hxxps://accounts[.]google[.]com/accountchooser/signinchooser?checkedDomains=youtube&continue=https%3A%2F%2Fdrive[.]google[.]com%2Fdrive%2Fu%2F1%2F&ddm=0&dsh=S1025431254%3A1721379254545207&ec=GAlAMQ&flowEntry=AccountChooser&flowName=GlifWebSignIn&hl=en&pstMsg=1&service=writely&authuser=1

Analysis

max time kernel
149s
max time network
158s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
19/07/2024, 08:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://accounts.google.com/accountchooser/signinchooser?checkedDomains=youtube&continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Fu%2F1%2F&ddm=0&dsh=S1025431254%3A1721379254545207&ec=GAlAMQ&flowEntry=AccountChooser&flowName=GlifWebSignIn&hl=en&pstMsg=1&service=writely&authuser=1

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133658529925148417"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3637748876-3197268895-3385380113-1000\{7CC2DBCC-5A24-49A7-84ED-A8F927247260}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4652	chrome.exe
4652	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe
3524	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe

Suspicious use of FindShellTrayWindow 47 IoCs

pid	Process
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
5068	firefox.exe
5068	firefox.exe
5068	firefox.exe
5068	firefox.exe
5068	firefox.exe
5068	firefox.exe
5068	firefox.exe
5068	firefox.exe
5068	firefox.exe
5068	firefox.exe
5068	firefox.exe
5068	firefox.exe
5068	firefox.exe
5068	firefox.exe
5068	firefox.exe
5068	firefox.exe
5068	firefox.exe
5068	firefox.exe
5068	firefox.exe
5068	firefox.exe
5068	firefox.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
5068	firefox.exe
5068	firefox.exe
5068	firefox.exe
5068	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4652 wrote to memory of 2820	4652	chrome.exe	82
PID 4652 wrote to memory of 2820	4652	chrome.exe	82
PID 4652 wrote to memory of 4912	4652	chrome.exe	83
PID 4652 wrote to memory of 4912	4652	chrome.exe	83
PID 4652 wrote to memory of 4912	4652	chrome.exe	83
PID 4652 wrote to memory of 4912	4652	chrome.exe	83
PID 4652 wrote to memory of 4912	4652	chrome.exe	83
PID 4652 wrote to memory of 4912	4652	chrome.exe	83
PID 4652 wrote to memory of 4912	4652	chrome.exe	83
PID 4652 wrote to memory of 4912	4652	chrome.exe	83
PID 4652 wrote to memory of 4912	4652	chrome.exe	83
PID 4652 wrote to memory of 4912	4652	chrome.exe	83
PID 4652 wrote to memory of 4912	4652	chrome.exe	83
PID 4652 wrote to memory of 4912	4652	chrome.exe	83
PID 4652 wrote to memory of 4912	4652	chrome.exe	83
PID 4652 wrote to memory of 4912	4652	chrome.exe	83
PID 4652 wrote to memory of 4912	4652	chrome.exe	83
PID 4652 wrote to memory of 4912	4652	chrome.exe	83
PID 4652 wrote to memory of 4912	4652	chrome.exe	83
PID 4652 wrote to memory of 4912	4652	chrome.exe	83
PID 4652 wrote to memory of 4912	4652	chrome.exe	83
PID 4652 wrote to memory of 4912	4652	chrome.exe	83
PID 4652 wrote to memory of 4912	4652	chrome.exe	83
PID 4652 wrote to memory of 4912	4652	chrome.exe	83
PID 4652 wrote to memory of 4912	4652	chrome.exe	83
PID 4652 wrote to memory of 4912	4652	chrome.exe	83
PID 4652 wrote to memory of 4912	4652	chrome.exe	83
PID 4652 wrote to memory of 4912	4652	chrome.exe	83
PID 4652 wrote to memory of 4912	4652	chrome.exe	83
PID 4652 wrote to memory of 4912	4652	chrome.exe	83
PID 4652 wrote to memory of 4912	4652	chrome.exe	83
PID 4652 wrote to memory of 4912	4652	chrome.exe	83
PID 4652 wrote to memory of 4068	4652	chrome.exe	84
PID 4652 wrote to memory of 4068	4652	chrome.exe	84
PID 4652 wrote to memory of 1616	4652	chrome.exe	85
PID 4652 wrote to memory of 1616	4652	chrome.exe	85
PID 4652 wrote to memory of 1616	4652	chrome.exe	85
PID 4652 wrote to memory of 1616	4652	chrome.exe	85
PID 4652 wrote to memory of 1616	4652	chrome.exe	85
PID 4652 wrote to memory of 1616	4652	chrome.exe	85
PID 4652 wrote to memory of 1616	4652	chrome.exe	85
PID 4652 wrote to memory of 1616	4652	chrome.exe	85
PID 4652 wrote to memory of 1616	4652	chrome.exe	85
PID 4652 wrote to memory of 1616	4652	chrome.exe	85
PID 4652 wrote to memory of 1616	4652	chrome.exe	85
PID 4652 wrote to memory of 1616	4652	chrome.exe	85
PID 4652 wrote to memory of 1616	4652	chrome.exe	85
PID 4652 wrote to memory of 1616	4652	chrome.exe	85
PID 4652 wrote to memory of 1616	4652	chrome.exe	85
PID 4652 wrote to memory of 1616	4652	chrome.exe	85
PID 4652 wrote to memory of 1616	4652	chrome.exe	85
PID 4652 wrote to memory of 1616	4652	chrome.exe	85
PID 4652 wrote to memory of 1616	4652	chrome.exe	85
PID 4652 wrote to memory of 1616	4652	chrome.exe	85
PID 4652 wrote to memory of 1616	4652	chrome.exe	85
PID 4652 wrote to memory of 1616	4652	chrome.exe	85
PID 4652 wrote to memory of 1616	4652	chrome.exe	85
PID 4652 wrote to memory of 1616	4652	chrome.exe	85
PID 4652 wrote to memory of 1616	4652	chrome.exe	85
PID 4652 wrote to memory of 1616	4652	chrome.exe	85
PID 4652 wrote to memory of 1616	4652	chrome.exe	85
PID 4652 wrote to memory of 1616	4652	chrome.exe	85
PID 4652 wrote to memory of 1616	4652	chrome.exe	85
PID 4652 wrote to memory of 1616	4652	chrome.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://accounts.google.com/accountchooser/signinchooser?checkedDomains=youtube&continue=https%3A%2F%2Fdrive.google.com%2Fdrive%2Fu%2F1%2F&ddm=0&dsh=S1025431254%3A1721379254545207&ec=GAlAMQ&flowEntry=AccountChooser&flowName=GlifWebSignIn&hl=en&pstMsg=1&service=writely&authuser=1
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcbdcacc40,0x7ffcbdcacc4c,0x7ffcbdcacc58
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2260,i,17326638096589014170,16604875950765489936,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2244 /prefetch:2
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1812,i,17326638096589014170,16604875950765489936,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2604 /prefetch:3
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1880,i,17326638096589014170,16604875950765489936,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2480 /prefetch:8
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,17326638096589014170,16604875950765489936,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,17326638096589014170,16604875950765489936,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3740,i,17326638096589014170,16604875950765489936,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4288 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4624,i,17326638096589014170,16604875950765489936,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4632 /prefetch:8
  2⤵
  PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4636,i,17326638096589014170,16604875950765489936,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4976,i,17326638096589014170,16604875950765489936,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4988 /prefetch:8
  2⤵
  PID:700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3152,i,17326638096589014170,16604875950765489936,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1036 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3524

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:456

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3144

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2172
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:5068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1952 -parentBuildID 20240401114208 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 25751 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d77f32ff-7498-42c3-8a9d-82630255752f} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" gpu
    3⤵
    PID:844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2352 -parentBuildID 20240401114208 -prefsHandle 2344 -prefMapHandle 2340 -prefsLen 25787 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8d0a9cb-3ce5-4c74-9c14-3f021eae04bf} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" socket
    3⤵
    PID:1328
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3056 -childID 1 -isForBrowser -prefsHandle 3020 -prefMapHandle 2740 -prefsLen 25928 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5bd7a919-6f92-49a8-9e0c-99766f8b1ecf} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" tab
    3⤵
    PID:3804
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3916 -childID 2 -isForBrowser -prefsHandle 3908 -prefMapHandle 3904 -prefsLen 31161 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ae7ad44-6d41-4a94-a722-2e66d9d8f5a6} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" tab
    3⤵
    PID:5056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4564 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4632 -prefMapHandle 4628 -prefsLen 31161 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c76736b9-ddf8-4a8d-9c1d-739cf53f2765} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" utility
    3⤵
    - Checks processor information in registry
    PID:340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3948 -childID 3 -isForBrowser -prefsHandle 4040 -prefMapHandle 5248 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb7fe677-4c14-456b-a379-f67dbcdd48bf} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" tab
    3⤵
    PID:6084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5400 -childID 4 -isForBrowser -prefsHandle 5408 -prefMapHandle 5412 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab6f7518-ce86-4598-b163-c7442efcabb4} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" tab
    3⤵
    PID:6096
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5616 -childID 5 -isForBrowser -prefsHandle 5692 -prefMapHandle 5688 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d59586c0-4d60-4760-ae19-11e991c2356f} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" tab
    3⤵
    PID:6108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5472 -childID 6 -isForBrowser -prefsHandle 5448 -prefMapHandle 5452 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79dc6925-d472-434f-8aaa-472746be2b3d} 5068 "\\.\pipe\gecko-crash-server-pipe.5068" tab
    3⤵
    PID:5284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
9a0cc32f3bae530614f39cdf2d7ebeaf

SHA1
0386613b8389a64df09faebc8b7a191b366a188b

SHA256
c01fdb322510a2df3db486777e00b22a21f9fe486edcda6750433f87b6cbd48c

SHA512
d09caf2e808ee9230aa359e45dd4646f558795d31071315da6c9d271feb056d2cb2668cba7b1a8c0f439fd587d4d69c15f111558284e21104404a1a0008e5de0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
0ef4bec1761e6bcc25aff9e8d4b4c520

SHA1
e16aa0d4c7840801226bff0ec618eea71dedad2e

SHA256
9e1409db5cea2cb73c8ec62cea573ff5e9c24da167df66f0028480c49084b506

SHA512
e8e65ed87c8584e0a8aa742e894c613f1a1f016e37a4f3c1e649420d3ec6f92375d18d71ae533e4c297776935f1c6e5b4201d18775675452943195b714cfa069

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
b34048941651d4dcaef3b684f9b5aee6

SHA1
06fcb719a0edf64aa5243a76a4de521d2db9a680

SHA256
3e9323a54f67cc3ff9914cfc084a43b423edfb412e206be356185f53a6591c51

SHA512
802600815425ab62dedb6a54b26a03793337cf67709925745ea98501602267b27a9e0832747058aa36aa92d578faf4e3e623cbe957477b01823af48ff16b74d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
b020669126dde8cc3a5faae9007dacce

SHA1
802be7f349d3ad852353c49b516e2d4c1bbcc05e

SHA256
80b745e50107c1b8ce7191a7f6d0e5372dda54ee0c443809eb84b8f88abba758

SHA512
9e23b39bb59c6fd13e8ff6e76ac522e6b5c981291102b0deeb382f10fc12c137cade9dd3d1a7d2947790193748602987145c5bb33ff780684eb2923860820037

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
cc27bbc8901d2c8e652c531bf330616e

SHA1
cdb4420b96e74d22f293da92288a1045180c6e27

SHA256
6870f133a5c1e5260d7222240f62242a254a128ac58b9b900d98359c51ac8d9f

SHA512
0484adcb6c988fc9d51df5754c5061cb00f00b3383dd3a3d53030db02e46347f0c562089943fe0900dd482907077fee78ab85c948c2185c1f433ead70dc14e09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
f8630ac8cbb1d26dfe8a7d6ae8c83d84

SHA1
ccd417f54376fa55c61efed79767917e6db2e1bd

SHA256
994f3d6a29777a72c59bad3f5d173c39eb84791f3d20ce30b94f5797f27c6ddc

SHA512
91184aedb81eb9f9b65e1941d1355f003cba54682b498ebccd47a48c91333b445930c6da8be313317d4e69ea80f4cc1471f8e14971e7ffcedb72d08025dfccf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
54adb520bb077388b271d11b6382deb4

SHA1
7450f028380ab54e37a7b1f697501ed8f4b8c662

SHA256
b5941f94dac771f90a57f9d22f30b638ec3eb3a3f52f3434e630891e511e905e

SHA512
6ee6855236ec0a76df3ea8ef0275363d0838d74200df5c31fb64dc2412f95e199bd869580da506dc1cb71851652e1a3bcb4ec81de93ea67da1225ed33432be4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b107db3827d579bbd1688488d8bef152

SHA1
d116c7c692cca689434bb98f4600cbe5ac086306

SHA256
e59b29f38e47b644bfb86f31f662fbf671839ca2dc713973b79e60e17cc598ba

SHA512
e6c824acdb503c169ccc721728c7e3c28486f3976e419b03b5b54006bda567988ddf7fc668d678ce992c972f9005e6a331e6ac4a43d093e0b497351719df2cee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
0bf3e534dc13f6e706c0e300cde109d7

SHA1
767db442c606292de3034c24b5960c8be1e7b26a

SHA256
f7a24da64834f15d1bb426691fda09584d08ec62bcecd406ef6844c5cb469b43

SHA512
cf13873e4b1db9e2b15f3b35303c79ad1ce17aabe39659ea71b25c985459bfac54e49b3367516c25d52f88498ac03103dd73699ff4f3c740235146b1cb76bf81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
9198343c0d6b0e6b1e402d3ac82692d9

SHA1
558cae84c55785aa1799cf11ce3fa5c64fcba51c

SHA256
37906599b90ca20aee581b7c7982e60c880fb533b2bff9c0717ed8492052092e

SHA512
13a98fd68b863277673ced6e5b7c1e84b4a640a1dbaf11e1868f3c10f5f0ff800c32726cfca0497ee460714a1a7ac085a828e062096cecab9bdb0bd24868b71c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5044f61faff713d3cfca175030686186

SHA1
8ebb303afa6cbba4d7a8627dac6ead777d58dfe5

SHA256
8b4166e4953a7ee5a47334f5a15b0f8df7ca86dc8c6caea852dd80de68702249

SHA512
8a43ba3f5a3f33d7103b639915d28880fecac074ef5bf5ee4214c417762e3c60f438aa32991de15f29c8868100a14c88febfdfe325ebaf6a0729a045624f510f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
441424ac759c17e7f6bc23587bf22c31

SHA1
95543b7ead242a5dc163b54a28c664efeda385b5

SHA256
9864ee9b94298188b37a541db3a71ad09346866d0285c47a1e1a7cdced6fcea3

SHA512
0b24d2a725e035a09629f43611a58b055d610d1242b54341a25b50dab8077405c8346791a750108f9e3b0b385822462dbd84995ca0848a5905c9be00e48a5a30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8edbb4c83acb15d1be1d75f173e89565

SHA1
d6072f45443a85dc307894731b9d70ff6d6c517d

SHA256
6a57952754f7d6e24805e303976e7100e8eeeda36df17246c13b9cd595b9cc85

SHA512
ebe2953492a881cacc9ae43b566933032cc40ade06f2f3c24dc680881f8de00538472be8c91412e1bff2d7283a8b9bd06defa48f49959abecb64d7d54db48c58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7358f5fb671405a07954d6e2f713a6be

SHA1
34c5db7b55239e5ae722c4921cc7d81902981d7e

SHA256
45ffbf9b760ac27685cb10df47ddd22e64bf33b9914ebb2ac2c9f20522eba83e

SHA512
37233388f95cfae0dbf7e44609d9d772eef64af22a65af392792a7b31ec290329b2947c331196f20b6b5ea2f62a53a7ca56f798989787eeb353b7bdb73f659fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
531e2b1292bdc57bf51d2183d514fd17

SHA1
ccb3713baefc7b52c0abfbd02cceabb9aaff2f25

SHA256
e001d41b4238a2147fe05264dcfa72772bb1481017f1af6a918886c3e1d18bae

SHA512
7517754922684dbe7b86550378167abe7ea964d7753a2dfc0ab601f09f6cc8b841dd6ed0b79af67813737b56fb4784e6471930090e02547796a284f7f9b7cf1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8bcbc931a71da26874a00fe3759f9577

SHA1
4589dae89b0a1061adf8996c768d8327f9eb3139

SHA256
4867c1999d2a270a7390b28c6dc3bb5a567b5543d90eb13e975cbd663078b469

SHA512
5e86c23a911d0b47f014862df38f77a256746b04981c47f01f0f1ad457140e09323da057d328dd3b81340ef2c9b29397292636b2ad566cca492fe117519753ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d3e53d312127b14388368951c71f596c

SHA1
152be4e4bcf7379b2fd50853c721ba6a41eda5fb

SHA256
c1e19c43354df39534898bb6ca786e746ac9b843a372051bc74ee5664c20d449

SHA512
d7fa13a98e59b20ff3b736f58c8ac45fcc0e10b730d4cf12009e9f66feaa1fdd620dd7521b90283acb2789c60ea5972273536fc1a404e3ea635726bff8bae0f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ad11b752c6cdb5bebd87e30d916138e6

SHA1
eace564418172d04918557351e68457d07ac7003

SHA256
0ba480f1e6b865ed38f392e9512dceb835e37244ebb9475c4497c15b1a195fa5

SHA512
577f76f6042e8e2ea278945a9dc26097f2509bb4d7ef8c345ab3d5d771c8a6032a69e35f9c3698169394c0ef22eeaa4024020ff592640d7bf2e33934613537cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
89b737913446cc6e929e9ae53e5c80ab

SHA1
e59adcc8137619fa21a1bfd71aa56ca0513cd969

SHA256
9eca0f5286cf15d725db2a1a355b8c4d50cd484f7b3c9cfac68e1356c22840a8

SHA512
116f74f2c8138acde82c3f9f93de8e0136d0fc6f29f99f2fc95ee2cd4acea09d292cf3b9fa7e5ca0f2787cbfc142354e585ea83bb18fac8267c354d310055f98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
30944cbe189fcfbc5391ba5d30489bd9

SHA1
1a5c519a92a19fdcd9de5ac44dfac919bbe6a68c

SHA256
28d59bc15dfac9056182df6fdd5e7788c52210439e0d9d8052ef31e0e05225b9

SHA512
2d71e71e0ec17a29001a46337b9605c360e778abc26a6f8f240d3e333a1c4a70da45596b7bf3d27b86fc3fd58178f8cba95e804902a3cce6363849634364a812

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
901001a37d38ba872f15572703f2697e

SHA1
859176b6138a9f3ab64aa4bade020e87a7c071ba

SHA256
4083fda4518df53d327719a4e542d680f45736577883c917b0e7ebed0e01f134

SHA512
47c59de0cad3fbb7708684d10ffb52beac8ea8d02247b86541ae1cbdbb59e5eecf43daa502e05d54ec2adaf80d6ff062e7ab8a9c65fb9c3cd0e0abd7a6f92663

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
ab5f490348627cea2bd1b1b6b6b2aeb5

SHA1
de666f0b20d069c8c91f47976b4832a9f456a96a

SHA256
c45564fd4d77461b78f10464fd4e11ebcef645ad986e38ed386e3ef1c282d273

SHA512
fcf7298897cbc4587df0a1dd0a1c254c29f841f92cd2f45b32dafbb31b9a55e3d095fdbc79cd92cc28301136225058d26801ef4395fe79993277883b20388cf3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s6dardkt.default-release\activity-stream.discovery_stream.json

Filesize
25KB

MD5
91468868cba41bc5a4497d033d4f2eae

SHA1
0332b92ac5ed0752d6a0e05c66df7fdaedc6b27b

SHA256
a5673ec29824d8b9cc2cfab20962576970f6527dd82b8f5ace6b583efc682bd2

SHA512
f546e483fd91ec0c612b1ceefa395e690501a8a0c02a51020a544508925a96e421f5fb9381839fa2c993ddc5e0a0f1983e3d3e3daa7f73be201c3ab375d166a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s6dardkt.default-release\AlternateServices.bin

Filesize
8KB

MD5
368a46434590fed6c94de71a294509d7

SHA1
fa6a0bfa1d3bf8e291bfced8ac9dffe2d5079e7a

SHA256
6d2576e3b0210d0c1dbb5ce7ceebc821131c4f473094469bb0b8a273e97cacd6

SHA512
40b50999cc26f36a522207bd8bf541da7af666bb5b3c28b7e2de271d44afa7e98ffc499c3a10cd88c69d4b12cab24de2bd4e595486b61865f651b77c9d3586d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s6dardkt.default-release\datareporting\glean\db\data.safe.bin

Filesize
16KB

MD5
ac36b33f4cb423ab119fc11db83ef495

SHA1
f4e7fa8dfb932ac2d09bd8231474f4b675717055

SHA256
704a8cc3f94a45a56215ff374b9d8ee5b1af2fa22e169d7888fc0985781b96f3

SHA512
d947fbe633237dd927cb112db76299263249fd4ffdb3931d9348d122377d828179fda55787eefbe77ffa64830767f69917c9793a60d299712d62c143356b8f31

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s6dardkt.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
5ec436fdc2459c210814566f1921e717

SHA1
c4967f6248df508e7cad305cc710ade3da357333

SHA256
686e6ad66bf8a79db910aecad64eb00a636c1f0e8d20148b28e17bd2792e5e86

SHA512
8ae22e0c49fdca6bdc75339ef6085de045cdce78ac035b5e36065c26fb8c9778baf88fde46619b409dd69067be048c0492dd525d5b6d2d50aa8decb03c8fdb6e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s6dardkt.default-release\datareporting\glean\pending_pings\6445086c-2a70-498a-a377-4a7268d5ba1f

Filesize
25KB

MD5
339dca798b14f2961d1efac543ef864b

SHA1
c19d99cb4a032f57a8fc4033a7fcc158cb4ef5b8

SHA256
3d596e3afdc86a5587bb04d23da93bb2964364491be07a5ab764482bf03395d1

SHA512
f4ae17c38ab131ab20ecdc931475a9761e751926634cb4aa35dd296bd038eccceb6cdcd821fbde3f53597980e42d8fc5b273c7d3e3e3c8dc7b4057c34cb9495b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s6dardkt.default-release\datareporting\glean\pending_pings\aca8bae5-73e3-4fe6-bfa1-d410ae982a77

Filesize
671B

MD5
bacbff2fd084b9c77aacd727fb1f1402

SHA1
4a7aa41193ca9c933f184e6588cf724fd51e5f8e

SHA256
02f7487fc06796adf3f14d1a58318ade83b56af7e066e52b74cce10b4e633103

SHA512
335e9e8234ae3447753927a0b3ac4674e6f0722a488feb485b5990814a0150c07d121ef1962eab0ff0f8ed855af63a6c944ea71d48428a35af40afed11577eb0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s6dardkt.default-release\datareporting\glean\pending_pings\f6c52d75-c1ac-43f4-96a9-193fddde2d73

Filesize
982B

MD5
c387f68f5e573e1580348fa87af34429

SHA1
cc8a23292b656005aacda336e6c78c9137fa8622

SHA256
d33eeb478c87cfa23184491f288a10cbf50054de49266fbed9ef97ef6dda4bb4

SHA512
7fb280c68c6a6f9c29b531ad74f27eb65f5be7b9c27ed3045024201d5a5dd35b07ca8a1bb443f3a5f86e3250e38dd1ba4b01ce8a09800f46a9e4e33f193fb246

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s6dardkt.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s6dardkt.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s6dardkt.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s6dardkt.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s6dardkt.default-release\prefs-1.js

Filesize
11KB

MD5
3e490773b675b02399b129e7e14b6ae8

SHA1
3884f549fcd7db4d8091a974c89b3e7d7c44abb6

SHA256
6de1963dea677b433594cc89221ad93518aeb3ef9b7614416a10d34899c8590b

SHA512
1b0745850fd4f59e362377cde1c8f2dac06f20c1a935d602331eaa602f258d0c0256d42187e9e6fb3c9bb661a8eb53d0ebcef1d8c3588ff5427a4aaaadbcf2f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s6dardkt.default-release\prefs.js

Filesize
10KB

MD5
d9b3b993e0c811c18a24f8a176ef339a

SHA1
0c9dd5bc055b95867701ad8250fa4165cdc11b36

SHA256
b5209f208be012857d9d6d1a3cd1c34c7888a6f115f21f0a4128c8b0f56b7941

SHA512
669fc96add012aa3ef771d6a59ef1129972f638db3c3e06b80cc1e4b529874ece78982ac20a9e0f27a1205bb8c9892e02953b585eb0f5d57e17bf2d9c0583d4e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s6dardkt.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
d71dceb398e5cc8d576fafc993e4b039

SHA1
21d611929d977854e63662c58d733b57e53193bd

SHA256
a1b7993874ad5ea4cee91ce4de986aba0ab1a1d9e75350b88168517214ebcc2b

SHA512
f136bd904c9f981c5bb695c00dc39bf2dfab894a61841f2d046fbeeff61e49afd19434607c0346b3f7de7af3ba34becf356185cb5bb83a2395d299068b3def84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s6dardkt.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
d6e247d747d1d2a2ee9697d5176e4221

SHA1
b085f4a8916d556cf20366e5b780e48e1f9dfe74

SHA256
5a757337fe3f4d9474917b9aeacfbe3f3c91dd614579428f5f2c24f3ae43f66d

SHA512
79c81161905a9677d9297bf9cd39c0f8e845994eaa9dc55c1f404f6e50aefae07ced9d91c7e6f2249c3324d792bb03c22135847bd05477b092e1d51fefb9eaa1

Download Submit