308 -prefsLen 28175 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da085712-fc8f-40b7-8b03-0695ff1f78bd} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 4612 1f0b2d54a58 tab
    3⤵
    PID:5276
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.32.561852952\2117683" -childID 29 -isForBrowser -prefsHandle 7140 -prefMapHandle 5112 -prefsLen 28175 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b7b771d-4ee6-44fd-932f-10e051c04d83} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 9348 1f0b39a8d58 tab
    3⤵
    PID:3852
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.33.950509103\661590274" -childID 30 -isForBrowser -prefsHandle 10396 -prefMapHandle 5180 -prefsLen 31308 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f04fc778-08ff-4975-a7f2-9e499e924559} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 7444 1f0ae040b58 tab
    3⤵
    PID:4332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.34.246343484\1568286791" -childID 31 -isForBrowser -prefsHandle 4084 -prefMapHandle 4080 -prefsLen 31308 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {798cd7a3-46cb-4c95-bbde-a020ee9d3e5b} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 7300 1f0b3dca758 tab
    3⤵
    PID:5716
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2756.35.76095303\742663105" -childID 32 -isForBrowser -prefsHandle 8376 -prefMapHandle 8368 -prefsLen 31308 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4239335-e8c1-4d31-97b3-030c48ff0c4f} 2756 "\\.\pipe\gecko-crash-server-pipe.2756" 8380 1f0b3dcaa58 tab
    3⤵
    PID:1076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\activity-stream.discovery_stream.json.tmp

Filesize
27KB

MD5
5be6e541ebda97133a01948cd343a197

SHA1
52396f7b28e9f2871c6a71153a8bbbcda2faca8b

SHA256
ede13396501fa15d325d0fdcb65f4079bf66566f0d713769a743d40369ce334b

SHA512
ade67bcebc8515a0df50f69399ba0491f4cd88970ee8d229191c3b3d77ba1d03f6a47ce59282ce0b3768c5499f41286f703b58d97a81fdd26575bf642edff8a7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\cache2\doomed\1003

Filesize
21KB

MD5
92c1cdc4afb696df8ff54eadb47bb3cd

SHA1
83d1c9203881f2f9be975afe995e67f4d41cb918

SHA256
e3ba6d9ab9585c585c281d8994c5d7120279b95572afed826bd2a34ecfcf32dc

SHA512
e621b5976a1f1a597a218d12374432fd5ed5e7a608d0efe52b13fda056d900f7204de6e8ee080d9dcd671cca700c286b71ead7378f2f8de7882e03336f434afb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\cache2\doomed\12539

Filesize
9KB

MD5
0ff308ced44649b2bd41181118a83516

SHA1
4513c1e6e873ac8fb897271994eebe99dc6b8cc4

SHA256
d7d5708bd1adfed5558d95dfc8d3f411689587ffd8aab25cf33cfc5ebda46f89

SHA512
464a95f74272cd0f3ae23856599519f6a4ca59b75f0fa52f5bf64a0613a84d4c3ca05992e815c989451582c04a1ef8f2bcce20212bdf634e347dea690f92a69a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\cache2\doomed\13436

Filesize
7KB

MD5
c0a0e0fcdfd58ec288d16c0b44a56356

SHA1
2f33ec83e870b28e3ef8c97de4f84a786f16ebd9

SHA256
34e5672dbe2d368365cba90b9fe1fe0627e28dce6fd98830a716f9f06ac7d907

SHA512
6a5391dedc728bad8b8a8b9b69128fc0d517e8473d68817dbfdd6578d4f0d633e6fc4826698ce8832ed83d1f07edb0146374719b481de2fa077659a8a6442c1d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\cache2\doomed\13773

Filesize
9KB

MD5
7e652cf77f5d353348a46be1503c7e13

SHA1
dd2dc94ba6c472bf1c4b437c49f1724fe2edea4b

SHA256
fa0867d9f0d411dbd49e28090d50a13ea9f46898c9135232153aa0a9feac709b

SHA512
815b52e2a30ef1693066a8b155e38341d85cd09eff2f34def84db4f8708d17287a020f804ee9e3cc80085540faa976ca3e48a62e5ef82a6792f08d625f03228b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\cache2\doomed\22637

Filesize
9KB

MD5
e638b554de7a8b0a0953a3ade23d11e1

SHA1
0a18bd808fd823d5db8680925f3a52da8459d039

SHA256
092bdbaea4517a0c4894b070690d6eb43d34af3707baddfef5b43c7d7695bec0

SHA512
add729bf650a0298871954d9d004c128b2d1a568ffcfb52bf681937879e0b0a191ab55aa60850599ded2e57f21146f60191c977c8bb3aefa3db8a2931632c535

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\cache2\doomed\23089

Filesize
15KB

MD5
2436267b349f8491f4c4922b432d25eb

SHA1
37759c749b85b8cfc35804c142a4d33d680b5a4c

SHA256
bc59a4a2b795a8ab99cb1b265039479eabff61fbe17da7108d8b2f2b0dec4eea

SHA512
5135dd504daaec09de09c9c4af40f0d66b8ca9d9dba6219397c7fb7dde0f1d847ea5c82fc6fb340442a1fc5f782d9c4e6ad39e9ded8f27204d3d619ba2658f12

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\cache2\doomed\23862

Filesize
15KB

MD5
cc9bc7c5eace3bf368dcf010a0137f0e

SHA1
e71f25e80a04c22e51d810b9a57eeb989363c0f5

SHA256
f6b3feb7f59aa3372c072440c853539a99b915815b5b798dffb9dd229a184ff1

SHA512
7bcf48d23898c3fe634b7a0be1c4109527389c8e15aaea3be6783c48d6bc24660918aedb130e10fc78e452733a6ec84988eee1b349b8edba02edba84e547668b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\cache2\doomed\29055

Filesize
7KB

MD5
eba452390f1b4f5f9266ac0f0766b321

SHA1
3a073907de24ccd04af1636267e7ba2840aa7794

SHA256
92d7f29126d2894c01518f0be37c97007d994e4e1d27a230b7c17ca1f964e9d7

SHA512
cc7fc01420d33a0890a967af2d85c42d00e5edff424ceda762946f1f0889566e6d6452995ccbd98d54cb2d083737c1ca16cf3b249e31e4845602a68f9a3f9db1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\cache2\doomed\3608

Filesize
21KB

MD5
50755ab42926f834c1668f2fe5cd741e

SHA1
2f92d6b050a6703a680fb2354726a02ab20f861b

SHA256
168a8ef62988bd5b52b278f460276a979c715239690651c8d9be4f7abafa29db

SHA512
67c5b2defee2d7688324a507390c7a80fb2c29a17bdc6169050191078916964885969cff82c0e7849ef22105e6b2f0ac5eb5c9cc24abbc9a17e79a7c7e1d8752

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\cache2\entries\36616F54E28132D0FFE21DB63905468E97D24656

Filesize
14KB

MD5
6edf8f69d8be8facffad4c018f8103d6

SHA1
199a27e56eeb2f6a591810697f971f418c41c4e1

SHA256
dcf00785e8b5d9ba1a657c5b243e60ea02bb4a196ffc8c46b5fad2ca5fe950f5

SHA512
39b8b612706311cd853ac97ee9f498d5ac6b5aa1b2f092e65eb5e5a43b4699b1ff9b23120067a2a26b1380cdccfd21be4e4d2451b28ffd68c2972764cbbedecc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\cache2\entries\4259FF87A2540FBFEDFFDD2DC56BBD4D833C02FE

Filesize
22KB

MD5
caa2bf52c348dbf473e8aa859e5a3c85

SHA1
2fec2eb1942596de6d256f5ccdfa5d77a5d9b096

SHA256
28af53d4b8abdab8a2271a6114539017fea95e65b5ff492511625504d19e91c0

SHA512
a9875fcf434d1ee08794842535761646c2d59098bb63c0776c63bb4c80aaaca49abd6ba8e21917d0bc34a7096f5fc1c8c2fca93e9c54ec125fa0ae5d55b792b9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD

Filesize
33KB

MD5
48d2b58767c680cde4af031d6db54ab0

SHA1
b9bd0db2c07e7b4284c82f17584c4c6aafe36301

SHA256
1ce26324ef7178085df405f0084d994e9bfbf2bf2d857b3d7f859f8f9ab66ba4

SHA512
82668e0894835895c8aec8587e2664b0a1e7c011925518cde2dbde2f737f9bfbc5f95aa64a510451cfcf991099cce068f5d8176c45b059e10cc9b5e2cab57fca

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\cache2\entries\A6E9BDDCDA511C7E63FB720CAF1ED28B38FFC0C5

Filesize
42KB

MD5
09985fa2abeaab86d93cdab399c50f5b

SHA1
3d3d301005280f18a145cca45008d34dd4ad0eb9

SHA256
e425ba88e5d7f523a4aca11a3d1ad4bc8f1849cc95191db24645c3520b92c7d4

SHA512
1deb56ab1fe03e8385167935a8d732ad15d4d93ed370ca9209dbeba228279c3b10266aa349139dc56a36d493ccae2e69603eb0456885cc07866efd91efaa734b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\cache2\entries\D053F0A83725F12565368EF125EB673B50FE83AA

Filesize
113KB

MD5
cb4c5acf88c25fd49616d3c64eebcf45

SHA1
4f4df6be8c708149c6416f14ed60af0b01dc72e5

SHA256
f61e6cd2df9895de0738c742975830797d527e79ce3f06b91613a4c2f6fc4c31

SHA512
399fdea964404ef26eb54a74ae72a6e1f18bfd80c6174c6bca92001fec394453c63c2a250e2188e274c78ff88a670ee9e1ca0378eeb5f2485924d3a4fdc2918b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\cache2\entries\E6C9CF8D6C1A54CDAE9B3B9D06B65BE35B86B9C7

Filesize
54KB

MD5
7537b2dc46a973a12f1d0a3803073f21

SHA1
466081083b951b5fef499e6d565dafc563347aff

SHA256
fec0c970d0991f9a42d94367a05e170d422a10d676cacca13a26477e211e3edb

SHA512
7da54ba77be69518217f933993e436dfc4c1175f013a7df9f909833f19d6141140783f50261dd1b2d4d28685fa23e14675c22bc97aa97c1f4a829a9c11ee0470

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\cache2\entries\F4EFE37A30D0F14C6AC03FF7949A51CBC2EBC649

Filesize
13KB

MD5
eaf34b5cf3c7335c261cd7b7974141e6

SHA1
e383ee2020cede812a305f44d050218452137cae

SHA256
9ad8917f3b48a4f792964f0cfb62374507423ae00e5081d96591a76085501997

SHA512
6d9543a2de9336cabdd1b172cf2feb2116a5c351dda6d0c7b4209a6b43b9a2911e6ef2882d67724292bb2ddab46b91570bcd50d011f384bfe72f2e5bdaef568b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
20KB

MD5
342019d6ff643611cd203cf21edfb98f

SHA1
16d4e168e69f11eccfb664636bdd0612a1477b88

SHA256
4ce11c8cd9aa7dca023f68135d511fae392a6f072cadc808fb5608239120c589

SHA512
9c4d6cd455e70e5d56a53ee039f0fe79b1044a63832f68d77cf3a75f1df08b7dbd636b7904db6831e1f0c8ee386a7c0c6a9db66002edbbb8175027021693bc38

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
17KB

MD5
2548c8ac995396313d89fabf824e86b5

SHA1
5a9079aad99551becf5dd1a4740ca0680b70da87

SHA256
8a6060f23f52951b25ce2c0ef935e756c6525d54c500cce25b4e9f19f1864135

SHA512
2f0a76e0e563bed01d63e0405078cd071b0f2121216684c07635e016adffb194342aba66a63e33a1be153946d322c22acc100eca6fa8a8138e9906bf669438b3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\prefs-1.js

Filesize
6KB

MD5
24ee51c5dd95ba71694a6610d2716904

SHA1
07d92fc388d400c71ff8ba434a2078e939fdd852

SHA256
931a17c4b1d6298627b6a3145fe969f70b59e7cead07816043e7dcab160ff709

SHA512
13ed6ccf7442a1805e3d99c02fab27a59508dfdc33b4ae99407e7bb44ccf856760f5f54eacc34167e91788f014178d69efe7ab92c8e9b6872e04c86e22bf387b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\prefs-1.js

Filesize
7KB

MD5
d1c5997b8daf8d5080d2064a582a20e2

SHA1
b68ce38b47edbe055898f3d18a230d43248b1c1b

SHA256
834d65ef366326113ec90da76420bfde49f671be96ac14b7968fe276ed91ec9c

SHA512
bdbaf4728bb10e875603bcccb0df5f49a492021ae5a50dca31a408f57e4401598582eabba8edace388d76eb83bfa5989d19d51f68eb612d54ee060c24f1235d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\prefs.js

Filesize
8KB

MD5
1403aaa762350c0ae86cc6da563fd5d5

SHA1
78473e12a14f7b5f1bef552ed695cc7e2e00e8cf

SHA256
5262e95c7e187bded747ee254236f4bc33f9a4ee021e320cc057cd5127016741

SHA512
62cf4291121ae127f07df7fd857d47267398d3e6949f012f841298d492b107a56ff89786f1022811f4eaf16ce561dd08d7255e569bd76cf1c854a24f9dfe9ec5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\prefs.js

Filesize
7KB

MD5
afe433d64b2d24fc83dbbd9c6dcbbddc

SHA1
e0ff372b9a9fe49e9bc04eda66c607cc3224fc85

SHA256
08655d27a3785a7f203ff2628957fca5b440a8bfbc17c8b0c42192843dfe5789

SHA512
edf83c5d03c4b7baa374e5b50b94aa2b9863f7bbc71588bc12826e9b4f87f1cee8a4eaefb70af981f52d6dbc1f1f57645db5ce76112fb49866c0406d35256b35

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1018B

MD5
5653225c5e2ecd838a41a4f6e0a6c147

SHA1
ace412955ee5f3c5d08879e99351f46364c72beb

SHA256
db46e4b5162f7aaa685722a5e2526f2fd948d7bbea9e97aa5b153aa41692d079

SHA512
e8c619f157ee6922f4b6111c8f5282b94938d32c6f554f078972fc32b498e730464481f23f4ebc239ae820a8a3c6ddf5152adb4f25dfb12e53845d988bf6c737

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
21KB

MD5
e6aa9739dfa50b3763dc38cd1bc426e2

SHA1
7e39e27ef291299ca334bc047c555012a3aa3574

SHA256
43ed9c5df1ad0a8478b777108014502cc61f5b77d59e6630e273c9349587c977

SHA512
c4e86e269d342188762f671be8d28ab6fca7b141b4615ed63df3eb7ae0827e317ea1cc5140c3d39d0724dda0f7a54fc90fa44f9dd97fcf6a356b2eddd9326af9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
23KB

MD5
86e774978a3493f57fa27d5fddeb9df1

SHA1
eaad742460ae85527c2b2a82a4f903143484685f

SHA256
afc334af0b7d7fd2a8f2e133f52c520c31466c50d539400e2c39bd3d095fc7f5

SHA512
c380d1de65eeeb9c3b4e9dab368f79dc75d3a25b038ba4375d31b960381b0b068fbb162e11f0710f7f054494e2dfd32c211c27dad04a6dddec6d43a7fcdf53db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
20KB

MD5
8b4c9712480244f8271f88ec2a2f715a

SHA1
e5de367537caa8f7a75f71d51c302c97760e6f53

SHA256
40dd72919da7a7868504ae4fd1da583d02b92c30e35c5e539096b13c9886f7e8

SHA512
9f4b2f2a89d4d2680104c35ba0c947a1630ce47bbe700ea46c4d12c1fd421e438ec4b1a8f1ba5d695cec9ee7c61b282d1d0f9ae89fb71e7db556e5fecbae19a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
24KB

MD5
b2d7c1034737911f173603ece48cc04d

SHA1
55b9eb44868e3b928fa9a5ff41c23ed148b9f7ff

SHA256
0e6c5b9bb460c6dd3105fcf8d8d887af4032d389087f5d0d7b19cb5e2bd0093d

SHA512
743395aec63afde41e6b8a8dcdc1eb6010229654a8bad35dd13a065c4821bd80889adbc23a0ed2bc3e88fcd69aa92132070a3e91f61564ac3373c2a09de448f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
21KB

MD5
03c4c78b14b78c8f9db1bed9587dbd08

SHA1
97efc5e3ac6c4b36c8baeb7911d3b248bfd589b9

SHA256
1b14be0519fc2d738621ac2067039ce4c47de55910382ff86e77739eb010b137

SHA512
094b7757a5e0bbc6a6df79d7ede84062c12a0537b02a9dda99d38a9b14f1e3d0d0ee70e25b03e8df981d08d65fcbb856bf983666d3a66eef63834d96bc76acb8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
25KB

MD5
cb1aaa8c23ee879cd608699025698cdb

SHA1
c9d55360f1692c46d886942723154ba1b8c4150b

SHA256
0f46746e95c051366a047cd157dd325cdf298848b291b4477da9c4ab160f8a6a

SHA512
455b6ffae6eab3e2ef1dfb3f88456a5bd1580f307a51e7862c69004210dd99efea0764190ae500e8d6ce5862f948d3ef5b9b694a1af04e50563b2656af131255

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
24KB

MD5
86a081050a114b81389358b507ec8fd2

SHA1
12c8946b5a15eafcbb9b4f61e5565e6fa5c0bc28

SHA256
d0fe7988ad4eb8712de5b7987ab960ffdcaa2711a2343860450f6a517b6adbf1

SHA512
77d657b4da224efb9bd98e18ed2fbfd21682de2c3c717edb16258322720384576688c6d20be825fbf7555d4635f0d7ebbd46766654c65669e0e44a5a443865a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
22KB

MD5
b25138bd818c80d18294905509803c50

SHA1
6812d906b121b78534bc37a203a9a431a645b881

SHA256
a5adacce4f483307c7a3f171a45d30e6e5bb5af090e8e763bcd367f44019e0b6

SHA512
f663f13a7c04d70b3bd214240a952939a089cef6611eaa59b45aebf361f5a596d1f0ac58380a6ae67ee743a1a5878f21de39230b59e3f330fb2823bf2ab88a11

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
25KB

MD5
2348d711a18c41bf825f6f621fa94657

SHA1
ef6b5dab3dbbf23df823f779d1dc1cbe651eb4e2

SHA256
d51dd656e67e774995703782e0003a4796021c351c7c2a7164498525b88e075c

SHA512
3b88ad8986252dee3e263e2369fd824086cdf8a5a2edbc180291385e872808ace7a851d9c56305cd11ec7de64c7e1f1d2c78bb801e305d04b48167d6c6fa88eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
24KB

MD5
610754e86f458e2cab97b0574772cb4c

SHA1
e7b6cdab41345de91858174ed038f6100e86b0ef

SHA256
62569ff0af40aacd7dab0e12b4f373c084a52f05972b3a27f087a28a8c12363c

SHA512
c389470f7bd8c4300f7c72141809d51d30543c017a569a286ff57e90bee1556195114aab9efdad3bfdb552d6f58646da43e6a57ca470d0c764b2a14d3dd41d70

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
24KB

MD5
7279eac044154a35e7b9ebfa1707b80d

SHA1
3650a622a125a761504d62962d0271ba6bc840ba

SHA256
1ae11dd16cf8247cf98b8df4073f54301d803227ea8ba37374907b136c4cf7d7

SHA512
e4d4a5a2fce38cfee947f0c8661298fa77bd880e6d80492ff05beb11bab584b784811672d0e5fac5e55b683637a9345cffb7ad6f5eb68e2bdac4fcc08a9120a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
29KB

MD5
bd448fe4a10e593dc6032f7565d21083

SHA1
1f88a3ff1f31f6b1b2944fc7d01237e8fbb51667

SHA256
fd5823e735e3d8748d22a71ce05290d7758aef4d77578994f1dc5c0967233de7

SHA512
9118fa9c2aaccf519db7e54546d0e2fc089427f5b106d35c0e6cc11daee036769b73ad30986c87419ee77fc9c465c83841eaac7b9a0d3d95b873eb109d14f874

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
6.4MB

MD5
e54e9212581503fd0ce4a89354011a1d

SHA1
a0600ffaae46c7b693d2d318adc1334fe586d954

SHA256
2e2003d7fbbc5f03daac2e8541dfb26ded56b26291c8e79ae2e00cb1e23f44b0

SHA512
989a286890439ebae2fef59039b7790031e201a28f916b8d823a666ea51c0755c6e398455e8eae0cdd1ba825f829ac358075ab7b7e0535443c0c25d47ea0607c

Download Submit