hxxp://Roblox[.]com[.]py

Analysis

max time kernel
299s
max time network
301s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
22/05/2024, 17:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://Roblox.com.py

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	4804	firefox.exe
Token: SeDebugPrivilege	4804	firefox.exe
Token: SeDebugPrivilege	4804	firefox.exe
Token: SeDebugPrivilege	4804	firefox.exe
Token: SeDebugPrivilege	4804	firefox.exe
Token: SeDebugPrivilege	4804	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4804	firefox.exe
4804	firefox.exe
4804	firefox.exe
4804	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4804	firefox.exe
4804	firefox.exe
4804	firefox.exe

Suspicious use of SetWindowsHookEx 14 IoCs

pid	Process
4804	firefox.exe
4804	firefox.exe
4804	firefox.exe
4804	firefox.exe
4804	firefox.exe
4804	firefox.exe
4804	firefox.exe
4804	firefox.exe
4804	firefox.exe
4804	firefox.exe
4804	firefox.exe
4804	firefox.exe
4804	firefox.exe
5996	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4380 wrote to memory of 4804	4380	firefox.exe	81
PID 4380 wrote to memory of 4804	4380	firefox.exe	81
PID 4380 wrote to memory of 4804	4380	firefox.exe	81
PID 4380 wrote to memory of 4804	4380	firefox.exe	81
PID 4380 wrote to memory of 4804	4380	firefox.exe	81
PID 4380 wrote to memory of 4804	4380	firefox.exe	81
PID 4380 wrote to memory of 4804	4380	firefox.exe	81
PID 4380 wrote to memory of 4804	4380	firefox.exe	81
PID 4380 wrote to memory of 4804	4380	firefox.exe	81
PID 4380 wrote to memory of 4804	4380	firefox.exe	81
PID 4380 wrote to memory of 4804	4380	firefox.exe	81
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3460	4804	firefox.exe	82
PID 4804 wrote to memory of 3780	4804	firefox.exe	83
PID 4804 wrote to memory of 3780	4804	firefox.exe	83
PID 4804 wrote to memory of 3780	4804	firefox.exe	83
PID 4804 wrote to memory of 3780	4804	firefox.exe	83
PID 4804 wrote to memory of 3780	4804	firefox.exe	83
PID 4804 wrote to memory of 3780	4804	firefox.exe	83
PID 4804 wrote to memory of 3780	4804	firefox.exe	83
PID 4804 wrote to memory of 3780	4804	firefox.exe	83
PID 4804 wrote to memory of 3780	4804	firefox.exe	83
PID 4804 wrote to memory of 3780	4804	firefox.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://Roblox.com.py"
1⤵
- Suspicious use of WriteProcessMemory
PID:4380
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://Roblox.com.py
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4804
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4804.0.325161692\1056059496" -parentBuildID 20230214051806 -prefsHandle 1736 -prefMapHandle 1728 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b876399-0725-4f42-8e63-c1fba731e1dd} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" 1812 1d891408558 gpu
    3⤵
    PID:3460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4804.1.692345928\586024366" -parentBuildID 20230214051806 -prefsHandle 2332 -prefMapHandle 2320 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb7abb25-e0dc-462c-8e57-fd43e8c10bfd} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" 2360 1d88468a258 socket
    3⤵
    PID:3780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4804.2.1210693698\491328050" -childID 1 -isForBrowser -prefsHandle 2996 -prefMapHandle 2992 -prefsLen 22963 -prefMapSize 235121 -jsInitHandle 1276 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7768f400-ad38-433b-af34-bdd57959cf71} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" 3008 1d894338858 tab
    3⤵
    PID:3004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4804.3.626981432\1597539199" -childID 2 -isForBrowser -prefsHandle 3724 -prefMapHandle 3720 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1276 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a4e4ea6-f152-4f90-a63b-6a9478b550fb} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" 3784 1d895a4c858 tab
    3⤵
    PID:2836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4804.4.2062878908\1071051457" -childID 3 -isForBrowser -prefsHandle 5100 -prefMapHandle 5112 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1276 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bfb32d05-c2c9-4e49-b744-6117b117cce4} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" 5128 1d898f94558 tab
    3⤵
    PID:4388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4804.5.1519068305\881083800" -childID 4 -isForBrowser -prefsHandle 5284 -prefMapHandle 5288 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1276 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {825a3a5b-e5df-4e4f-bbc4-110c72bdefcb} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" 5144 1d898f91858 tab
    3⤵
    PID:3744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4804.6.198944381\1488253873" -childID 5 -isForBrowser -prefsHandle 5544 -prefMapHandle 5540 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1276 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4098bc2-78ff-4be5-808d-56c796a35a07} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" 5464 1d898f91b58 tab
    3⤵
    PID:1872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4804.7.355984326\866043718" -childID 6 -isForBrowser -prefsHandle 3252 -prefMapHandle 5928 -prefsLen 27774 -prefMapSize 235121 -jsInitHandle 1276 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88bb7d42-232c-4b42-b042-33d58735494b} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" 3008 1d899e2ee58 tab
    3⤵
    PID:780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4804.8.39455830\637215946" -childID 7 -isForBrowser -prefsHandle 5956 -prefMapHandle 5952 -prefsLen 27774 -prefMapSize 235121 -jsInitHandle 1276 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b293a12-87b2-435b-8256-530352806ba7} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" 5932 1d884681658 tab
    3⤵
    PID:4536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4804.9.446820042\1740938335" -childID 8 -isForBrowser -prefsHandle 2824 -prefMapHandle 4200 -prefsLen 27774 -prefMapSize 235121 -jsInitHandle 1276 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dca7ab8e-0cd6-49cd-9518-9bb294bddae8} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" 4288 1d896792358 tab
    3⤵
    PID:3616
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4804.10.517804662\147803150" -childID 9 -isForBrowser -prefsHandle 6148 -prefMapHandle 6188 -prefsLen 28039 -prefMapSize 235121 -jsInitHandle 1276 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a1146e2-43cd-496f-ba7a-34c7c2bc471b} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" 6192 1d898682358 tab
    3⤵
    PID:4064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4804.11.2140771217\1891490272" -childID 10 -isForBrowser -prefsHandle 3356 -prefMapHandle 3256 -prefsLen 31298 -prefMapSize 235121 -jsInitHandle 1276 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d6823ad-fe5e-48be-910e-94704b2e0dbd} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" 2656 1d884673858 tab
    3⤵
    PID:6068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4804.12.2061264274\1642943809" -childID 11 -isForBrowser -prefsHandle 2660 -prefMapHandle 2664 -prefsLen 31298 -prefMapSize 235121 -jsInitHandle 1276 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf3aae0c-0138-4ff7-aa98-fc05e26c6fb0} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" 5348 1d884674d58 tab
    3⤵
    PID:6080
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4804.13.368384693\829628080" -childID 12 -isForBrowser -prefsHandle 1308 -prefMapHandle 6820 -prefsLen 31298 -prefMapSize 235121 -jsInitHandle 1276 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfe92d51-33cc-4f67-92c6-ae5338139cf5} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" 6332 1d896dbeb58 tab
    3⤵
    PID:5524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4804.14.1926657212\720366733" -childID 13 -isForBrowser -prefsHandle 6340 -prefMapHandle 6220 -prefsLen 31298 -prefMapSize 235121 -jsInitHandle 1276 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37d2a94a-9394-41cf-b342-6983b45afed6} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" 4936 1d893dd4558 tab
    3⤵
    PID:5712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4804.15.152885026\1661927152" -childID 14 -isForBrowser -prefsHandle 6316 -prefMapHandle 6152 -prefsLen 31298 -prefMapSize 235121 -jsInitHandle 1276 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d65c0b07-0529-4a78-97dd-29af42444211} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" 6232 1d89433b258 tab
    3⤵
    PID:5628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4804.16.2111482606\1219069505" -childID 15 -isForBrowser -prefsHandle 4644 -prefMapHandle 4816 -prefsLen 31307 -prefMapSize 235121 -jsInitHandle 1276 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5735fb5-be23-4d73-ab70-b27d39229f04} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" 6352 1d88467df58 tab
    3⤵
    PID:3660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4804.17.1566781038\2095584849" -childID 16 -isForBrowser -prefsHandle 6984 -prefMapHandle 6336 -prefsLen 31307 -prefMapSize 235121 -jsInitHandle 1276 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {621e3778-9906-4088-9cb5-0f8cb6a2c4e9} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" 6304 1d8985b9758 tab
    3⤵
    PID:5196
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4804.18.1842254906\760416714" -childID 17 -isForBrowser -prefsHandle 7316 -prefMapHandle 7320 -prefsLen 31307 -prefMapSize 235121 -jsInitHandle 1276 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91e860fc-6257-497c-ae50-47225ff52aa9} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" 6224 1d898683b58 tab
    3⤵
    PID:2424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4804.19.102987137\967647760" -childID 18 -isForBrowser -prefsHandle 7292 -prefMapHandle 7404 -prefsLen 31307 -prefMapSize 235121 -jsInitHandle 1276 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d95192f-4ed2-4c7f-b1d7-62d216ee0090} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" 7392 1d896e47d58 tab
    3⤵
    PID:5852
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4804.20.1487216969\1675010666" -parentBuildID 20230214051806 -prefsHandle 7528 -prefMapHandle 7532 -prefsLen 31307 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9f79674-f4cf-47d7-bf15-d8467a297809} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" 6456 1d89a9f0d58 rdd
    3⤵
    PID:4492
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4804.21.748923685\1475877311" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 7624 -prefMapHandle 7420 -prefsLen 31307 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20208473-deb4-4103-ba69-0bc0a81c3939} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" 7628 1d89a9ef858 utility
    3⤵
    PID:5260
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4804.22.1673578986\452846510" -childID 19 -isForBrowser -prefsHandle 7536 -prefMapHandle 4644 -prefsLen 31307 -prefMapSize 235121 -jsInitHandle 1276 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee2de5ee-f197-443b-9c5c-5f4591f115a4} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" 6456 1d89e9a7158 tab
    3⤵
    PID:5724
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4804.23.619040521\909507822" -parentBuildID 20230214051806 -sandboxingKind 0 -prefsHandle 7756 -prefMapHandle 7864 -prefsLen 31307 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {203a845b-f130-4908-90e6-bcbbbffd63aa} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" 7964 1d8a0577b58 utility
    3⤵
    PID:4964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4804.24.498526050\888837483" -childID 20 -isForBrowser -prefsHandle 7520 -prefMapHandle 7128 -prefsLen 31307 -prefMapSize 235121 -jsInitHandle 1276 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9cebd83d-79d9-44c3-9ebc-58707dd6f4b7} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" 7112 1d89abedc58 tab
    3⤵
    PID:4724
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4804.25.1787164629\1709216972" -childID 21 -isForBrowser -prefsHandle 11644 -prefMapHandle 11640 -prefsLen 31307 -prefMapSize 235121 -jsInitHandle 1276 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8459fa9-9b77-4420-ab19-2e8be6639cc4} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" 11656 1d89a979e58 tab
    3⤵
    PID:1840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4804.26.2002968530\520916762" -childID 22 -isForBrowser -prefsHandle 11364 -prefMapHandle 6860 -prefsLen 31316 -prefMapSize 235121 -jsInitHandle 1276 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f46fd9bd-81cd-4e5b-81ca-0034c135a4ba} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" 6804 1d896dbd658 tab
    3⤵
    PID:4784
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4804.27.1692665115\798514070" -childID 23 -isForBrowser -prefsHandle 6736 -prefMapHandle 7424 -prefsLen 31316 -prefMapSize 235121 -jsInitHandle 1276 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42189a5b-92b4-4ab1-8fec-acd25fadeaaa} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" 6972 1d896eebc58 tab
    3⤵
    PID:3264
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4804.28.1436984319\256272692" -childID 24 -isForBrowser -prefsHandle 6876 -prefMapHandle 6336 -prefsLen 31316 -prefMapSize 235121 -jsInitHandle 1276 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0bf38ef5-719a-4c12-9120-cad9f3b2c454} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" 7412 1d89e4ca258 tab
    3⤵
    PID:4268

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\activity-stream.discovery_stream.json.tmp

Filesize
24KB

MD5
16dca793bc5384f5d9cab8288713b858

SHA1
d06e8aa30e0ce182a6f3ea93a8ce2a196b4f85c1

SHA256
eb587e80cabbfcb0002f470438602bc3df15e9985dea6555c4c9a2c60c1e3a4c

SHA512
ee864c4b62f97cda9fa2924c6b11d3dd26eb60788087c63bc0c37d60bacc1d6b1b80348fa3091ebd7f3553b98a2ace5bf65a5e3cf91ccf23f67d5e59b657c105

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\doomed\14415

Filesize
16KB

MD5
d3eb0abb8b6d70cc773cb7e93650bd5a

SHA1
7932cd29eff74d45c4334271a6f326bb6eb70c19

SHA256
76f0aa7a99edda9e98739574032d756dbbbb6f7bbd14a0f9d6f7d819fcbd9092

SHA512
02dcc76a8a4510ac4db3e721d7ac90fa20f5e2d2a29a02e0236e28a0d7b4953a6de3a0a2bcd9a417085997d90ee7f6eb7ec267120a2ba9a594554bc9030bf544

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\doomed\14640

Filesize
16KB

MD5
e5b436c05d49cbb254e4628636d77947

SHA1
dab58a477a78ff1bb4dca4102008346957ae7865

SHA256
dbf2ffc705a9ef8a6d14383d6189d34e06953e34fe942053fedb4f411e366372

SHA512
352fa9296031686ca467ca27bf4870700a4dcecc6344e04b997215d9f089c351908b8b58f2b9dd9a2744d3e615f0418b7b7adda88deab67e97927827050f520b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\doomed\18379

Filesize
16KB

MD5
dcea17538c82a1acc32394d97f243239

SHA1
03f9d41caccaf61d7dd4d82c1f8784761de134dc

SHA256
5d7465ce905a6b131f874c7022b8ea92732aed51ba05e5b310bb46e4567bcdf5

SHA512
7943863819d654e4f807ccdcabf326faa7f534007c0e48dfbb7c488a430e7698c9f3efef2c7fbf941e33e9b26c8def44aa9ee0919c418c3a6e87aeb27f9c8402

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\doomed\19098

Filesize
16KB

MD5
41585bca611ed7ecbbfd8ede4ade48af

SHA1
0c584c9cdad5be67fa1511bc4d82bf23e8dfe486

SHA256
ee429a33d27ff404b0a59d2d9dc46d7a20600048170d573c2e9116003a66fbac

SHA512
13ae927dac1d066dcb1e955ef7efd0afa961ef2a3274ab443a64b7f55694e66463ec98ce57e2b15f442bd8f35f7c502b9db59b9bab947348eb58154acba3f99d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\doomed\22366

Filesize
16KB

MD5
99f986267e12679a224db9aac1d6117c

SHA1
2e07055fc51ad5b106799f7ec07c92a86411a259

SHA256
7c9f861c97af53d50b2ce7fd3b1226a74bf6d585e9f2d0da7accab1af515fddd

SHA512
83e72f8ce206dd474e25bdae1e7413298a900ffcf3e6c7fef84b22a12897b77df0b1aa14725f8d4aa97b8974f7b2b5b8db0e473efbb3d4ebb1609304ab140f84

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\doomed\23079

Filesize
16KB

MD5
023eb2a5ffed550197fa1077e46e7a95

SHA1
21a148793f2e13f699f06646633bb9687cc10476

SHA256
73131c847e8bd41e40a04a0daadc850f95a092d921e5ff0e931d8c2822b03aff

SHA512
f7931744aca4ffd281ec7556334942a1194bc3aaa4ec5b4adfa27b93e19a7753ae28a0e5ad6aab82b7a2fd1f50384e70227db594728e8181529202165dee7a0d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\doomed\24375

Filesize
16KB

MD5
b520f7820710e21c8455a3d13ccfa158

SHA1
2cfb5713bd2471c65b452bdaf2bf2cc4df94a5c7

SHA256
d5c9135b130d5ef1858c3a79066c69755feea73c76c7f91e26d2dc4d0e34b736

SHA512
66f64f537256f307aa3921e9bae229361fe222a4d53fa2e47e9e19816b8337bf9a9bfb353b9307da8f6ab9aeb381aa622ed55f1f874e64a9eaa48b432b9533be

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\doomed\25022

Filesize
16KB

MD5
8a8d4828fd7256e94bc2c8ed7137482c

SHA1
6a6e1bee8750b8053445acc504e7b64795dd2cc2

SHA256
cf19d8b3a3a1c5985c44b0403ee3dd4074abbd3a2269207fb9055ab38d28acca

SHA512
a525a0fd16c248fac71f9fa5968154ea16a257c2b874f16628dcbaa0f4a13bfa6a7363225a67fdb98efba342ec4e82d90983380305fc5c0a42db25b5ff66770c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\doomed\25742

Filesize
16KB

MD5
3e19cf506fd9492fb1f0207450859413

SHA1
f18002805aabe2a8a619da711875411bb3021b96

SHA256
f2ffd288319dd942332b5a82df6cb379a06ecf3fa995746c8a042c059e09ebdc

SHA512
5b55565be24046d0ca24a404e40ec70fe0dc56391f5ed544513e041060dc141281009f075fdd99b033db44f837a6610427ff38f8216d9dd4755bec3b43a5f833

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\doomed\26309

Filesize
16KB

MD5
4a5d34063d2032d7ab4af148c8ec5693

SHA1
bfda444a11b7d8953f179cef81a5468227ce1162

SHA256
fd7f542b32c588cddc45154eb2d5e0b78ba88d9bbc8f71a041532149ddeedeb8

SHA512
4a06195c4aafd26226ef5ab2219fa2cb37d7e2d358a4c2b4b7141116c5f0bf448b1243b8dcae0e1808db147c4ff2351111dc38170964561e21b183af5aed4b7c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\doomed\26534

Filesize
16KB

MD5
e7f29ba3fd0d41da81e5fe20f56f8e28

SHA1
aabd930049c601e03e9b89a2e6c1c4ae4fddfec8

SHA256
9e2b24629dd8406e76c11011ba8084158a0dc99da409db45be9f0da8272d1cc3

SHA512
340d40cf5ee25785b8876d7d267492bad21b83c37a6a1dd35789cb412f8eac655a90f1b91fdf419a95bb1f8d044067bb722e4b38472a35bc8b6db9e383f0957e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\doomed\26758

Filesize
16KB

MD5
09f75b4b0631bda45bb304ea3ccb1f38

SHA1
38cff82ecfeb59a98f1b507e8cd31833f3a0eb25

SHA256
0d08787fdaf726a41d4b4134c6daa98951577e89bd71a6b7514a977545c17392

SHA512
bf7799e7971e24d01b07bc399899d3961e8b675c29d9d7447d24383bba244da8f0145be5455612d49e3485627ade2b3685c60dff974e509d96a4385fcbe2f540

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\doomed\26796

Filesize
16KB

MD5
56fcb44fc6066f3f718975f2ad1c1464

SHA1
7a472be000b18abfc56955607c4b53996c7e83b2

SHA256
d6754ee36f63e712ff54b034b5560d2f00b027f3f71cabd6bb7e376948fbe8c8

SHA512
3dd2c4e0a6b72c3442059a08554ffff097e87994a4493212ce294347bf0af0c6f462372a08cd79e6b36245b356ea0cd5bc218a0ea5c5fe9f605e0aee47cb6f4f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\doomed\27098

Filesize
16KB

MD5
d480a205ed8e1943a9e96d9d58e0a008

SHA1
a5d1ef1005b96271be8a9fb099eb9af07ea6f0d3

SHA256
4bc4c927e3ce4dfce06eea0450c3c1123a2aee8931b2ac8391e9bb6e4751e356

SHA512
2fc266a61590122ae3a4549019e9a465f1e6c1afdaa3cf03918cb521444dd29a0fabce436f5a40a311a5ec3802ada2abc6ce7dce98600d62a00ef7c7475a114d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\doomed\27478

Filesize
16KB

MD5
a60ccb2745cd010ea557a5a11b8c5f1e

SHA1
ac38899348f7f29e864df92fc3fc5826f1fe5a49

SHA256
10bf492266887740036faf44059309e82edbd183d4cc627fd5f9d5b3ac11bacb

SHA512
7d8fa0a8061675f9b1b02916a159ec9a18b819e7f4db50cfd8bf35cea47ea3caef8eba66efac2ed87ffdaf46f51f752fca4f53b381ea91c53e5e856c1f23ba97

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\doomed\409

Filesize
16KB

MD5
9ddc1744045ae9e2b0fc6101f3745d9d

SHA1
cccfe128bdba0da80d35eeeda503d41a1f41495a

SHA256
6e3f2858fbbf7850c24a47c43b05daa9d7f06b86534359253a6a144b05a12c71

SHA512
2db5f8cc25fda147a65d980f06d025a7fd31d5c999b6e1c6fa5b5226538edb6244d7e9719a4b71a7a9c03023e432a07329ee4266c93a16d3e14e528aaf41176e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\doomed\5316

Filesize
16KB

MD5
ad2c59729876c1d67bfeb1b2b6ad0b4d

SHA1
ef6462e2d6706be6c5580aff63fc58fee4835de2

SHA256
ce6b5804cfa73f97c540575f1699fe78ba7270810cb8528a9f0be07175da8e54

SHA512
5c670fd1e6b610ac94f3b89b315fda3c356029e2041c31edf751f3ea991e4b2d89ff1599645dd4bab03e2b2ca23d917394594f1bf3f29fefedc03ca1d9adb382

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\doomed\6036

Filesize
16KB

MD5
b7c0604c9f3f802754294ee7444658a8

SHA1
63d9be2cde00369bfdb80075cf757889133115f6

SHA256
e91bcecad74d500b11d05d275e5b0083cc7ae2c9c06821309388b2087766a6b4

SHA512
9d684a918b97e387482149d7c3856d971f5d12e4cc2bfb6e6f76618c4fc8109481e304324e7025454d0e9115173af08bd8abed0a7b451f528c48cb75f637ed0f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\doomed\7052

Filesize
16KB

MD5
871ba4a5233a1f44fdd2ada817de1d4d

SHA1
b7d91b17b4be61f692a5ee2f36fb33029a033213

SHA256
b5575026c354b954f0a28e55b4e6a571f6525470ccefac34ea7e435e73b98860

SHA512
e6858075b2a8be9f4c553c5de2330bb2ff371d935b17207dc41741141edaddac2df86f33e6b400cb80446e6ac6dc94ab01b5ff408f768904d1a0b0626b39c380

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\doomed\770

Filesize
16KB

MD5
d40ffa155fb81ab0b0a22de788c61da1

SHA1
900b3c50977171067c2cd062175fc139cfb8d8b6

SHA256
ce51f974a92b97bc6d30b4f9689f570b62002aa38deaf130dcf02ce919c0afe8

SHA512
519abb2c1c84907a573c3ede0f80f1618a682e9c448b7c0931350bcf177e1d600b6bb617ec4fdf29d2eee208e2be8cd1d853a3ca4c46c45f5b9905ae1249814b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\doomed\7772

Filesize
16KB

MD5
9627848dc082890a838ed14f2697972e

SHA1
098c9b9d6c78d1f60baf0bac313b427544c19b0d

SHA256
be1e3a6061a9d699318793cf5aac3b1e49bd5e1e968890ea723743d3ff021443

SHA512
eee7fbc9d92b2de6d199fa71779df4d4c1d83105358fad137587356d2d9f52756dd40fcf3bc12b54f20333d4e39bb85a6de8f2713ea3113d6f42a87b02d75b6a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\doomed\8393

Filesize
16KB

MD5
0b29677229d4d87778a0cbe0576825e3

SHA1
5991c6e37b67d010d15cf6ecad5f4196efeb7be1

SHA256
260b57f53db65e42c927f7c5e183dfc8bf1728f68132b2b3909c8831b09976da

SHA512
d99897815dfd591cd3e0bab1cf375cae8596a9d08d1f6a910eed54c7b91982e7dd24e423db24f2127307a5204be8c5c68e2602167adc5957dc50b905f2e70dd2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\entries\0AC2454D09507F86252B9A32D62198BB07A8411F

Filesize
14KB

MD5
b80bffb93e475bafc0e40eeecb21c6cc

SHA1
c32bdf2e962775d7a17407ed59610c1bb47946c2

SHA256
5ced0fc14364c9983c10a424c9e890c657f88a02e96d5a6e4144c60aef72a3e6

SHA512
47de6c098086faff94de8157e1ff18075cb7cef1772c64aa20c9e79a7942e06031093835a99594dcbada1dee91ee2361976ca67d4abf55029c8eafd7bd2398be

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\entries\498539E72832CF285E561FBC8AA6EBEA8B416D77

Filesize
154KB

MD5
b269c24de5a1d87f3239457030de06d4

SHA1
f8b3cd5333e3a25115c95b6fccc690376eef1e40

SHA256
1be945e699bce48f0dcbe232ef599789b30ad0eaa7cbbc5f9566ac21cbe91dc2

SHA512
8695136418f6188010a6359f2cad8fdee2bae953ce2825bfe71f1f76a80f2a3a238aeb9c39aa70c57388de01c043d7bde268e49c37d809484e48e95b2ccc5c73

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\entries\5325302B8F89018F591DBD0E2F389160F4381757

Filesize
21KB

MD5
78087dec875ca240c0f21a70b2760dbc

SHA1
8b0e30db065edb84c9b954c6c3cd6629ffaa2d02

SHA256
da5b49aa6375fffc4df6dfe54785ca2a6b11ce5622fe7b23fcbbdb9c0b600640

SHA512
fac927ecfbc5ee06d3daf5895619e3544d03bed90c0bd9c46aa9ab1fef6cc4a7eec9b47460fd5d3ac5d03731bc04641dc3b52dab5d99d91b447373c7f7701b0a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\entries\D0A5AFDAF701639AF61B2F4092C837C9EFE1EBEA

Filesize
101KB

MD5
827cb48d33bc34dd54b0d8503f580e56

SHA1
38755229419f09ea7efd6181cec6cccea3c053b0

SHA256
346079ee631b97cae090cbcd297754717b9059be05a1bdfedc7c96ea5f671821

SHA512
139d21945ee5e2face056b6b4ca4ad85b3c8be2c257ce41282a383db0a3e78ff926ccb123e7b5ad7977e94229cd3093c6693b2fb71b1917890009a6bcb88a605

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\entries\D4BCB01E2736E2388EC4460B6BED760C15E46C9E

Filesize
28KB

MD5
40b720ac4a50afecc6d3784e2e9e7778

SHA1
8a09ecf7d7e5c4c664503433de1f0af0012e8aea

SHA256
8706fc9d3156a879d3128b1fdefcbcec51edfc0dc1f8043536be834a4096f6eb

SHA512
cbf1cb5f2f32fdd22f399302a6a9d4934ea4f5b5db17e8117ae88b1615e9e6d57445473f58d4a4bfd18a1e14aa7d9005fa08a0938297906746b64929fa31045d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\entries\F4EFE37A30D0F14C6AC03FF7949A51CBC2EBC649

Filesize
13KB

MD5
12d2d7ac35081390d41759837e158991

SHA1
6208bf44dd709fc46bc522f1acb6b4303368a41b

SHA256
6d1c916c27cfe2f7d06ea93fb3916ec44766d7faa3e589e35483fbea5042fd53

SHA512
e1a21e8a69bb116eb80d4253c33f2cba9f9e3bd3b7e1b1d5bda3c150d38aa3f4438ae2ef743d72411388eb37634a1eb744ad24bebe879e0b4f9c2c2144903031

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
df46eb1fe5d54a0521d9965203a4a9da

SHA1
e977aae1bb82f3d57267ead3b91df3d82d6d50c6

SHA256
6076a9ea8f52f5ad109fbe29f955ee052f626b22ee45366bfa83f70706744b1d

SHA512
5bc5f8d247ba164f1af6f4ae902906568a4e9baf05c9782d999e537730d8cfe443daac6f44aa246f27e9678237a4b57a7e8411e3c4fbe88e943525cdb2ae239e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
d9e5248859a41ce9a4789b51d81cb880

SHA1
d7ef2fe305ab99cdafdc40fd84a07c4bb9529f5a

SHA256
1cf5460d728dda6e6b848636fe77dc4a0061720ac8cd53f0238d181333978bdc

SHA512
72c6156bca58f013798b77036284392ae4a7aef120ee0fb6d6519455a87d589dd9becaace815d149b0bd450035513cdef3aac522b2a378d7c8d588594e1bdc87

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
10KB

MD5
27ffa3cd25c2326b3f7528f490b3c7d9

SHA1
f3f5bf2ca6e70ebb55d7411634ddd31d91da5194

SHA256
e4b3ff5c6ebaa8179229f84abdeefd0379f7a8b4e36c9eb117dcfa80d3763432

SHA512
8daa27b8f98b48899a80c533f1fb17e38faddd4ca7bbf976c987acb567c8b6a9c10424c8900d07cec066f089f3c1de34b2dc0d74520cda71c50e80508fb5d5dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\prefs-1.js

Filesize
9KB

MD5
1ddb69bde1e1a02f0b4047fb19818e5a

SHA1
d2e16129b52f2aca79b3bd08e6e136e10877c5b4

SHA256
44bc677b34766b1e2d558cb66c3543e3b0d8f7b47f75f350df6a611f8b5c09ec

SHA512
dbb1ab0e62bcb67bfa11b5dd675cc4e2051a1d0064981b38d195c36cb68dc863482f40f57c19e310bfe1d1a22c8e954d1092a8be766c573646d901bd47bc900f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\prefs-1.js

Filesize
7KB

MD5
8a45f121a6799bb81b855b01b673407a

SHA1
7d3f68dbd50271419cebef968fc662a8c74d3509

SHA256
84b6afc24515ceed172c16249d423dc508cd42e225d82f59452e7d82df1592eb

SHA512
831b1e1825e00c462d9da85a57b62234ff4f0959f12801a6f1872f3c69b8624bc324ed262ccdebc3c613900e5926cd21b983de1325b8c66aa9c2b3edfd37537b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\prefs-1.js

Filesize
6KB

MD5
745c15344c2a17f40a8b22e6c6eee4a7

SHA1
a82cb5636e53a5938a733cbe969207664fe97df2

SHA256
f96cb2581be61de5fb47441b764ecf880fc51f7b3f36431ac601d255618eca5d

SHA512
300db1ea812eca52d02b47403d8093261718cbc0a33a93436f7f66e46b450f90ebe038e30382bea82c2806fceb9298dc0e46b9641abb450d29141440af24086d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\prefs.js

Filesize
6KB

MD5
1227f0f91f1a32cbe7ca6b8598ef712d

SHA1
594d12488f29022d7e60cf6bb8949c061b06c012

SHA256
74e5752dce37090c0b92b564e0a23c0ae40f60c1f0f065eea043caa47001a64b

SHA512
a93d1ce7b4ec1581255875eec4375c3d0b45d92903637aca5d18abae1e4294adec9993f36e26cdf8028dfa45a21452ae7028f8a9931c266c2d1da351a233cb5f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
9039a54c80c2bac639fb813aceda4340

SHA1
853638c181770f819c517cd143127eecbe957c8e

SHA256
d01cf3b8c2aa30f70f13f464a2c97dae237b6f0ef2bd6704781958fc14fe1500

SHA512
31685abcb3197debd202e87265621e72e21f62eb4b08071478f550ea59d6a29c58966b16df12e4db94491cede4263e4f9331405259be8f72d5d28b6c18dfd143

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
3a78dad14067f00ab099016243d0328c

SHA1
a44aff2a78f933d717b3201df83f9ee17ffaad11

SHA256
2fed1cc33d40d3909141df2f3b6b08db448d816a9d1c3e6a4acd0f1096d0d640

SHA512
13b22aff7106e513e4bd7b769ccf7d6b0d371e11c843d31af70a860c48ae06131aa840fca3afe3e9d0fe025e39fce59b55ebf9351ab55f75a87bc25d75c7203f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
202KB

MD5
a95448a3635dc145bf4e0b43528b347c

SHA1
3ac5bbae2df1379ec334441af833448c9423ca44

SHA256
ef93abb697a11f4a10806587f3029b322669fda193510cc93a67d7231463dd31

SHA512
2dbf4be2178d194eae710f83c56300bf652303e04061ad23bd69c0588ce0c7ee8d1799f5b477afe6477ce34123499e59ad5731fc9898a0ff017d24956c8b3adc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
209KB

MD5
abc3455768983ae89ca9fa8bee2c87c9

SHA1
fe3531bd7beb76b1c68321e8670bcdd512fbeb6a

SHA256
1d1f939e5b85908864a0126a8b622f00587fbd23391b7eeaaf4711918c3107d0

SHA512
c3be36805dcba0ac1435924a128c7484e69483800d24df61e255f3ed15757cadaa46ed09905aa01743b1276e2c72155fd613fe983f841d061e626f195c2833b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
f904dfa64dc9910f359905427d55b1fc

SHA1
392dbd5ccc5b4f11ff444feff9ba24b4fda4e3c8

SHA256
661fd87fd2e1e4f5bd350846a8f75d6c35d9f6c82b174e1f01d77ee804444352

SHA512
8558224ba39da68d5d9e8d17a6065e3ad098050750c670cad94704efaee89844d91d34002204122ec55dda0ae6d540b38a4794f926a6eb2b4e43ad83303e055b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
209KB

MD5
96378dae506e9b12baaaa09a73f09cb8

SHA1
56a42620abb2dd1b5d3e09ccc53e21627f3f5e6f

SHA256
999abe37da65672c8aa6ca91d80146252945c28c82639ae40e658251338b1b07

SHA512
8d97b094d91c170228b11b82cd0dd31f6c225bbca522bd2b0b765c48e0eac4cecfe3b2d0ca34bec32c7586b13e8c54cda6c170f16c22c0d9dfc13d106fa12f17

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
9cde0518412407d0e4d7f1f0b5485e6d

SHA1
93655946a261cd01536827fb77b5faa9dccc4f92

SHA256
04f35585b9f45a775e990215d2403e6abe49afd6d2b6b0f87c4db3d160cb4616

SHA512
03009240f7b82baa572f7710128f8634cc65f764a121717c9bd642ab311036f679854cc1ea4001c907d8803090fcb32ec1e08523eb314d3733eef67914e1f863

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
106bdc5814156eaa68de77ac47a0e5b0

SHA1
8d00587aea2a4ecc537f069f5a0558e3908530cc

SHA256
e5df499385a3e3952850c7d143e1132ff26f67cc168d4aaaf95a1839f178b586

SHA512
b73c64439b4c51a6f9329d77b897d018b862794bf651902f3250ac2b8ecf759ef3ef72db6b87fed88402a14b2065d897a9f81c705718274dbd7bf61ab4a92319

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
213KB

MD5
91873c7113b48c417676ec1484d4d570

SHA1
ac81f9166bbc8901442178024b5de25ce25e9a50

SHA256
4fadb1aa7067fd076d3a0097fad1675c45c6b7818fc67a874ac165225f045d42

SHA512
302498fa7d8199822906d7e3676c3d22b88a054e794ace88199efd0d6ae4402c11f96d2b6b82d147b85c423c71b51fba22ecf2bf223db6f2883a86d3e3ddb7e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
206KB

MD5
23adc4871fb05450d9a5992f988b89e0

SHA1
b2b0ccabe23cdaa27dbc5d977125551bdbb1ea05

SHA256
788bccf8bf4c8a91c180f52ea1902f1c8da95c150b224f08bf2ec569bbdacf89

SHA512
35c781e704ec2d0b24ea6d1c48853e76350737edb8090b5e5ac30bc8fe03584416c2864da52eb56be98d6bff07200b1158fbaf186f459e77fc2b18a83bd753fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
224KB

MD5
0f418d1a3799a987fd8b0a367a460906

SHA1
1761e10ecbc1247788fbbcaff1091c024c6dfa4f

SHA256
93cdfbdb0057244781f3df6ba1ad1b668562b1961073610d3d26f65d733a641b

SHA512
29401262c3904a952f8a2db26e3d7bebe6de9897354bc3493c9f28a3cff05f692c0e45eb2c1013c7dfce01734b3c60f7aaf6930eac7298b948d168d974db78d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
209KB

MD5
46701aebb088319a04e90c909f740c62

SHA1
dafe487d14beee68a77b1d0c4797059bc4c9fca5

SHA256
bdd8534362dd65bdfb5201c5fa47e90df01b13755d27f1e6b25fdcda7d52bbb1

SHA512
d3a661c574e39bb760f7f2cbead34c87fafaa1b8338e3744afa69bb42423732a28da9b46ddcb87a8b940ae8e3ec04857265ade197f343d6a5820ee4fdaecca4e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
210KB

MD5
7606b9fca99cd0cd804bbff87b504a14

SHA1
dbbf92f0690f3e5fbdec2a39e7a6d81048aa9610

SHA256
b47cb9cec84e24eb6b1bff4534eb90120cd0cc126a4e314d4e9b415df9b82885

SHA512
f4be2b08b0dc45790be46184e83714958d81eea40b1810c3f1260ca17add93a93b3e8f48b33aa93342c007d27712f36c6d0b145491b7f717b1f945aa63e5314a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
210KB

MD5
4b378feb5a89303a79a3de371dc18df4

SHA1
ba5b419050bf727a39098280b667a62989c16450

SHA256
2a9e6f8c5365d5da7456fdc0dd48b87ce89ccac8a67b3816320fad92c4b1285e

SHA512
d4efcffce625da301232e6b0cf3043ed7b33e1a6797a9965ae63e5362773e384eccf0d6e753f620f6987738a5f2e82ca708ed89f11a4e97ec88df287cc64a6e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
224KB

MD5
152676dbdd26c01402788e153ad45838

SHA1
7ff322fdfe218f73c5c4470219299cb236e047ec

SHA256
2abe0be39d1116fd3aba766cd0559cda1b0dbdb6322670a89ace18ad670f7e55

SHA512
c9c4a6f2d99237e5dda1704087043227f70be8d1fea57380fa734117f7b2999c6598c5829b17db88642006a4f43bd3da082ac93e5597e9dce1f8354adfaa03d0

Download Submit