hxxps://drive[.]google[.]com/file/d/1v0bh9VZCPlytlVORTnb5VhJBBcOq1_9G/view?usp=sharing

Analysis

max time kernel
1499s
max time network
1446s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06-07-2024 22:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1v0bh9VZCPlytlVORTnb5VhJBBcOq1_9G/view?usp=sharing

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 11 IoCs

flow	pid	Process
141	3068	WScript.exe
143	3068	WScript.exe
147	1416	WScript.exe
210	5628	WScript.exe
246	3976	WScript.exe
270	6076	WScript.exe
293	3628	WScript.exe
320	5136	WScript.exe
347	5768	WScript.exe
364	5456	WScript.exe
386	1860	WScript.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 15 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
6	drive.google.com
319	discord.com
210	discord.com
270	discord.com
293	discord.com
347	discord.com
386	discord.com
147	discord.com
246	discord.com
320	discord.com
140	discord.com
141	discord.com
269	discord.com
364	discord.com

Checks processor information in registry 2 TTPs 64 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 11 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 720867.crdownload:SmartScreen	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4976	Notepad.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4980	msedge.exe
4980	msedge.exe
2408	msedge.exe
2408	msedge.exe
1440	identity_helper.exe
1440	identity_helper.exe
2656	msedge.exe
2656	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe

Suspicious use of AdjustPrivilegeToken 30 IoCs

description	pid	Process
Token: SeDebugPrivilege	3408	firefox.exe
Token: SeDebugPrivilege	3408	firefox.exe
Token: SeDebugPrivilege	5992	firefox.exe
Token: SeDebugPrivilege	5992	firefox.exe
Token: SeDebugPrivilege	544	firefox.exe
Token: SeDebugPrivilege	544	firefox.exe
Token: SeDebugPrivilege	5764	firefox.exe
Token: SeDebugPrivilege	5764	firefox.exe
Token: SeDebugPrivilege	5764	firefox.exe
Token: SeDebugPrivilege	5764	firefox.exe
Token: SeDebugPrivilege	5764	firefox.exe
Token: SeDebugPrivilege	4112	firefox.exe
Token: SeDebugPrivilege	4112	firefox.exe
Token: SeDebugPrivilege	4112	firefox.exe
Token: SeDebugPrivilege	4112	firefox.exe
Token: SeDebugPrivilege	4112	firefox.exe
Token: SeDebugPrivilege	5440	firefox.exe
Token: SeDebugPrivilege	5440	firefox.exe
Token: SeDebugPrivilege	332	firefox.exe
Token: SeDebugPrivilege	332	firefox.exe
Token: SeDebugPrivilege	5920	firefox.exe
Token: SeDebugPrivilege	5920	firefox.exe
Token: SeDebugPrivilege	3532	firefox.exe
Token: SeDebugPrivilege	3532	firefox.exe
Token: SeDebugPrivilege	2980	firefox.exe
Token: SeDebugPrivilege	2980	firefox.exe
Token: SeDebugPrivilege	2980	firefox.exe
Token: SeDebugPrivilege	2980	firefox.exe
Token: SeDebugPrivilege	2980	firefox.exe
Token: SeDebugPrivilege	2980	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
3408	firefox.exe
3408	firefox.exe
3408	firefox.exe
3408	firefox.exe
5992	firefox.exe
5992	firefox.exe
5992	firefox.exe
5992	firefox.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
5764	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
3408	firefox.exe
3408	firefox.exe
3408	firefox.exe
5992	firefox.exe
5992	firefox.exe
5992	firefox.exe
544	firefox.exe
544	firefox.exe
544	firefox.exe
5764	firefox.exe
5764	firefox.exe
5764	firefox.exe
5764	firefox.exe
4112	firefox.exe
4112	firefox.exe
4112	firefox.exe
4112	firefox.exe
5440	firefox.exe
5440	firefox.exe
5440	firefox.exe
5440	firefox.exe
332	firefox.exe
332	firefox.exe
332	firefox.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
3408	firefox.exe
5992	firefox.exe
544	firefox.exe
5764	firefox.exe
4112	firefox.exe
5440	firefox.exe
332	firefox.exe
5920	firefox.exe
3532	firefox.exe
2980	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 4820	2408	msedge.exe	82
PID 2408 wrote to memory of 4820	2408	msedge.exe	82
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 5028	2408	msedge.exe	83
PID 2408 wrote to memory of 4980	2408	msedge.exe	84
PID 2408 wrote to memory of 4980	2408	msedge.exe	84
PID 2408 wrote to memory of 2540	2408	msedge.exe	85
PID 2408 wrote to memory of 2540	2408	msedge.exe	85
PID 2408 wrote to memory of 2540	2408	msedge.exe	85
PID 2408 wrote to memory of 2540	2408	msedge.exe	85
PID 2408 wrote to memory of 2540	2408	msedge.exe	85
PID 2408 wrote to memory of 2540	2408	msedge.exe	85
PID 2408 wrote to memory of 2540	2408	msedge.exe	85
PID 2408 wrote to memory of 2540	2408	msedge.exe	85
PID 2408 wrote to memory of 2540	2408	msedge.exe	85
PID 2408 wrote to memory of 2540	2408	msedge.exe	85
PID 2408 wrote to memory of 2540	2408	msedge.exe	85
PID 2408 wrote to memory of 2540	2408	msedge.exe	85
PID 2408 wrote to memory of 2540	2408	msedge.exe	85
PID 2408 wrote to memory of 2540	2408	msedge.exe	85
PID 2408 wrote to memory of 2540	2408	msedge.exe	85
PID 2408 wrote to memory of 2540	2408	msedge.exe	85
PID 2408 wrote to memory of 2540	2408	msedge.exe	85
PID 2408 wrote to memory of 2540	2408	msedge.exe	85
PID 2408 wrote to memory of 2540	2408	msedge.exe	85
PID 2408 wrote to memory of 2540	2408	msedge.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1v0bh9VZCPlytlVORTnb5VhJBBcOq1_9G/view?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe6ff546f8,0x7ffe6ff54708,0x7ffe6ff54718
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,16550408667686870174,13528825138878433284,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,16550408667686870174,13528825138878433284,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,16550408667686870174,13528825138878433284,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16550408667686870174,13528825138878433284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16550408667686870174,13528825138878433284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,16550408667686870174,13528825138878433284,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,16550408667686870174,13528825138878433284,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16550408667686870174,13528825138878433284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16550408667686870174,13528825138878433284,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16550408667686870174,13528825138878433284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16550408667686870174,13528825138878433284,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16550408667686870174,13528825138878433284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16550408667686870174,13528825138878433284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2012,16550408667686870174,13528825138878433284,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16550408667686870174,13528825138878433284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2012,16550408667686870174,13528825138878433284,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6488 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16550408667686870174,13528825138878433284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16550408667686870174,13528825138878433284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
  2⤵
  PID:1288
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\app_monitor_and_notify.vbs"
  2⤵
  - Blocklisted process makes network request
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,16550408667686870174,13528825138878433284,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6084 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2012,16550408667686870174,13528825138878433284,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1308 /prefetch:8
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16550408667686870174,13528825138878433284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16550408667686870174,13528825138878433284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16550408667686870174,13528825138878433284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
  2⤵
  PID:520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16550408667686870174,13528825138878433284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
  2⤵
  PID:2948
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\app_monitor_and_notify.vbs"
  2⤵
  - Blocklisted process makes network request
  PID:5628
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\app_monitor_and_notify.vbs"
  2⤵
  - Blocklisted process makes network request
  PID:3976
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\app_monitor_and_notify.vbs"
  2⤵
  - Blocklisted process makes network request
  PID:6076
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\app_monitor_and_notify.vbs"
  2⤵
  - Blocklisted process makes network request
  PID:3628
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\app_monitor_and_notify.vbs"
  2⤵
  - Blocklisted process makes network request
  PID:5136
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\app_monitor_and_notify.vbs"
  2⤵
  - Blocklisted process makes network request
  PID:5768
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\app_monitor_and_notify.vbs"
  2⤵
  - Blocklisted process makes network request
  PID:5456
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\app_monitor_and_notify.vbs"
  2⤵
  - Blocklisted process makes network request
  PID:1860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault1bf44b25h746eh410dha14dh79c6b37e73fc
1⤵
PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe6ff546f8,0x7ffe6ff54708,0x7ffe6ff54718
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,10884177351178576587,15541894924458226501,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,10884177351178576587,15541894924458226501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  PID:1968

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3948

C:\Windows\System32\Notepad.exe
"C:\Windows\System32\Notepad.exe" C:\Users\Admin\Downloads\app_monitor_and_notify.vbs
1⤵
- Opens file in notepad (likely ransom note)
PID:4976

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\app_monitor_and_notify.vbs"
1⤵
- Blocklisted process makes network request
PID:1416

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3612
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3408.0.1396516406\1222590815" -parentBuildID 20230214051806 -prefsHandle 1760 -prefMapHandle 1752 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0026a23c-a582-416d-8f6e-b4e220c601e7} 3408 "\\.\pipe\gecko-crash-server-pipe.3408" 1852 1749260de58 gpu
    3⤵
    PID:4304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3408.1.429791409\1435065201" -parentBuildID 20230214051806 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32f4ab8e-05e7-480c-b290-bf80f0c992fe} 3408 "\\.\pipe\gecko-crash-server-pipe.3408" 2424 17492b75858 socket
    3⤵
    - Checks processor information in registry
    PID:4400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3408.2.550457290\1692341530" -childID 1 -isForBrowser -prefsHandle 2948 -prefMapHandle 2900 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2030484-5499-4af6-8cca-c5b8b864f1a5} 3408 "\\.\pipe\gecko-crash-server-pipe.3408" 2760 174951f0b58 tab
    3⤵
    PID:316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3408.3.695001606\819611706" -childID 2 -isForBrowser -prefsHandle 4208 -prefMapHandle 4204 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {766c7983-da1b-43aa-b053-0d49d12ad0fc} 3408 "\\.\pipe\gecko-crash-server-pipe.3408" 4220 1749774d958 tab
    3⤵
    PID:2032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3408.4.1889224647\234499415" -childID 3 -isForBrowser -prefsHandle 4932 -prefMapHandle 4936 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {18976888-4e0c-4521-8c47-844fb67e26d8} 3408 "\\.\pipe\gecko-crash-server-pipe.3408" 5032 17492c1f858 tab
    3⤵
    PID:4208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3408.5.156641740\1418054524" -childID 4 -isForBrowser -prefsHandle 5168 -prefMapHandle 5172 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6aebb00c-020f-45d4-b6f8-3b1d637ecc4c} 3408 "\\.\pipe\gecko-crash-server-pipe.3408" 5252 17492c21958 tab
    3⤵
    PID:3620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3408.6.1344627067\1020035438" -childID 5 -isForBrowser -prefsHandle 5388 -prefMapHandle 5392 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd5e0bbf-363b-4da6-8eee-441aa279478b} 3408 "\\.\pipe\gecko-crash-server-pipe.3408" 5380 17492c21358 tab
    3⤵
    PID:868

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5968
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5992.0.803745747\300699254" -parentBuildID 20230214051806 -prefsHandle 1788 -prefMapHandle 1780 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4500bfb0-d8ff-4891-a1ad-57fa95cae966} 5992 "\\.\pipe\gecko-crash-server-pipe.5992" 1868 26600b23d58 gpu
    3⤵
    PID:5148
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5992.1.885335180\668682172" -parentBuildID 20230214051806 -prefsHandle 2424 -prefMapHandle 2420 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3cc80325-81ef-4249-9cd4-9efdfb70f61f} 5992 "\\.\pipe\gecko-crash-server-pipe.5992" 2436 2660107ae58 socket
    3⤵
    - Checks processor information in registry
    PID:5204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5992.2.1426869933\1616935933" -childID 1 -isForBrowser -prefsHandle 2976 -prefMapHandle 2972 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e157da77-aff6-423c-aec5-01ae504eb215} 5992 "\\.\pipe\gecko-crash-server-pipe.5992" 2988 26603a05958 tab
    3⤵
    PID:5244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5992.3.1389999975\1390197288" -childID 2 -isForBrowser -prefsHandle 3976 -prefMapHandle 3972 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4beb6f0b-47b3-41be-b0d1-9eb8a2226922} 5992 "\\.\pipe\gecko-crash-server-pipe.5992" 3984 26605c68b58 tab
    3⤵
    PID:2776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5992.4.182923722\1356714483" -childID 3 -isForBrowser -prefsHandle 5024 -prefMapHandle 5028 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {06c19b2c-f475-49c4-8b1d-861ffe98104f} 5992 "\\.\pipe\gecko-crash-server-pipe.5992" 5012 26607f9e458 tab
    3⤵
    PID:3992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5992.5.129488621\1959831878" -childID 4 -isForBrowser -prefsHandle 5168 -prefMapHandle 5172 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e21acfe-99ac-47cf-8e88-5566151af922} 5992 "\\.\pipe\gecko-crash-server-pipe.5992" 5156 26607f9ea58 tab
    3⤵
    PID:3120
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5992.6.511746314\2035958391" -childID 5 -isForBrowser -prefsHandle 5444 -prefMapHandle 5440 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1faaa3b2-6f25-4ec7-b613-d2c233a7a7c0} 5992 "\\.\pipe\gecko-crash-server-pipe.5992" 5452 26607f9f958 tab
    3⤵
    PID:2564

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2780
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="544.0.793351095\785377385" -parentBuildID 20230214051806 -prefsHandle 1772 -prefMapHandle 1764 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6bc98ec1-45c1-40ec-84ee-8aa08e3493b2} 544 "\\.\pipe\gecko-crash-server-pipe.544" 1852 20627aefd58 gpu
    3⤵
    PID:4816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="544.1.106132549\1350851872" -parentBuildID 20230214051806 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59f30597-478b-4839-ab2d-2fe38f4ef1c6} 544 "\\.\pipe\gecko-crash-server-pipe.544" 2420 20614789958 socket
    3⤵
    - Checks processor information in registry
    PID:5016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="544.2.1419544919\2136067592" -childID 1 -isForBrowser -prefsHandle 3076 -prefMapHandle 2888 -prefsLen 22215 -prefMapSize 235121 -jsInitHandle 1196 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {721fd897-58b7-4919-a0f0-28cdcbb2168f} 544 "\\.\pipe\gecko-crash-server-pipe.544" 3088 2062b2f4558 tab
    3⤵
    PID:3296
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="544.3.2132445799\1148036755" -childID 2 -isForBrowser -prefsHandle 3984 -prefMapHandle 3980 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1196 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {394c6080-22e0-48c9-b1de-b4ba8c49872e} 544 "\\.\pipe\gecko-crash-server-pipe.544" 3988 2061477a858 tab
    3⤵
    PID:5544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="544.4.989923572\1076215638" -childID 3 -isForBrowser -prefsHandle 4944 -prefMapHandle 4936 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1196 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e91f7982-ab8c-4fe6-bf52-086c125a6387} 544 "\\.\pipe\gecko-crash-server-pipe.544" 4952 2062f9bec58 tab
    3⤵
    PID:2992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="544.5.340096452\1214022798" -childID 4 -isForBrowser -prefsHandle 5084 -prefMapHandle 5088 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1196 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8b5bc93-e5c4-41d6-9233-a35f2406bccc} 544 "\\.\pipe\gecko-crash-server-pipe.544" 5072 2062f9bf558 tab
    3⤵
    PID:3700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="544.6.958206327\1951883408" -childID 5 -isForBrowser -prefsHandle 5288 -prefMapHandle 5296 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1196 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b885872f-a031-4ece-88e8-bdb4bb0f6620} 544 "\\.\pipe\gecko-crash-server-pipe.544" 5280 2062f9bfe58 tab
    3⤵
    PID:1840

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5840
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5764.0.741692292\1303783733" -parentBuildID 20230214051806 -prefsHandle 1740 -prefMapHandle 1732 -prefsLen 24816 -prefMapSize 235617 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a2b4232-44ee-45d0-97c8-18966883fff8} 5764 "\\.\pipe\gecko-crash-server-pipe.5764" 1848 18bee22af58 gpu
    3⤵
    PID:5600
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5764.1.372927989\1151645490" -parentBuildID 20230214051806 -prefsHandle 2300 -prefMapHandle 2296 -prefsLen 24816 -prefMapSize 235617 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {857a6abb-f3bd-4181-99e5-dfddc688ee10} 5764 "\\.\pipe\gecko-crash-server-pipe.5764" 2324 18bda189c58 socket
    3⤵
    - Checks processor information in registry
    PID:5940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5764.2.1439737500\775902514" -childID 1 -isForBrowser -prefsHandle 3188 -prefMapHandle 3224 -prefsLen 25277 -prefMapSize 235617 -jsInitHandle 1392 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {851e4f57-2c44-42f8-b91b-6316893be60b} 5764 "\\.\pipe\gecko-crash-server-pipe.5764" 3088 18bf1df1e58 tab
    3⤵
    PID:1644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5764.3.1106378993\2112628342" -childID 2 -isForBrowser -prefsHandle 3668 -prefMapHandle 2888 -prefsLen 30678 -prefMapSize 235617 -jsInitHandle 1392 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {737686e6-dfcd-4fa6-be9d-edcd42486a44} 5764 "\\.\pipe\gecko-crash-server-pipe.5764" 3680 18bf30f5158 tab
    3⤵
    PID:4496
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5764.4.538480565\491715087" -childID 3 -isForBrowser -prefsHandle 5100 -prefMapHandle 5084 -prefsLen 30678 -prefMapSize 235617 -jsInitHandle 1392 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f423ef96-343b-4996-8a00-0265d7bfdaa6} 5764 "\\.\pipe\gecko-crash-server-pipe.5764" 5108 18bf5938d58 tab
    3⤵
    PID:4452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5764.5.346343307\1287328683" -childID 4 -isForBrowser -prefsHandle 5176 -prefMapHandle 5180 -prefsLen 30678 -prefMapSize 235617 -jsInitHandle 1392 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdf1783a-24a9-477e-b5a7-8ec9a552dbd2} 5764 "\\.\pipe\gecko-crash-server-pipe.5764" 5252 18bf5938a58 tab
    3⤵
    PID:5352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5764.6.1832264143\1342674358" -childID 5 -isForBrowser -prefsHandle 5396 -prefMapHandle 5404 -prefsLen 30678 -prefMapSize 235617 -jsInitHandle 1392 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {169770c5-533e-4b53-91ce-99f392e5a235} 5764 "\\.\pipe\gecko-crash-server-pipe.5764" 5388 18bf593ae58 tab
    3⤵
    PID:3120

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5312
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4112
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4112.0.381953192\96504698" -parentBuildID 20230214051806 -prefsHandle 1760 -prefMapHandle 1752 -prefsLen 25016 -prefMapSize 235617 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6dc0158e-0451-44bd-863e-bee532c99451} 4112 "\\.\pipe\gecko-crash-server-pipe.4112" 1852 1a627c2ac58 gpu
    3⤵
    PID:3856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4112.1.78610211\643126228" -parentBuildID 20230214051806 -prefsHandle 2312 -prefMapHandle 2304 -prefsLen 25016 -prefMapSize 235617 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {082be3e3-cb33-46e2-9dd2-83d6b74d0264} 4112 "\\.\pipe\gecko-crash-server-pipe.4112" 2324 1a613c88758 socket
    3⤵
    - Checks processor information in registry
    PID:5944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4112.2.482715446\151569690" -childID 1 -isForBrowser -prefsHandle 3224 -prefMapHandle 3220 -prefsLen 25477 -prefMapSize 235617 -jsInitHandle 1440 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c240f872-7e57-4d24-9f89-24afbe2945f6} 4112 "\\.\pipe\gecko-crash-server-pipe.4112" 3236 1a62b929758 tab
    3⤵
    PID:6116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4112.3.543575569\766491175" -childID 2 -isForBrowser -prefsHandle 3676 -prefMapHandle 3672 -prefsLen 30878 -prefMapSize 235617 -jsInitHandle 1440 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {342703b8-153a-4be5-8b68-1db4ab836d9d} 4112 "\\.\pipe\gecko-crash-server-pipe.4112" 3688 1a62c9fb158 tab
    3⤵
    PID:1848
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4112.4.427557348\318887411" -childID 3 -isForBrowser -prefsHandle 5076 -prefMapHandle 5052 -prefsLen 30878 -prefMapSize 235617 -jsInitHandle 1440 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40b68f02-8e37-4abe-87f0-37e242424c6c} 4112 "\\.\pipe\gecko-crash-server-pipe.4112" 5056 1a62f324358 tab
    3⤵
    PID:5540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4112.5.1118152688\1415674161" -childID 4 -isForBrowser -prefsHandle 5336 -prefMapHandle 5332 -prefsLen 30878 -prefMapSize 235617 -jsInitHandle 1440 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {06093a02-0434-4e7b-bb4d-bdbb73c3d4f5} 4112 "\\.\pipe\gecko-crash-server-pipe.4112" 5344 1a62f324958 tab
    3⤵
    PID:4480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4112.6.1325287103\1459470878" -childID 5 -isForBrowser -prefsHandle 5132 -prefMapHandle 5244 -prefsLen 30878 -prefMapSize 235617 -jsInitHandle 1440 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88259a92-b93b-4e14-b806-da7820a982c8} 4112 "\\.\pipe\gecko-crash-server-pipe.4112" 5228 1a62f336858 tab
    3⤵
    PID:1536

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:944
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5440.0.1917886817\1556335735" -parentBuildID 20230214051806 -prefsHandle 1784 -prefMapHandle 1776 -prefsLen 25025 -prefMapSize 235617 -appDir "C:\Program Files\Mozilla Firefox\browser" - {616de9b1-0e3e-4d19-b063-7be6c8cbf1b4} 5440 "\\.\pipe\gecko-crash-server-pipe.5440" 1864 1faa0322a58 gpu
    3⤵
    PID:5656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5440.1.392058564\782490325" -parentBuildID 20230214051806 -prefsHandle 2312 -prefMapHandle 2308 -prefsLen 25025 -prefMapSize 235617 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {438210da-00e3-4dd1-bd65-29178d711645} 5440 "\\.\pipe\gecko-crash-server-pipe.5440" 2336 1fa9388a858 socket
    3⤵
    - Checks processor information in registry
    PID:752
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5440.2.277237392\1645131325" -childID 1 -isForBrowser -prefsHandle 3056 -prefMapHandle 3052 -prefsLen 25486 -prefMapSize 235617 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16f33902-f04b-4fe5-a53f-4f6b7c68aec7} 5440 "\\.\pipe\gecko-crash-server-pipe.5440" 3068 1faa410b658 tab
    3⤵
    PID:5292
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5440.3.602860854\1717652369" -childID 2 -isForBrowser -prefsHandle 3688 -prefMapHandle 3676 -prefsLen 30887 -prefMapSize 235617 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {04f5f52e-ef71-4268-a993-a42f6418b8d9} 5440 "\\.\pipe\gecko-crash-server-pipe.5440" 3700 1fa9387ae58 tab
    3⤵
    PID:3992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5440.4.334753165\58806780" -childID 3 -isForBrowser -prefsHandle 5036 -prefMapHandle 5008 -prefsLen 30887 -prefMapSize 235617 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc9ef7db-af09-4bde-acc1-a4683e1140ad} 5440 "\\.\pipe\gecko-crash-server-pipe.5440" 5052 1faa165dd58 tab
    3⤵
    PID:4764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5440.5.152790181\632748904" -childID 4 -isForBrowser -prefsHandle 5200 -prefMapHandle 5204 -prefsLen 30887 -prefMapSize 235617 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26d170c9-a76e-44ae-8bac-804b2002c77b} 5440 "\\.\pipe\gecko-crash-server-pipe.5440" 5188 1faa165e358 tab
    3⤵
    PID:5972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5440.6.303380191\1215782812" -childID 5 -isForBrowser -prefsHandle 5476 -prefMapHandle 5472 -prefsLen 30887 -prefMapSize 235617 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {06d5a403-34b2-434d-b66d-9e6b681485dc} 5440 "\\.\pipe\gecko-crash-server-pipe.5440" 5484 1faa165ef58 tab
    3⤵
    PID:4692

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5236
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="332.0.465055234\1858871219" -parentBuildID 20230214051806 -prefsHandle 1772 -prefMapHandle 1764 -prefsLen 25034 -prefMapSize 235617 -appDir "C:\Program Files\Mozilla Firefox\browser" - {80bb7a72-9dc3-46e7-8c95-44f3f6359b07} 332 "\\.\pipe\gecko-crash-server-pipe.332" 1864 168c7922f58 gpu
    3⤵
    PID:864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="332.1.485185556\757066305" -parentBuildID 20230214051806 -prefsHandle 2324 -prefMapHandle 2312 -prefsLen 25034 -prefMapSize 235617 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {499fa44f-28e1-46c4-8bbd-65387835851b} 332 "\\.\pipe\gecko-crash-server-pipe.332" 2336 168bae89958 socket
    3⤵
    - Checks processor information in registry
    PID:5092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="332.2.1858141136\882386804" -childID 1 -isForBrowser -prefsHandle 3076 -prefMapHandle 3068 -prefsLen 25495 -prefMapSize 235617 -jsInitHandle 1236 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f87b79a-2649-4471-bc08-76fe4431046e} 332 "\\.\pipe\gecko-crash-server-pipe.332" 3088 168cb3f1f58 tab
    3⤵
    PID:756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="332.3.1723816577\1963722779" -childID 2 -isForBrowser -prefsHandle 3952 -prefMapHandle 3948 -prefsLen 30896 -prefMapSize 235617 -jsInitHandle 1236 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3081519b-94bc-421a-adf3-4e2d3fa2f4da} 332 "\\.\pipe\gecko-crash-server-pipe.332" 3968 168ccc99b58 tab
    3⤵
    PID:4252
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="332.4.1957756410\832845102" -childID 3 -isForBrowser -prefsHandle 4980 -prefMapHandle 4968 -prefsLen 30896 -prefMapSize 235617 -jsInitHandle 1236 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79426558-9fdf-4a95-8ef4-ed04083a419a} 332 "\\.\pipe\gecko-crash-server-pipe.332" 4932 168cef73a58 tab
    3⤵
    PID:5212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="332.5.661868541\1278161697" -childID 4 -isForBrowser -prefsHandle 5124 -prefMapHandle 5128 -prefsLen 30896 -prefMapSize 235617 -jsInitHandle 1236 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cadc741-289f-45f9-b3d4-ca7b2fb38a5f} 332 "\\.\pipe\gecko-crash-server-pipe.332" 5004 168cef74358 tab
    3⤵
    PID:432
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="332.6.900915298\1947819612" -childID 5 -isForBrowser -prefsHandle 5324 -prefMapHandle 5328 -prefsLen 30896 -prefMapSize 235617 -jsInitHandle 1236 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef411131-71cd-40c1-acad-6a0f8d758c60} 332 "\\.\pipe\gecko-crash-server-pipe.332" 5312 168cef74c58 tab
    3⤵
    PID:1780

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:544
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:5920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5920.0.1922079553\1889523604" -parentBuildID 20230214051806 -prefsHandle 1756 -prefMapHandle 1748 -prefsLen 25043 -prefMapSize 235617 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d357cdf9-52b2-40a9-a26a-de3e1f4311ef} 5920 "\\.\pipe\gecko-crash-server-pipe.5920" 1864 2bca1825658 gpu
    3⤵
    PID:5464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5920.1.2069719755\1465397440" -parentBuildID 20230214051806 -prefsHandle 2324 -prefMapHandle 2320 -prefsLen 25043 -prefMapSize 235617 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44484af9-4d5e-46e4-a965-0e05ce2506bd} 5920 "\\.\pipe\gecko-crash-server-pipe.5920" 2336 2bc94c8a858 socket
    3⤵
    - Checks processor information in registry
    PID:2992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5920.2.1587079424\1439944573" -childID 1 -isForBrowser -prefsHandle 3244 -prefMapHandle 3240 -prefsLen 25504 -prefMapSize 235617 -jsInitHandle 1188 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc2c7268-a884-4e24-a891-d7dfe1fdcf82} 5920 "\\.\pipe\gecko-crash-server-pipe.5920" 3256 2bca2b20758 tab
    3⤵
    PID:5976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5920.3.813825249\1180468228" -childID 2 -isForBrowser -prefsHandle 3580 -prefMapHandle 1116 -prefsLen 30905 -prefMapSize 235617 -jsInitHandle 1188 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86888920-4cb7-4ebf-8e04-c1ad06215367} 5920 "\\.\pipe\gecko-crash-server-pipe.5920" 3712 2bca6abe558 tab
    3⤵
    PID:1036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5920.4.838760931\1091848454" -childID 3 -isForBrowser -prefsHandle 5000 -prefMapHandle 4984 -prefsLen 30905 -prefMapSize 235617 -jsInitHandle 1188 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b98d84ca-4599-4ac1-9bec-fa6b5ff029fe} 5920 "\\.\pipe\gecko-crash-server-pipe.5920" 5020 2bca8bab458 tab
    3⤵
    PID:2864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5920.5.504594576\1613429742" -childID 4 -isForBrowser -prefsHandle 5168 -prefMapHandle 5172 -prefsLen 30905 -prefMapSize 235617 -jsInitHandle 1188 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f008f8e-cd67-48e7-9bb1-bfdb9e4053d4} 5920 "\\.\pipe\gecko-crash-server-pipe.5920" 5156 2bca8babd58 tab
    3⤵
    PID:4708
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5920.6.1255442918\998862562" -childID 5 -isForBrowser -prefsHandle 5360 -prefMapHandle 5364 -prefsLen 30905 -prefMapSize 235617 -jsInitHandle 1188 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eef51b21-d0bd-498b-9f98-fd16bce8c194} 5920 "\\.\pipe\gecko-crash-server-pipe.5920" 5348 2bca8bac358 tab
    3⤵
    PID:2944

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3232
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:3532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3532.0.1823707924\586512032" -parentBuildID 20230214051806 -prefsHandle 1772 -prefMapHandle 1764 -prefsLen 25043 -prefMapSize 235617 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a4ea0cb-eec7-4bec-895f-6e2481359bc8} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" 1852 22147e28558 gpu
    3⤵
    PID:6028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3532.1.1416952027\799332120" -parentBuildID 20230214051806 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 25043 -prefMapSize 235617 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f81aeb30-d1f4-4df6-9e22-d450c121fcde} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" 2324 2213b489958 socket
    3⤵
    - Checks processor information in registry
    PID:180
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3532.2.624056394\543431400" -childID 1 -isForBrowser -prefsHandle 3124 -prefMapHandle 3016 -prefsLen 25504 -prefMapSize 235617 -jsInitHandle 1424 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d9be111-775f-4b21-9636-6b866918dd0a} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" 2972 2214bc33258 tab
    3⤵
    PID:2248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3532.3.1327731911\615921876" -childID 2 -isForBrowser -prefsHandle 3652 -prefMapHandle 3484 -prefsLen 30905 -prefMapSize 235617 -jsInitHandle 1424 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24ff9f59-40fc-4cd6-8306-d31e8f4b4c21} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" 3664 2214d051e58 tab
    3⤵
    PID:2852
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3532.4.1326660071\335318041" -childID 3 -isForBrowser -prefsHandle 4952 -prefMapHandle 4948 -prefsLen 30905 -prefMapSize 235617 -jsInitHandle 1424 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8def9cd2-a34b-4986-bc26-6666d8682282} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" 4964 2214f0e5858 tab
    3⤵
    PID:5508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3532.5.604890951\1782918031" -childID 4 -isForBrowser -prefsHandle 5104 -prefMapHandle 4848 -prefsLen 30905 -prefMapSize 235617 -jsInitHandle 1424 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bbb04496-7ae1-4ad3-95df-3190ec7efdae} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" 5088 2214f3bea58 tab
    3⤵
    PID:2848
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3532.6.1119186844\1253332757" -childID 5 -isForBrowser -prefsHandle 5316 -prefMapHandle 5320 -prefsLen 30905 -prefMapSize 235617 -jsInitHandle 1424 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {407e4cb3-9801-4ffd-bae0-a13653f6d937} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" 5308 2214f3c0e58 tab
    3⤵
    PID:4868

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2716
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2980
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2980.0.333335579\1736051493" -parentBuildID 20230214051806 -prefsHandle 1748 -prefMapHandle 1736 -prefsLen 25109 -prefMapSize 235617 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dba8734c-f7c5-4ebe-b328-19990003aaa2} 2980 "\\.\pipe\gecko-crash-server-pipe.2980" 1852 19eca22e658 gpu
    3⤵
    PID:1880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2980.1.971286498\120805796" -parentBuildID 20230214051806 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 25109 -prefMapSize 235617 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65b94c33-afeb-4cc2-ac5e-56a67ccc9f06} 2980 "\\.\pipe\gecko-crash-server-pipe.2980" 2324 19ebd789c58 socket
    3⤵
    PID:4328
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2980.2.2142240370\416268782" -childID 1 -isForBrowser -prefsHandle 3176 -prefMapHandle 3172 -prefsLen 25570 -prefMapSize 235617 -jsInitHandle 1432 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1e84497-2142-4c6a-9808-5ab065985f27} 2980 "\\.\pipe\gecko-crash-server-pipe.2980" 3188 19ecdf15458 tab
    3⤵
    PID:5660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2980.3.1102723388\2141981717" -childID 2 -isForBrowser -prefsHandle 3972 -prefMapHandle 3968 -prefsLen 30914 -prefMapSize 235617 -jsInitHandle 1432 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b982a7b-5e80-4611-893a-82e4443a7520} 2980 "\\.\pipe\gecko-crash-server-pipe.2980" 3980 19ebd77a558 tab
    3⤵
    PID:700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2980.4.1313955143\962727226" -childID 3 -isForBrowser -prefsHandle 4956 -prefMapHandle 4948 -prefsLen 30914 -prefMapSize 235617 -jsInitHandle 1432 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {263c2c61-2a39-4141-a72c-f91d306a3845} 2980 "\\.\pipe\gecko-crash-server-pipe.2980" 4972 19ed160a258 tab
    3⤵
    PID:4204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2980.5.1703131104\1698833064" -childID 4 -isForBrowser -prefsHandle 5104 -prefMapHandle 5108 -prefsLen 30914 -prefMapSize 235617 -jsInitHandle 1432 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a32d75f7-2c59-4626-8119-f19bb58901c4} 2980 "\\.\pipe\gecko-crash-server-pipe.2980" 4988 19ed1609358 tab
    3⤵
    PID:6040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2980.6.1609542142\179097237" -childID 5 -isForBrowser -prefsHandle 5384 -prefMapHandle 5380 -prefsLen 30914 -prefMapSize 235617 -jsInitHandle 1432 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb201b6e-2b53-45ee-87f8-6fa728b56663} 2980 "\\.\pipe\gecko-crash-server-pipe.2980" 5392 19ed160ae58 tab
    3⤵
    PID:1172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
1KB

MD5
70a2958e3a6b7458fb43524a8fbcb2c0

SHA1
482470483422ce8beff3adf3c2432d7a85a2d6b8

SHA256
dda68919ef506bbc8e9a6e3f2426033f9a0f681c3f975b1a238e7cae543867f0

SHA512
31dfb15d0880f873cca68b68988b37deb531f53ce4f8708ba01241b8743ee14fa942fc883dd68cb63ec4f7374321fd716282d945516d1c2b35905e676869157b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
408B

MD5
7ea8208b73a50dcee11dd126daade041

SHA1
40ef590bb4af6a3c5458ae84845a51e62e035886

SHA256
49724e49568a1d1721a8917eb8b8d4c6f75db96d4291556b71374c8c1792e947

SHA512
9446caab91f974913d6467f233fb2744a9f4e317f8c6ad7b857c4b99cb15ebb0571b52771da83f216655a2e592ce12088d2614aa8df54483424f0e66ea7f4d6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a27d8876d0de41d0d8ddfdc4f6fd4b15

SHA1
11f126f8b8bb7b63217f3525c20080f9e969eff3

SHA256
d32983bba248ff7a82cc936342414b06686608013d84ec5c75614e06a9685cfe

SHA512
8298c2435729f5f34bba5b82f31777c07f830076dd7087f07aab4337e679251dc2cfe276aa89a0131755fe946f05e6061ef9080e0fbe120e6c88cf9f3265689c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
72b0f8f84fa516e82034d7cd9b4f844c

SHA1
175c5a7a75aca08330e16542e47a477e333afc52

SHA256
d19eab6d32eb86206cd593e8bf575f2428d892a2831885bba3438b2cc64a7816

SHA512
4ab265e6016fd7e02ad787b844e548a4d49c9339fc9a4d34133780166ccdfea18809d5391e950c759e539e165d22070548b34f89edb4063212b8b768b8ca28f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f060e9a30a0dde4f5e3e80ae94cc7e8e

SHA1
3c0cc8c3a62c00d7210bb2c8f3748aec89009d17

SHA256
c0e69c9f7453ef905de11f65d69b66cf8a5a2d8e42b7f296fa8dfde5c25abc79

SHA512
af97b8775922a2689d391d75defff3afe92842b8ab0bba5ddaa66351f633da83f160522aa39f6c243cb5e8ea543000f06939318bc52cb535103afc6c33e16bc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
28KB

MD5
7f5a5d45ee4ea0bd1ccf5178c63f43c0

SHA1
71cafbec33de805f8c65c04ab40a7fc072420df1

SHA256
e47f30921e1d3fda22de0ed56c9847b80e379396ea95d3fe60e04cf9e4c9773a

SHA512
11dcabf8a16fd008783be04cf72e9ebcdc3b37a9a92c0769daa32fcec0a7ac5f1380d5e7636dca14eee05e5787419d2f5782726c94846c39085b325099c123d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
dd5c0a704478f0f7313e5fd47d68bc89

SHA1
c92b379c900bc70f48e8f0d290bf278b0663870e

SHA256
9a05cec14bb5a210248cadcb50c86331b17fc01fbc0fbb57a88fa8614869b54b

SHA512
561f233b0ed5002a94edd972cb721add91b2f02ec1ac8897264eb14e374d93b12156fc353a43ed0bdcfd21dccd88df46d26e7423b266764dfb6c0265b8bfac95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
a5e8531c00a09b77498cafce9b8441d2

SHA1
fea8602b63e8af12cf72df237c13c0b2370cd4bd

SHA256
7255cc3d39994cb2dc922e0b3e7c94b7c41fe4817dee919830533c0e9b75d8a8

SHA512
f98021d22028795dfbfb2eb0794457d4504e0d5c1d65da91407dbccb41173a99bfda7d97173a7a23f6eabb7407ab00e1de3e545f2ec80dc9dc008f423b7abe41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
60d55fd4759bb71d2bd65ac8b78da8d1

SHA1
f72913bee3f1a65e83bb9217c7e60789385edbb6

SHA256
ffc40f243871dcb9b4ff62642b7fd91daeed705e413112c65e1cc27cf4a4b1db

SHA512
d6101d19f88649930cd8f1510429864cb7b6998b5d0fcdfd46723a0645b289e80aa704bf82130ae3271d746c6b75f9973fb824a830473af6502b5c5032ea5bc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
fd79ecc951327be3abab589b8d85073e

SHA1
e182feb8e0c601c157e68580d9101bffd0276e22

SHA256
6f8a86df09ca0f59180de597e88d480dd825f8dc1b0c35545ad725560516d51c

SHA512
74f92cd9e1a429a0d20e898143e10cbbdb562877200f3e0d9982a0f059cdf0473c0490746255031cc08b8abd3550f2b3ee25a96464bb53545373a4187350ce53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
7e1e783ab044d4ff1c7c1a3f676bfd34

SHA1
d77cccc26ec191dd7808174142ea8d2420e54afc

SHA256
cfed0215ac902a9e8b0141815f2299892f39335bf0262cdc7d48754d171380eb

SHA512
b981558c51742c303a5ae14407ed2cde7dbb9e98f69b1e1d5662186e7d2b374aa8c22d2dd9f2a1e7653e3e5cb6df2cdef0676a6494dcce4f5ad6f025067f31a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
ea34c30d20568e74cb2ddf8e93e04b66

SHA1
4f788baf0444ce56b85d028da9d488f5f508e15c

SHA256
dc03253fa9b241894fa398174183a18ed359b165b3d618e2cc30d2f80dda1a09

SHA512
10e9fac27fe13c2bda2d3fc968b4307bf29a2e88020d388b35aea5882f7ba397f69f2b181c8622d931de93d88b3fd0c0bed0acb306e460a0150b2855e2d15d43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
f4637b8e93f847bd46513e3a8de54af3

SHA1
c02757f5090dc0608f435f70d9e98e619381cf03

SHA256
d287a7d7a70aecf58b9a76c5c8f0e54cae3129e1c3af927fe632518f6c51d7e1

SHA512
1401ed75ead48eb35b0238cdbc07baf6a3b163a9eb9a4bf078675675461e057006ce8a8a1d04d88fc0c661b1344045c828e7ecb14ac21c690344a3972a339fac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
aeb75675f5a10c572a69508821e088ca

SHA1
a75c5db8c7668bc55215cd395ba34ef9fc6e19ce

SHA256
5facd5a3711a7539d3fdc03b5554ab32d8e894d3c803f0a33de2cd9d7f1357c0

SHA512
2cf736d3f92fa4574313d86013e95deb5cf29ba1494d0463f7746cdf14a243a14e7e2a29bba7d54f557b7edc0708b0734725d5d477542e1a2c742031b4d05961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
5b6686dd5f1fd5210285aaa742b99a2e

SHA1
457f210730933be62bc720b3f3bab8e4304b7dda

SHA256
0997492647947a2ae158e00fde5050347f5286c595e04f15bb9a343615e6ff46

SHA512
1feb9a637ec24d0947ad8210d6eb958a6da23de6b95604de0a268cb21f52d3d076017b0c395ebfcdee136488715861e0128bca8c779c21283b2357a86e70aeff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
8f5df9035f74380efd0083ea8446add6

SHA1
fa3f2269448ca5c189a45f6d46fc1d4f78c130ca

SHA256
9e45ee04d2276534dc5914cc353b9676f0ad35d0b58de067b0541ab6f965ce51

SHA512
bc713ded865b86e190299bc02f662a7639706179c571c1899989f831e43423080aefe9fc0919ffddec86a99c5457eaa5a26225ba827e09cd945ffa3d025e0ab1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
36b360cb9e5e67af669efa0f655f00a0

SHA1
2607b01650a4e636b2ccdc8513b9e4ebc0d8542e

SHA256
897019d527eee9c4a404d8a2ea3e4d401f8ca89521ed499495286d0d8d7461aa

SHA512
8b0fc1b8a481aee64f10b58092a9ca1d7bdedcb8cec837011707237df0e7375a603aaee040728376dffbba2564c648682a32f59a3997aecf02895f2637946d67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
49cc3a7257c15f7f0806c9b7324be2e1

SHA1
4ac0f36f9670d07e25c8d419982c10d7b32dd05f

SHA256
3a6c8b93c0c75723d7b23d982518307569dcf99e1a1f82d7414d06774ff58d06

SHA512
d67333d005678d6c65aff86a94f1afd2ada68d9061597d2d7e7767e4f5aa37ac3f55343b4eb84797eb83e705a117b8b55837b8c5c3cc92912e7181498c67f2de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a2703c858dc14a9768bdc869384ca0f0

SHA1
d0ad5bf827524f81e4b8b6624ee3f8ddbdbd30ac

SHA256
454f0e03b53a98767bf89f3b664c2b340af02fca9049003906fdc19984bb1bc5

SHA512
184aa7f1880816f77a91f14e734f2d557bde4582b95517c5991fcf5fb284124ff1c6191b56c82b4abfc102a3af9dfe88c7905bb3c4b87b4475b780d238adbba2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0f8b55f6b4ce1158a90b575a6d6e0f3a

SHA1
ab2224f562f0cdfe9df4dde133becce0896909d6

SHA256
27f173f2074a527788bb69e6504b69c62e47ab719d51ec22740f58151eed58ac

SHA512
580b6d08e936790b94184c21b890033721e41e768148cc47ce369ad0a2043091f1563f0da0789cd87c26591951fc8beb365b430de39c6baeb2fc680257a6b425

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3994da1297aebdff36477bb26c377fa3

SHA1
b3146e1c914dada030dbb49ec190c3ef7a61a248

SHA256
26323a4e2c414c080d5de2082b3347c498f7722d7cda6de670168557a015fb84

SHA512
144433598877f80f57b560114d1e0327bc4d039f8ea95a7368f1884733b4ba69ad570192d0e86b124266700f6f16987a05ab30e9783ccbea494ed34b21e1f907

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3dc0b16725479ff6c4d5d444bc0cb446

SHA1
d48aac83657f156145d347b90b03059c860a0667

SHA256
c80cbcc2f3000c679b3cb6c1b32ae8d8634b6c5127ea7898773652b4b8b1ca77

SHA512
f158b46a494e03e5aa026956c3faec75d08da130541ad19981fe3e069315cf8eb70f9102179660d6715aeaa1c3da86386c3b7b9e2ce32d34342eb7937f33b15e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5c7be3b199245acd2ac89ca1e451e1ee

SHA1
7364016ffbefbce6d96ad5578481499f4919c184

SHA256
0990785d11274c36c8815ac2eefb1f9bb53584f50c617410563ca193a4dc3b03

SHA512
0422229d47fb6cc700a4a862de632eea538785f815ce3c19512be887e8f997ff2699643c9f05590dc2da16e588866acb4a95abc3ab83b2a670aa450eb01378f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
25f1729b41ac9ab082ab45e86ce8dea1

SHA1
874c90944fc6c43001aa490b1c3f86c6e0e1446c

SHA256
5fc3bb3a1289ff963752285e9c0749cf0f5d5718effebb9faec7e1ca2d3415b9

SHA512
3f8cdf2624df9b7804593ad3bb7f6691db0a06af10509c3bacd688194d2e0ee35ee6e1fb797718b1543fd9b116b1868eb5fa5f9d21e1ebee0b5ef1601d50fa5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ba30baa899b9c73d6baf36d03faf6561

SHA1
23deac1c4125a5434e0d3fb8187315adba3a1aec

SHA256
d39e7fcbef1fc68cf96de3bbb9c67b017ad2277c7580f7b26924e252dbebe29e

SHA512
fe580d74d281eaf817f28c9edadd910ec02700cf0907fba09ce76c8a543a1487f5dac4e3dbfa39bd0731178a2e3d3b37221c70cfb6a0c7230d3c40b44890c039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
24cde713f147c5865c07f0e6bc6098c2

SHA1
ab4d7ce75df697afb3a9fe33652b1f75761dcf00

SHA256
db9f314eb4e0897f3d342626e9eb638aa77d9645d736560a1e75cc1913c6d15b

SHA512
630a72c8a44c1c7af59b0ad2dbe8feab9a538bc91d1b6182c78575de93a2482c806a2160361d96ea17ac34484fabbd1d5e27f06e590783487b8ce170d248849c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
741c95406c2cff47c5c75cf50cb12905

SHA1
9a62e9649d7fee8bcc1cc84db8ad0f9d342fc938

SHA256
a7b4e34a992b84948ff2769d096e45cb260dfb174cc628eca5da8d3dd89d5e19

SHA512
4e30331e6498e381c7e1be7d6ba6987175437b50fddb7d5cebbac20660392ad344b8abb382b8f95f7c727d9266d9b86af997a375931dea83bdfc0c24bc700ec6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
faa26abd58684aa854ab64038af182b8

SHA1
838b0f9c5223ddf6a747306e6bae5127558238b9

SHA256
cefc6f1469f92c98efca44c926d8fc1302e44c1fd85117a1fc58669b8e2fbc4b

SHA512
cda1530372fded44b1c8f5c08484a733718b9256ef051086053c42eabef77736a20c14b0a5a9aa8e93cd0aa005234d0ca4ab5f2c8f1e4840e16e9a2ea65c7c65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
888300ec6b5e24dea96645ef710032ba

SHA1
671c10ecd4fc9a1ab51813681c15de7ef8101aa8

SHA256
9e85345102a3b367951badb76338f9ecf422f5a72b12aa51c51de17325edf3f0

SHA512
1643774932f0cf3fec04210535b15609dd57fef0dd593f841c1a0749ce38269ef790734258ffb4ba3d2efd107599617437eb5dc81b39c45a6292f19eebc77e9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
54595b0251b8c6cb8042d33c60617bce

SHA1
f84465dab93664c62809941332d0357966344ed3

SHA256
ffbbf5b75a490592b27a16e68c1392019b109dcd2be96b07a2081445a1700416

SHA512
1aa836c7667463a25e7e379457ad242caf6d078d91736e1692661c4e19cc7f626a1136a453b5d158afe37bd59c4a04978ce29eb8a5aca10c9f7f56a343aad630

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
33be9e2473f35ce2052e794e15bd97c3

SHA1
5f20149de50bba4998dfbb279fadf933eed33dfa

SHA256
494973c4cff445deb3bd62925471f5a5e0f33c8e0c69b2f084dbaa208b7af5dc

SHA512
2fc686d2a48d7a9cf26040c58be6302ee39088adb3b56d3720f71a4634254ba0c5970ba41ff8c8a31d6bd355b9d713b2f911330b9e59e848f3bbee8e4807cd7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c2d815c9bf088a4064b438c53280050c

SHA1
96ce2be7d1aa1f509ab3da3c621c0a6cebb61f11

SHA256
bd425bcac8720792490e98f05e6694b98335bc5e0fc52c9554f05b81a75b8b33

SHA512
720ff20a2cdb381849b3ffce268e5780b9bd070c7c303795b6208b22b213c0757a288a1c168a1acac7cdc09fa68783b6fe4cd23ca76b3c9929417ce988e16115

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580f6c.TMP

Filesize
203B

MD5
86f80f87898bb5e8657f4c2e95d23c35

SHA1
745e3bc4347f1e3c9d47a3e3624af6dffa01e41d

SHA256
b51a6d763e71537b60495956b4cec8801a3684dcccb5087f95603b2c17d02182

SHA512
4b9e18fdb0fc4c79be634065a237fd93cba2c16a863406f5ed99f7446482ee4920f9b78a55c13e1e1f4582a17cc5c328f076b29670706b6544b7e1bbce0460d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2554da277520fdbe2e35c7469fda194c

SHA1
fc9521bc889d35613d328c12b75996b1f7bb3256

SHA256
3833cb33c2d19e8c92e3fbbfa0c43111371654500fcf7f3a189ef7c38608c87d

SHA512
64a8588316c5f16f28273af92309f56831f25883584f6ac712b30fa73e38a4a3baaebfb51c11d8915f7fa5dc55ddc70e2935fc2a6b7e00694c0d73eced474371

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
52bfae227dab29298ca2ebb1446786d3

SHA1
d69c7198095206b382b40be721c8b72e36fdef22

SHA256
49e4082e287b95cfd452dce964787715fd971e218f439d66546d8f82e10cf2c0

SHA512
3c77b3943367a893e8498da02e378fe528e0dc280d2cddee74757f9523a9494e65120fbc8b42c9065d4e3bcbcc4d4b9c367571bde33ff10d9a710ca1f697cecb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e15cb4f42a1f1970387d15688dbe95e1

SHA1
c81cb1edf7ad338be1c2112182958b4acef3c74e

SHA256
fa3b822913869b68b68312cc66cba7a459fc1894906e8242d5db54b6c835cc8b

SHA512
fe622f506fbddd1cff785d6a8b03553047730ad4695bf9d22b1438672de5f938a4e4ce1573f689941516a2af6313dfc9435f4b38083226e5b1c8354ad404303b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8f80cf7338e1c10caf341d1add104d6d

SHA1
05afe324849cf9255e7ca1012cb9e38d2d24afb4

SHA256
cf006a601685f0cfe73f4bcac5eae14dcb1e9ea13ec34944054068a67c4a8cef

SHA512
dbc0ded613436e4178750ba22bd67e89aae7ab555cc30ed1d44f49a22bf3d4aac015b263491b1d94d201683d706274845be4a9588834b5a40a3c6b035c03cc46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
245f734ae1096d612642831e8b815e1b

SHA1
dffea8f4fac6a641e1cc6489e735b837d495d5f1

SHA256
d13afea587a50f50ba5518a54572f076556810b655c389a0b5ac6e059a4ac4d2

SHA512
6cc0699a48fcca1ea48c8c25e5a09f924c8f861289baac3e2abee8fd4b284e60b2b90a6052aef880340ad55463f2dc1d0ba873c326a9346ea2ce189ad4797751

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4932e0dd52f74ba9000e9ae0c2489e03

SHA1
53848a2762e9d52aec53b5523221beb899d2d4b5

SHA256
78d5622a0cacb373b9681a2f5d91b511580d6d8cb6eec27a3f76d5346114bccc

SHA512
78ac893018a167ec8e0b59991478a233bafd8dfc958852b80196f0d75288aa304be86e391ba85505cf78bda92e3472073725ddd5d8a7f7c6dcaefb76ccdde03c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
bed035493263d28c07af717e1cda62a0

SHA1
e3459087a4480cd55c2b099c096213b3d427e7ec

SHA256
713ecdd83f5774b7ab17584e0b1d6017b04d74dd6ada5b80ba64701fccaca1ab

SHA512
20efcef46e98d9340582f614780ffacf3ca751c24b22ed98caf14881da4ea68d7e0a72dc8d3ce9ef252ee07969f9b879be2e69f45ba792c0efc0fb7b56336af5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\caju9pwo.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
cdcb45e9ea3e8dda046e3ed649acdd45

SHA1
4ed081501c657a741a40f91414af19e08a4b2d9a

SHA256
f93124db29a4e8f378e8a2800fdba9a71aef52d1df29c89369282a4af69b7a58

SHA512
bb8fc1f87bdbc0842c2e8c15e2e5fc89c7b0daa5918c62731e8fb85ebedda879cc695a9506dd5d6f2ca15d1e3531ab5bdadd20d9a93309061ac7978dcf16628d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\caju9pwo.default-release\activity-stream.discovery_stream.json.tmp

Filesize
24KB

MD5
7e044fd3cdd72aaf710e58ba6daf63a8

SHA1
35cbc7c98bfcd2a1ecc77e2b8652ec7d9c9f0033

SHA256
446b2776e09cf8245247741c1955b4686cb767dd53f584e27f7c286f8bcb2b4d

SHA512
7e4ada6e4e84ed38d7a99e6e15347c73f2734b8db658489fec6e7b304583134ae33a78f8d03124ab77844644ca03588752302171129a7303f15a4c5e40e5b62a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\caju9pwo.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
ff95c3ab1ebd7676388a68d544bb8f9e

SHA1
5649ac5af1b77df317967e130a60c1dba11555ce

SHA256
8cb3849feaed47cb370796c54c4e64d19174789f00b24148b2f524a394820812

SHA512
63f3a02755a24b0353924a2cfacab6fb00b43f5dd8b938a15e59956f5cde6f52a33b2caf53124cecf547388e8cfaf416903126a34802f3f571237d6ff834fef6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\caju9pwo.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
5ccb972137eba1f73564f7cb7c693d2c

SHA1
1827138e13e3f4f13654c0030e6dc1fb0b2382b2

SHA256
e2a75c69c1505b652e0239c6d926e5c4e741551fff17f59c85296f8c90742c43

SHA512
6469c10e9dbee911579564054c24bab1fc0e03c8752f943279a62ec4ac6842a9d3fb463a11a4a49a13b0b68d9210382ebe05b521cb67f2bb0b47ae0f3ff0cb98

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\caju9pwo.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

Filesize
13KB

MD5
798a54612c414cabbcb378e1ad5f3993

SHA1
b9fa343c968ca2ade3e5c1cf434dbc8259278a9d

SHA256
bc17e6b7ac0f53daac369061cc9903b9eee44b956a3d62cd9a320153f666c8e8

SHA512
d656349c95f92c29ff469fb3661b8c554bfd17e293c03d61c896608ba56c934c4990c907128379f661e8c80dbda9b8646214f944c875faaa65285ce5b5f3fc0b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\caju9pwo.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

Filesize
13KB

MD5
6dac4b8598d4415860b96da444c6ef3a

SHA1
7a3c1c1c0ab359865587e9baa2ab1654d9febf50

SHA256
a848edcc4c0765b05a3be38dd7b6ff4d591c115977be9f053f5ee0316d4f2a37

SHA512
45a4435aaf83022a2893108758db6d96dc5cb1009b0691ac3a72b64b4bd8bfa7172fd0019d1a7554890cd7fd8de1d63eaa8a4e1ffb3e8caf529f447a74fc7329

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\caju9pwo.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

Filesize
13KB

MD5
c00a7fef5d895df359158785c62f3b50

SHA1
c9cd0c55492a4e16242b9611209ae39b39134d06

SHA256
db668acbab0e9e69b3c66e3ddfc8afb9d992a070a62570b8d2a8d8b5f93b2507

SHA512
36f3411920c7c36d16612a64465a4d611b23b2f6b85062f8b3a732df68214022e6b39c98a49b016aa3ca81cba1ebb4695bc8789aafaa61f279514964183ea4a6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\caju9pwo.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
11KB

MD5
61894503cb973bba9c2c2bb9f6bc1a3b

SHA1
1c0428e7e15e0dfd7615e031710bbc56fc6203b2

SHA256
1141f6bbe074a087fea019698585d288ff455368771d5a20722ab1b8918a3d68

SHA512
e11fc12540445e8354ddc22abb35131718f54ce7a3518e41e2e205ff95daa91d48a96dd4712e0f0b79cd24cb19231f04e8c01e20af68811cf0a750c5870f2a3a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\caju9pwo.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
11KB

MD5
8b160f6eeea33b30704e390ea1a12bef

SHA1
30554a674e595273be4b0f9641ca58c6ad5bd91c

SHA256
38811ad93682139fa7c069ae75d88dc075b62ece93cbc90a7b0cff07e2297742

SHA512
87ee20fe1711a2f6af302423707baee2dce7ede743d814b87b89992428f1d8dab4317e5cbd60defd5439baf537f20884047e2c0b83583e829f52b6bcdb90b697

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\caju9pwo.default-release\startupCache\scriptCache-child.bin

Filesize
459KB

MD5
1cccc94526280e7fa5fccf0a8c451996

SHA1
27f0a1debd398e042bf5cefcaa5b2716b12c846f

SHA256
9c03e70a608efefc68aedc2363cc07455932f02de92a91bdb5db967d09c43405

SHA512
4139fa2b85b4b3349c684706cccb6d06244716d29c66638cf79654683bc390f7cc821b7693294634c0b04eff57faf9136379d51e93d6618198adac4f11c7c69c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\caju9pwo.default-release\startupCache\scriptCache-child.bin

Filesize
459KB

MD5
7618c58e4800c98a97e184ef1ca7437d

SHA1
8c62ec1654b6f3b6bc752ab706b898bf285d715b

SHA256
e36327a621db0d1df8cc04e5a3fd8cb4fc7b8df2fd311b0a1ac65c860bf37104

SHA512
755bcb11c33a2c2dfd2b7b83a9b6aaadf88ae93f0a05881e896883c11896d5b1172744ec73e94b7bb60d77e92fad3bab8d48874c6515582d8ebb1de479bcbd62

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\caju9pwo.default-release\startupCache\urlCache-new.bin

Filesize
2KB

MD5
c4addfe442b71814801f37d1858f42e0

SHA1
a853d5f491dc8ace45932858fb8024c27e1ab2da

SHA256
84a737817083e72c085b8a19c61c9fd7ec5282ee511e2872aeb0f1c7122e2c43

SHA512
37b2342a1fdbe780ef5961ac2d50b3c95860dd0194647c5f06867432d6296f093ba7cb7703ef158ea39b118c82caaf983c77f752ca5ae053c76f05649f4a5648

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\caju9pwo.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
70af39ac97add6d69a22832840455afa

SHA1
99cd16e9c968d3892e0f7db190574d57922b483f

SHA256
70de01f5429c36d1b5fb4e851b877b267e985cde4593facf0862d8331069d312

SHA512
521a3138706e7f32514333ccd990506b98e10101592781f8a9d0c4d2c3eda8b7e6171303336f3b451b702c975794efd692ab6c10f0da388545f82bfd749cacdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms

Filesize
5KB

MD5
25533d49c29c3487ef6abf4e788acbfb

SHA1
9b433af68eeee80bee489790e6479801045aeac6

SHA256
a7fb409130c11636bdde78fc1491554a1aed400859f09eb6324c22b711f23638

SHA512
a31eee260138ece48ac27d652ca9f6493e3598eb66e031a3ac491b5aeba08b0a0127da9aac84203abf0414b1a3dfac641f0cd7abe01252a8e61bc38648034142

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms

Filesize
5KB

MD5
83e372288bb0d2ca4a8464cfbb328a41

SHA1
63cfa46e75a8d002493b30a7bbdcdb7009e3a91b

SHA256
9875b8bad8328c4fbca8aa098012bdc892a918b55149475546d67cfc102451cf

SHA512
435becca628247ea3b3b14632fbce0a3b594b4d6c554a1074a5c2fdd90a901d69469a5f172d14ce248aa15a0ce5316aa0de87b1f751fa9c36946ba4570c6f24c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\AlternateServices.txt

Filesize
619B

MD5
76dc8fcdec22b7f386aa0ea1f9bac444

SHA1
35143a2db7a45acdc6f718f3d34b0457912bc01c

SHA256
c6bbc4d7955e830b30a5cf3bdb5d58b7b5dfc626b40fc850d70f06a81a9edd62

SHA512
f38f46d2e5515293a7db290be95962f5fa9cffe16052a0af6ed39c92a7f16eb0c4e6af5c49b0f9b8cb0a9ebda429701b2b3ad5f69b0dbacad308eee258081d83

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\AlternateServices.txt

Filesize
619B

MD5
2cf35966022f27e4a0ddfd4c9a4545d0

SHA1
3fe253bd0d6e06e4933596563eb990215d51c0a0

SHA256
77a2048316f9c584f7cf9de8f8b08a682457c29a79db28abfe4f1028a7df1667

SHA512
682cbf613b0cc9d762085c587dee7d70be7ebf887156c60169e2fd35c6bda573fa71a01f54f43b5b66dd1aba8feed4cdea6123fc198a0e21f56ee752f9327157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\SiteSecurityServiceState.txt

Filesize
264B

MD5
123bd2ddb655c7730f9a40b2f6f17736

SHA1
e8423665825b0528a86cf010897c32be5f4083e7

SHA256
501fabe2a37b6f32a5e09e9a0c069bc4de0476ea7270a5e0c743877dbaf162a9

SHA512
d58d54cba6e3f40375ca836ee4158c0dadb45007a1e9a1934d134a32a3158eacaab1b82e9af7b6a59f40c2b2ad73a6f6a7f31fdc59feea99a03937b612e3691d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
0a9ae589abdd0dcfaa83dc589326509c

SHA1
bccdf7374113c40479f1de94e96401dc6b51bde8

SHA256
30a1f4f76aba3f96553dbfb7a679b432c6e5dd120c4398c4e74eea77a09bc03d

SHA512
51ad80a1ac3e25e393dafab4d5dfae1c7dd5c432b7f3f8e5e3e6b51269374b18983bf410c81ceb155b1532c9fa5aacbb874aff54f78bbed09c13f20ab9f01fa9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\broadcast-listeners.json.tmp

Filesize
216B

MD5
5f9a017f74d45ddf4ae15f53a457c278

SHA1
78a4fa5592b5dca1b15ac22995d76a6f602b82ca

SHA256
615ea7710c07d9820495fe0a373a7bd13b47d681240e7c8cd57ac0f841119497

SHA512
90bb7d2c9b14410226d1dc02bac365f12381da760c3f58423ae27d94984f56c4fbeafdb185f76da7ca612a764c5efdfc78e84df7ee92ff532bb9ad072bea980d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\crashes\store.json.mozlz4.tmp

Filesize
66B

MD5
a6338865eb252d0ef8fcf11fa9af3f0d

SHA1
cecdd4c4dcae10c2ffc8eb938121b6231de48cd3

SHA256
078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965

SHA512
d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
7d3d11283370585b060d50a12715851a

SHA1
3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3

SHA256
86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9

SHA512
a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
7fba44cb533472c1e260d1f28892d86b

SHA1
727dce051fc511e000053952d568f77b538107bb

SHA256
14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf

SHA512
1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
63b1bb87284efe954e1c3ae390e7ee44

SHA1
75b297779e1e2a8009276dd8df4507eb57e4e179

SHA256
b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a

SHA512
f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
c58234a092f9d899f0a623e28a4ab9db

SHA1
7398261b70453661c8b84df12e2bde7cbc07474b

SHA256
eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c

SHA512
ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
1c3c58f7838dde7f753614d170f110fc

SHA1
c17e5a486cecaddd6ced7217d298306850a87f48

SHA256
81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d

SHA512
9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
b1c8aa9861b461806c9e738511edd6ae

SHA1
fe13c1bbc7e323845cbe6a1bb89259cbd05595f8

SHA256
7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70

SHA512
841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\prefs-1.js

Filesize
10KB

MD5
2c4b7232857ffcb650a6f4b6adc42fde

SHA1
f697382bb9f0d1bf82f1049d6b1974e6815e32dc

SHA256
4e90d14d2bea4af822b40cca5bf8d2eca53acba1b54e40bdc07597ba707a0ad1

SHA512
8f0a50f9dde7ee7edbc2143d718a96fc98127f79a8677bcdeaffd96a8bc62e07faae6dadec527762e454cbb1167203ca37cf505b90870519da382d5cc62e67f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\prefs-1.js

Filesize
10KB

MD5
9abfd57e34435a60cefee6f3f751ee21

SHA1
ebb39a8cb22cb2c37b791ff28c5bcbf1e3f30825

SHA256
a9d6910972cba88df2fb30d073027836f54bc067cae00b157f3458da00ab3fb4

SHA512
16b9a3fa58bfcb6328ebfd7d38c8bcbafea88f183a5012148b56c22b13cfc055e33da6edd01de52288ad61bace3ae5d3fd4fe2e5e1b229c5b2dd86a2b66a2858

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\prefs-1.js

Filesize
10KB

MD5
ac5f7ac837626a29b6d44031068d0291

SHA1
13c6bc618a9f27385bda29c10faeb840e02a49f3

SHA256
b11cee9ec0dcd8d43ad2e483f2e5e24d37c6972f2b551d4e05f00737a3a3bbae

SHA512
f5ace2ff8cbea8826a05794c2daa5eb5a7d8c48787195ff3997529ded7be51b17d192c546389408dc39655235fdbed4dfab74c211f70015d500d98a10b25c033

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\prefs-1.js

Filesize
10KB

MD5
bb52acc26e836fa6b95b2381126fc4d9

SHA1
df40ce93df8f4bb0669c20c8cc4f781333d68cb0

SHA256
dd1d670498c7926c2fd6e978de2ec0ef1b077f9890f91b590d15e20abca43efd

SHA512
3d84715ec0eb847b627b5bcd8b1cd5e0bca8bacb7483bc189285f6e7d59e91f9e41db204a2a2ecf962450ed00f010ec7ef39b1efbe1cd13fb909e1e492436018

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\prefs-1.js

Filesize
10KB

MD5
28de37ada2083977a5d6afacb7d10050

SHA1
b7b24007be4f8e3baefe6f041220d33c10d44bb5

SHA256
b0cb60d2a88cd3f8959c16ad677e8267b87e52a16948fd4fc661d1b526365f21

SHA512
38cd12f0a2248c79b36146c06b2281c0385df05d944d45d6ef2979e1f7ecb8a171d2468a926eef608c593e7f7270cb6bf8bb12e0173e3bdcad987ec24e75602d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\prefs-1.js

Filesize
6KB

MD5
b42bfb8c07ae57b69d6bb8a0c6e35044

SHA1
9bb0b00d4bf8354a197f15aa0682f07a081d341e

SHA256
549ae6f55590b23e2149aa6757abf7ea682e98ee3af5a2d9316d6ec8b814eeb4

SHA512
c743879cab3d05d73612a9177b6422eaafca7c3da9da0f4b28cefbb72a8e98964a5b0d8c67cdc56eba2d1e9a0a559ce81b58b3165f19150b6f6e5ae0d6673f6b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\prefs-1.js

Filesize
7KB

MD5
dfff8cd755f37b8044a6c90d13857aba

SHA1
e50dd4f74ce638ffd2d318b13be7557853a45242

SHA256
d547097abf68189e9d3c1f32595c8d831b6ec2054380b55651d6dc921045df7c

SHA512
4b5934f02f7f372b09cb12b451675e2ec414c948f5f1f3536874dab46e852aaa9702a7af1ed9ccbd03e67ba847067d492d35111516ce1bce0ad19cc47564e50c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\prefs-1.js

Filesize
10KB

MD5
1906efea3658809d506b61e29be15d5a

SHA1
a199177a2463c389111ea4d89f67366f5e8cc8d6

SHA256
4c16cfe46824874f8b359989d4d010b429f42d15fc9de67d1f6dde3301fa0c91

SHA512
77ae1eefe9a1a1fbea9948490badb3baf44772800c9b1aedc2b2630c15d2a2340c9d3b8e9ce96ef5e3f90542abdb3c64344725b69d82df08c5257db76850f3ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\prefs-1.js

Filesize
10KB

MD5
e73892325efee15021b0fae504199331

SHA1
e2346d1e9dea0af5a4a8a8cf1173c7855358b287

SHA256
56232975632be6b2ece8aa30c0cdb44d36bc7547b1b90f280e194328103f80bf

SHA512
50ee80a6827e0e03a50bc5698a857ae37b5f5dbb5512d1d4d524e19710345920be77200eb700c6e6efce147531fa3869cc0f6d4d781237c5f7e343e9351cafb7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\prefs-1.js

Filesize
6KB

MD5
c4a9bae88a9e60f260530609eb7abcf0

SHA1
f723cf7dbf1c14b867cbad896fb31fae971a31bc

SHA256
ca5a5c34eb17e5e68dbe2ce65c29959087e7ed439e32d474611ca0b92df4eabf

SHA512
fe0551c12c9969a1e8bcc59bbde54a410262562c319efca2bd2350b66991c79c859fb1aece36e2f4015b36889be59c33def01003f00f0b22337479136b287170

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\prefs-1.js

Filesize
10KB

MD5
4597fbb8388ad75ba7e296c2c3600ddf

SHA1
14dd0c05b19c1dd3303d9103fe38a07b024beba5

SHA256
4016c32e39eff01694957a1335510f97699a064d61ab922f4ad010c3ef88d944

SHA512
4778f96878704c08d9e2bc3ebcb6fa1d9467c5c18d3e1cfe601d6bef21f64cc6309bd9e0c7e480376a32d6974a9484d380ec9432512e479fd0a6678b12e69641

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\prefs-1.js

Filesize
10KB

MD5
2be31b2d90a622423a9ef731819457a5

SHA1
c1096c387e86aaaec88dc629f0182c07956a19b1

SHA256
56031d1293c751dec7af09927d5679dbdd692fb47216232aa6562fd860f8af78

SHA512
d3693b417e1f804fba69e0419e7e1d376b2a38f822160bb850d82461d83a08d5bd332dd6ecf852462c257730f8bc2ba7e1019b7b6f36b2fcd0779966629f6f1e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\prefs-1.js

Filesize
10KB

MD5
e04088dda9f6929c91e724b0b6f7bc37

SHA1
5ce0aa70d83f62193681dd9d9b0360dd064b71ec

SHA256
affc9ac270b2cfaecd320ade5a736d9c165340ef3b353fd9a76c19fd0cc91d89

SHA512
a1353e3f95f400fc68f5cf8d87326ab4a51b648948d42e47768873b466aed42b79996a06b962e377c0918e75f8c1aca34c1a7be2d858c33b72d067aee9334b9b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\prefs-1.js

Filesize
10KB

MD5
c9c27e47e58e8a72edd33de13dd1701a

SHA1
b18e10130975323c6128ac2281cc935c08e7d751

SHA256
a563b24e6bab24ca135c4b080cb1c01a2fdb152c92f760f52e138b8254a9a671

SHA512
d5d7cf350baca2848c5d7550d06a52812857a9dba44b4414113bb17c47726399e52fa36854601dc37560fde6a809382adc926dd575eda20e363e2dea4c67c081

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\prefs-1.js

Filesize
10KB

MD5
55b1b8da3b1f4c57e22f065348c6acdb

SHA1
8adaf5d5a9bf1d1a8a45a21083c77aed65a3337a

SHA256
0c94903bf52e7a30abf75a8d24e9a51dcfdb4adb46212522db20eb8f528576cd

SHA512
2a6581c5753103ed33a46364a8d978daba0f7ca24f4757e357907ca7dafcf26a27386263c4e648149e02516c417e89cf810832bca86d9d839876738b64c6bbb1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\prefs-1.js

Filesize
10KB

MD5
5280c54a6cc6680ee8654f02e16b4b7c

SHA1
0a7724aeb67f4af740d0ef293bbcc402e50b1b22

SHA256
d76e53b044a55f21af7198bcb4b15e88e125e943676359e93e976d18092f2a12

SHA512
9916f04607dfd09c117d48ca738fba3da4d65bf90b6c93efe4d3683f5d334b98fad0eb57559914648a656b1586c8e476cc2cac650ca8cc209031ba0f0d28ee0b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\prefs-1.js

Filesize
10KB

MD5
316a247e71df9fea07c3766cbd2618b6

SHA1
d67b871ecf7bd10ac216add932d5096668fad634

SHA256
128a3b4808e9b18ce6356d75de0706e981229a931517f95098cfd2b6bd67db2b

SHA512
19aad03ef73877ad4f2776bd17e859b3e10e95d92e55669fa18817d757e9a20f7dc90ddf3c51cf108eaf272adb057be88cf7db5cf34441c596b10af842d84587

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\prefs.js

Filesize
6KB

MD5
ac45d6c2b4fc0ecfcd792d9bc29254af

SHA1
9a0b5f08b36ab058257ce96dfe5b927c2174c254

SHA256
593ebe6f6b5230048fa9605016fbbdf52b8578221d7d72fbd9882dd797b857ff

SHA512
33ecbe2779b9234e9558530d7e241253176a12b93bccdabc4db2c64a522051745d084610d265bd4bf79b01f0aecd3a89f4ac0c8de69472a7d0072d901a5c0c22

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\prefs.js

Filesize
8KB

MD5
b5ae43f1ae49ea5f8b58ecc4e387da03

SHA1
b795ddd58da584327775f8287dbbcbe9d52081af

SHA256
a5d3aa7c7bf0c5ce40a377146d758375d4edf0d155bc53aed6cf076ab8bdf325

SHA512
d2d28e392444f1d1506ecd3201f42ae185aab9da597abd4e7630e00410e56573e1a819efcd78fb757f319fd25305a393bc93c72b9c3be908082efffdf1b0715d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\prefs.js

Filesize
6KB

MD5
5282266c87f7278f345917748ac2a8fb

SHA1
05b163d237d98f0a9a607abb2650b0a0adf3f230

SHA256
f577ad2403b0bd1236db786165bfda79e7553d16b019aae8b447550acd86beb2

SHA512
828fdd69f8a769070e90507482e9f8af6f6e08dbdb6eaf83382874077f4d152f6dd668cf4d33036fb33538efb45c35f5dd6bbf978c4970ca4ccafeef856cb20b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\prefs.js

Filesize
6KB

MD5
54fa175f7056c64060c98072e1f3136d

SHA1
680af80c7df650b1bf4ac4ce1a087f8379087280

SHA256
5667322e36439189280ea3e2f7b4fb6d01acb8657c4ab4a11cdb0f3790f95fff

SHA512
dbbfac66ac3b2fb97597d78a24ac8c064cdb503a5257ade1a2a422321a86793b58df60c76bcf7712f2906577ec5ca30854231a1bbffb0f2b6f275a5b43cfc74a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\prefs.js

Filesize
10KB

MD5
93f7f54de50ed6062674b719cd168af3

SHA1
c252b7b114b8edcc293cd7f27709240d6ddc1f5e

SHA256
3bdaa1291e1b6ba3a59e81eefc6bcb9f6f4f43ba06cd2c921bc468c8f003b725

SHA512
2c402fd9d70bd05a65f3304400cf744c1bbe4ee44e4482333eb2841302286d02be9f07d887a8ac4ac144e694adb22f1840c710f66fe260ce8dbf9894dcd62b9b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\protections.sqlite

Filesize
64KB

MD5
49397db0486dc59d607907a086f40c9b

SHA1
08742ce9db9569062def08e99eea8470702feb7d

SHA256
890033ea279f13478e655150a823a5f84176d2f8f2ec3724dc61dfec775707c4

SHA512
fc8dad1ae2215cd96c41bb3e683670bb9138467677da46c19d1e58972775842a995b70123c22ea1efb659d043f5116d0c9dca422035a6646b35f81033c9f5f53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\protections.sqlite

Filesize
64KB

MD5
838bc9191f0115de377f02d34562cf49

SHA1
40b4a5d4f1c62e211b20bcecd0dc7974c8a50294

SHA256
1773b81280abe7705a05e18695735fa523e64a42bc96d1ee597341d6bbb09ed5

SHA512
4b6233b1127628944bc3d4a92412b1d40578c79b6790b5914e0beb852f738a996b4ad9daa7c44851879ae02a12cbb542847e3efb48e782761d32c6ec11646e15

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionCheckpoints.json

Filesize
193B

MD5
2ad4fe43dc84c6adbdfd90aaba12703f

SHA1
28a6c7eff625a2da72b932aa00a63c31234f0e7f

SHA256
ecb4133a183cb6c533a1c4ded26b663e2232af77db1a379f9bd68840127c7933

SHA512
2ee947dcf3eb05258c7a8c45cb60082a697dbe6d683152fe7117d20f7d3eb2beaaf5656154b379193cdc763d7f2f3b114cf61b4dd0f8a65326e662165ccf89cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionCheckpoints.json

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionCheckpoints.json

Filesize
288B

MD5
362985746d24dbb2b166089f30cd1bb7

SHA1
6520fc33381879a120165ede6a0f8aadf9013d3b

SHA256
b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e

SHA512
0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionCheckpoints.json.tmp

Filesize
228B

MD5
66bdbb6de2094027600e5df8fbbf28f4

SHA1
ce033f719ebce89ac8e5c6f0c9fed58c52eca985

SHA256
df49028535e3efe4ed524570624866cca8152de6b0069ebb25580fce27dccebc

SHA512
18782069ef647653df0b91cb13ba13174a09ce2a201e8f4adfb7b145baf6c3a9246ef74bdad0774a3023ec5b8b67aba320641e11dd4b8a195e1c2b448202a660

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
c8dc58eff0c029d381a67f5dca34a913

SHA1
3576807e793473bcbd3cf7d664b83948e3ec8f2d

SHA256
4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17

SHA512
b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionCheckpoints.json.tmp

Filesize
228B

MD5
a0821bc1a142e3b5bca852e1090c9f2c

SHA1
e51beb8731e990129d965ddb60530d198c73825f

SHA256
db037b650f36ff45da5df59bc07b0c5948f9e9b7b148ead4454ab84cb04fd0e2

SHA512
997528e2ecd24a7e697d95cd1a2a7de46a3d80b37fd67fac4fb0da0db756b60a24648b7074255dc38f7651302f70894a53c3d789f3d7cd9f80fb91bd0cade4be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionCheckpoints.json.tmp

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionCheckpoints.json.tmp

Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
33e189e2df1ae47a60b9e95a68fd6898

SHA1
37f6a74a8763923a260a6be3b77309bbe1eef893

SHA256
1a877a88001c2dbb98b943d437c55c854ad7d6746dcc1ccc5a78fcc41214bd5d

SHA512
10ea2335076da601ca2aa9d752fccb57dc0b6e3e2a60e0a75752d50a11d14933f79cb15b62829fd69f69ab64fc4c6d552a4ddaae364e4afa4262fe13ca70c1e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
83a789ba422deca9e74ec7a7bb88cfe8

SHA1
5226816972afaa097ae7cc81a3dfa9431a1ce8c6

SHA256
b93c281751171e870cf16627585a5b5d3145984d4ef58bf2b7768c245647be8f

SHA512
ce8ed34a352aef25cecf48bfb5f5e4f0923eca152f782fbe96a3f3834bd1ae70e1083d7ae9ddc212cf4f2bfea940944f6def9281773fb01efec528d0aa373a8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
b5241549f563ea44019df5baf4aaf904

SHA1
e39c94802b18d568577b2f8cd41f8508d7370788

SHA256
eae18ad115cda0400432d1f67c3473adcea97f99b9feb2f6246b5b58e6c94ec4

SHA512
8e900d4af6537c983d79708ebf9f6683cd023bfe1fd34639875f7e4f5400d160003c85d1ee94e02978051443df8e3b692f7a01ece9430f31c892a43b8a517316

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
7eb7918d42cdb6533b9eb7b8c26b0591

SHA1
780c5180501f248522b9f7fd9aa40a8de28ead1b

SHA256
6bb30bd213b746376ed73f6e56fedfe216cbe7eaefbd9279cf6880a125137864

SHA512
6b6d14e515f93af9fab4a9ced65b11cc6b5d5fdda07dfe1f5957856742b2ddea25f34de60f21aefb71e15c5dddfce4d502fe57e1a39b475c27908021c43ea5dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
7bbba97347c2bb06af883586ddff49e9

SHA1
6bc4bb55023d5cf0d1b84b6e2f1f170431541c93

SHA256
6258922f190b2d05ce6b44a856a950df41e0bee44b7aca5cf26735be229afffa

SHA512
1c5a9c6369875c1e38a8069de8c10093429480bdd5f69d3db7005ddd9910d2f3ce359c401d2024e989a8b0a7ee9991f00f6b36b46b14b85efc07e72f03b5cb71

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
d9ca084fa2f489a898540e4e3f82c5a7

SHA1
ac76ebfbd24979c46af8e7ec04bebc44678ae932

SHA256
7592f071541efe1db5bda088360eb7a19be52a7cdb779c708d03981537ea386d

SHA512
b2a24b117cdbcaac9876d73f143190be3f33523797ee541d9710a86fa0fcf5af1eb73d4fbd8d60f577d31c9d3d532a44efe2b94e2b70dd30b6682899f8f83764

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
bc96d697fa3d25674c9a30ef64d2c1a0

SHA1
21269c89c495793fc69b1367ef9a753093626928

SHA256
83375302e6e729140a2ec1722d78c3fb120ec11d682116bc55fd4764fc0fc112

SHA512
15329b3217109a2336d4a959999ee8ae8c2a5c9a7e632c14c24e51d2a7cd6ce2c4d539660f5b28f1d9c588f8bd0df799f99a30cb71c373e6c8695102b61f8b25

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionstore.jsonlz4

Filesize
903B

MD5
5fdea83dbcd2ec0ca20e36d60885523e

SHA1
12f774fedf7ac88854f09edd9a9f188783c77e4f

SHA256
ab99ecd5640614c6c45085764d7b3148aabd9ea51a43a01a1cb7d9aa69d5a48c

SHA512
9f83e157b26bebada2d711168eef32950aff05bf1a7c3603a3f975234a599e6bf2f9d2ba10ad8e6b505c26598d6a6de963bc77bf189c5c56f9abac93cc14ec67

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionstore.jsonlz4

Filesize
901B

MD5
566dd0e914eecfa9d75312e11286e245

SHA1
30c53a688f28fa73455c1ce17fafa8e7b310690a

SHA256
e1e1aa4bd6e687d700cfcf3ecabe67e480cd20433a74ca037ef1629ac9037888

SHA512
0f6b3d078010cb26c10e7b9da6b99515bf0210c7987f9ca64fa3d8cb7ec3e14e308c9a63550550d5cf7c29fd198ddd3bf3253083e6c79072d0762c67a3459679

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionstore.jsonlz4

Filesize
910B

MD5
46f708c3d3daa131aea7bccb9f89d804

SHA1
04412339bbee90e984e66803803a0126ca2b0419

SHA256
00a069a5e541607c7800c3086cf0abdc388be8ce19ad599339c9235ef7ac9730

SHA512
09b983815f4b872750c02fab2918aadbc1c66f6bcdba774c0019bba5d735d566be7e274ebbd17fde99c727fa523ee2e1ab9644cc592d662434bdaf46e8e65ed3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionstore.jsonlz4

Filesize
913B

MD5
059460a1f58e935ae4904632b3b41090

SHA1
3ea2c5bb29e93aad2dece4cceb209b396c4d066c

SHA256
694c829848f5577e9cfb19a2ade2968a2ea149d9ccaf47b5567501d7d01f5835

SHA512
8f029a54279973d85987c7700c0f9389bbd436372dfd7d194006992d6ad73191905fb10aba3961a2407b5c8fdc3eb8d8ae81e3b716ba048bc1821048a959f38d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionstore.jsonlz4

Filesize
913B

MD5
5b4cb06da0c552e110b22977a12df14c

SHA1
6aae8d4ef9e7239f3345504a53da1ed22c45ee2b

SHA256
cc4df9fd3b4456cc2d98cb59ce6d6687c96a5244c14fc59f4a479521115124a8

SHA512
230dae2cc6b3a49f7239f262b10870626c4ddf09ab081f023f9e7da991b3774f78dd1166cb52d4120e0be0326a6c88458ca5332e3582e32bb091d90f3a141bf4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionstore.jsonlz4

Filesize
911B

MD5
fc5f3b5eeb78eb08d68c17f9520c24e4

SHA1
0ac2903a39a410b7ddee65b99cc257b9cb552f75

SHA256
c920586f6bf476168aef88ca88de96a06723dfe28474456c07f4f45ee78e8aab

SHA512
13501ef2e329443020614a55c13946bea008c6281053c9e36abd1c20469daea54d05b7e01dcab8a7927098836fb87bc77235a468d8ba49ec907cf86dc12a96c7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionstore.jsonlz4

Filesize
908B

MD5
c129552eecaf4cc5156ce4e25a9844d8

SHA1
970ac48c1d07dac3c01cc22ea1074d52344c060a

SHA256
6b87d26099f15a2da23458cce0878a1a09caab09b7c854440aef3f8c8a1953c5

SHA512
3c9bcf51c78320633682150d91872b3760b48ab6b72e39a12dfa31d4db2dc89519ed16f478551b5ad3ccdbae1902ffaf9817e774aad826d2e22a1c291894501e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionstore.jsonlz4

Filesize
901B

MD5
3edb76b2c01a6dfc5bf3ac759d35e17a

SHA1
13479708447888a2ef13dc0093f44d58e0efa9b8

SHA256
602448ee16225d73850f2c24a6462af9d3129672c6ddc6077fd405b58880f339

SHA512
6f7c53c7d2aee1bb010e1a516f841d6fd3bc038684bc7e44c4b2b98595552fafb787bade0f6e94e2cf6854f0b5926d3ed5ce2a532cdad011f4b97cf4fd18ea68

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionstore.jsonlz4

Filesize
912B

MD5
5a35bbae4ab718871a8d8f65ff82034a

SHA1
6c258fa2a4fb437d2491f4209b73461c82249977

SHA256
5e98c261e0e7aadfb37c7bb1c1e1237f3fb0029aef2d284bbb265ce2602977e8

SHA512
ee49428eb93919161dda51c0018a59b6e1c1a398a61f290992eb54640a8a9b2a147c646fc64e3631d9e19c0adb4e6e449fdc7d863fa77478a917d68e0a551f82

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
5a29e4a0f34581b1cd33b139a63d445b

SHA1
f30a5d3f272176b7ffc46207a83e737384d2e26d

SHA256
21e9d7410bd2d9cee43edc9cd032135c4422b45e2f8c71323ea07e6ce597090e

SHA512
3361e18ade5a658c12026b1c0272e2afd6ac785ad4fd49e04ffdb4ebaad77c31077ea8c36a9589053746427acc79625f26dae03491b45332c01a1721ed690304

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
d9ecad34daa72a1e63126399100a3737

SHA1
ee539f4963fcb2a68273d0b04e0d86e8f7aa2762

SHA256
347c60b1110eabf26d3de47b13b1f7ff171690f8228b4cb2a93b6793339db67c

SHA512
a736f01041e5eb76fb2e7c1492959d86b4d870f960d0b552434084027f5ad28bca07c2bbc7bfcf4e82a5710113639ee9508acb2bf8ebbdd5b443da8e303f3b3b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
1d553c3ff6668b12d16ac3d6d84f25f9

SHA1
71afc8ea844c32610fc505cf4bbd97ffffeef1b2

SHA256
bf1b3c3276e7926ebc34bedc9ba1ab10e9bca8184652e8558515d87d3934e4e8

SHA512
ca0a9ef9b3588fd174245a0f6ab84953516d4d9e7c0c5c445da15c865088802cc60ea9ed215b7c3bca70dd881f2b8dedd7f23654e33fe15340f2a6c75ddc1376

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
200KB

MD5
f8a7075c7bb495efcec9f46de934160d

SHA1
19a50e8486d1dc6f55a806653a5f4749261c072b

SHA256
0d1190a98762c2b58d71f9eaa066df2eb1f1e9acda9fade03ee929a532f0e399

SHA512
89a14759f8d9c597a42a751f02c4a23beaafe4f261694c23595ddc6ef6cd09f93419a031bdd019d82d58ddf4e448de5bd10ead6b7f34575197173e8ed94cc01d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\xulstore.json

Filesize
120B

MD5
8d689c06cb844185099c0398a280537e

SHA1
57073c7526ec37e94bb9db44fedc6d50276f7a6b

SHA256
96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d

SHA512
3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\xulstore.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\xulstore.json.tmp

Filesize
502B

MD5
59d7f93b852ec840c4f9d3fa2107897f

SHA1
a1936a2ecaa31d583483313c0f08e0c7d57d111c

SHA256
1598ee960bc77f35a645e957679cf46c178eae14af2d09ab9113941b411a6950

SHA512
4ed80fdd008a39322d83c4d509e8c77a81a01c3dc132f199be5d2f4237b588396ac5a896dc0deae23191681955bc365831cdd5712520808e4e21ece9028a6162

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\xulstore.json.tmp

Filesize
426B

MD5
bb3e3b390bc79f97633b7ce8f20a18d8

SHA1
fe5b1c9ea1716f947de0c7c02caa8b6fe9c08b95

SHA256
da567c0459a5a89e6a68bbfddc27bf59b36e9a9bb93ecd1156d1993b682df558

SHA512
cb2525065866b80cae980fbc5465f188b2d2a127e454ca75b56ce4e6c503f20ef74da06794596f2b4502878c256ed5569af5c414e376a29abcaf699362d19fad

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 720867.crdownload

Filesize
1KB

MD5
28a150120208d11b5a35c8e85a63e4e8

SHA1
91e78d6eb135058c66417a59f9f7886ae834fbb4

SHA256
dd55f5f54507a96c52c8fbfa823e186046800b693366cbd031401415afa5af6d

SHA512
1587bd7b6d1cc0086958a9d0151e7150408c88a77bad61b9ec45bcccfaedba032603e55a00f8342938afb723e80d936d73b6c2478857dd55c0c4e4bff85df11b

Download Submit
C:\Users\Admin\Downloads\app_monitor_and_notify.vbs

Filesize
1KB

MD5
f018aab085f48c15cddab9cabffe74d3

SHA1
62f65b555c49950702674360f51a693b1bdc593f

SHA256
ae24fcd1bd45172d2e5d2213796f9ed0324d43418868b6a300b97669428f02eb

SHA512
c28d6e4527956cd569cfb06c001d217d450e3cf539b6dccffe6691442a467bd29fb553af0b4befe266bf2bf0e8b5fb680c6355c002254a30b2a03c9c21887dc3

Download Submit