hxxps://github[.]com/muhammed-mamun/ChineseSpoofer

Analysis

max time kernel
377s
max time network
371s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
15/07/2024, 20:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/muhammed-mamun/ChineseSpoofer

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-95457810-830748662-4054918673-1000\{B9736D58-18D3-417F-9213-FFF3DAA7E2B1}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2576	msedge.exe
2576	msedge.exe
3128	msedge.exe
3128	msedge.exe
1540	msedge.exe
1540	msedge.exe
3640	msedge.exe
3640	msedge.exe
6080	identity_helper.exe
6080	identity_helper.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
680	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	3564	firefox.exe
Token: SeDebugPrivilege	3564	firefox.exe
Token: SeDebugPrivilege	3564	firefox.exe
Token: SeDebugPrivilege	3564	firefox.exe
Token: SeDebugPrivilege	3564	firefox.exe
Token: SeDebugPrivilege	3564	firefox.exe

Suspicious use of FindShellTrayWindow 47 IoCs

pid	Process
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3564	firefox.exe
3564	firefox.exe
3564	firefox.exe
3564	firefox.exe
3564	firefox.exe
3564	firefox.exe
3564	firefox.exe
3564	firefox.exe
3564	firefox.exe
3564	firefox.exe
3564	firefox.exe
3564	firefox.exe
3564	firefox.exe
3564	firefox.exe
3564	firefox.exe
3564	firefox.exe
3564	firefox.exe
3564	firefox.exe
3564	firefox.exe
3564	firefox.exe
3564	firefox.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3564	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3128 wrote to memory of 3456	3128	msedge.exe	79
PID 3128 wrote to memory of 3456	3128	msedge.exe	79
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2672	3128	msedge.exe	80
PID 3128 wrote to memory of 2576	3128	msedge.exe	81
PID 3128 wrote to memory of 2576	3128	msedge.exe	81
PID 3128 wrote to memory of 3724	3128	msedge.exe	82
PID 3128 wrote to memory of 3724	3128	msedge.exe	82
PID 3128 wrote to memory of 3724	3128	msedge.exe	82
PID 3128 wrote to memory of 3724	3128	msedge.exe	82
PID 3128 wrote to memory of 3724	3128	msedge.exe	82
PID 3128 wrote to memory of 3724	3128	msedge.exe	82
PID 3128 wrote to memory of 3724	3128	msedge.exe	82
PID 3128 wrote to memory of 3724	3128	msedge.exe	82
PID 3128 wrote to memory of 3724	3128	msedge.exe	82
PID 3128 wrote to memory of 3724	3128	msedge.exe	82
PID 3128 wrote to memory of 3724	3128	msedge.exe	82
PID 3128 wrote to memory of 3724	3128	msedge.exe	82
PID 3128 wrote to memory of 3724	3128	msedge.exe	82
PID 3128 wrote to memory of 3724	3128	msedge.exe	82
PID 3128 wrote to memory of 3724	3128	msedge.exe	82
PID 3128 wrote to memory of 3724	3128	msedge.exe	82
PID 3128 wrote to memory of 3724	3128	msedge.exe	82
PID 3128 wrote to memory of 3724	3128	msedge.exe	82
PID 3128 wrote to memory of 3724	3128	msedge.exe	82
PID 3128 wrote to memory of 3724	3128	msedge.exe	82

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/muhammed-mamun/ChineseSpoofer
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa5e663cb8,0x7ffa5e663cc8,0x7ffa5e663cd8
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,13325524360527210824,17564985093805406720,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,13325524360527210824,17564985093805406720,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,13325524360527210824,17564985093805406720,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,13325524360527210824,17564985093805406720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,13325524360527210824,17564985093805406720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,13325524360527210824,17564985093805406720,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,13325524360527210824,17564985093805406720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1900,13325524360527210824,17564985093805406720,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1900,13325524360527210824,17564985093805406720,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,13325524360527210824,17564985093805406720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,13325524360527210824,17564985093805406720,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6192 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,13325524360527210824,17564985093805406720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,13325524360527210824,17564985093805406720,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,13325524360527210824,17564985093805406720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,13325524360527210824,17564985093805406720,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1
  2⤵
  PID:5508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4488

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004B8 0x00000000000004D0
1⤵
PID:4408

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6124
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:3564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1776 -prefsLen 25757 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d689f4b-0ba0-4ad8-9ede-b64e5f583ace} 3564 "\\.\pipe\gecko-crash-server-pipe.3564" gpu
    3⤵
    PID:3104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2380 -prefsLen 25793 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8560a3d6-10da-4abb-a110-2da8d4092073} 3564 "\\.\pipe\gecko-crash-server-pipe.3564" socket
    3⤵
    PID:396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3260 -childID 1 -isForBrowser -prefsHandle 3256 -prefMapHandle 3252 -prefsLen 25934 -prefMapSize 244658 -jsInitHandle 1356 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d861390-9ce5-4904-8eba-5daa09a276e5} 3564 "\\.\pipe\gecko-crash-server-pipe.3564" tab
    3⤵
    PID:2260
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3580 -childID 2 -isForBrowser -prefsHandle 3604 -prefMapHandle 3600 -prefsLen 31167 -prefMapSize 244658 -jsInitHandle 1356 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4b5c050-5073-4988-a125-ab4292deeecc} 3564 "\\.\pipe\gecko-crash-server-pipe.3564" tab
    3⤵
    PID:5860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4664 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 3900 -prefMapHandle 4716 -prefsLen 31167 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9bdf384-89ab-4fd7-ae55-05aa8a506acb} 3564 "\\.\pipe\gecko-crash-server-pipe.3564" utility
    3⤵
    - Checks processor information in registry
    PID:4616
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5396 -childID 3 -isForBrowser -prefsHandle 5388 -prefMapHandle 5384 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1356 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a96b09e-fa42-42ef-a965-f8987845fb03} 3564 "\\.\pipe\gecko-crash-server-pipe.3564" tab
    3⤵
    PID:248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5616 -childID 4 -isForBrowser -prefsHandle 5536 -prefMapHandle 5540 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1356 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {107943a5-2692-4615-b4fe-1ec49ae46242} 3564 "\\.\pipe\gecko-crash-server-pipe.3564" tab
    3⤵
    PID:236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5744 -childID 5 -isForBrowser -prefsHandle 5820 -prefMapHandle 5816 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1356 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {129b3ef5-ba5e-4aa2-997b-51c832ad0f1f} 3564 "\\.\pipe\gecko-crash-server-pipe.3564" tab
    3⤵
    PID:132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fc52695a78aa4e8734d73b7446ba59d1

SHA1
15dfb5759ff566206ebd6b8a864e9e43182d7f44

SHA256
fc18d4b0cbcbb89e7f9cbe630c18c94ddecf8b59e74718cc5ad1f66fe638cf9e

SHA512
dbddeb1e9678141910933db917260164cfd07d5f2fcf3c7e82fc2c6db486be7dc47fb193a676e7a23d4ad6936c946ede8def1c555332e41a829d94c207cbfd51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce971e4ab1f7a51b5b9def5887018d15

SHA1
2f280b61a4c3297a3129d59b84ae971e90fdf9d9

SHA256
12e7606eaa7e67b697c8b098266fcb8cb066cd9f8f60ce43ba8405102a63af1b

SHA512
5358fb373e7ef29ac278c33161fbd06b4ac59b24be16e4c34f37ae88383655a182e30fa71cb7881cffc3af5ab055aad25d57f53f3114e6d79b946dbfaa228594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
977f3d0a76eaeda11869429d169d54dc

SHA1
346ee883cd8ba687d7a4c3c8f1012c1ea7acfc51

SHA256
b03acc13966d4faf30f9ba1da8faf9175ac6673856b2515b26dfb442efc546e6

SHA512
2c84e0dc3671765cf4c37e7ff3b0d3bf4c5794dd919ab151c09130ee3250a08fe56135a83acca30c7bcee51fbff00f24a98936569076327a9bbc40ecb53b52bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\001\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
187d45b6991718030427496b3e55be58

SHA1
c7895cc6fec4b4118ee09fe3fd26ab9641d3142b

SHA256
73c55532b642d5a74591407337f1f0c76b0438180f8b092c28b4782d3d51c672

SHA512
5ee2dcb8ee1765ce48effe0d1bc4aaba762027ccc7626d831f83361212592c26c51d7c20bd9e06fc8d82b902adda802d0d9d60d6c61230805e17c6d1babfe525

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
64155ee20e997c14f3a247fe83bf0fa9

SHA1
53345920fd8d069943b4825eb20c5b6c94dd3c8e

SHA256
814871b39bc8dab29c9b5f669a5c6ba7dad9a362940fd1c7389159eecf97587a

SHA512
426bf2b9e9fc17fe1edfbc15326463943484c5a85f66bdf2d0457e68e521d6397ca83c6e17478d9373f03fb51da6e7596b2620e61933a9de3e6a17dd9b791231

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9983a0fa2b0516bc25b01421baf281a7

SHA1
8b700ff78e4172c0ce984013ac847ac5e287d1aa

SHA256
33d7fb890e4f3ac3380255810a96ec607b8cc28eb951ec6397dfcab04a3e665f

SHA512
2c6173622c2b52bae6989d58de97580d74f5461473b6c3a994a87e2911dad048928e2e3ad9498b309d20739eb3d52c38c725c62e1cd0d49adc79339a88d75c50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cb9620ee5c6806d2e2819c55bd6571e6

SHA1
258f7abaf1233aa6e638667feb67ba6fcae011f2

SHA256
394b20af00fca5972ad3e3de3a6b47f17758682f31e49bd9eb9bcd5b3b2667e9

SHA512
9cb7168bf98799b97578feeb4760a1c74112ee03dd7e0bc190a0c75c9acc8b2505e364773d094915c420d95a9a8fc8653920b14ff1c37718be0f88e4823987da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c957a5a77fc92b0255833ddc55e58cf9

SHA1
5264ee458a22b6154a330ad460b553cfaca415b4

SHA256
e091b01afe03803db73915b6785cbdd117e224ce3fb096a27d74f221f61dc941

SHA512
23476b62b004f78a8557b4588affdbda8159bd394dd74ef2c82ec8e58361859286f6ef3700c277dd060ed9e4bcada2d2e9b891b2cc6293a73f198bce947c1826

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\cedefe64-1f2b-4d69-9db2-c41220e7ebab.tmp

Filesize
11KB

MD5
7d84ba38dd58d08ff1b8a702f922a85f

SHA1
5b7a2777eec0b889c820231f10bb1aaa30b4807c

SHA256
4565711b98463ce4aab7e8f5cdc5cc6fe1f80d5ac753f31aca39d6e25935a4b4

SHA512
b213c4c0a61bfcc564fa7659789cc34db146d97a8a50491d62345c34bc202db44b00e9527f77d79df6cec750beea541b37a8f89beefc7219a820b176f049e94c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0xshw2k.default-release\activity-stream.discovery_stream.json

Filesize
18KB

MD5
4dbd7efedd4f107e17b61ec4ae371838

SHA1
549a7f0772d23bb9a8ed9df609935a5b9db965b5

SHA256
cffa188a39d336410ee775b59e4e7f3035bb5219fd4821f2faeb5b8a4e8fd45a

SHA512
1f15f834f5b9cfd74e1dc96a240b74e73ee0c1dc5094b37d899788f41f3ce6bff31bd6f3ead1a57e551841cd233951e1667ce72e569524414151009d73579261

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0xshw2k.default-release\activity-stream.discovery_stream.json.tmp

Filesize
18KB

MD5
de2db5a4fa74b1a500bfb9ffb3f81528

SHA1
713a350cc4ed31c355c8100808ee064a695723ff

SHA256
23a0b1e83de46d4675274b37a31d7e13a1f6b580586d0a9298be271c113ef922

SHA512
87d01203cacee424f44f081c7446f512776f19604e8bf12f15f7c0f46b36a858973d4565e98fe3ae99495429d61ae046f56eb88511cadd526ba34914cccfe281

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0xshw2k.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
4ad312bdb71dc7b0e4d2a7f841936d34

SHA1
8384e08f4c4f17701079e8ec57dbcfea81a2bd3c

SHA256
7a091d53157a9f1ba30c15658d4573267ccb1ec8f4b5f134866cb6346ddd7a9e

SHA512
19dfbf0bb4c1d1957a5815113675e9cf60d7fd0ab7ae63dc2123a235537da80ca3b00767ee2071fa4c514962e3641d73077331c2147144884c4a8a24588c639a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0xshw2k.default-release\personality-provider\nb_model_build_attachment_arts_and_entertainment.json

Filesize
67KB

MD5
6c651609d367b10d1b25ef4c5f2b3318

SHA1
0abcc756ea415abda969cd1e854e7e8ebeb6f2d4

SHA256
960065cc44a09bef89206d28048d3c23719d2f5e9b38cfc718ca864c9e0e91e9

SHA512
3e084452eefe14e58faa9ef0d9fda2d21af2c2ab1071ae23cde60527df8df43f701668ca0aa9d86f56630b0ab0ca8367803c968347880d674ad8217fba5d8915

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0xshw2k.default-release\personality-provider\nb_model_build_attachment_autos_and_vehicles.json

Filesize
44KB

MD5
39b73a66581c5a481a64f4dedf5b4f5c

SHA1
90e4a0883bb3f050dba2fee218450390d46f35e2

SHA256
022f9495f8867fea275ece900cfa7664c68c25073db4748343452dbc0b9eda17

SHA512
cfb697958e020282455ab7fabc6c325447db84ead0100d28b417b6a0e2455c9793fa624c23cb9b92dfea25124f59dcd1d5c1f43bf1703a0ad469106b755a7cdd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0xshw2k.default-release\personality-provider\nb_model_build_attachment_beauty_and_fitness.json

Filesize
33KB

MD5
0ed0473b23b5a9e7d1116e8d4d5ca567

SHA1
4eb5e948ac28453c4b90607e223f9e7d901301c4

SHA256
eed46e8fe6ff20f89884b4fc68a81e8d521231440301a01bb89beec8ebad296b

SHA512
464508d7992edfa0dfb61b04cfc5909b7daacf094fc81745de4d03214b207224133e48750a710979445ee1a65bb791bf240a2b935aacaf3987e5c67ff2d8ba9c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0xshw2k.default-release\personality-provider\nb_model_build_attachment_blogging_resources_and_services.json

Filesize
33KB

MD5
c82700fcfcd9b5117176362d25f3e6f6

SHA1
a7ad40b40c7e8e5e11878f4702952a4014c5d22a

SHA256
c9f2a779dba0bc886cc1255816bd776bdc2e8a6a8e0f9380495a92bb66862780

SHA512
d38e65ab55cee8fef538ad96448cd0c6b001563714fc7b37c69a424d0661ec6b7d04892cf4b76b13ddbc7d300c115e87e0134d47c3f38ef51617e5367647b217

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0xshw2k.default-release\personality-provider\nb_model_build_attachment_books_and_literature.json

Filesize
67KB

MD5
df96946198f092c029fd6880e5e6c6ec

SHA1
9aee90b66b8f9656063f9476ff7b87d2d267dcda

SHA256
df23a5b6f583ec3b4dce2aca8ff53cbdfadfd58c4b7aeb2e397eade5ff75c996

SHA512
43a9fc190f4faadef37e01fa8ad320940553b287ed44a95321997a48312142f110b29c79eed7930477bfb29777a5a9913b42bf22ce6bb3e679dda5af54a125ea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0xshw2k.default-release\personality-provider\nb_model_build_attachment_business_and_industrial.json

Filesize
45KB

MD5
a92a0fffc831e6c20431b070a7d16d5a

SHA1
da5bbe65f10e5385cbe09db3630ae636413b4e39

SHA256
8410809ebac544389cf27a10e2cbd687b7a68753aa50a42f235ac3fc7b60ce2c

SHA512
31a8602e1972900268651cd074950d16ad989b1f15ff3ebbd8e21e0311a619eef4d7d15cdb029ea8b22cf3b8759fa95b3067b4faaadcb90456944dbc3c9806a9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0xshw2k.default-release\personality-provider\nb_model_build_attachment_computers_and_electronics.json

Filesize
45KB

MD5
6ccd943214682ac8c4ec08b7ec6dbcbd

SHA1
18417647f7c76581d79b537a70bf64f614f60fa2

SHA256
ab20b97406b0d9bf4f695e5ec7db4ebad5efb682311e74ca757d45b87ffc106b

SHA512
e57573d6f494df8aa7e8e6a20427a18f6868e19dc853b441b8506998158b23c7a4393b682c83b3513aae5075a21148dd8ca854a11dabcea6a0a0db8f2e6828b8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0xshw2k.default-release\personality-provider\nb_model_build_attachment_finance.json

Filesize
33KB

MD5
e95c2d2fc654b87e77b0a8a37aaa7fcf

SHA1
b4b00c9554839cab6a50a7ed8cd43d21fdaf35dc

SHA256
384bf5fcc6928200c7ebb1f03f99bf74f6063e78d3cd044374448f879799318e

SHA512
9696998a8d0e3a85982016ff0a22bb8ae1790410f1f6198bb379c0a192579f24c75c25c7648b76b00d25a32ac204178acaccd744ee78846dfc62ebf70bf7b93a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0xshw2k.default-release\personality-provider\nb_model_build_attachment_food_and_drink.json

Filesize
67KB

MD5
70ba02dedd216430894d29940fc627c2

SHA1
f0c9aa816c6b0e171525a984fd844d3a8cabd505

SHA256
905357002f2eced8bba1be2285a9b83198f60d2f9bb1144b5c119994f2ec6e34

SHA512
3ae60d0bf3c45d28e340d97106790787be2cc80ba579d313b5414084664b86e89879391c99e94b6e33bdc5508ea42a9fd34f48ca9b1e7adfa7b6dd22c783c263

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0xshw2k.default-release\personality-provider\nb_model_build_attachment_games.json

Filesize
44KB

MD5
4182a69a05463f9c388527a7db4201de

SHA1
5a0044aed787086c0b79ff0f51368d78c36f76bc

SHA256
35e67835a5cf82144765dfb1095ebc84ac27d08812507ad0a2d562bf68e13e85

SHA512
40023c9f89e0357fae26c33a023609de96b2a0b439318ef944d3d5b335b0877509f90505d119154eaa81e1097ecfb5aa44dd8bb595497cdecfc3ee711a1fe1d5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0xshw2k.default-release\personality-provider\nb_model_build_attachment_health.json

Filesize
33KB

MD5
11711337d2acc6c6a10e2fb79ac90187

SHA1
5583047c473c8045324519a4a432d06643de055d

SHA256
150f21c4f60856ab5e22891939d68d062542537b42a7ce1f8a8cec9300e7c565

SHA512
c2301ed72f623b22f05333c5ecc5ebf55d8a2d9593167cc453a66d8f42c05ff7c11e2709b6298912038a8ea6175f050bbc6d1fc4381f385f7ad7a952ad1e856b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0xshw2k.default-release\personality-provider\nb_model_build_attachment_hobbies_and_leisure.json

Filesize
67KB

MD5
bb45971231bd3501aba1cd07715e4c95

SHA1
ea5bfd43d60a3d30cda1a31a3a5eb8ea0afa142a

SHA256
47db7797297a2a81d28c551117e27144b58627dbac1b1d52672b630d220f025d

SHA512
74767b1badbd32cacd3f996b8172df9c43656b11fea99f5a51fff38c6c6e2120fae8bdd0dd885234a3f173334054f580164fdf8860c27cbcf5fb29c5bcdc060d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0xshw2k.default-release\personality-provider\nb_model_build_attachment_home_and_garden.json

Filesize
33KB

MD5
250acc54f92176775d6bdd8412432d9f

SHA1
a6ad9ad7519e5c299d4b4ba458742b1b4d64cb65

SHA256
19edd15ebce419b83469d2ab783c0c1377d72a186d1ff08857a82bca842eea54

SHA512
a52c81062f02c15701f13595f4476f0a07735034fcf177b1a65b001394a816020ee791fed5afae81d51de27630b34a85efa717fe80da733556fdda8739030f49

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0xshw2k.default-release\personality-provider\nb_model_build_attachment_internet_and_telecom.json

Filesize
67KB

MD5
36689de6804ca5af92224681ee9ea137

SHA1
729d590068e9c891939fc17921930630cd4938dd

SHA256
e646d43505c9c4e53dbaa474ef85d650a3f309ccf153d106f328d9b6aeb66d52

SHA512
1c4f4aa02a65a9bbdf83dc5321c24cbe49f57108881616b993e274f5705f0466be2dd3389055a725b79f3317c98bdf9f8d47f86d62ebd151e4c57cc4dca2487c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0xshw2k.default-release\personality-provider\nb_model_build_attachment_jobs_and_education.json

Filesize
33KB

MD5
2d69892acde24ad6383082243efa3d37

SHA1
d8edc1c15739e34232012bb255872991edb72bc7

SHA256
29080288b2130a67414ecb296a53ddd9f0a4771035e3c1b2112e0ce656a7481a

SHA512
da391152e1fbce1f03607b486c5dea9a298a438e58e440ebb7b871bd5c62d7339b540eed115b4001b9840de1ba3898c6504872ff9094ba4d6a47455051c3f1c5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0xshw2k.default-release\personality-provider\nb_model_build_attachment_law_and_government.json

Filesize
68KB

MD5
80c49b0f2d195f702e5707ba632ae188

SHA1
e65161da245318d1f6fdc001e8b97b4fd0bc50e7

SHA256
257ee9a218a1b7f9c1a6c890f38920eb7e731808e3d9b9fc956f8346c29a3e63

SHA512
972e95de7fe330c61cd22111bd3785999d60e7c02140809122d696a1f1f76f2cd0d63d6d92f657cdec24366d66b681e24f2735a8aabb8bcecec43c74e23fb4f5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0xshw2k.default-release\personality-provider\nb_model_build_attachment_online_communities.json

Filesize
67KB

MD5
37a74ab20e8447abd6ca918b6b39bb04

SHA1
b50986e6bb542f5eca8b805328be51eaa77e6c39

SHA256
11b6084552e2979b5bc0fd6ffdc61e445d49692c0ae8dffedc07792f8062d13f

SHA512
49c6b96655ba0b5d08425af6815f06237089ec06926f49de1f03bc11db9e579bd125f2b6f3eaf434a2ccf10b262c42af9c35ab27683e8e9f984d5b36ec8f59fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0xshw2k.default-release\personality-provider\nb_model_build_attachment_people_and_society.json

Filesize
45KB

MD5
b1bd26cf5575ebb7ca511a05ea13fbd2

SHA1
e83d7f64b2884ea73357b4a15d25902517e51da8

SHA256
4990a5d17bea15617624c48a0c7c23d16e95f15e2ec9dd1d82ee949567bbaec0

SHA512
edcede39c17b494474859bc1a9bbf18c9f6abd3f46f832086db3bb1337b01d862452d639f89f9470ca302a6fcb84a1686853ebb4b08003cb248615f0834a1e02

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0xshw2k.default-release\personality-provider\nb_model_build_attachment_pets_and_animals.json

Filesize
44KB

MD5
5b26aca80818dd92509f6a9013c4c662

SHA1
31e322209ba7cc1abd55bbb72a3c15bc2e4a895f

SHA256
dd537bfb1497eb9457c0c8ecbd2846f325e13ddef3988fd293a29e68ab0b2671

SHA512
29038f9f3b9b12259fb42daa93cdefabb9fb32a10f0d20f384a72fe97214eff1864b7fa2674c37224b71309d7d9cea4e36abd24a45a0e65f0c61dc5ca161ec7c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0xshw2k.default-release\personality-provider\nb_model_build_attachment_real_estate.json

Filesize
67KB

MD5
9899942e9cd28bcb9bf5074800eae2d0

SHA1
15e5071e5ed58001011652befc224aed06ee068f

SHA256
efcf6b2d09e89b8c449ffbcdb5354beaa7178673862ebcdd6593561f2aa7d99a

SHA512
9f7a5fbe6d46c694e8bc9b50e7843e9747ea3229cf4b00b8e95f1a5467bd095d166cbd523b3d9315c62e9603d990b8e56a018ba4a11d30ad607f5281cc42b4cd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0xshw2k.default-release\personality-provider\nb_model_build_attachment_reference.json

Filesize
56KB

MD5
567eaa19be0963b28b000826e8dd6c77

SHA1
7e4524c36113bbbafee34e38367b919964649583

SHA256
3619daa64036d1f0197cdadf7660e390d4b6e8c1b328ed3b59f828a205a6ea49

SHA512
6766919b06ca209eaed86f99bee20c6dad9cc36520fc84e1c251a668bcfe0afcf720ea6c658268dc3bbaaf602bfdf61eb237c68e08d5252ea6e5d1d2a373b9fe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0xshw2k.default-release\personality-provider\nb_model_build_attachment_science.json

Filesize
56KB

MD5
7a8fd079bb1aeb4710a285ec909c62b9

SHA1
8429335e5866c7c21d752a11f57f76399e5634b6

SHA256
9606ce3988b2d2a4921b58ac454f54e53a9ea8f358326522a8b1dcc751b50b32

SHA512
8fc1546e509b5386c9e1088e0e3a1b81f288ef67f1989f3e83888057e23769907a2b184d624a4e4c44fcd5b88d719bd4cca94dfb33798804a721b8be022ec0c6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0xshw2k.default-release\personality-provider\nb_model_build_attachment_shopping.json

Filesize
67KB

MD5
97d4a0fd003e123df601b5fd205e97f8

SHA1
a802a515d04442b6bde60614e3d515d2983d4c00

SHA256
bfd7e68ddca6696c798412402965a0384df0c8c209931bbadabf88ccb45e3bb6

SHA512
111e8a96bc8e07be2d1480a820fc30797d861a48d80622425af00b009512aacb30a2df9052c53bfbf4ee0800b6e6f5b56daa93d33f30fecb52e2f3850dfa9130

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0xshw2k.default-release\personality-provider\nb_model_build_attachment_sports.json

Filesize
56KB

MD5
ce4e75385300f9c03fdd52420e0f822f

SHA1
85c34648c253e4c88161d09dd1e25439b763628c

SHA256
44da98b03350e91e852fe59f0fc05d752fc867a5049ab0363da8bb7b7078ad14

SHA512
d119dc4706bbf3b6369fe72553cfacf1c9b2688e0188a7524b56d3e2ac85582a18bbee66d5594e0fb40767432646c23bf3e282090bd9b4c29f989a374aeae61f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0xshw2k.default-release\personality-provider\nb_model_build_attachment_travel.json

Filesize
67KB

MD5
48139e5ba1c595568f59fe880d6e4e83

SHA1
5e9ea36b9bb109b1ecfc41356cd5c8c9398d4a78

SHA256
4336ac211a822b0a5c3ce5de0d4730665acc351ee1965ea8da1c72477e216dfa

SHA512
57e826f0e1d9b12d11b05d47e2f5ae4f5787537862f26e039918cb14faff4bc854298c0b7de3023e371756a331c0f3ee1aa7cebbbf94ec70cdfc29e00a900ed1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0xshw2k.default-release\personality-provider\recipe_attachment.json

Filesize
1KB

MD5
be3d0f91b7957bbbf8a20859fd32d417

SHA1
fbc0380fe1928d6d0c8ab8b0a793a2bba0722d10

SHA256
fc07d42847eeaf69dcbf1b9a16eb48b141c11feb67aa40724be2aee83cb621b7

SHA512
8da24afcf587fbd4f945201702168e7cfc12434440200d00f09ddcd1d1d358a5e01065ac2a411fdf96a530e94db3697e3530578b392873cf874476b5e65d774a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
d8c7de73ee0dcb1f5b7c094188c64272

SHA1
5f976bc90691abcf15eb6c1555905485cf01aff1

SHA256
c75793c455c3d195f9f1c24c24dc52e081fdc1db2096d9e5438b8f64525d4ad1

SHA512
67af5bcb90505a2fb4e978428a80e51465ae04f78e45663d2d9218aed96fc52906245a0e3da79381b014e49e903a00f20285498c09552d37e34d0652ee9c84e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\AlternateServices.bin

Filesize
7KB

MD5
39e42e378ee94fdaadce3084315b8383

SHA1
e1051466da6942e878114fdd0d92f1cf14e18180

SHA256
fafee484888b1993c15fe16572a8895bff56e52717b9ba2d5b78f471447338e7

SHA512
a0f8b15d15773771d6774b1355554413855737f67e0ae5855d4088b2e364da3bfd15e1047f6b164adcbb0d45993b9d73153a9429f2a04e7f02e89c0a6eb2dd81

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\bookmarkbackups\bookmarks-2024-07-15_11_WULOQrWC9rva2On+xihYSw==.jsonlz4

Filesize
1000B

MD5
80304edd6e486422076aa9bcd2302a36

SHA1
490b83588dc844191998b452ec3c9f58adae30a9

SHA256
2483f5206fc69d3daa7eac812c20ea8b9b4cdebf16edceeacf75d90032031d4e

SHA512
53d774aaeb3032f29427cf68e000cc84620639923179adbd57e7ed64457c02c832523b69b781796ad9a933df9e6bd37813cea4d6b8d6c6db5d225dca687e4e44

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
dd23616340f47cec475009ffdbd826e3

SHA1
eb282becfc23e338e9b4496baab183985bbdfc8c

SHA256
6ad2693e8800e2a64a32eaf493994b1c83abf3cabdfcb8c908fa8674d39e914b

SHA512
ea309d5fb444fd2fe84b049e906bc9b98e7472020e959d3fd4bbb443dbf7f429f8f8fa668b19da2d40b2a9962abf84b6808002811354d38167c274e8abf32d37

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
34e1b768931ab7d47b40dd88f7ea35ad

SHA1
06fc787dc07b2b4705d93fcbe7d2e97a1ab4be6b

SHA256
566d37c600c71b16cec31672b7c3e8455c7e9636efee1b7f3873f29ca5ee074a

SHA512
2dbac49543313fcc8809435d7a6b8c81ceb9926372e6852a7062cca8ccaad2d8afeb61ab516a9e8dd89ea39e88bf704e42b7f895cd2e7a3d15598b0e627c8c1d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
2e5f35dd1a43634511084051416cf7b7

SHA1
ee9c8ba6a0f05de9f24e539cd515c8359db1390a

SHA256
92bbd3a557fbc73702ec938da1e5eec5e9a942bab7cd7d4bd31046273fb8f65f

SHA512
68e4cf513f54e2c292a2eb56059c95eaa6a7571de42b2a75193a1cddd3d71205ce478a4816af73186f475bb64f5e11f71200e94cf5b47bbf3b6968b709d5f8cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
1064ec63d6250576d89807d75d3d3fa2

SHA1
6842e84e3eb5da260622be71adca2e4ce2cde6c0

SHA256
73199e2d1e40c86b677b8c595139e7da81a93cf83505c126609ff93cc7d35524

SHA512
15a1aa1b1ff381b42ba08aaf0bd3a9af33c30008bfddf55d92122fd3061f48ce9b4a65c86ea55c84023607c5e97ef693a9fc53f84f1c96c217bee979814547e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\datareporting\glean\pending_pings\511bc00f-0815-4534-9779-b2c1425e9943

Filesize
982B

MD5
7e7fe91d6b55853bac8a46533d662325

SHA1
58ffbd969ea7ad19da7bafcf76674c37877269e2

SHA256
d3a91a7ba25b36e8592ba6f507ef2ee0b647550573a62debca974a141187e30c

SHA512
77f3e3066ad5daf1365d3bda08e743438617312f6d28a615e25d5e173c7566cc616cef065f8f35a2f86e6c8a8977e904540597cab6b49a7b5b4f90e68efdd002

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\datareporting\glean\pending_pings\cebf49c0-b2fd-4de0-897a-9435f73013f3

Filesize
26KB

MD5
581ed28a887e7df0c8d5177213534193

SHA1
69482549b49bf06e8f7941be991ed7723f3d33c5

SHA256
15974310cf3c83b24a25dc0ee725fdfd3c434ae5d6997a97378576f44712f831

SHA512
a3d4a7114caa591cb9b6b769b6c59cf32c8a2bb9fa5ee8ed6bac755415e1d17f90193867420aacc2c994ba5a8e11d8f9da26ed2a9a59ae72e2e3fe4acb7be44b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\datareporting\glean\pending_pings\ef5cac29-86c5-4943-8695-cf2bc08ab2c5

Filesize
671B

MD5
5bd830b4200231e264380f2a68ca180f

SHA1
ce4af112434430d83f0c4181cc913a7f39f58dc5

SHA256
6b3dd03b02b0fd80d73f36f15da814852b97553cb1e435e56bbcebbba25637c7

SHA512
13328adfe49b0823ab2f6f9b1064be1c1acd9f3a59b7e2595815909c340fa8e51de4373c781701d34f2a9d18bd50424f3246112c781c10940e9621fd08a52931

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\prefs-1.js

Filesize
12KB

MD5
0d16cafd44fce9a67206afe22b3c41c7

SHA1
b9daea8ad93e4cec9e5ae5bd024001f2955f98b4

SHA256
85eea89dc6ee86405eb32875d09117071dd6c841db1e69e6ea6b9ec9b00b41f1

SHA512
072d7fd7699572649824902fdf832982a5ae475f3a65318c0d5ce3a3d8762f427dd4b95189dd91fb57312d9a9bc249e38487560faa8c81c2f25da68bfd7ef9a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\prefs-1.js

Filesize
11KB

MD5
bb95ae631166ee6c75125f845abfba44

SHA1
940527981ed86f1f73dd996e032cc6ba2b70c145

SHA256
d8599932156526c9782f33f243ebb305deea26455d7b05b965cb5f6c7d354fa1

SHA512
7fa7f5bab197d1799ace81e1eba5d79caa17cf8e2e9c29b07be3816a66d5f8256b68b7fa3d5ade64e9858821ae6b1bbd96f6c050eaf46938f8377f76a9420f49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\prefs-1.js

Filesize
16KB

MD5
cdeddeaf3c12c8322ecb90e2aa3f239e

SHA1
8868625a430b0a88aecbfe9b4c8ca63547a4194f

SHA256
474e72c05d40e36aa5c1e2768c08f650ef701b0a9cc60eb7936d8223a034b1ee

SHA512
e9bce689a977f66747ce8060a67fb5d1b585d619ac4aa1332e0b619b2e73a58b483cd0637c14e155ad678acc7add98b886df69ec03579df81c5ece32fb1c3516

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.0MB

MD5
bdc259067b2137ed6e2a3dc7a41b8a25

SHA1
1b5b2a4958269c887cc9ceb75246354f964db571

SHA256
6b4416ec92212aee2a3439611e9ff31c3e1dab119cdca83ce0c4137aaf4b89bf

SHA512
42cc8e8f92c623a77f016fd62e889fa8901182e1e56b8a01b14c71c95bd70e9001a6d9fa959f20669abdafa9b909f6f2a36a92fe3de583d6c5f307d7cf699609

Download Submit