Analysis
-
max time kernel
1801s -
max time network
1803s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 14:41
Static task
static1
Behavioral task
behavioral1
Sample
download-page-for-spotify-premium-mod-for-pc.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
download-page-for-spotify-premium-mod-for-pc.html
Resource
win10v2004-20240226-en
General
-
Target
download-page-for-spotify-premium-mod-for-pc.html
-
Size
87KB
-
MD5
b3cb5748500413c4238d8731c22cda20
-
SHA1
27f5b18773cb9658e2753f203d0d0d4752d46a00
-
SHA256
48263729135489ce33976907d5aae647d902df2d9c18a49ebc75f0254a876f58
-
SHA512
322d48e882b2a7e2db16313b4a8dc78360f4aec50f5bc3bcf5115dec8444788d14147cd542402e3b5db4c30530b5331840a41e683fd4df242aa954bac58a3de3
-
SSDEEP
1536:pRMMUE2C78Tel2ap7OoI86j3S8RZjfkDEa0O3HvtzicE1mh2Wc:YTelJO/XjfkDEa0MHxhw
Malware Config
Signatures
-
Downloads MZ/PE file
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133626769516323939" chrome.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings firefox.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3400 chrome.exe 3400 chrome.exe 552 chrome.exe 552 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3400 chrome.exe Token: SeCreatePagefilePrivilege 3400 chrome.exe Token: SeShutdownPrivilege 3400 chrome.exe Token: SeCreatePagefilePrivilege 3400 chrome.exe Token: SeShutdownPrivilege 3400 chrome.exe Token: SeCreatePagefilePrivilege 3400 chrome.exe Token: SeShutdownPrivilege 3400 chrome.exe Token: SeCreatePagefilePrivilege 3400 chrome.exe Token: SeShutdownPrivilege 3400 chrome.exe Token: SeCreatePagefilePrivilege 3400 chrome.exe Token: SeShutdownPrivilege 3400 chrome.exe Token: SeCreatePagefilePrivilege 3400 chrome.exe Token: SeShutdownPrivilege 3400 chrome.exe Token: SeCreatePagefilePrivilege 3400 chrome.exe Token: SeShutdownPrivilege 3400 chrome.exe Token: SeCreatePagefilePrivilege 3400 chrome.exe Token: SeShutdownPrivilege 3400 chrome.exe Token: SeCreatePagefilePrivilege 3400 chrome.exe Token: SeShutdownPrivilege 3400 chrome.exe Token: SeCreatePagefilePrivilege 3400 chrome.exe Token: SeShutdownPrivilege 3400 chrome.exe Token: SeCreatePagefilePrivilege 3400 chrome.exe Token: SeShutdownPrivilege 3400 chrome.exe Token: SeCreatePagefilePrivilege 3400 chrome.exe Token: SeShutdownPrivilege 3400 chrome.exe Token: SeCreatePagefilePrivilege 3400 chrome.exe Token: SeShutdownPrivilege 3400 chrome.exe Token: SeCreatePagefilePrivilege 3400 chrome.exe Token: SeShutdownPrivilege 3400 chrome.exe Token: SeCreatePagefilePrivilege 3400 chrome.exe Token: SeShutdownPrivilege 3400 chrome.exe Token: SeCreatePagefilePrivilege 3400 chrome.exe Token: SeShutdownPrivilege 3400 chrome.exe Token: SeCreatePagefilePrivilege 3400 chrome.exe Token: SeShutdownPrivilege 3400 chrome.exe Token: SeCreatePagefilePrivilege 3400 chrome.exe Token: SeShutdownPrivilege 3400 chrome.exe Token: SeCreatePagefilePrivilege 3400 chrome.exe Token: SeShutdownPrivilege 3400 chrome.exe Token: SeCreatePagefilePrivilege 3400 chrome.exe Token: SeShutdownPrivilege 3400 chrome.exe Token: SeCreatePagefilePrivilege 3400 chrome.exe Token: SeShutdownPrivilege 3400 chrome.exe Token: SeCreatePagefilePrivilege 3400 chrome.exe Token: SeShutdownPrivilege 3400 chrome.exe Token: SeCreatePagefilePrivilege 3400 chrome.exe Token: SeShutdownPrivilege 3400 chrome.exe Token: SeCreatePagefilePrivilege 3400 chrome.exe Token: SeShutdownPrivilege 3400 chrome.exe Token: SeCreatePagefilePrivilege 3400 chrome.exe Token: SeShutdownPrivilege 3400 chrome.exe Token: SeCreatePagefilePrivilege 3400 chrome.exe Token: SeShutdownPrivilege 3400 chrome.exe Token: SeCreatePagefilePrivilege 3400 chrome.exe Token: SeShutdownPrivilege 3400 chrome.exe Token: SeCreatePagefilePrivilege 3400 chrome.exe Token: SeShutdownPrivilege 3400 chrome.exe Token: SeCreatePagefilePrivilege 3400 chrome.exe Token: SeShutdownPrivilege 3400 chrome.exe Token: SeCreatePagefilePrivilege 3400 chrome.exe Token: SeShutdownPrivilege 3400 chrome.exe Token: SeCreatePagefilePrivilege 3400 chrome.exe Token: SeShutdownPrivilege 3400 chrome.exe Token: SeCreatePagefilePrivilege 3400 chrome.exe -
Suspicious use of FindShellTrayWindow 44 IoCs
pid Process 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 1388 firefox.exe 1388 firefox.exe 1388 firefox.exe 1388 firefox.exe -
Suspicious use of SendNotifyMessage 35 IoCs
pid Process 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 3400 chrome.exe 1388 firefox.exe 1388 firefox.exe 1388 firefox.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1388 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3400 wrote to memory of 4184 3400 chrome.exe 91 PID 3400 wrote to memory of 4184 3400 chrome.exe 91 PID 3400 wrote to memory of 4632 3400 chrome.exe 93 PID 3400 wrote to memory of 4632 3400 chrome.exe 93 PID 3400 wrote to memory of 4632 3400 chrome.exe 93 PID 3400 wrote to memory of 4632 3400 chrome.exe 93 PID 3400 wrote to memory of 4632 3400 chrome.exe 93 PID 3400 wrote to memory of 4632 3400 chrome.exe 93 PID 3400 wrote to memory of 4632 3400 chrome.exe 93 PID 3400 wrote to memory of 4632 3400 chrome.exe 93 PID 3400 wrote to memory of 4632 3400 chrome.exe 93 PID 3400 wrote to memory of 4632 3400 chrome.exe 93 PID 3400 wrote to memory of 4632 3400 chrome.exe 93 PID 3400 wrote to memory of 4632 3400 chrome.exe 93 PID 3400 wrote to memory of 4632 3400 chrome.exe 93 PID 3400 wrote to memory of 4632 3400 chrome.exe 93 PID 3400 wrote to memory of 4632 3400 chrome.exe 93 PID 3400 wrote to memory of 4632 3400 chrome.exe 93 PID 3400 wrote to memory of 4632 3400 chrome.exe 93 PID 3400 wrote to memory of 4632 3400 chrome.exe 93 PID 3400 wrote to memory of 4632 3400 chrome.exe 93 PID 3400 wrote to memory of 4632 3400 chrome.exe 93 PID 3400 wrote to memory of 4632 3400 chrome.exe 93 PID 3400 wrote to memory of 4632 3400 chrome.exe 93 PID 3400 wrote to memory of 4632 3400 chrome.exe 93 PID 3400 wrote to memory of 4632 3400 chrome.exe 93 PID 3400 wrote to memory of 4632 3400 chrome.exe 93 PID 3400 wrote to memory of 4632 3400 chrome.exe 93 PID 3400 wrote to memory of 4632 3400 chrome.exe 93 PID 3400 wrote to memory of 4632 3400 chrome.exe 93 PID 3400 wrote to memory of 4632 3400 chrome.exe 93 PID 3400 wrote to memory of 4632 3400 chrome.exe 93 PID 3400 wrote to memory of 4632 3400 chrome.exe 93 PID 3400 wrote to memory of 4632 3400 chrome.exe 93 PID 3400 wrote to memory of 4632 3400 chrome.exe 93 PID 3400 wrote to memory of 4632 3400 chrome.exe 93 PID 3400 wrote to memory of 4632 3400 chrome.exe 93 PID 3400 wrote to memory of 4632 3400 chrome.exe 93 PID 3400 wrote to memory of 4632 3400 chrome.exe 93 PID 3400 wrote to memory of 4632 3400 chrome.exe 93 PID 3400 wrote to memory of 3800 3400 chrome.exe 94 PID 3400 wrote to memory of 3800 3400 chrome.exe 94 PID 3400 wrote to memory of 5072 3400 chrome.exe 95 PID 3400 wrote to memory of 5072 3400 chrome.exe 95 PID 3400 wrote to memory of 5072 3400 chrome.exe 95 PID 3400 wrote to memory of 5072 3400 chrome.exe 95 PID 3400 wrote to memory of 5072 3400 chrome.exe 95 PID 3400 wrote to memory of 5072 3400 chrome.exe 95 PID 3400 wrote to memory of 5072 3400 chrome.exe 95 PID 3400 wrote to memory of 5072 3400 chrome.exe 95 PID 3400 wrote to memory of 5072 3400 chrome.exe 95 PID 3400 wrote to memory of 5072 3400 chrome.exe 95 PID 3400 wrote to memory of 5072 3400 chrome.exe 95 PID 3400 wrote to memory of 5072 3400 chrome.exe 95 PID 3400 wrote to memory of 5072 3400 chrome.exe 95 PID 3400 wrote to memory of 5072 3400 chrome.exe 95 PID 3400 wrote to memory of 5072 3400 chrome.exe 95 PID 3400 wrote to memory of 5072 3400 chrome.exe 95 PID 3400 wrote to memory of 5072 3400 chrome.exe 95 PID 3400 wrote to memory of 5072 3400 chrome.exe 95 PID 3400 wrote to memory of 5072 3400 chrome.exe 95 PID 3400 wrote to memory of 5072 3400 chrome.exe 95 PID 3400 wrote to memory of 5072 3400 chrome.exe 95 PID 3400 wrote to memory of 5072 3400 chrome.exe 95 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\download-page-for-spotify-premium-mod-for-pc.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3400 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe8b759758,0x7ffe8b759768,0x7ffe8b7597782⤵PID:4184
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1856,i,7278778424156623730,8211313076079793330,131072 /prefetch:22⤵PID:4632
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1856,i,7278778424156623730,8211313076079793330,131072 /prefetch:82⤵PID:3800
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1856,i,7278778424156623730,8211313076079793330,131072 /prefetch:82⤵PID:5072
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3160 --field-trial-handle=1856,i,7278778424156623730,8211313076079793330,131072 /prefetch:12⤵PID:4964
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3140 --field-trial-handle=1856,i,7278778424156623730,8211313076079793330,131072 /prefetch:12⤵PID:2964
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 --field-trial-handle=1856,i,7278778424156623730,8211313076079793330,131072 /prefetch:82⤵PID:4756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1856,i,7278778424156623730,8211313076079793330,131072 /prefetch:82⤵PID:3776
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4824 --field-trial-handle=1856,i,7278778424156623730,8211313076079793330,131072 /prefetch:12⤵PID:4708
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2496 --field-trial-handle=1856,i,7278778424156623730,8211313076079793330,131072 /prefetch:12⤵PID:5668
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=824 --field-trial-handle=1856,i,7278778424156623730,8211313076079793330,131072 /prefetch:82⤵PID:5756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5428 --field-trial-handle=1856,i,7278778424156623730,8211313076079793330,131072 /prefetch:82⤵PID:5780
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5564 --field-trial-handle=1856,i,7278778424156623730,8211313076079793330,131072 /prefetch:82⤵PID:5788
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 --field-trial-handle=1856,i,7278778424156623730,8211313076079793330,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:552
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1468
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3972 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:81⤵PID:5420
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵PID:6116
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1388 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1388.0.348665175\811413574" -parentBuildID 20221007134813 -prefsHandle 1892 -prefMapHandle 1884 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a684a4d0-b4e2-4e06-93ef-4822957ed016} 1388 "\\.\pipe\gecko-crash-server-pipe.1388" 1972 2dcea6d4458 gpu3⤵PID:5376
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1388.1.2042420897\1452674762" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2340 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7cfcbe17-07b1-45ad-bdd1-1dc11b0abf60} 1388 "\\.\pipe\gecko-crash-server-pipe.1388" 2364 2dcddc75e58 socket3⤵PID:980
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1388.2.262264877\797180581" -childID 1 -isForBrowser -prefsHandle 3268 -prefMapHandle 3264 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3be87fc9-d7ee-4627-aa05-9c6e3e9d1879} 1388 "\\.\pipe\gecko-crash-server-pipe.1388" 3280 2dcee5cbb58 tab3⤵PID:5564
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1388.3.510135415\1122818912" -childID 2 -isForBrowser -prefsHandle 3844 -prefMapHandle 3840 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8388c89f-9444-43ec-9303-fc2a75623d96} 1388 "\\.\pipe\gecko-crash-server-pipe.1388" 3852 2dcddc65b58 tab3⤵PID:3732
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1388.4.334932114\203777557" -childID 3 -isForBrowser -prefsHandle 4180 -prefMapHandle 4140 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a68733fb-6658-4ed6-aa23-19b50f0bf400} 1388 "\\.\pipe\gecko-crash-server-pipe.1388" 4192 2dcef494358 tab3⤵PID:2704
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1388.5.1210223973\1522819627" -childID 4 -isForBrowser -prefsHandle 5000 -prefMapHandle 4940 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00cc02ce-51f4-4cf3-ba1b-36c353d90563} 1388 "\\.\pipe\gecko-crash-server-pipe.1388" 5004 2dcf09a9e58 tab3⤵PID:2456
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1388.6.1721487834\1687851476" -childID 5 -isForBrowser -prefsHandle 5144 -prefMapHandle 5148 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {438ac52a-c237-49b1-b8c9-1ff81ce8fbf4} 1388 "\\.\pipe\gecko-crash-server-pipe.1388" 5132 2dcf0ac2b58 tab3⤵PID:2944
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1388.7.519339020\1487781555" -childID 6 -isForBrowser -prefsHandle 5372 -prefMapHandle 5376 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {04282b1c-ba30-43b5-ab5a-5f0051c85dc6} 1388 "\\.\pipe\gecko-crash-server-pipe.1388" 5212 2dcf0cfba58 tab3⤵PID:220
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4944 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:81⤵PID:9504
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72B
MD5a7974c78b8563d616dd78533483a0229
SHA191b502a09c8ab40faf303c4cfcd2a2011694da5c
SHA256bde81854bce4b90b2e37452df4602cb1d8004c0d9634338912caa769f4e6a27f
SHA5121a34c9ea6c9b8d97ac0ad05360e661ce8a3340bb867b89715d7fcb004f8c866721ce214d640e72cdf2c9bd4145061f217c51d0828b0390db434c63224e7af7b0
-
Filesize
1KB
MD5379c4d9ee97f56f8913baac76bf14948
SHA13cdf4c4cdf2d0e5a0fc64067ba2a34de50c84ed5
SHA2566b19bd06d8e2fa8efb796bee2f8307c5e2ae1a8a528de18438952d896146e792
SHA51275da481d44383721be118663b7dca23ac837f3683eaa6e4a349ba5ddc1f7501dc587fbc8270fd968113fd63b6f6595b18a4d0cdafa762cf2dcb4b5416e993307
-
Filesize
2KB
MD53cc6c16fe9e430d895faf5fa45c40849
SHA1235c3ecd1fc3ce551c441e4db19001228393f26d
SHA256d7642b6d561994b29bcfc1dc61c7c48b445d99575a5e13f53cfbf4f976bb3574
SHA5128a233542254b0369d2f1227f87da085cddef4fa6de7eba66199b0a98f98d1ed788695c1d52de49c3b294ce357a738e9e7db300ec446e9bef3f5e60b9b1e797b3
-
Filesize
2KB
MD548ffb62071758f8dc9eb12f57f03e716
SHA129f6de136bdde258cad307328d1d1df50d86ab18
SHA25643a28ef5b2349239e62dd61a2c6d403a270736c653eb72161cc20519e6ea2427
SHA51263f38e0b80210370999a50c706b99faf99fcf34ab811840ed87c813103d551823b4b909e969ba40f4a5e49f0a4c1bbecad7e9d1384111ffe9338a7bb63030d78
-
Filesize
2KB
MD5bac4a1dc2a57053fb526ef19ff2ea342
SHA1359edea7c5c455f34c2beb50737d23d45bf07fdb
SHA2565e60117f34f4bf63d608a89c26318fa3efbc813b5659af6276484d321466f522
SHA51286fc1789f79021504a0edde07cc33df413ca2606890816fcd10c88983d6dceed35fa886e1e6360e4d5b59a1407957e41511c9547633fb6800dd26a903046161f
-
Filesize
536B
MD5e1dd9556d557ecc2aa201af71303870b
SHA12b32ccc28dda12e1fc2cd184060c77218b916c50
SHA256e6a8620557cdfb709ef03780ed9b5888e0e2b0d3f87cc555f41de03703014659
SHA512e97d83f55df48b95d26485d5e4b82d2ab1b70fa272033875f33a6405f7be46321e7f3f5730d8635ed37f358005e6575e7206f8bca8ab57037d46ae2bdf536003
-
Filesize
5KB
MD5dcb872226f5f154e84a5278e846045b9
SHA12cd114903972e2bf1aef75a5dd83056582ab3983
SHA2566e12aacce3d55553b54766622be506d208b25ef7ce0d9bb8d3e4bd252366779e
SHA5128f89400b1984023fcc615d08670918d855595c901bb5777ee9272e5b05df1ea4fa76f5b2cc1acbc69d47ea6d2ce63c706d415908fc09a11d3b86d4b7a7123691
-
Filesize
5KB
MD589e7d2322ed39fcf8a7b7b81d81a9b33
SHA1d5f8ca75b184aefbbf4ff8a5eec6464421533b89
SHA256d45ef82a85f8bd5f3366c063374c3e6961974e576ec6bee3dfd837b6d7a8c165
SHA512180bd3a04ec876772565abce6390cf1c2e65fdbd99e8ae208bbfe17a325375fb7538fe94100c3fd1ce31faf4ca55548bddfda19e48555a23263d083bbdcca175
-
Filesize
5KB
MD5ff55f6138a93c46840d45157646ea4e5
SHA16f64e6b562ab4796e24daefe98ced9e6081de13f
SHA2561dd5939c8b5a80639b672edd0da56150e4ed18a15ef97962a106627f48d080f4
SHA51271413b26c9be8ae3d92f2bff496e1a58b0371e0ddeb593b1dc33357cbcb888c2f18034cadde1253ac2a440c480b867dbb85a5db0b812d1175e96989c3cedc5de
-
Filesize
128KB
MD5a28a5abd0c42d022971544bfa53f1339
SHA1fb95724dbc52afeb84e508ae93943f29f359c4f4
SHA2569cc339bc0b3b570e11727102581aae8424a1b704aca52210a12fa254f4cedd99
SHA51248222e1396e20d88931736013cf66a43f15fe37ea6bbadd873e03b24f3f1855ff379cd51cec693143478a353865ca28fc10df1af8b3f946069d1b021a8d189c2
-
Filesize
105KB
MD5700043ab8ae0e6fcee39b59cc529df03
SHA1d1c8542f6f1ba3d1e9657c2d7296f67b2eccf53b
SHA256994513b360e16d8059bbbdb7f2db4ca8cf8a58034c54e815c84219002fc382ba
SHA512becc7b773653007f2d24ea9803730f48d330164ea1eba73c9d5f82263d55d62dfdddf620bc1699dfdb4da22625a58458293276d72dbfd3988009812115d7dd1a
-
Filesize
99KB
MD53e699de99f7711a045e70d3b9fed31df
SHA1ba5793ce342f4ee7b2152d72d2932003c637be91
SHA256a82bbdd9b99e81b5f3eda798b81f9b9827a18cec00800c9d185e70ce547b77b9
SHA512f32cd819e66dbaea34272ee5e1c3d5c7bad22e77abd4acb3d2dd8abf08c7d0071a64f5b76329eec5db7ab0d91b8144e2bffe502c55422237944b6268b59b6113
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
11KB
MD5d7bb6be784920864627f0ecf6dac604d
SHA1740c25c465491a6472e859ebddc5f21e8bf9402f
SHA25666f9b8113ef5635bd3735b04c0ce04615800e218be3153571e91ef83e1a50d4a
SHA512e4e05a8b953e341811a1eaea6e157e4cdab5e103605a442bb2a78767bc34b1e9262623b3673f7c2ec907b5e56e71310fbe55672484b04bf29cd0115d70bab787
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\383A97A57B113BD106DE6984E6DBA5F537327263
Filesize13KB
MD5da7ef008eefcc981c7a8befc8510f0d7
SHA1da7b5f7d6e1fd327875853055813d2e1face753a
SHA256c2fbddc20b65b758c96fa47d0231e93e791f393ce2fdf8480143a239ce187108
SHA512a31b56b14883079d280fab6bc4521052c73bfbc78277a0f6dbf7f28c88bd1647b3af671a6253abc601d3bdbe038c5d338ee7083006cdc169333e92728ed6c569
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
8.0MB
MD5a01c5ecd6108350ae23d2cddf0e77c17
SHA1c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize5KB
MD5b20f643e3dd67ac99fea020ef8bcd968
SHA17944ed8f71e87bb74aa1f99cf5bfaaf08696cab7
SHA2563c7177d740286e328a9e084b3a782fde473c959af0837d4dbb10588b11db3247
SHA51268783b7bb776650fda8474bdd49de1b592ebf82edff4fd746566e1c078f6c59c27dc06c04fec6ac30ffc2492f1d56dc9e5bc945e68b21a0ccf1279d1915c3e56
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\bookmarkbackups\bookmarks-2024-06-12_11_8isp+gHyP3QyHg7eXV012w==.jsonlz4
Filesize950B
MD54f250385aeaa84a357a344af5ad6354a
SHA14f1ca11ca083ed02b315c489223a20017a6ecbc4
SHA2561496d4f20935c304d2e661264713fb152b1558850d404b59353a09e7f830c264
SHA51216e9f6c632ecb3f96663d06f567445f294a0195a922e9e2105893550fba609767602cbaa87dd5380c5888274d7988b25e937335f58200e91db9cce6cc375c0e5
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\broadcast-listeners.json
Filesize216B
MD545faba2946cfe3dc4634444fa40c89dd
SHA11fc9b8ea4d625b6148c7f1613c6141b4b74d9c15
SHA256cbeeebf88bb6f4ebbd5cea91b83e6a9683fd65925f6925208320371aeef215a8
SHA5122d29ec5cdadc836823e4e906dc59d2d7af90c4d9bd4420901d1dbbad99f86ff37ebe58b436d12f809728e641b8064e063611a7333f17eee3ec5262af0ebb68d0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin
Filesize2KB
MD530b50d5e05de999e517745bcba845de3
SHA18f33c0b63d640ec876245e481624aa65e0e1edcc
SHA256466e523ffd01c68b61c5e7561e765ad2708121621592bb8695393ae1347d3e37
SHA512c2f79b0ce95f235ec97d43172696446e3ba723fc762292b9a6a7892d253204381ad33345e0e86e8e5dddd01568388a9a1f7169f8d95c6fa0739768a06d81f3d9
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\0ee6b3c2-f6dc-4615-8ac7-e81e40f549d6
Filesize10KB
MD52cf58aa14da5b34f9ef498a9019410b3
SHA1e14f6cbeca6b2dde7342cee1bdc2892e43501f98
SHA25615df4c9b6cd9c3d5a44e71f0dee371ab33264b1ae8fdff022d78721345503a77
SHA5126063ab709f819be685daaabd746d5cadf991655c71911c379d2447ddfd9fc6ddba8ad40ab7f670f6bdc47b74271ba50331a9467b1e85301e99a3000327ecc1a6
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\a2019546-699d-40c6-9fd6-134de5aa0364
Filesize746B
MD5fd5fbc3afa5d1942cd7f171543769e0f
SHA1634c05259230e479608056a1803f7cd7b98ca408
SHA256360cb5fbbf363d371a4ccb72e995acb47e5ed4303d7cb1f692ca6e8930d0f8ec
SHA5121725a759db016ca9d3f7108a5de5ece829ed6fae848f7a7230f66553fa17599e11ae8130f4e0bf268468d3902a2ee551a0de94f126c41ad7f58bdc4ce980e0e0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\extensions.json.tmp
Filesize34KB
MD5f7016d8a2229e3f56d1e6d90b11654f8
SHA1fd5b74a4a1c3da00e7489da745fc77af3f2b70dd
SHA2563c2e04a2ecb5f25269a5a123019dbcb32be9131208a02b28e1222508871522be
SHA5129f7a14a5f58230dccd61b1fd9583fb995d57b004aef7dfd2bd1778865b5fc60a0a6a0fd6b35f31992d7de41e69b915a252b8419b50bf4e4a8e5bc0e28fdcec65
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize11.8MB
MD533bf7b0439480effb9fb212efce87b13
SHA1cee50f2745edc6dc291887b6075ca64d716f495a
SHA2568ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
6KB
MD55dda303f9db7e4886af98302de1d487e
SHA15cf2bbe474a825db31ea996eaacbcc4fd0734b3b
SHA25635dd21b46f039287a5a0006154330d9999f8fb8cd76e05bd136a612d5eda6eb7
SHA512ec91d77fed60bb64ba43aca6b31945ac2afb28658e32449d5e5003fa967b3f3acf84d93138ff9f0c51b7f04902aefb54c0ff8c0a67a9dae34224ec7b3a902b5f
-
Filesize
9KB
MD5342e705b186df30f3dcd512a70be3ff7
SHA13973926c6b9ec48c93a9a8cb863a97f8480b3cc8
SHA256cebf63575a087ce34c9fa2fb8ae87ad7327936bddc2479681ace96708f48a380
SHA5124847f9e9843d3b4a3027fd2c23f4755e48caa9b1a347ef0219536c7137a57daf3ebcfa9d646aeec38068d689b1dc5ad399e50b98a2b670ff80877c8ddc135fe9
-
Filesize
8KB
MD51613b5e728677b648e61806404c7fc45
SHA1c57356b8ee8ae9885c1de9ce766d7d75267954ec
SHA25652fbc466eb07fccf0e87b16ed1111e3503187dc42b82ad89c2fa00cea0067f7e
SHA512787c41c0b7f186ae896307125d2243b68419b06f3aa17776c8852a7bf11975a0850fd405dd5592b05fa16f4a00c3d49bde5b9e65b5ce200fbfae0003678787e4
-
Filesize
9KB
MD57277fb2055d2b52129cde080dcca6938
SHA1bdbdd63397d6f9e5ee95f6496926db48a7307b21
SHA256a8a680e17d769dfe0a23b2f1cf049a810f900083571f1994bdf24018d0e7cb73
SHA512f23176907bada31945ca61c89609f1bfc0f06cdb7cdcff831f0cf0bcd50dc73de6f32414c2c031f69b2de2eb6703fc2809244178a46b41955e6a6d35cb467713
-
Filesize
10KB
MD52d4d8de45561b25c19e13e6abe1c5548
SHA1f99d4d53652df82c6c075e226a440f5d36dcd6d4
SHA256c2b2666c3aacafd4d087c1f950b2c8d32571ce3a4b93ab536f94780b53f240d0
SHA5123e29a7b16327ca55e3310aecb2dcbb1e7c375994912b35eec848c3ef547c5441218a4b0e716a274c27cab0b5cdc3b2b8ca188e4cd70ef3701f97efbc5bd111ef
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionCheckpoints.json
Filesize90B
MD5c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA15942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA25600ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA51271ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
Filesize1KB
MD532ff9f7d204ad3305fc3e94c944fa12e
SHA1af0aded6d5adfe0144fea605728db012456e8a52
SHA2566739a8ceb0ad0ad14325e7c80dd24b33de46b7bc7614a2403230a132db9e11ac
SHA512687545f754d57ede1659b73dc36d00d20d8e12004e2bc6e5a1e2fd77af610d3ab2ed1dc6db6c441c88e7cea0602378e6a5a752ea92c79439773c237f2a986b34
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
Filesize1KB
MD5889bdcd43aa126e29089b60aec27b819
SHA1c04ffc34101bed28ace1941ee78e2e31db366959
SHA25620e6f8d0b08063edd700aa54ac47301cae1a316c3358ae6b51c5bde3e43102b7
SHA51282d7b2a0c4ba0dd6d5c2df2cdca0cdedb7345dd8dd6ccdfd09d9a820c4c8a9b11169eb5ea3a3a1c6322a21bc50c8f8148c8a6cbb699337c7f9587dc8ea32975a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize184KB
MD589fb414d778d11d3a12991de60301815
SHA11d7a63ca92d9ad28930ce2feaac8c71c3f699ef7
SHA256935ba660008416f0b46a028a709944f11f9c2858243a2f7bc0b57aa1d96314be
SHA51249f06dc78f2e08621ba4ed19925d8c7ed040502f13edaeedc7df3d675e77417d8b7b3c0b3feaf7f4fcef989091b363f5af1fa9258de57cee5bd904e1d7a31f9b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\targeting.snapshot.json
Filesize3KB
MD5f1427594d91e06d87267868c2e86c64f
SHA1391252fce02a4e9588e36f0093e5ad13bd753e44
SHA256679d460e974420e6498409221c5a460c9f085f20ace01f518681867a8b6a0957
SHA512413646805d8982a434229adee4cec139fd54e86a3216a360fd0a19df69178104130419320169fc4ae02082f167660866c12d3ec7a177267e533f594fee9f37f9
-
Filesize
978KB
MD50488e42e4d9207a1021437a335350467
SHA199c2423b06c46abb3ee7fe1f310e49c956a51759
SHA2561a1139c9b2853517676ccaf4881a9d83577d1f8322ffd886c93a8a955efd380b
SHA512b03a9662a3c9edd2b5ac10fb56c4e5e26edc818f26070e33976c12eb72f4d6ee93e6f87e9f5c6447a1141e3fc72244634260c260aef250a06e1442d6bb7df5b3