hxxps://www[.]google[.]es/

Analysis

max time kernel
59s
max time network
61s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
10/06/2024, 17:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.google.es/

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 20 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4460	msedge.exe
4460	msedge.exe
4740	msedge.exe
4740	msedge.exe
3008	msedge.exe
3008	msedge.exe
4512	identity_helper.exe
4512	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	4144	firefox.exe
Token: SeDebugPrivilege	4144	firefox.exe
Token: SeDebugPrivilege	1412	firefox.exe
Token: SeDebugPrivilege	1412	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4144	firefox.exe
4144	firefox.exe
4144	firefox.exe
4144	firefox.exe
4144	firefox.exe
4144	firefox.exe
4144	firefox.exe
4144	firefox.exe
4144	firefox.exe
4144	firefox.exe
4144	firefox.exe
4144	firefox.exe
4144	firefox.exe
4144	firefox.exe
4144	firefox.exe
4144	firefox.exe
4144	firefox.exe
4144	firefox.exe
4144	firefox.exe
4144	firefox.exe
4144	firefox.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
1412	firefox.exe
1412	firefox.exe
1412	firefox.exe
1412	firefox.exe
1412	firefox.exe
1412	firefox.exe
1412	firefox.exe
1412	firefox.exe
1412	firefox.exe
1412	firefox.exe
1412	firefox.exe
1412	firefox.exe
1412	firefox.exe
1412	firefox.exe
1412	firefox.exe
1412	firefox.exe
1412	firefox.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4144	firefox.exe
1412	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4512 wrote to memory of 4144	4512	firefox.exe	76
PID 4512 wrote to memory of 4144	4512	firefox.exe	76
PID 4512 wrote to memory of 4144	4512	firefox.exe	76
PID 4512 wrote to memory of 4144	4512	firefox.exe	76
PID 4512 wrote to memory of 4144	4512	firefox.exe	76
PID 4512 wrote to memory of 4144	4512	firefox.exe	76
PID 4512 wrote to memory of 4144	4512	firefox.exe	76
PID 4512 wrote to memory of 4144	4512	firefox.exe	76
PID 4512 wrote to memory of 4144	4512	firefox.exe	76
PID 4512 wrote to memory of 4144	4512	firefox.exe	76
PID 4512 wrote to memory of 4144	4512	firefox.exe	76
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 4540	4144	firefox.exe	77
PID 4144 wrote to memory of 3276	4144	firefox.exe	78
PID 4144 wrote to memory of 3276	4144	firefox.exe	78
PID 4144 wrote to memory of 3276	4144	firefox.exe	78
PID 4144 wrote to memory of 3276	4144	firefox.exe	78
PID 4144 wrote to memory of 3276	4144	firefox.exe	78
PID 4144 wrote to memory of 3276	4144	firefox.exe	78
PID 4144 wrote to memory of 3276	4144	firefox.exe	78
PID 4144 wrote to memory of 3276	4144	firefox.exe	78

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.google.es/"
1⤵
- Suspicious use of WriteProcessMemory
PID:4512
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.google.es/
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4144
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1928 -parentBuildID 20240401114208 -prefsHandle 1772 -prefMapHandle 1824 -prefsLen 25455 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e10b241b-f668-4d86-89ae-46ec783104c0} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" gpu
    3⤵
    PID:4540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2364 -parentBuildID 20240401114208 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 26375 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5cc4d7d-3e14-4763-8def-f82c998d1868} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" socket
    3⤵
    - Checks processor information in registry
    PID:3276
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3020 -childID 1 -isForBrowser -prefsHandle 3120 -prefMapHandle 2944 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3fc00f6b-b560-4641-9581-e62c57d70d78} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" tab
    3⤵
    PID:2368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2672 -childID 2 -isForBrowser -prefsHandle 3652 -prefMapHandle 3648 -prefsLen 30865 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64b11314-3b29-4a6e-9973-f13c07251847} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" tab
    3⤵
    PID:1920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4192 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4204 -prefMapHandle 4188 -prefsLen 30865 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eaef1cf0-4862-49a2-a352-2919e278840c} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" utility
    3⤵
    - Checks processor information in registry
    PID:3084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5168 -childID 3 -isForBrowser -prefsHandle 5164 -prefMapHandle 5180 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bce6428f-bf85-4d0f-b920-64dd9a56104d} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" tab
    3⤵
    PID:1712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5308 -childID 4 -isForBrowser -prefsHandle 5388 -prefMapHandle 5384 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1fc810f7-5904-4a0d-9ab7-586d64d502e5} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" tab
    3⤵
    PID:4760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5524 -childID 5 -isForBrowser -prefsHandle 5532 -prefMapHandle 5216 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37ba4304-8d00-4396-bc0b-9a2f44fd0892} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" tab
    3⤵
    PID:4640
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2828 -childID 6 -isForBrowser -prefsHandle 3928 -prefMapHandle 3924 -prefsLen 30944 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {585989ee-00ac-490b-9eb2-1c8bdfa0f942} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" tab
    3⤵
    PID:4236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff23293cb8,0x7fff23293cc8,0x7fff23293cd8
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,1154696142565824183,140289619435720218,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1876 /prefetch:2
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,1154696142565824183,140289619435720218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,1154696142565824183,140289619435720218,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,1154696142565824183,140289619435720218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,1154696142565824183,140289619435720218,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,1154696142565824183,140289619435720218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4456 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,1154696142565824183,140289619435720218,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1864,1154696142565824183,140289619435720218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3996 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1864,1154696142565824183,140289619435720218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,1154696142565824183,140289619435720218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,1154696142565824183,140289619435720218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,1154696142565824183,140289619435720218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,1154696142565824183,140289619435720218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1
  2⤵
  PID:3048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3044

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4896
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:1412
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1960 -parentBuildID 20240401114208 -prefsHandle 1876 -prefMapHandle 1868 -prefsLen 25455 -prefMapSize 244705 -appDir "C:\Program Files\Mozilla Firefox\browser" - {faaa23bd-c707-4e69-9891-7d2b785a59f3} 1412 "\\.\pipe\gecko-crash-server-pipe.1412" gpu
    3⤵
    PID:5044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2360 -parentBuildID 20240401114208 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 25491 -prefMapSize 244705 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b955023a-72e9-4467-ad2c-83e5ff3422ad} 1412 "\\.\pipe\gecko-crash-server-pipe.1412" socket
    3⤵
    PID:4996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3008 -childID 1 -isForBrowser -prefsHandle 3000 -prefMapHandle 2996 -prefsLen 25632 -prefMapSize 244705 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {92445d62-ade0-4926-94ca-efc7c4940865} 1412 "\\.\pipe\gecko-crash-server-pipe.1412" tab
    3⤵
    PID:396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2776 -childID 2 -isForBrowser -prefsHandle 3420 -prefMapHandle 3516 -prefsLen 29981 -prefMapSize 244705 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03b237ce-7c33-4a44-b2e9-424b222c1f71} 1412 "\\.\pipe\gecko-crash-server-pipe.1412" tab
    3⤵
    PID:1148
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4580 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4576 -prefMapHandle 4572 -prefsLen 30865 -prefMapSize 244705 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc515d4e-a9a5-4600-a2d2-cdc399710066} 1412 "\\.\pipe\gecko-crash-server-pipe.1412" utility
    3⤵
    - Checks processor information in registry
    PID:5080
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5244 -childID 3 -isForBrowser -prefsHandle 5260 -prefMapHandle 5256 -prefsLen 26990 -prefMapSize 244705 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c6bf533-9274-4fee-892b-2f32ec39071a} 1412 "\\.\pipe\gecko-crash-server-pipe.1412" tab
    3⤵
    PID:1876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5412 -childID 4 -isForBrowser -prefsHandle 5220 -prefMapHandle 5224 -prefsLen 26990 -prefMapSize 244705 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3a932b2-d834-47c1-9f23-e02762dc0535} 1412 "\\.\pipe\gecko-crash-server-pipe.1412" tab
    3⤵
    PID:4544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5536 -childID 5 -isForBrowser -prefsHandle 5612 -prefMapHandle 5608 -prefsLen 26990 -prefMapSize 244705 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cfdf90e6-739b-458f-927e-ae719e9223aa} 1412 "\\.\pipe\gecko-crash-server-pipe.1412" tab
    3⤵
    PID:3808

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d0f84c55517d34a91f12cccf1d3af583

SHA1
52bd01e6ab1037d31106f8bf6e2552617c201cea

SHA256
9a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c

SHA512
94764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ade01a8cdbbf61f66497f88012a684d1

SHA1
9ff2e8985d9a101a77c85b37c4ac9d4df2525a1f

SHA256
f49e20af78caf0d737f6dbcfc5cc32701a35eb092b3f0ab24cf339604cb049b5

SHA512
fa024bd58e63402b06503679a396b8b4b1bc67dc041d473785957f56f7d972317ec8560827c8008989d2754b90e23fc984a85ed7496f05cb4edc2d8000ae622b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d1b6cb97d4bdd6dde60473066bd34e1c

SHA1
ed59ed17e109c7f7b4490a1693e23c17bbf86e3c

SHA256
67452476c7cc08d53f336899da2e27e2ea8122059817ce1edb45640f050bbf5a

SHA512
db90d239ba6be60b6a7229d4057c5d086976df62b2011a23e120afb3cf05afd38109e12708f82d8c7104604d36737db3e6ec9c24c8da8196f95258bb29ae71fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
40cf30b78bb304a78ce5cdd5febadd8e

SHA1
ab4c67c78247ec2b434e5cd5a84c5fd6f4f3ef5d

SHA256
4e61889b0acb8c8d1a6fca79fab44faa2f4d98f4051e6d1943f60de637645a78

SHA512
0c16c530bc5d84157ce9cc9bb6a4ee1e5e1be1da839a9aefe99affbc3107b6e42e37572c42d01809c86a371528cbb3508bb76d20c742259c2a65ba0933f15535

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
f5526b882143be4e8575d4d5faf592e2

SHA1
92e69f1d7523c6fd2d12a5a0dd28f499e539b198

SHA256
9bd552aecf99e678c5e04dcb974b0626beb0634ecfa1514bc0706f267ea640ed

SHA512
9c5dc3537d5d86e89834878d127968073254656bd9bc0c1df446a61aee0c5a0e4dd62d6d9bbc0398d50409038b98350e1d8d278be65e1c346a143c48682e60a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
ef97d447edb2b1a57d08eec665d03cf8

SHA1
e091aba29508911527691663099bb8852a8351ea

SHA256
807248172983c903d1ac0b2aec292794f9f2de49f5758fa2db21ee592ef92c05

SHA512
9b6c02af3a2a6b89d75c5a8a59dd1ad9aed3b3fe301b08bb6350dfafd9e34b605fd46b3c0a3240bbe74d8dc53e74fa05b609bf6b5eba5d809bb60e246a11bf5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\activity-stream.discovery_stream.json.tmp

Filesize
20KB

MD5
6186142d84874b249055ae2e1a4572f9

SHA1
810c41e5b84f552480849d88488cfcc4bdc7c1f4

SHA256
eaf1dda92e4e084c1bc2912ddcb013e79a7ff165f7817825e7b15bc03972075e

SHA512
e96048198e3e312d8f2b18c20a395ae7e60431812395c265df948e513716c956da15308ff1d6a5e9d691b7e6b4d6f4593dc22193aaf6fd0b61051a00c45396d5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
bff04f713f881d420a64e9677d782c66

SHA1
d64c38ba414f4f993a56738e56f5957932bd6eb7

SHA256
f7642b517da147a9d896d9f302bbc0c988f2e2bc54e741484afd7e52d8eddfda

SHA512
d62c4481aaf658c8dab0cce4d3e609ff22365c79ae0319262f4abbc586df356b22622b76567252b238db402e43d5bd79193ac217aa0c5b30bd0228371890823a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
9KB

MD5
e2d4da232f22fe64be9309c5375da3fd

SHA1
47eb8398d8a0eb83b137d327a5fab2dc497aa444

SHA256
c49ba9892cbdc022ea7c61a3dda1ef5c7dbe8b62befe44db3036b555ec93f3d4

SHA512
ee44c3d0cc545e1a0936d6f2c8df2fa46c7ed72fd99f4e5b331f1e9d4a4029674b2e37cf6ec8838d715d61a29920938ea86094f174eb6c69a9366bcbd7dbdbec

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\7BFCF32544F467F973AF267DF4EB4842EDED0C1F

Filesize
15KB

MD5
4df03448e806b8167ced1a091248e7ac

SHA1
a77a75101ae2918e186344d233dd3bf193d4b3a6

SHA256
31e93dd0057059d33fcb1aa1507196ce6ed947f5f9646e294550cde55021b4b3

SHA512
5a968e62d4a8c95c696471a60c4c1e56a9a1116df83da3b4c992f052ebb343bcb66e8afbd11af1daba65d63adf5ffa6cf0cdae9aff03adb220cfcefbfe13ad0c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C

Filesize
13KB

MD5
418bd58782c5b8926add1d05c535f590

SHA1
dbc98d0bcc33f43deb25e4aad29602d677a292ed

SHA256
9c3fdf69537c61493c340e6e120b0cf72e7bfe749220dd19d0c7e1f6811d66cd

SHA512
1f5466fe4af93dc45b1baa2325b2ebcda968554af5fa8304ed15c1c5dd0fff5af5fbfbb95d1bb51f1c0476bfd25b25043c15f34a4ab6fd4fc96626a8b511b067

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\D0F48A0632B6C451791F4257697E861961F06A6F

Filesize
32KB

MD5
d087bcf7ba776dde88cb20102b88091f

SHA1
3095417b8f62ec76fc74eafa06a9ca3330f16ea8

SHA256
52d968ff3ba2917dd3fd7469d8275f3233e04ab7d4f9e269483cfde608dfa352

SHA512
2efbfc53aeef3d5b99bac4a754f9a1425f126318d8115251b92611d48bb9cb5e0098e5b2d0f8c85e8b3e8f83a30c7a5322510717832a5b49740f424efe7e80ee

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\startupCache\scriptCache-child.bin

Filesize
462KB

MD5
82873ec052d349f58a9e8bd9931c355a

SHA1
5e591a904ea864bf485806200a80e44372d3bdc8

SHA256
1cf215741b3a18c3bc1a2d6deb0a3124ea95dea54adbdb3f3434f0d10541028d

SHA512
31fcf74722fbf974db09265d88a9c934c776d2cb139e5477b0d35d7127c27373f8ca6240350ae305ce761902b9ec51ac09cbc2239da17f196805ff5654107014

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\startupCache\scriptCache.bin

Filesize
8.9MB

MD5
673490b228de5f5911bc49ffd7ce1f25

SHA1
5506a625d55bbab3a4b7fe5c0855edba6f4226c7

SHA256
4508fff709684171da0a1fc19628308e40d1e9af939f4e775f92b4d22eb0b866

SHA512
5afcebd05134f30748da3479d63cd5e19ed6a547aac5da98ed4239a1ac9f83b3bfaa60e8223eba176965b62166aace45daddf7da50aaf3501b987892567fb83a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
b3dfc45cf9354b32b1795c4ef4b2bae3

SHA1
c9efef2d4330b078f94039c88f833905eb49de76

SHA256
212750bdda49a80a21d9fa1ddf898da2f77a3820c9872e377aa04047373e2045

SHA512
8c55c824fd0f7a3a9ce902e68e7437bd5bb98c0c8e22c4f26bf88a5d0180ff09cbe7968ce7dd81fd37151b335329fc62e6974de417a00253856703fa6b4049ec

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\startupCache\webext.sc.lz4

Filesize
108KB

MD5
e9b786067bdddda67a5a025f2348dfdc

SHA1
ff0cddbb44f0128ec6d00cc1b6ac7ecd97879219

SHA256
d02c52536523d8bafbe20018909b6c69ffe009c924a2cdd2eb1cadc3826fc463

SHA512
6ab0d0d6192cb4f2beff4a18ee9587056e47f6d435a65fbd2884f2f635f4e2f924bca1aaeecd39a27bf8ece07dd1bec86a78aebc665c73245499a38861b3b750

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\SiteSecurityServiceState.bin

Filesize
1KB

MD5
d6fd3a662b6b9253f7001e4474d8a1b4

SHA1
d0f2b819b2bb410a411045ffbb89184891c44ed1

SHA256
94f6eaacdb97cc54843bde68eb43d95828fada1fcb61c53e5df23cc146a23773

SHA512
cff42ee7b4a04064e5518d13fafb80ac532de4bc52361d8ee2ed0bf3d9fa04069cfa8dec4717b768a0aaf5a13b4a185c2007f7f16571f32ab973add805189acc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\content-prefs.sqlite

Filesize
256KB

MD5
b41ed219e2c8dac47f2701562d092621

SHA1
90d507eae3ec943a121dbe5a080412e40470b54f

SHA256
cfed019635a1e14f74ae78f2c03fb96b40ac3da37b67489bd98c144afc200f1f

SHA512
5c6027ec701055efb3b6c055727af5ed261e8f1d5ba954e64e8a34e5c791679b1e4a6ef49896ab8089ec151fd758ba41efc7333611af42b851606a0544a9b947

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.bin

Filesize
22KB

MD5
f13440ca26eb6df1621b944bab1e4d16

SHA1
ff84c5bf1fd13a783266019ea351eab00104465a

SHA256
3097e6b9a0cac8ae5e65c00b91a300e6741cc442d2b4f025f556ac0e139033ee

SHA512
5cc0023a1d3cd8d1b44e870e2f11891819d9a58c6803ca206ae2380693a6f8d375423e42e26afc8ea6a0db3af82e8af71846dd9e4a9d17fa1355fad9be3ae44a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
d39eb81c1a1042b13a482a85517e1fa1

SHA1
0e13d6be662324cbd315f46d8a5837a902bcd4fd

SHA256
a03f29890810e070a524ee79601f197bea70f65e42838eb71d328b5af95eca25

SHA512
e85d8760719d7b3c02f569a64bdd4eded758fa82185735cfc63d9ab7343f139922b916ac7cab57703327eb8aebd6c8277900c34bf9515340fa8730f71e19b6c7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
3a633e5d2b314915389913ce61cef90e

SHA1
b4b0c21e7b7675368a793ec9cbda755cfae908dc

SHA256
c169c98ea1705c9497bee5a2a4517e7bda89257356e325569886f2d38c895a4b

SHA512
1ac7438a34065d32dbad7092bfb0cbfad09c5caed6b9dca89dfef533aeac03e8e511954531504ea0b450a73dc999bbf393ed417b0da986e3445daf2e9aa50a30

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
21KB

MD5
861f2e9ab3a478f159d47aaa689dfac6

SHA1
ab2ca823455ae78aa3c9669c23d00fcd53d811f4

SHA256
6c434c476f5591cf963dd2337b864e3507b4fdf3222040c3d84fda2d4639a503

SHA512
ba42bd7b9f4c25733413168790d2162167893c1772e2d766057fbf11f0dd8f716541a15917580d4f59252963c64c49ea8c4c9ca035684f8a041513c24b874100

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
11KB

MD5
0b162bb99bdc8d0bdc084e2582a054d0

SHA1
5a13d59e59732fabb298e88848a047a7523fd67b

SHA256
7a0dd201bd7deed2620977be83fc1ab1204a6ec7d45ce569c367b2650ebd93dc

SHA512
adc41be05e996823fa7c9d68df1a8d1a7261abc0471d58cb5b4db5ee31a16b749eae2a88084e1daa02104b2346a4490c7fd11c1a51ce8f9b1c25d2632934e37d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\events\events

Filesize
509B

MD5
7f8400e4d5308aa3b02c689090e75ac9

SHA1
560f2a72f5ee37ef2c6c3d41c94b5f66a5ed21bd

SHA256
df58a1589a987e85a55b83dd8a39ed51e9496b1d722db2de68d854101e4d7186

SHA512
81987b80a3df86b867084ecc94a82bfd95e86928f7db13bf016a9a11c56f7a36cad5650e03bda12aa8d9e8fe451cbf0bc3468689f58bd430f26edb73a198b838

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\51184997-2468-494a-8180-bd1de517ba0f

Filesize
756B

MD5
0bfd3154e97eb3f8081294365ddd3f8a

SHA1
5fba3e2ad8f9a393a34b47a114d550aa40bf4e3b

SHA256
e117dd04b1797980e92ce423170c7af1bead21cdf0b9f376d74663e1c9d0268f

SHA512
5119040fb64ae21f23ea782b2826cf1335d2338a79428dd4cf9795f67f8f8230ce3381c330086c5134699d34d27cb9afab42f9281d999c2992a04e55bf23d398

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\5162ca39-0488-49e8-90d1-90ae490774c3

Filesize
26KB

MD5
5c949d78d17ab96594aa5c861a4a3d11

SHA1
56c4c987ef8fdce06e712744dacbbb3c1680a26e

SHA256
bfec3683c40e19300f0e93e7bcfccf1dc2c820fc284f503aa491ccd994c19dd3

SHA512
09f06b2c5ff5591d4ec3c6b571162ba140d91bcd251f211946587f0eb0d599e51be9367b4137bb46484b7c8c240c974ce3fe2d47554dadd0ffdc1d97f1078bf8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\57d6ac32-975f-46ef-bb86-9c247b00eddb

Filesize
676B

MD5
2e2802b3e5d4f2c0487c5a422c55e8fe

SHA1
62e1e4754f94e8fc6aab20e4f0c288213c14d5c6

SHA256
1afe9bd529ba985cefcb08a83f169bf5051150804fb3197028aa0928285e78fd

SHA512
8cb3e790d7f22b8b3d1191e5348431f3130f5d49065393d53542b8776aacbb630be92081ec2b50478a3b1d6a76550b378bf54cc70c6b8d70afbc3ca2ca31912c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\72e987fe-471c-45ee-b9be-23384044a1de

Filesize
671B

MD5
8b16c4aeb9cedab62f2a011cdd305af0

SHA1
06dc46ae756fdf8fd8400aa52f8f3a3394a07ce1

SHA256
4547ece888bd4e4c071afd86c2b031b1f8f87bbe8c76e0782b7d7af91f1c011f

SHA512
b25663a52df7f8f960a6da90b7af234e001e0235bc700918c59d4d4db2cb12a2b9dfb6fbb6840751f8b79693cd01c503fdf9b0fa3388bd102553db9584cdd582

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\c33f01c6-6f03-4610-835c-772a9663ecb7

Filesize
1KB

MD5
d439e017b7aacd105d3dd85a0ccab435

SHA1
6e5b17f40fcf0af349f3da1659db46ed960ff4dc

SHA256
04c5e4c1aec4f6c8352088465189d7481a79da2915da883c0762edefd01f1437

SHA512
ee63e9f3e9f6d6ca2f1171ea076f26e08c95780d5e1d91981ceb288d57dfb878fc3fd50c6e46d54b8fb2d26dfce0578e49eb2790f0e601e7c062789bfc00df52

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\ee450a4c-e1bb-4a8f-90c9-d11a3025db46

Filesize
982B

MD5
ec76f398889e83863f2bc5e1c2d0f3b4

SHA1
d09662add56a9efcf3d80d59c9db875c907a4d31

SHA256
c6f259afa5e7e0886eb2bea833a988d89bcebadf4948f5662290b14c5cf5a845

SHA512
8bebb23abed2b0a9c38bd55f598301e59c867f2a03d06a716c327b4d26300ed2f313457dfd986ee84521469763cf48620fa51226b231329ffcf4efd28578a1de

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js

Filesize
8KB

MD5
8044251579817b70817c5b8c152c6efe

SHA1
7237f7b2739e7f932c9148cf6c8904919ca5b22c

SHA256
fbe2d983b3d17902a8237f3aec853e7372ae3452e545d7a82225a5d347b3b08a

SHA512
3aea73e5add0bc50496bf1bc1a6bc4b31761d589589f9d4005e6c1f1ce24acfe9810e32079c8f3b0c813b95a9be2cec28f9986f18b2736b36863a9c04790afe3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js

Filesize
8KB

MD5
44abaf02bdb5fbf04e4e6cbb63b266e4

SHA1
87290ba76dc74863749f7c03f4bda137988004b9

SHA256
5b903895c42a7b552b299e6185727c7a0329cddb04a888925bcbe87f3d60dd06

SHA512
0ffc5af135983ede382a62e39f935eae5dedc3c0e967ad20613a44930624a2b1d4c6b7109d5a37baf01b6ec57a8917f3abb28bc0583dce9c6c2b47e685ae9621

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs.js

Filesize
8KB

MD5
ea28c57ecf020db194f850e427185dae

SHA1
29e543edc8e338e7271243fffbc39bb3045a8bda

SHA256
536bd1b7de542cfd7812ccf0031b6b0599bef5504b9ce3e79dad871a5f41bd23

SHA512
fc82afe79cc42ab58999f2c27cabaaa4fdd24bfbf8bce196f805797bac344c44647b26603579f1b1712dd76a672a771e69d0df4e2a32ea2629ebe7fc292aa91f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\protections.sqlite

Filesize
64KB

MD5
76786a4c0dd19d88d6d3ed95a293bf2f

SHA1
b0d6d676127a7694fc6e71ee57fcc2ffaa621ff7

SHA256
1a2564c1ba20b8038d35c2319258d94dc15d97914dcf753b31c48b79940dfd31

SHA512
8cd3298e2ebba763d3c80ac4b17e44af7eb63b46304967d0c6316d314baf8611c05f7b9979c2c5c329ac167aea0246e8c9f057ffbb272481c13fd5e4b4bcb2d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionCheckpoints.json

Filesize
181B

MD5
2d87ba02e79c11351c1d478b06ca9b29

SHA1
4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1

SHA256
16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524

SHA512
be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
6b77a9f779399e95d1cee931a2c8f8ff

SHA1
826efd4feb0d50fcce5696111af7c811b81adcd9

SHA256
3a0285c8233ef0324b269f7291094e19fd9b77259f9419861ad796f7e9c979f3

SHA512
ef537c75fab8e86483ac03cc0d2feaf41575e35f54b95669a26bf6dfbf58021dc9a5bbe54d9537b55da3fbb0e0262adf6c5efd4394faaec81a31604533afec4f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore.jsonlz4

Filesize
1KB

MD5
8fe41167029e5f618f0b708ba6fff0c9

SHA1
8ac8ea97a8ceab17bf04f83c5b248b0d0072da00

SHA256
e743380a211b9be9c77f945a1547698497862473b5485b30c54a40d1f750e793

SHA512
267e606c4bb3b3a421935b367323da73c60ac28f2414b21a5d508df18e98a0a310a2f5eee5383bc5440a6dc3dbd9c7b8af855dd24d5677b72b370e8fad7af371

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
f8a46d1b9a9be14b2024836c32edfd5e

SHA1
07eb9952f4cbd917de4fbafa5a9a03be84dda96b

SHA256
a94b94b02267c50923765a7dd47dc74fda455e2828cd1ed007e713cb6ee3f642

SHA512
44a787ecc203303c7a765ad711711cc3bb6b23290545f6d3f3ab1c1f4874d6aeb147c4303b83270940a6af1b5a5793c1cf949a81e85c3480c1e5d412a8bb8e37

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
200KB

MD5
f9852f563e2cb950d860f93e6306b03c

SHA1
4b133be10d1c84e07e2525a325756fcafc35ae05

SHA256
dfd7406f52efecf5a01e8597e88038dfb9a60ba371c59dfc8f4d639b0f164d18

SHA512
e9b4266a1dfb055a3f6948fafa451278e5ce0274e00a8909dbdf11c197d0eca3597cbe56e774765a32222992ec6d8e839fa27530e1227e82f1a90a860d5ed59a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\xulstore.json

Filesize
120B

MD5
8d689c06cb844185099c0398a280537e

SHA1
57073c7526ec37e94bb9db44fedc6d50276f7a6b

SHA256
96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d

SHA512
3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

Download Submit