014debdd2c64388d46996a2fb3734f89593af1c6643e3902b83e46323388d408

Analysis

max time kernel
124s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 05:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Patch_CCleaner_Pro.exe
Size

92KB
MD5

cd413b74c3e28583f6e55054a5a951aa
SHA1

fc05e2b575af334a130e136b23192e729c4f904f
SHA256

014debdd2c64388d46996a2fb3734f89593af1c6643e3902b83e46323388d408
SHA512

c1352b14e9c4e6818ec68a3fdcbae43028ccb0a37e4a2f32c3b10856300676233132f9db3fb544dda783199d281c5b87df0853e20547990a874df45202ac31d8
SSDEEP

1536:zi4iekw62derNaFOmd9excKkGbVAK5/j/5J/lILTWHzsiAgAF:Oekw6dAFBd9excKkMV9D5J/lI3WHzsxT

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 5 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
128	whatismyipaddress.com
129	whatismyipaddress.com
130	whatismyipaddress.com
126	whatismyipaddress.com
127	whatismyipaddress.com

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4232	firefox.exe
Token: SeDebugPrivilege	4232	firefox.exe

Suspicious use of FindShellTrayWindow 23 IoCs

pid	Process
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe

Suspicious use of SendNotifyMessage 22 IoCs

pid	Process
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe
4232	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4036 wrote to memory of 4232	4036	firefox.exe	88
PID 4036 wrote to memory of 4232	4036	firefox.exe	88
PID 4036 wrote to memory of 4232	4036	firefox.exe	88
PID 4036 wrote to memory of 4232	4036	firefox.exe	88
PID 4036 wrote to memory of 4232	4036	firefox.exe	88
PID 4036 wrote to memory of 4232	4036	firefox.exe	88
PID 4036 wrote to memory of 4232	4036	firefox.exe	88
PID 4036 wrote to memory of 4232	4036	firefox.exe	88
PID 4036 wrote to memory of 4232	4036	firefox.exe	88
PID 4036 wrote to memory of 4232	4036	firefox.exe	88
PID 4036 wrote to memory of 4232	4036	firefox.exe	88
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2332	4232	firefox.exe	89
PID 4232 wrote to memory of 2780	4232	firefox.exe	90
PID 4232 wrote to memory of 2780	4232	firefox.exe	90
PID 4232 wrote to memory of 2780	4232	firefox.exe	90
PID 4232 wrote to memory of 2780	4232	firefox.exe	90
PID 4232 wrote to memory of 2780	4232	firefox.exe	90
PID 4232 wrote to memory of 2780	4232	firefox.exe	90
PID 4232 wrote to memory of 2780	4232	firefox.exe	90
PID 4232 wrote to memory of 2780	4232	firefox.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Patch_CCleaner_Pro.exe
"C:\Users\Admin\AppData\Local\Temp\Patch_CCleaner_Pro.exe"
1⤵
PID:3192

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4036
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1916 -prefMapHandle 1908 -prefsLen 25753 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba1a70cb-2dd4-44ab-a5d0-6a6931e8f976} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" gpu
    3⤵
    PID:2332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 25789 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6ecb0b9-d49e-4abd-a515-a6f1a03ec67c} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" socket
    3⤵
    PID:2780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3032 -childID 1 -isForBrowser -prefsHandle 3208 -prefMapHandle 3112 -prefsLen 25930 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {771cc542-98ee-4833-88f1-5e00d7b7ab17} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
    3⤵
    PID:1584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4252 -childID 2 -isForBrowser -prefsHandle 4268 -prefMapHandle 4264 -prefsLen 31163 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0241188-7483-47b8-b0db-c2d88050b448} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
    3⤵
    PID:1936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4716 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4672 -prefMapHandle 4664 -prefsLen 31163 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {864112f3-20fe-4d77-8754-f247c4520134} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" utility
    3⤵
    - Checks processor information in registry
    PID:1148
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5132 -childID 3 -isForBrowser -prefsHandle 5216 -prefMapHandle 5212 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf1e64a9-d851-4494-be4d-85296015ff93} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
    3⤵
    PID:4928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5200 -childID 4 -isForBrowser -prefsHandle 5376 -prefMapHandle 5380 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44b60f81-bc37-482c-b28a-e9b2fac79638} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
    3⤵
    PID:4356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5552 -childID 5 -isForBrowser -prefsHandle 5560 -prefMapHandle 5564 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4eb21527-bec0-4fde-adee-8625f9e4413b} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
    3⤵
    PID:1892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5988 -childID 6 -isForBrowser -prefsHandle 6024 -prefMapHandle 5964 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86203aa5-bbbc-4859-a4b6-34a705f325eb} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
    3⤵
    PID:4408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2796 -childID 7 -isForBrowser -prefsHandle 6240 -prefMapHandle 6060 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1922af2b-fbe9-4e85-9c36-bdef2a65d201} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
    3⤵
    PID:4160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4432 -childID 8 -isForBrowser -prefsHandle 6436 -prefMapHandle 5136 -prefsLen 27995 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1a8f80b-0d7f-466c-a6e4-a97a542dee67} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
    3⤵
    PID:4920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6800 -parentBuildID 20240401114208 -prefsHandle 6808 -prefMapHandle 6796 -prefsLen 32562 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {26bfb05e-5a87-4f6d-b2ab-1fbb58c85e85} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" rdd
    3⤵
    PID:3672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7144 -childID 9 -isForBrowser -prefsHandle 7120 -prefMapHandle 7116 -prefsLen 27995 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {425bbe05-c48b-433e-b17f-bbb273debcb7} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
    3⤵
    PID:1408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7280 -childID 10 -isForBrowser -prefsHandle 7288 -prefMapHandle 7292 -prefsLen 27995 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0affe84-14fd-46e6-bd35-da10f8003f97} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
    3⤵
    PID:620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7172 -childID 11 -isForBrowser -prefsHandle 7264 -prefMapHandle 7268 -prefsLen 27995 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b6c3775-3f8e-4d89-b2d1-2653e5c981c5} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
    3⤵
    PID:3508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7856 -childID 12 -isForBrowser -prefsHandle 7884 -prefMapHandle 7880 -prefsLen 27995 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1acc7bcc-1ded-433f-bde9-7a47c3490a45} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
    3⤵
    PID:4880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7656 -childID 13 -isForBrowser -prefsHandle 7664 -prefMapHandle 7668 -prefsLen 27995 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {580f7020-f81b-4056-b430-942533646924} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
    3⤵
    PID:5184
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8024 -childID 14 -isForBrowser -prefsHandle 8176 -prefMapHandle 8168 -prefsLen 27995 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2591d1ea-ba33-43e6-8d69-06f88d0c7138} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
    3⤵
    PID:5616
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8012 -childID 15 -isForBrowser -prefsHandle 8248 -prefMapHandle 8252 -prefsLen 27995 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6589ec02-c1be-4784-9852-c215733e4bed} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
    3⤵
    PID:5672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8316 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 8308 -prefMapHandle 8320 -prefsLen 32562 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86904de0-04ed-49e9-8b28-808739aa3e8c} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" utility
    3⤵
    - Checks processor information in registry
    PID:5708
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8588 -childID 16 -isForBrowser -prefsHandle 8636 -prefMapHandle 8632 -prefsLen 27995 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e816d454-112b-4221-b6a8-db92faa2b2e4} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
    3⤵
    PID:5816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8996 -childID 17 -isForBrowser -prefsHandle 9004 -prefMapHandle 9000 -prefsLen 27995 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {43d950e2-6657-4655-8f05-3de3532b911d} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
    3⤵
    PID:5280
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9024 -childID 18 -isForBrowser -prefsHandle 9016 -prefMapHandle 9012 -prefsLen 27995 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30f0603a-8a43-4864-a468-03d3e635af8d} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
    3⤵
    PID:5288
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9256 -childID 19 -isForBrowser -prefsHandle 9248 -prefMapHandle 9156 -prefsLen 27995 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {543728b7-d5dc-4bb1-a420-f1203e45e228} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
    3⤵
    PID:5356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8428 -childID 20 -isForBrowser -prefsHandle 7492 -prefMapHandle 7396 -prefsLen 27995 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {482600f2-a16b-4002-b206-8691fa2b6f09} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
    3⤵
    PID:5756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8376 -childID 21 -isForBrowser -prefsHandle 7920 -prefMapHandle 7612 -prefsLen 27995 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1141fe24-0e92-4123-b9ff-39db1fc3b055} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
    3⤵
    PID:5860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7212 -childID 22 -isForBrowser -prefsHandle 7200 -prefMapHandle 7204 -prefsLen 27995 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7afa9551-3323-4a5d-ba1c-58d7b61f9f2b} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
    3⤵
    PID:4876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8432 -childID 23 -isForBrowser -prefsHandle 7828 -prefMapHandle 7748 -prefsLen 27995 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a77512a-35c3-450c-a89b-94754cd54736} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
    3⤵
    PID:532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6952 -childID 24 -isForBrowser -prefsHandle 7280 -prefMapHandle 7864 -prefsLen 27995 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73a90457-dec4-4353-b602-aea1747dc5c0} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
    3⤵
    PID:5540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6392 -childID 25 -isForBrowser -prefsHandle 6468 -prefMapHandle 6240 -prefsLen 27995 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76c4d899-c0eb-4f0c-b490-db7d4bcccff4} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
    3⤵
    PID:5148
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5928 -childID 26 -isForBrowser -prefsHandle 8672 -prefMapHandle 8684 -prefsLen 27995 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1add902-de19-447c-89dc-5032e978b656} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
    3⤵
    PID:3556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7440 -childID 27 -isForBrowser -prefsHandle 8700 -prefMapHandle 8704 -prefsLen 27995 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0de2ff4-f1ee-4a32-a8c2-d140dc54a79d} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
    3⤵
    PID:4632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7772 -childID 28 -isForBrowser -prefsHandle 7376 -prefMapHandle 7472 -prefsLen 27995 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c19093fd-4b27-4617-a6a1-3f244092837a} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
    3⤵
    PID:2520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7480 -childID 29 -isForBrowser -prefsHandle 7456 -prefMapHandle 8220 -prefsLen 27995 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cffe3db-f8a8-4e0a-b982-593968d2dc57} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
    3⤵
    PID:2120
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8032 -childID 30 -isForBrowser -prefsHandle 8000 -prefMapHandle 8044 -prefsLen 27995 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0aa485a3-1e12-43d8-9a4b-6a40b923dbde} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
    3⤵
    PID:5192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9728 -childID 31 -isForBrowser -prefsHandle 9596 -prefMapHandle 7320 -prefsLen 27995 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {19626228-71bd-43de-87d5-0974e0b77ce1} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
    3⤵
    PID:5344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8032 -childID 32 -isForBrowser -prefsHandle 9672 -prefMapHandle 9668 -prefsLen 27995 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2f14a02-b00c-4aac-9c83-4d18122fdd99} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
    3⤵
    PID:5984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9980 -childID 33 -isForBrowser -prefsHandle 7952 -prefMapHandle 9692 -prefsLen 27995 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {593fad91-54da-4b9b-851a-32716107d6c6} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
    3⤵
    PID:6204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8164 -childID 34 -isForBrowser -prefsHandle 8152 -prefMapHandle 8276 -prefsLen 27995 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {457bb6b6-f3e5-4ff7-91bf-90e422ad6632} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
    3⤵
    PID:6632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8276 -childID 35 -isForBrowser -prefsHandle 10072 -prefMapHandle 8628 -prefsLen 27995 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3caea4b-4aa0-4e37-b320-38898c6897d0} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
    3⤵
    PID:6960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\onffaicf.default-release\activity-stream.discovery_stream.json.tmp

Filesize
18KB

MD5
d9014ce94ce2c0acdbec11078b83697c

SHA1
7d74fbee7816504f9643abeae66fcd4d0a9c748d

SHA256
f7fd9158aaada65413ddfd8568e780482aeea5b35f29a1d3324873d85838f035

SHA512
0b84d1dfa0e9b444b10318a091946edf218e5056de59955285c012e5720f31a659316c8ce03116f30785c548d5f016ca0dfa9d45e56ed72470117b22ccd347db

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\onffaicf.default-release\cache2\entries\2547F4F8D6358638CDE0B31A1322D63360CA032C

Filesize
219KB

MD5
4b3e016b7f26d3d67a6ae3b41b4bca0b

SHA1
6df5df40669ed7439112dfeb18d9fe71d05d3c55

SHA256
68b94d2a8318a79daa89642dfe9c4a22510c34b7836a57dd5ccdf40b7bb235cd

SHA512
c4f1978a749fe3d040cea7397ee8e0eb67d98afd37ad61b0adbede8178b1c8f3c6ef4dc19d77e7277390c567a9a420cbcd5bb15b5a614a0d2c955d256d0f9638

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\onffaicf.default-release\cache2\entries\34716C316B5D20520CA895FC437A5B1ABEC19866

Filesize
47KB

MD5
06985d78fd581b07f13b7ef7312856a4

SHA1
458ebd3010dfb44366bb06bfb048b19d1e3e65bf

SHA256
4338d7764ad71583e0422ea9bebf3eaea4c099c5609fbb00cd545c33467ebb45

SHA512
9e13acc46d354e4a0063877acffb1e5e18f8d819943fb2361b8ab3aa6f1e56a0c6133bedfd9f898f7722634deed367dc7b38b0dc026fe27f5f4e5a3874e72fb6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\onffaicf.default-release\cache2\entries\40F689EE58FA75632761846E1AFFEC5FD2D00D5E

Filesize
196KB

MD5
9eb24e7912bf6b4ab47bbb7f6ef056b9

SHA1
1cd118b1c87ed46d0b817dff47b12a61e618c4c6

SHA256
86209be8ffeebca47107bbc14893bd4dc5f0c5e72ab3fb8e21ba8b03d3c3e37a

SHA512
7ce3c600cf3d8eccd725366b892e712016548bf7e6c6a91e21e5560ca4263102e1c27e7c9c7260dfd55621f0467e74418ab91ed815579d18d84197eddc10a431

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\onffaicf.default-release\cache2\entries\4FBF67127B9D96A5D319CB30D2E160B78DEB4101

Filesize
2.0MB

MD5
99de3b1b4fe95cec29fe30c6fa4e1e89

SHA1
861af0c7dd2e0da4c527503726afd1ff8e70882b

SHA256
a164d6f09c906f82123c702b0efaa8d6c2f14e5644d55bffaa10ac8752562861

SHA512
84ce90349745fd669d3d60d48281c793febe373c3dacd06a0a153f4c3622de72faa2fb4636d9d4c69230c21ee4af5ff33f17e1778a4d5b60e9a8dfe401486375

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\onffaicf.default-release\cache2\entries\5617C2BB77122AC13DC0FB65336A8386EC872F9E

Filesize
21KB

MD5
ee4d44d486fc506371204653bdd11251

SHA1
15ed72f9139a936b39ac9c29fbf5e4f43d7c6aab

SHA256
94895983ca304f6cdddf883373f50d9e198fe9fc007d2052f9e95873c6dd70c7

SHA512
2cac33093fffeb6c081883f5d4783cdefd88f96caf30d2838112233ee0324a46cd46b6623afbfc3c6c79d58a49c72d1068c9377e3ad7c02db332b6129a48faf2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\onffaicf.default-release\cache2\entries\5617C2BB77122AC13DC0FB65336A8386EC872F9E

Filesize
21KB

MD5
f2bdf0592a00548e5cf77b509dd4745f

SHA1
6f1d4fc794ffeb8d0fd9d013bf735c8d2c3fe062

SHA256
c85f6139b80c1b030d3af7a2d1294d4c810ec9de3f71d0e12a1f4384c5e09286

SHA512
e992a3dfbe4233f152c257ae699b12d5a926e45f0f6abaa60225f9817859e4a9f2124b048d3bab95980886b70697fb4bd53c4593dace199b7e9ea2f758fc85f7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\onffaicf.default-release\cache2\entries\8FAEF6C102864143F0973BAA6827575407A64819

Filesize
259KB

MD5
7a29cd3a7175dbe263fef4ab98c0fbed

SHA1
5d2a9bc08d5cd48d981e4d0f422686a1f77b8c6a

SHA256
61451554ade640447414c208738af326ba5e2c34d4cff59c041023081cae23ae

SHA512
af663b862573d6d353199eee85f871edba7326d8736768ded963e7f7fa13454d2662e807e55d17c91f9404b01a2fce9a857a3b41010a972565eae81df7e93ad2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\onffaicf.default-release\cache2\entries\C427265826B9B4CEDA5C6CD081EA8C4CF88164F0

Filesize
1.0MB

MD5
15b0316efc35cfe33f91ec034bd1fafe

SHA1
6fdd2433164ffa7b714a7330739168aff8885ec6

SHA256
ad0b3073295587007c617c1480dfc11a09ced9a4458e1082f35da0eaa6665668

SHA512
44540f0a85bf6963138e0daf693f62ed553d18d7a8adeb85c210f95e8905d4087b4557e099e23187918e6bedb411fa5e91b8b507400fafaf1e647514f92bee68

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\onffaicf.default-release\cache2\entries\ED551B4C9364935D039E9B2BABB8FA4F83D09E34

Filesize
26KB

MD5
c8a81d9b07727b89ee8224a3db358ccd

SHA1
41fc957b87077db9ca4ab6170270ee374405b28f

SHA256
cd0fb4b312d40186a030a5a3a84e7458276f7e3fc332406d339c83e1c6e008aa

SHA512
ce109262fd81bb122a6283bcec23fa4bfc5b20f51af3e618d9356e2acab8f374fa1ac8ecdd4ce89df533d2fdbe432e00ec2607f84c8207ce47ed3c41e8561637

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\AlternateServices.bin

Filesize
7KB

MD5
10419f5d955d02200db01f276c77306d

SHA1
8a2d3afd16c64f50fca530f1d6347ddf3998b12d

SHA256
e4f52bb83a72826fc67ef1236ddcb49d7f108161b91eaa1e8229579b076de5c1

SHA512
6f67bad06a002f5e8981a2c5db01473ef41ee1ec989e65f7461e1d226e77c080d1c238831a808813910aedcad31e3464db5cff9ed6853d50acdae929bbb3a809

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
0840a22570411bb5d95a9cc6cf9c8cf0

SHA1
0efc757e3a970439b6de7eb4a98d5fea76d56132

SHA256
ee6a6e017db1ca66ee763ae9662b171e60941cf8b91820236d164a267e51e1c4

SHA512
396b49cc8f329e880360109d19fcee31cb52d8da34b13612911145988818b897035f0ac23ae8e090c11f065a3c24395ba303bd17fdc91f38563331b6070b9c26

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
52cb99ea9d64466d6ca826f044b212f1

SHA1
16f3af9416a2d0796e5875a8ec3e72b09c5c1491

SHA256
c910bba6748edc16a2e043f13aae30ca2f93012ee5dbe41847b4e5a567deb478

SHA512
1952bb109495bf72d3e5362553920c17a518c1290dab452db30ed3aa57fc69d95bf91e3b2ecceb11022067b38704c559911a125d84617fb4175ca7492b415be5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
2638027a73d0dce3676f4462de97f3f2

SHA1
19d5a0b41a3ce32a7852518991ad99e63fc9c947

SHA256
bb3132ae14358514414cb167c9a90200e32367f9cab975b1a1bd9d33b1b9b590

SHA512
a6c0cc8d1d89a93873f2c6665d444e389426e79d68b0e854e4cb9b51ca5ec3a6b85c1cc2582a74c22f99aceac7a32bea88c788419a4a434c7b6353f756ae7d08

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\pending_pings\611a7939-135b-4a2c-9ad5-f082732d6f18

Filesize
28KB

MD5
f3dc2e71c4e8f6befe590eccd86b5a16

SHA1
23497a5253e138d3f149bb532c2935be90e45354

SHA256
1ba2e66665fc21d0459630043dadc9b5fe7d15edfdbb81c98970afdc2089691c

SHA512
8b00e8be89257ab6e0659ecb1acb6c89ec5f378a857e3cf0ccb381c7d6350ada7a506274516985e8c8bada3577c5213984c6f7aa1c33a7ba61b8faf75e06928c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\pending_pings\b5053fe2-57ef-4119-91b4-c69556985cfe

Filesize
982B

MD5
9251e0c6b3114171ad958bea93f746db

SHA1
821ec6027e40329fcc11654119480d64ecf6c3e2

SHA256
d68fb2b98c92cddcfdd3d7186b7a9f3b3ea601d247124f18acbfaaa078fb8c5b

SHA512
d631091aba4f54244d2deede7f28f69f262caeefd50707b147ffafdf7020e8a73dc94dd808205c83511e3796bb8bf67ad47506b38d1137909e8e45692aa4668f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\pending_pings\d6204648-fc2f-4880-bb58-ab2a5e78c35a

Filesize
671B

MD5
0a91abca66c21094176973a4f58afa7c

SHA1
24e392c4addc57f29bf060e9d4711bbe2d51d277

SHA256
171f4e8a951411a1a229eee16798f0f8bcc384ba700cda80cdc88aea92c752ee

SHA512
00b8e426106b4eee1917e35dcc8a80c83c9e020b23ce6d0edc1da4389d3dceceff355ce8b1c5ed4fd9b65d9cc9b67c143c1f6c8cb790982bbc266f2c1a1779d8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs-1.js

Filesize
8KB

MD5
8c6118b9f40dd68a05ca2d6a4063cfe7

SHA1
b6134aac7fb3833984e3b34e6deb1bd43d6af2bf

SHA256
cdd68b3da851391af4975db4bfc056e0106c3ee33fd401c36d3655b194afc458

SHA512
3cbf9e15140b398edc0515ee9a59f83691484f8773d330c8446b7c6f10eb2ae055111352de562ec7279de770d390edf3d68cd1f7044628cc4263479dbb6b7819

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs-1.js

Filesize
9KB

MD5
37712d8130d999b7136ca7a040fc8d40

SHA1
05479cf1654a1e172fcf608b6d68ed27d1e076e5

SHA256
216d3e4918efad9c87f2a055b2e31d024290a4dfe96c7f666b9a51d41fadb89a

SHA512
5ef1df11f7d643ac470be9eb4e046b4ea8e98806f2a3f7c3c95e5a3fa46244ac715fcd2552eca6f43c117fe953f34da128d5361430d82b0ed37cdde75b64b52d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
edac73784acc8cd26dff7612b76fc15e

SHA1
77ca1246889ea37b78c164a13fa644afb6168322

SHA256
c905c84091ba9727e92c7b2ef8605df2d949d8a653a7985e586661d59137799e

SHA512
43fac0eba3983415d480bd4e58ea741164b20abb2809bf9c9fcac5252cf50809f9eec61817882ffde785c121b919fea753cdc42e244b85cf582d2781f90469f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
6da351be489313e8e87e0d769d219493

SHA1
4a0fba6d2bb8c168aed3d8f5e8850200f88e0c1e

SHA256
a0c8a17739bea08cc9e1aa2dc2baf32ac1fb6f436607c6aaaca363ab0d0a7117

SHA512
7ad9477d7dd81336aaa8abdfcc1a8c32309177053627f9dd8e906ebc9817f801b0edc06592a55bfc4f1b7259d38d8c6b1504b28608c42f2f0d67615826605b5e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\sessionstore-backups\recovery.baklz4

Filesize
12KB

MD5
1ff174c8671ae56242d982f6031d0a61

SHA1
310825bd0dd8929bdf6e5eefe27a356e22218b3c

SHA256
46f88e95809261fbc12b14d7a146bbd1464dcfbb6d7d43bd5796b81635314492

SHA512
6e63eb20192f587d22273df4966c3a86df285511690c028b14e1d5338fa0916af36caa0a8cd06ced9533670a5f682d1e4d4c02516f83c735d1d4ac76c224056e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\sessionstore-backups\recovery.baklz4

Filesize
8KB

MD5
009c4e30905cf95eea27ff9602a25cd4

SHA1
c53c2ea8e44a58c209a72ea14699829f9abf0527

SHA256
de641d47aaab0a31082ac9b577e871ef9df28739cb4564992a6eaf10cea2af4f

SHA512
4c47d6b2bebc92218d7db0d04b31a2f0ce2b0102298f82d5079c0b8ee1f035014cc53446d63a5a35f0d0b8a33eeef2d3cf4ca778a904a8e6b0f1f7d272e8108f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\sessionstore-backups\recovery.baklz4

Filesize
12KB

MD5
ebf2492c642fb5a2aedb4e3ade326e77

SHA1
88d7c61847adad1e26ccfbbde70c3ab0283f371b

SHA256
fe3a8b52f570051d62608358f76e62fd51e99ff4b2320c8112c0628677e2ef72

SHA512
640c5c7f8c467a4135f33817fe16380fa85478b28877effeb488765fac13282f890039322ee2d4c4586e6926a0301fff9aa695a65b0d10dabef6e0bc36b555ff

Download Submit