lokibot | 26ec8889be17f20897c654662e9143d0f987a2054f352b919d55d9769be14316

Analysis

max time kernel
351s
max time network
304s
platform
windows11-21h2_x64
resource
win11-20240730-en
resource tags

arch:x64arch:x86image:win11-20240730-enlocale:en-usos:windows11-21h2-x64system
submitted
02-08-2024 16:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d1ed72922a3e987090ae3465ce27aa582e0101b0211780a0a796684a8f798da9.exe
Size

104KB
MD5

b5a3cb742c0cc8585a3fd090b4485652
SHA1

e602a85de0d186b8e740952e136cc8b33740d6b4
SHA256

d1ed72922a3e987090ae3465ce27aa582e0101b0211780a0a796684a8f798da9
SHA512

245dfa252dc6d8a57e5cd0f5825aba1b11006cc3ddf4f8e6bee6af5fbac46345666882d2a2af9229b27491aa930407b3ab13ecf3b7a0c810e1bd79f1627225a7
SSDEEP

1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG

Score

10^/10

lokibot collection credential_access discovery spyware stealer trojan

Malware Config

Extracted

Family

lokibot

http://svit-zer.com/cjsettings/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Signatures

Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
trojan spyware stealer lokibot
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs

collection

Email Collection

T1114

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-2629259545-4196337482-2684730723-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	d1ed72922a3e987090ae3465ce27aa582e0101b0211780a0a796684a8f798da9.exe
Key opened	\REGISTRY\USER\S-1-5-21-2629259545-4196337482-2684730723-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook	d1ed72922a3e987090ae3465ce27aa582e0101b0211780a0a796684a8f798da9.exe
Key opened	\REGISTRY\USER\S-1-5-21-2629259545-4196337482-2684730723-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook	d1ed72922a3e987090ae3465ce27aa582e0101b0211780a0a796684a8f798da9.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d1ed72922a3e987090ae3465ce27aa582e0101b0211780a0a796684a8f798da9.exe

Checks processor information in registry 2 TTPs 36 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133670885348331356"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2629259545-4196337482-2684730723-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2629259545-4196337482-2684730723-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2629259545-4196337482-2684730723-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4368	chrome.exe
4368	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3956	d1ed72922a3e987090ae3465ce27aa582e0101b0211780a0a796684a8f798da9.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3956	d1ed72922a3e987090ae3465ce27aa582e0101b0211780a0a796684a8f798da9.exe
Token: SeDebugPrivilege	4564	firefox.exe
Token: SeDebugPrivilege	4564	firefox.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4568	firefox.exe
4568	firefox.exe
4568	firefox.exe
4568	firefox.exe
4568	firefox.exe
4568	firefox.exe
4568	firefox.exe
4568	firefox.exe
4568	firefox.exe
4568	firefox.exe
4568	firefox.exe
4568	firefox.exe
4568	firefox.exe
4568	firefox.exe
4568	firefox.exe
4568	firefox.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4568	firefox.exe
4568	firefox.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4564	firefox.exe
4568	firefox.exe
1284	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3740 wrote to memory of 4564	3740	firefox.exe	90
PID 3740 wrote to memory of 4564	3740	firefox.exe	90
PID 3740 wrote to memory of 4564	3740	firefox.exe	90
PID 3740 wrote to memory of 4564	3740	firefox.exe	90
PID 3740 wrote to memory of 4564	3740	firefox.exe	90
PID 3740 wrote to memory of 4564	3740	firefox.exe	90
PID 3740 wrote to memory of 4564	3740	firefox.exe	90
PID 3740 wrote to memory of 4564	3740	firefox.exe	90
PID 3740 wrote to memory of 4564	3740	firefox.exe	90
PID 3740 wrote to memory of 4564	3740	firefox.exe	90
PID 3740 wrote to memory of 4564	3740	firefox.exe	90
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 544	4564	firefox.exe	91
PID 4564 wrote to memory of 2408	4564	firefox.exe	92
PID 4564 wrote to memory of 2408	4564	firefox.exe	92
PID 4564 wrote to memory of 2408	4564	firefox.exe	92
PID 4564 wrote to memory of 2408	4564	firefox.exe	92
PID 4564 wrote to memory of 2408	4564	firefox.exe	92
PID 4564 wrote to memory of 2408	4564	firefox.exe	92
PID 4564 wrote to memory of 2408	4564	firefox.exe	92
PID 4564 wrote to memory of 2408	4564	firefox.exe	92

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

outlook_office_path 1 IoCs

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-2629259545-4196337482-2684730723-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook	d1ed72922a3e987090ae3465ce27aa582e0101b0211780a0a796684a8f798da9.exe

outlook_win_path 1 IoCs

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-2629259545-4196337482-2684730723-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	d1ed72922a3e987090ae3465ce27aa582e0101b0211780a0a796684a8f798da9.exe

C:\Users\Admin\AppData\Local\Temp\d1ed72922a3e987090ae3465ce27aa582e0101b0211780a0a796684a8f798da9.exe
"C:\Users\Admin\AppData\Local\Temp\d1ed72922a3e987090ae3465ce27aa582e0101b0211780a0a796684a8f798da9.exe"
1⤵
- Accesses Microsoft Outlook profiles
- System Location Discovery: System Language Discovery
- Suspicious behavior: RenamesItself
- Suspicious use of AdjustPrivilegeToken
- outlook_office_path
- outlook_win_path
PID:3956

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3740
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2008 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1916 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca4dd44f-2ed5-47e6-8f68-f1f09a25dc51} 4564 "\\.\pipe\gecko-crash-server-pipe.4564" gpu
    3⤵
    PID:544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2392 -parentBuildID 20240401114208 -prefsHandle 2384 -prefMapHandle 2372 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9bc673a0-a545-43ac-89bc-22f3781031a8} 4564 "\\.\pipe\gecko-crash-server-pipe.4564" socket
    3⤵
    - Checks processor information in registry
    PID:2408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3176 -childID 1 -isForBrowser -prefsHandle 3168 -prefMapHandle 3164 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1328 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f23bd74b-2b6e-4972-8139-db780c970076} 4564 "\\.\pipe\gecko-crash-server-pipe.4564" tab
    3⤵
    PID:2332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2712 -childID 2 -isForBrowser -prefsHandle 3836 -prefMapHandle 3832 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1328 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c01f3f3-c933-4f27-94df-4f4f929ce3b7} 4564 "\\.\pipe\gecko-crash-server-pipe.4564" tab
    3⤵
    PID:3152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4808 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4800 -prefMapHandle 4788 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {956b1aee-18ae-4500-9bfc-5fb2244b3241} 4564 "\\.\pipe\gecko-crash-server-pipe.4564" utility
    3⤵
    - Checks processor information in registry
    PID:4076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5384 -childID 3 -isForBrowser -prefsHandle 5344 -prefMapHandle 5356 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1328 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {98ac592a-f4f8-440c-acbf-14d050c68be4} 4564 "\\.\pipe\gecko-crash-server-pipe.4564" tab
    3⤵
    PID:4388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5528 -childID 4 -isForBrowser -prefsHandle 5384 -prefMapHandle 5200 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1328 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ad0d679-657f-4627-a6f7-2d327f20a34d} 4564 "\\.\pipe\gecko-crash-server-pipe.4564" tab
    3⤵
    PID:1032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5384 -childID 5 -isForBrowser -prefsHandle 5736 -prefMapHandle 5680 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1328 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95d76f3a-9ece-4c9d-a19e-3128f872640e} 4564 "\\.\pipe\gecko-crash-server-pipe.4564" tab
    3⤵
    PID:2948
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6068 -childID 6 -isForBrowser -prefsHandle 5980 -prefMapHandle 3592 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1328 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7fff3920-36a6-4ec5-90d7-4918582644dc} 4564 "\\.\pipe\gecko-crash-server-pipe.4564" tab
    3⤵
    PID:1560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad615cc40,0x7ffad615cc4c,0x7ffad615cc58
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1964,i,13686196587010221353,13199836673584079721,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1792,i,13686196587010221353,13199836673584079721,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=1996 /prefetch:3
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,13686196587010221353,13199836673584079721,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=2244 /prefetch:8
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,13686196587010221353,13199836673584079721,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,13686196587010221353,13199836673584079721,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4384,i,13686196587010221353,13199836673584079721,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4432 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4612,i,13686196587010221353,13199836673584079721,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4752,i,13686196587010221353,13199836673584079721,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4644,i,13686196587010221353,13199836673584079721,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4448 /prefetch:1
  2⤵
  PID:2088

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4268

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4300

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2460
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1960 -parentBuildID 20240401114208 -prefsHandle 1876 -prefMapHandle 1868 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9277aaa-a783-43d2-b2ad-1aeeccdbb560} 4568 "\\.\pipe\gecko-crash-server-pipe.4568" gpu
    3⤵
    PID:1588
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2360 -parentBuildID 20240401114208 -prefsHandle 2336 -prefMapHandle 2332 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {90430b31-4f80-47d0-864d-a6abb63a0568} 4568 "\\.\pipe\gecko-crash-server-pipe.4568" socket
    3⤵
    - Checks processor information in registry
    PID:2008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3032 -childID 1 -isForBrowser -prefsHandle 3060 -prefMapHandle 2836 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5621f346-23da-454d-805a-96f32d86e3dc} 4568 "\\.\pipe\gecko-crash-server-pipe.4568" tab
    3⤵
    PID:740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3448 -childID 2 -isForBrowser -prefsHandle 3600 -prefMapHandle 3456 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a166da6-8352-4f0d-b977-5ef23f0a7738} 4568 "\\.\pipe\gecko-crash-server-pipe.4568" tab
    3⤵
    PID:1060
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3880 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4668 -prefMapHandle 4664 -prefsLen 29142 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e278244-3eeb-4457-923f-0b54a45f8ec8} 4568 "\\.\pipe\gecko-crash-server-pipe.4568" utility
    3⤵
    - Checks processor information in registry
    PID:224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5316 -childID 3 -isForBrowser -prefsHandle 5308 -prefMapHandle 5304 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {def3bdee-fb97-4d6e-845f-aef47f7376d0} 4568 "\\.\pipe\gecko-crash-server-pipe.4568" tab
    3⤵
    PID:1248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5428 -childID 4 -isForBrowser -prefsHandle 5348 -prefMapHandle 5352 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a44d8fb8-170a-4357-91f2-7d54e2b05133} 4568 "\\.\pipe\gecko-crash-server-pipe.4568" tab
    3⤵
    PID:4944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5620 -childID 5 -isForBrowser -prefsHandle 5540 -prefMapHandle 5544 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4817604-5a07-45e1-bf49-221d59155767} 4568 "\\.\pipe\gecko-crash-server-pipe.4568" tab
    3⤵
    PID:4564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6020 -childID 6 -isForBrowser -prefsHandle 5372 -prefMapHandle 5376 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c26ed38-260b-4d9a-a114-7f16ee0f195a} 4568 "\\.\pipe\gecko-crash-server-pipe.4568" tab
    3⤵
    PID:1256

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2084
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:1284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1992 -parentBuildID 20240401114208 -prefsHandle 1908 -prefMapHandle 1900 -prefsLen 24528 -prefMapSize 244985 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6f31a5c-b926-479c-bf44-315b0b39483b} 1284 "\\.\pipe\gecko-crash-server-pipe.1284" gpu
    3⤵
    PID:2708
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2360 -prefsLen 24564 -prefMapSize 244985 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d74b1b27-62c0-4262-aff0-d16156acbc9d} 1284 "\\.\pipe\gecko-crash-server-pipe.1284" socket
    3⤵
    - Checks processor information in registry
    PID:3524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3056 -childID 1 -isForBrowser -prefsHandle 3060 -prefMapHandle 3140 -prefsLen 24705 -prefMapSize 244985 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d66d11b-321e-45cb-aa64-b40f456bd297} 1284 "\\.\pipe\gecko-crash-server-pipe.1284" tab
    3⤵
    PID:1084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3616 -childID 2 -isForBrowser -prefsHandle 3612 -prefMapHandle 3608 -prefsLen 29938 -prefMapSize 244985 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a60443c-2334-44ee-b9f6-930daa2857f0} 1284 "\\.\pipe\gecko-crash-server-pipe.1284" tab
    3⤵
    PID:1116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4524 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4464 -prefMapHandle 4520 -prefsLen 29992 -prefMapSize 244985 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e90b1a32-2ebd-4ac2-91f6-919932d699b6} 1284 "\\.\pipe\gecko-crash-server-pipe.1284" utility
    3⤵
    - Checks processor information in registry
    PID:3448
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5216 -childID 3 -isForBrowser -prefsHandle 5208 -prefMapHandle 5204 -prefsLen 27460 -prefMapSize 244985 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e57de29-06e5-4338-ae89-79adb232483d} 1284 "\\.\pipe\gecko-crash-server-pipe.1284" tab
    3⤵
    PID:1372
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5188 -childID 4 -isForBrowser -prefsHandle 5360 -prefMapHandle 5364 -prefsLen 27460 -prefMapSize 244985 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7f2c1c0-ee71-4924-97e7-3b7f76b5c32e} 1284 "\\.\pipe\gecko-crash-server-pipe.1284" tab
    3⤵
    PID:4488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5544 -childID 5 -isForBrowser -prefsHandle 5620 -prefMapHandle 5616 -prefsLen 27460 -prefMapSize 244985 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7542175-b609-4198-b52f-ff7f55912ca1} 1284 "\\.\pipe\gecko-crash-server-pipe.1284" tab
    3⤵
    PID:1752
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6100 -childID 6 -isForBrowser -prefsHandle 6032 -prefMapHandle 6024 -prefsLen 27460 -prefMapSize 244985 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9895e058-5ccc-416c-8c28-39d1a3d74ea8} 1284 "\\.\pipe\gecko-crash-server-pipe.1284" tab
    3⤵
    PID:4220
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2712 -childID 7 -isForBrowser -prefsHandle 2724 -prefMapHandle 3908 -prefsLen 27460 -prefMapSize 244985 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdcea4ee-9335-48c1-9af5-0c8b2a477d69} 1284 "\\.\pipe\gecko-crash-server-pipe.1284" tab
    3⤵
    PID:5048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2724 -childID 8 -isForBrowser -prefsHandle 6288 -prefMapHandle 6292 -prefsLen 27460 -prefMapSize 244985 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ffb7f667-30b8-4b20-bd0d-e508b3ab8c8c} 1284 "\\.\pipe\gecko-crash-server-pipe.1284" tab
    3⤵
    PID:2484

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Email Collection

T1114

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
9f1af6107e5d8e1fc475780467964dd1

SHA1
5d1923a9b51b39325d0f22b4cd17bad30dd709a4

SHA256
7107b737c02296835704080cdb7fd51af7b90c11f8f8e59753d4ffbc025ea987

SHA512
6bc657c2a2c71484009ae26af80ab46c627e39b4f9d95163d45c93313d2d33700a27c2335925897b2a2fbb6f20446a7ad081ffaeca1dda782335d88d86e1ba07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
a43aa9f1eff97d27e9ffc6f25bf08ecc

SHA1
078c6b87a7ac77af9c0d42bd411481efe9182a53

SHA256
b79e7b8b5fe76443dfffe3d3d08999a07ce7399c858b1b05df131dced9b66b4a

SHA512
2e26055a6065401a2acdea855b53c7eb015877d1a30a34ca0521721da894ba38be2d4772656593bdb1fc525914906a20b33b9af83a3415c76af15ada27ef85f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7d83c98806a2cf233fcdc8496606c512

SHA1
4e34c82bd77505c85f30e11782ac98ee4a4900a9

SHA256
fd2209140f6cd78b511e7a85b408840913dc68626c411f6628a0c1c8e276ad85

SHA512
39133d269f4f23b132fd3ee9951d76ec8fdf740942361a0ac2a0e1eca3105119162d3a8d9fcd88bc4540c5e96879fb97da2f8c9abc4cda9b01eaa6b1fcaccdcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
bbed1ecbd14bc07201dbce2771503965

SHA1
598f7ffd3d057194fb66f84c6706adf58499646a

SHA256
e7ae3bfca54285bfa387fdcc235dcdf8d0d78bf8c2fe5b47e7532655e2321749

SHA512
52f8c33e18995573b47cca44e2bc5d00506701473984e169ceaa35c311f5e1f67032af9729b7feb31614b69e03449fa75d92d5e6236e76bbcc2074e0f0f9ea0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
bff00e07241665b6bc8fcc40ba0e49d1

SHA1
55e1dacacbbd325174f689cdf8d94102493b6a55

SHA256
10bfac2459815c7398fb2fb481efd178772f9585972663206c23b38dc56b1f2f

SHA512
1c89c2fb064ce8485bced21cadade46895184f2613f21ff6a521a141bf9746069697f1e4ae999a4daaea3d21625b707173758854134fb3e3da8fdd430adac0b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ad7e67ccc4a37b7636f3890246e4cd12

SHA1
aa136c40628faf70ffd1e832655069c270a8aafc

SHA256
7f4834b85477e4aa374e1a91dc4ef333d3c8529b36ec331719bfd2a37538af7b

SHA512
dd9db7f4721305481c6e5bfca764e45ac7f925127bc5f94c0375a5e7e3026cdee41ed8560ea30e14f3b2d985b875cc3f6c0d9bbc96ad73203c00de9c9c3ad0bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
47c57b76415c96d517f75400396c195a

SHA1
4e62181aff8f94b6643969281ddd2dfbe4e9581f

SHA256
3bbff328d2d7bb3000de5531cf3b28cf31486405bb43bc9bdccf8f5d589d41f7

SHA512
23bc28d98225451fd64beb916b66b00d68dbeef448f5bfb91bcde9c90f41effb536220ac7c2a10fa8b044d7f9eb03745cb8a148eed508bf5ec55bf7542da2f3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7d330ef54c852145e5ffc2f90d610ea7

SHA1
f5c4e933e07c69e1853f99a71839318280b2b1ff

SHA256
d2803b4c1076caf520081ec8f8957942a558cd1320868b246e9b7aa3444827d6

SHA512
e1dcd04ff68529956152ae120dd2ddc356c10ec7dcbae770d14b1cc88e4f3cd4b196fec7686d25f49c6bbd2f92655959f1ceac74acb958c6a9ebe9ae4e015aca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a1058aa3d08938995936aaa4e8502789

SHA1
ef24ba204a4088aaf16287c7505b1805420ecc82

SHA256
deab522c0022c088ecf807b6c45a8220529037dd04c99fc8339666435973c9a8

SHA512
37d005c5ca1d5e3a434d85194b9d80f5e5f4e2bf5dc54cc95a0c98d44da8583a8fd4566de201bf80f88290310e033dfd2d9c710948cd9b14dc84e95880c29125

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
9ca4ddd6d03cb635b6ca1d5c29a5577f

SHA1
7e984d92ee488b3668f459b6f2a45ca6ed1587df

SHA256
8acccfa2fa3412b84f6cec206d6727ba231d46fc7b3e4765c9067cf5645b1470

SHA512
cc0bce070608ec8cda68dd0c2337aa01c8479ae8dbd389ea20fbf05d05f5a60315324d8d10485f67563e6a359c63c638f340ec75026959cbc90246fbda93b860

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
15f0073a02032b0e26c597992bec92c3

SHA1
52e6ca2b3531023055778583b5e7b3189521dd0c

SHA256
e6e8c022ae0d30b11fe1067d6284f1da970953f6936c7eedbcc5b484829abedd

SHA512
517ba7475e3afdd0aea02d5689075badac3ef2a3d8fbec1fa05ac2b82a2529bbcaaf8baee1cad173a2a97ef3064a49c7e53ca830f9d788ad5aeb23948ab5d415

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
993baac083b289d608565f3a1f1b5e16

SHA1
5bd2d99dce9817443cb4c5ac4f7d0d0e1e372551

SHA256
e28855068c204970943654f342c2f00213dfd09d1fdedd0167cba02fca15b2fe

SHA512
5bda4595c0da47c998289f00a422d48177348a34f0ee18a13fe021cce8af9846306fcbefe46947a6ce1c9d8d0bdaa299371b67c6a7e4f992593ea038053cecb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f871142e50bc99bcbd84c963119c434e

SHA1
fb2e37404be56f6796ded7548c070d25185fcaa2

SHA256
209d4cfd4afee24796c21d2e6d8aeabb9a5310aeb42e647d902b28dbe739a42f

SHA512
51ff3ba979bc0bc5e1db212d7f54bbec61777f4fa39a264c97122a06deab8530bb47cca047cb270f553df83abf6514c192e6003a5b1f251e2ae6bae581f92799

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9ig7zofu.default-release\activity-stream.discovery_stream.json.tmp

Filesize
21KB

MD5
34df582b95ab6389e864b0430365e5fd

SHA1
c1d05a55be1e5a7d7bc84368d429dd73560f0ebb

SHA256
2e3d4566af0b3d60472956f9aad0ff31568cfc59ff3d80562a6f0ef6f7069cc0

SHA512
f0b61f75fbb5bd0a6da49899bbff01c30023f3ad4359e6b30757d684034e9f07a011e3d80052b508e78044095831ceaa33a48e6e311deba859a1620005b635b5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9ig7zofu.default-release\activity-stream.discovery_stream.json.tmp

Filesize
19KB

MD5
637cb0d498ceffe1eb9ce2affff2c651

SHA1
a0de334a7eb22e01a03b0a7c41873c49b00bcda4

SHA256
05d17152a23f84d06c1f13972986b40dcff8bb9c21f37601a027b1a4e7f6896b

SHA512
2f8d89ba8709f521748bb2bc3dc253d781403647338e8c98585fc38e0aa53e707dc0bbe538d3a0a7d764095d28e4b95a942f70fe790301b937f13b6c797f85ef

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9ig7zofu.default-release\cache2\entries\102C97C313977121880140E55B83137D816F3305

Filesize
11KB

MD5
74fb29c6d5b5825c883c37708fde6553

SHA1
3b4ec8f9039df3d4d2e65fd1a0344fed97e0629d

SHA256
6666fa7b2aff95b0028b201e44a10f10c57427413a2b6e1515cf8b4dd1224d98

SHA512
c7983fcd7def89aa5689045069f488e9d1963534e6210c2df9af9d7addb5b0a43d99ad18e37bb360836a334f061d3c3d08f706e974a5ac5f8630a0741632dd9f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9ig7zofu.default-release\cache2\entries\2108B8E36CB75C3FA2CB76D9F7771CF898537F81

Filesize
98B

MD5
485e424ce44b77d0223dcbaff60fff2c

SHA1
01194607fa9f1cf69d3c22825fa026190efcc546

SHA256
f2a43b015eb247183b22ae60d292e128ff821338e5e581998025ce6060cd2b48

SHA512
1bf5c47fa15ea6247a4896dd380a95c2365366799523e5a7f4784c64320bf5dc3d1281fb0e1ac62381af02d7dfd8d8ff3a96526b5a0e47a8fe3838aeb0c042d4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9ig7zofu.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
822359bc5408a754b5c8be677110d2d3

SHA1
627e1e697a9a0497bb8556e3c06f139a29e558c2

SHA256
cd568aec891a6d2243756d82ede7f7a9bdb620e9584f6dc5cb1bf06eaedd4f39

SHA512
7367d9ce403409b7d732e5aed0bd7ebf2f4f215e0bf80586e2dfd748ed3657e28a37a55c1e4ff85de90b4aab2f056cc7cfac5d390e442bee65f10894ccb13f76

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9ig7zofu.default-release\cache2\entries\68BC2ADA259BF925235C7E6BF89FCA3B60EECD19

Filesize
60KB

MD5
53abf33ea7e7c670dfcead836a92c231

SHA1
f4a620677dcf633f005da9105af4df31c536eb09

SHA256
6a09bc031018d0ab45a1c35ba75a42717cd65e748624240705f1c92dd5a95b36

SHA512
5610e0a88048c3215b5784b8f8ba1b852528a426e9fc84c6c79644032b5e763b1c4861cf8285e8de3eb51e30bfa6c0cec4455d0983f62831e84d788c0c0ebd03

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9ig7zofu.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
15KB

MD5
f4d8129959d37feae5ebc97711bafd30

SHA1
d4c67f07ef25761a89225423488191654ff926c4

SHA256
63b24f2830e1fa1debbd8defba3adaf484b4ea585cc780d5927ec4c48a6414ba

SHA512
23da149eeae6b2c316ee83fa958f6f2abdc8e91c41f0ee0319b91e0929e0f7ad18c867c8208dfb9ba9d2e73b5b61846a78bb375bee7c364015eacadedbad594f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9ig7zofu.default-release\cache2\entries\7BFCF32544F467F973AF267DF4EB4842EDED0C1F

Filesize
16KB

MD5
068feb76c5a42c7b3a2adb64b9b15548

SHA1
bd0db11c3e993a6b3f9fe2f1040dd720f0ba744d

SHA256
142cb19b460cf60d4749791cf69b4aca0c6591da8e1ad79df9186da8874ac36e

SHA512
c91ea6912802d5f62e7a6e3985f41e1574dfe11090ec2c5d99933492705feb1d7f30c668c4db11349e664bbb1dbbf414552d6e188240ca59776a3cdd576571da

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9ig7zofu.default-release\cache2\entries\8709E8A0A3A140D3BA059C3A07420EF01DA5FB25

Filesize
32KB

MD5
353d1eda6c0be60c61f89cbd08a2eab3

SHA1
4eaa5a89beae0c782de3fda74ed7a2ad328ac597

SHA256
ac0c696ef2efe8592788931e9877c0f9bd35c7b3b0ee0b33fe7ad2ee20d905c8

SHA512
8650301e2309f8f691bd217426833a8ccb964665f6a9c7aecac65d4999b5299b6faddf54e45e028418441451a46434379b5e51ed633828c999c2f71a57a3ebb2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9ig7zofu.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
7c8c2bab01fc13bf913aabf926e940d2

SHA1
ddc91c3f04ef9bf5d385c01f8ae68ce31db2c5cf

SHA256
d792926760179fc690f5e5546f5ce4ad12ecdd3404506d74112ea37781dd3322

SHA512
1aa8b97e49939f013c8ddb96736b81de4d6f213572112e4a1babf923b452009d38dad2e5e78443e1ce0907b9b310757219ce1b86ea37024b8095ea499c27e756

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9ig7zofu.default-release\cache2\entries\D0F48A0632B6C451791F4257697E861961F06A6F

Filesize
62KB

MD5
33c6895a93d3227e33d97de209cbb575

SHA1
b8012f2dc179d36c72993eeb269a03a5e4c76244

SHA256
5c079d29461c09fb583464974247667514cf501760518e81352cc21d19fc481b

SHA512
ec68db61820d85eba19b7b152123b841d4b0045b2838462d8440c2c58b9105537f43a98fb717a7add50a05204e9519f79acb84b60d681482a8ef89d7690c6099

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9ig7zofu.default-release\cache2\entries\D0F48A0632B6C451791F4257697E861961F06A6F

Filesize
131KB

MD5
1c94da0256cb568ee64e4299d326a514

SHA1
97b7491c29d81b820311d906fcea3374e8247c61

SHA256
e7619481cbb28ad878d3c7f33c86157ab9fa4f13a7d49e35b80cd5f349189543

SHA512
3a3e14726b79b731e20cabfcb842fffac562ce4fbe3a65bb92313926451a519292d6766b937656900538a4f4902789d3354afe23275763093bfdd3fd60074c41

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9ig7zofu.default-release\startupCache\scriptCache-child.bin

Filesize
791KB

MD5
aed955615d828ae662e4219c162620c8

SHA1
6e4d39aaa539fb3c4a2ae4dc8a09421268308da9

SHA256
91496f88ee3f97d2c39be355392ae847a3d2923f87da7696e76e24573dc9920c

SHA512
ccbd38895cd2d8f5bd9d6c29e90d07efea7822dbf15aa406b6771dc4d10c5386399d0a56d1eaa05b9d8771951d7648413996e4c4a7b879e481158f1e857dd466

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9ig7zofu.default-release\startupCache\scriptCache.bin

Filesize
8.6MB

MD5
ebc924067277c6936e28d8b4afdda701

SHA1
9fb1b705c229631e17f122e4e3a7bb52c63d2fe2

SHA256
cf21a13d290205e97b9f34af5bbc97691ee4c826301e0c6f1de9649ec5020813

SHA512
bed22d35d02d6420daaac2a7ab091970c1e28b061c72b400f7fa5983afd22e7ad908463191e834d85906d9cbc81bad13d31b9738ee814e0d457288023c2183d5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9ig7zofu.default-release\startupCache\urlCache.bin

Filesize
3KB

MD5
98fb7d20bf0377fc76db3c265c995697

SHA1
51c321e1ad6d4eed959074e07974d994bde1718d

SHA256
7fd7ca45f59af29ad5738aa6c3ef2fd6f49d044f91cd0aba1707f947e872a384

SHA512
5fe77a0d86f8f67a0e9d3f9f0a8f27e836807400ee8fa27313139f90df2f90289849aba717ec777c736aaeb6baa7f64f7224c25f3e4fab220e6e261a0fe61f06

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9ig7zofu.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
447e4d2cae2b0eccea4732cc4f82854a

SHA1
ffcd759380734f83bace713d2764f9cc433f874b

SHA256
979c020edf4d2b2db556426c10c073b952701fb07cb761093294349f085e8737

SHA512
11e155a03073a233501af17702a03c42d70bed9cd10b8375951989d09d0e8b29b57d3b8d2881b533ffcecbd6e32a40e1efdd864f1cc4d4279d6820578a7974b1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9ig7zofu.default-release\startupCache\webext.sc.lz4

Filesize
108KB

MD5
18b3711a77eadb1031deae15d2641565

SHA1
42e55c1648b42a356608fde19efeb6ee0ec6dba4

SHA256
7baf75cf5422892cbffd6eb6710188a266c8fdc5e9e44e256f7a2049d4a8e53d

SHA512
6169090d47fc88e3dd4142e92e484f598d5849afd3b03992a938c5b83dd02ddcafe87a368f05abb7f0bd25f3ffa959dcc21ceef13f60b124d8667487b7e4f603

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2629259545-4196337482-2684730723-1000\0f5007522459c86e95ffcc62f32308f1_26d572bc-c792-473a-b576-eccb07b6cbc1

Filesize
46B

MD5
d898504a722bff1524134c6ab6a5eaa5

SHA1
e0fdc90c2ca2a0219c99d2758e68c18875a3e11e

SHA256
878f32f76b159494f5a39f9321616c6068cdb82e88df89bcc739bbc1ea78e1f9

SHA512
26a4398bffb0c0aef9a6ec53cd3367a2d0abf2f70097f711bbbf1e9e32fd9f1a72121691bb6a39eeb55d596edd527934e541b4defb3b1426b1d1a6429804dc61

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2629259545-4196337482-2684730723-1000\0f5007522459c86e95ffcc62f32308f1_26d572bc-c792-473a-b576-eccb07b6cbc1

Filesize
46B

MD5
c07225d4e7d01d31042965f048728a0a

SHA1
69d70b340fd9f44c89adb9a2278df84faa9906b7

SHA256
8c136c7ae08020ad16fd1928e36ad335ddef8b85906d66b712fff049aa57dc9a

SHA512
23d3cea738e1abf561320847c39dadc8b5794d7bd8761b0457956f827a17ad2556118b909a3e6929db79980ccf156a6f58ac823cf88329e62417d2807b34b64b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\AlternateServices.bin

Filesize
12KB

MD5
4a05a8a32590e1c759552df6435305d0

SHA1
70a73ec27455525a5bb54fea76414a2c4ed7a653

SHA256
d71294eb6b617c9f294ff0150ffe5f8f877cb4a15d34c8042677b7be173d2ab8

SHA512
0f8569fa4c51431abc8d0bc5448c2ce6111a2ae6ea06828b1c7d6c40dc91e3ff45064887437ddbc806a166fd26ed79ff7743f3f282948fd34ef08fbdda22d89e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\AlternateServices.bin

Filesize
12KB

MD5
4630241f85c098f9df497724461fbd37

SHA1
8060217175b180dedcbed8549325e032c4bbfa40

SHA256
80c7560a608a438735a679b311391ffd7792ab7d421e182c6fb21f4ca6c8e85a

SHA512
0b83084f16ef660c5c1856dbbb562c2e66ec6a6edfd5747fa7bfb433431b30f0f9c79a25389beca13a547655cff3f3430200c919cacc5a78aeefed9f8bab3611

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\AlternateServices.bin

Filesize
6KB

MD5
d1e293dbca3b08ad32b81343e89d7063

SHA1
48bf32b8381773a1284bf2b8209de9ddd4323481

SHA256
66958f219c0f363573145f81c17f7012d021068f68a756aecd0dba8ddacd6e8f

SHA512
2d48b77805a3e4ebbdeb185e532e433fb9622560a6f7a60694b88d1df22a47b2ff9a9ea9830d8fae524f752df7bdc72decb402d9357398a1dca9fa4040766cec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\AlternateServices.bin

Filesize
8KB

MD5
7d393e453a1b5941dd981d6075788b5c

SHA1
175fb840479aed8439ba61b7a2681117eba78ae0

SHA256
9c886be6d8bb4fa0f30383aa23e17de08c2d9fea078c585ff4dbf35de9309117

SHA512
0d010038392cac91269c6225df957b5fe65ac53720d29b394ea4b35052d579dffc10db395bc7149d76e7aee19b4177dd3dcea10fe5cbe76ee32180b802526756

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\SiteSecurityServiceState.bin

Filesize
1KB

MD5
57be84179d5745118e93cfcb831deba4

SHA1
031c69ad76435cb6a5360c9cc8b7a397053dc658

SHA256
65d06f0ed8f721b1a8054d6072c63e60893200d198dde5147dffdcbf647eb17e

SHA512
6d4f3a9f178c4c86baafc119b713510b272e032d7387c17d1ff8ad7b0fa3960e63c1f70bd2075d318bf79e716c73f3f9275d4bdef130bf17585a8119e6f650ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\SiteSecurityServiceState.bin

Filesize
858B

MD5
bdb47adf1956251d37625265ceead8ba

SHA1
60632a2545cae770669ef238d76a57021c549ccc

SHA256
bd0cfc92d38e5b5a3562f79cc97ed01f39109e1708f3029352ca3bc5de15c40f

SHA512
19705e5848cd95769f9b5c8864534805f96edeeee0559bd7d7ad4f83a7392b082f62c37fdf6e1ef0d02931b7716127d1cf9afe17fb2b94a010d872bc8add85da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\cert9.db

Filesize
224KB

MD5
802e7e19f53f3f844ff5a09a3c3e390a

SHA1
a17f8e865089918970f266c6a5be0e073b71dc39

SHA256
760a110f347e84a6bd28a570021796fd80f4e27d79805deff357adfcd1c6ab1a

SHA512
9a9cc62d548d0439d0c8b51b12cdcafd3d4550d84d150b7e492886b3e477176ebd0f7c0779569b5d84816bc9dcc2a85a41651b69b5e3509b2d6ae852e20de461

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\content-prefs.sqlite

Filesize
256KB

MD5
b41ed219e2c8dac47f2701562d092621

SHA1
90d507eae3ec943a121dbe5a080412e40470b54f

SHA256
cfed019635a1e14f74ae78f2c03fb96b40ac3da37b67489bd98c144afc200f1f

SHA512
5c6027ec701055efb3b6c055727af5ed261e8f1d5ba954e64e8a34e5c791679b1e4a6ef49896ab8089ec151fd758ba41efc7333611af42b851606a0544a9b947

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\cookies.sqlite

Filesize
512KB

MD5
f77a7277e95daf25f9d2a35ae504e594

SHA1
18b54c3f3e1c938f3a1da812fb4c5eac7bdd5a74

SHA256
8e0f46019c7771eca5678768809820e21f7d9bedd816f848647bb1c13051a911

SHA512
82bea101e9e9b2ef249dcbabe8431249a007eba0388db896d1274791a9f7872c563ecb26442a04bf6ccf3ba97ec6a346d50a3d63ee6a0feeaf628ad08a66b37b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\crashes\store.json.mozlz4

Filesize
66B

MD5
a6338865eb252d0ef8fcf11fa9af3f0d

SHA1
cecdd4c4dcae10c2ffc8eb938121b6231de48cd3

SHA256
078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965

SHA512
d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\datareporting\glean\db\data.safe.bin

Filesize
19KB

MD5
7e74dbe304842b39f5958a893b3af47f

SHA1
f6cf96e60ed451f415bb7a8c1747d9a212f3e4bf

SHA256
a27759a9f83606e6798edce4ca4a5d80439837c8be89fac23304b96591ae9530

SHA512
5b0aeeb05af73f036b2634624ee24fb3e25ff67531a5672aea142766c1ad3afb1ee06c2e7500130cf1fe830abf6a56b162bb15a21cbf5e13d0f85aed0373b4df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
18KB

MD5
1088617e9d6554b8856c1bb226aab1bc

SHA1
57f4caedbaabe549c6a3f321efb120fc879f670a

SHA256
0d1e98f55746299e9d7fd8c8a9bd55cdec0def09296a81dbea51b961501bc324

SHA512
736bcaf5d293717d15afe87737a93f71300de5b54e5fadced587f08881e0ef17fed22e6b55afe1e9d76a8401823263f516ca8f1defe43940ca7230d8ffb1d118

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
37KB

MD5
518f80df3f67b0af15897891448f836c

SHA1
8a0d41c1899625610fc98287243e90770da0354d

SHA256
445ed3c8697eb2ac0dde347eeaae154bba9f2230416ccf0173c8cf5d07c5a4fb

SHA512
b7a9cd2544af1be4e2895d1bb0ab393b4c1025a996b5fccb0b5f8be9b1f5c727aa6699c5dbb63c3b0d093b0b8c47177ba21721b54ac5e7f451f36042fa2a468d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
40KB

MD5
dbb006e479272b8e3f023034bb320012

SHA1
4337943502436dddb667adfcfd1b286881dcd45f

SHA256
6efe587d689c24458e96cd3c2a97928aae0f6c8f704987c99ede0fc4e1622b62

SHA512
74fce78b4ec40c9d468d62be50a12121948cf6d9b45d62907387a016b80ee2f324d5ab2495ee0d3bd8077f411a7419a2036c702282d0ae7d777a451debc35401

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
45ab5c1b170cb1bc480bce2dacd9e635

SHA1
332361b2ff2b0ef67f7804349bf5abbb5af446b4

SHA256
ca50a277bb3157fc46492dfe04b03a083ce7727fa38ecda50f0cf24a202059cb

SHA512
a1c19fefa644748da54821b7e3bf6251c346b4ad737b1c856d3b961e4c47d463b8685528524dd56d4ea66c7a0e1cc1c248e89d26c20f8d41c8e0e1e47db02f39

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
53KB

MD5
e2264f53be9ab44e15c1a97cdc513349

SHA1
a3bf9e894ac26a5f0540d8f900ccdc3a4388b525

SHA256
84c38200fe3662f3d1871c25faa13a4872caa11a9571b1bf9e98b93a3ea0e5d3

SHA512
7b3bfc47435a0684396d0e6b490ffbb0306191b7b34b1ddbb91cafcf5eafedb582795cacfdd7e6fd1cb1c0eabd793dedbf1f3c82c5d4a80a9307daae4e785aa3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
52KB

MD5
fa5564264b8f559673309bc2f91f8ea4

SHA1
e20e19982c9ca8d04b7e630061d8a7d178c85065

SHA256
ee6e5bd2f498cabaaf5b5ed420e130ea2024b6ab9b83552de7573bffe1915d9c

SHA512
8e4f590d388bd4c5ac41308bf40db126a540a0ebc7aa88b383497d27c3cf6404ea0b92ec9741686d2d15829d73da8962898cb03e24790bb97d4ca18f99f8c767

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
7f7dbf44b9b362e0e87db854a78de2d4

SHA1
e42a410f8d9366e78af351ad99b9d0d7b5059cf4

SHA256
3cfaefa35f31558a2ffc45d65e946fcd4c155cdc8072da341cefa21feec0e0a8

SHA512
500c95dd8d923e7d623ecccba6cf76c198b9153010fbd285e3931137f2a58e00495419bd118f1a01c615dc15f682cdd2f14e90b0d55eea323914cef5dcd234fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
78cef52faa5085e8fe77de3da3952648

SHA1
8401f1641e1527d842ebb2a02f0bdc601a79f481

SHA256
d1ef6d648e80b57c7759a8035e4d26d41f49b4e5a2b4443a07612f26a6460ecd

SHA512
af00b8dc615ec1ee3c01d26ebd461f4b0e595db6fc244b1592c97dae52750cbb473d19fa4f2224bf890e47e502693518d100a1068fedf5f6295cb259980b74aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
3d329129b7449310b157b36cc1c3e16d

SHA1
3e0da440c0eead7b368408b845d2e208bbb8d670

SHA256
9cb117370f4483a39e380534711c45bd019f5d6f3e3b20fcf14f0229cc57fc8c

SHA512
404ce9a8bb6826e17aab1fc30df6d88e20bf06b5876bad583c5050f1faa6f3777e456254f403a90638d41967f1018f4f37849c1eca693988a87ef54b892c33d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
19KB

MD5
07528e83f730f1ac57926cdfd9f187b0

SHA1
e6fb9054b9e333bfada911bc968befb757a9a209

SHA256
1e4d5fe1fa9338a45b442533785dfbfddb4aa58548ff2881915958996165ad35

SHA512
6e08a555782dbb236ae14a16b280756919164a0dab27caa50a8d309f4c22f8bced609cdbe589e841cd6d94975828d499a0781a50445e502c7cb0c9f394569a60

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\datareporting\glean\events\events

Filesize
512B

MD5
f0ae61107495e3ddfdbe4a624b555438

SHA1
e95b630cfbc5142039237a4b9d4d8fc6fab54f48

SHA256
114bd514db008388bd4d51da4dd65fac34de92f796c9d9ee22f25996d93d1527

SHA512
431603b0c4745f3252eb87c287eca932cb9d5e766ba793414ddd85f854b99ca9407ccffadfae9c4daa5f0228cee6621c60c01c2e77c737f72b61ff4c6e1433d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\datareporting\glean\pending_pings\1078d318-dec6-44b2-b131-2b97903647e1

Filesize
797B

MD5
c62a3df838878a5a1d300373589edd25

SHA1
ebb15cbe987231db54c09bc55094cb5cf60f66aa

SHA256
8eaefbe547d50ba988873f91d8c19d2d69c0949d801881346ccf218014a66ed8

SHA512
5dd6897e0ae6f71d06b4f28c3b8987e2b30f8f5e201c951b04b9b90469b28d4032d7768e259373602fa67d4dd10b1e05f93af5436a5e464a5a1fe113f5a9b67d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\datareporting\glean\pending_pings\5ca2fd45-4231-46a1-a6d2-31b1e6b83b17

Filesize
676B

MD5
7646ec8a97a975c291dee1ceed8e9b5f

SHA1
b167f40d1f3323edc02eca1154b6ba5d677e92e0

SHA256
b51da415d1fcde270c5baf4746c21f51f3c8a17b51f152848939e10c7f510187

SHA512
32b27608b865dea44bfcc2e05cbe3f838fa9143abd52cee0754163404a9b072bb67ecfe21d8f0f70ca6bada4ca22eadbae78a7beb3a9b7ced0b5a2f218ecc7f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\datareporting\glean\pending_pings\61fea674-7c46-42d4-b840-7f198dfa0b59

Filesize
734B

MD5
0b4e58c288f42d91ce8ced872386bb75

SHA1
2dcdb08714ca086d0ca773acdba1753763b48c41

SHA256
611a07747a25cefff9eaa51f8737bb80866348c92bb2927007fc214d39b1d83d

SHA512
3c0a8ab1bf0563c3634d6f176867b25f5d75464a973eeae4ec1ddb644787d1dfcec3c4b824ec8ebe9e857bb84c6228eec5ef6c27ff32b7c55348727a99aa790d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\datareporting\glean\pending_pings\66b4fb29-8909-4738-be4c-0e7de41f562e

Filesize
982B

MD5
5e5234434dc646581f8785499edacc55

SHA1
1f4936c5a908800ae1ac6fde6ebc436708a7765e

SHA256
20626cb121e72457f3b9468a3c44c30c6a9250f8b24bc315981058181e0fc60e

SHA512
d4b09c4fbcf1c263940596f0afd5d7e25ae8b07c7d865692ee21c5f355d5b719138760ae10f5564ddec160677c238e541a0ccd6274aca73e1f5c2c2422ff3c9a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\datareporting\glean\pending_pings\88d79233-dee0-460a-8083-3272290c32ee

Filesize
1KB

MD5
38e560b0b01ec42a37c4272e52701724

SHA1
e1126c4f7922585f2ca80613c862329f886a8864

SHA256
1b36d546f4f058bb1163d594804cf8277a5c13830519c0a9004c7e520aecf641

SHA512
240beee4890deab46b64e840d5d72f351e33483b0fecb2a641afabf69c57aa083158239f01ffb4fea120b0a89b2035a3742159eef564e1ea33ca089c53e22bec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\datareporting\glean\pending_pings\9e2ad0de-5add-40bf-88a9-e2dd3b0c9165

Filesize
2KB

MD5
9d926a52e9611c511f6696fbc22d3255

SHA1
e7eb5bfc4e5b70f3b9f20722d5cb59120b341784

SHA256
c9f8ba853ba915c608ba12c614a7f5a998a2921e675f58eaa348d7d3e3a18196

SHA512
419b37c94511cafa5ba816cc1f0109c8bde4954a5fdf9533e913ff355c2d73733c84921cea504655c3e25ec34496eac26a56e130a36a958b5e4f2c60a14d9845

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\datareporting\glean\pending_pings\b116837b-67ab-4138-b267-de742dd5aae7

Filesize
740B

MD5
e4b5d7b1b98487813aa7967b87b26353

SHA1
624674f815ff63b0ea5873909710fce498e1c7ff

SHA256
bd25e4d4d9754eab2761d3f5b6f96681a7868543bc3bd2398962d5cf7317a943

SHA512
81831b43297a6313ba47318de117c176d80b4e8b681879408924a4c5d5159273574c60a388cddc5bc984987bc681b48163e890bc0a73e37721ade561bf151931

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\datareporting\glean\pending_pings\c059479e-1e60-4d97-8973-77696bd47607

Filesize
671B

MD5
616befe6418446592d8f33fd710f6259

SHA1
a1af576cd307e86da6dbd51bbacafeae4731e28f

SHA256
75dad1f5454de6f3e311b8b9958fcde8a2eccfa29f7ddbe2133699b906f0d51a

SHA512
035580d2cdc77c214484b0d8db2403f8a29028c32c6d950e9b432659afa9738db59b7d3e72611548cf86427bf3995ddc9ff98aea0986dca8dccc7657279ba736

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\datareporting\glean\pending_pings\e4732be0-f0ed-4bca-86c7-7cb136991369

Filesize
25KB

MD5
edc043a0e4e6397b492630d234fb9652

SHA1
ee846d41e64ea1e5bad49ff84a100a7312a4bd35

SHA256
c05b6bf8ec7165793f60f73396e5da4c6db0484f5867ea9c58d41b28e7dbdb8b

SHA512
ea33c8ec4bc3f0a0373d24c9c298acb1429d67dd3a123989df61694b9671cd7af99dd2457ad59844e743b0474e145904ffb99306d104ac57859d06786082be12

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\extensions.json

Filesize
37KB

MD5
35e1349f8626345a3d999e3f54871ca7

SHA1
2a971866ce7a8ea9459e984aea4a95d0b6dd4e47

SHA256
0cfe94330fee3ca31ceb5ded4e8f3dc664c13f00a5187c3b369c9c1c23a18b1b

SHA512
4a9b5817e5f5d229385042114f0710cccc3be5a1113be5d4dff7e398efdf52b2755f0a2cb8574942c9e99b47f21cb1c5fde78eb4d74f8ff129cefe75f8a2f2c4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\favicons.sqlite

Filesize
5.0MB

MD5
66169f5fd598308e2edb71c7aba7b180

SHA1
6ede2dfa79f336012ec315933a0849402ab334a5

SHA256
44b3a7a112ff7da73cc697a14914f99124f04cef6d5cb4976b79481fe1568d1b

SHA512
0e0309c9c180b52b224dbea5cfe5762bb4d5c74f99aeecaed2e09f98541d5f0068f3a52b06ca7ea2c380257da9bc6c43e064421975d2b4b91148fa49b8988b22

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\permissions.sqlite

Filesize
96KB

MD5
8b711a17e82019c0aa0491626a6330a2

SHA1
e652f5ade6556ed7d2cc95675c152f3116eae09c

SHA256
465e51030eceb2ee6f216fc467f46b86f07fb844eaaabf7b3e1042e23473e3fa

SHA512
023d293b222ace7c95859de2a6e2b42b061968c1fa6f071741421fc4b11c58f06e7cf6d8d353f2bd7e558bdf2219434363e08285a69dda529be300e1eb417f69

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\places.sqlite

Filesize
5.0MB

MD5
4ca809cba023d33a20d327060326b247

SHA1
612a9a0b67b966b1ada338bef4a0751ae2901ee3

SHA256
a845a37c397e7725747b87424474b3f2f876e8dcaa648e32f544bb970aa54d33

SHA512
336bbab60347387a19c8edf6d8eb559d07862be3eb70fb51b8ce51800761a246afc4a5c09c2bbb93b5166cf9fa4f973626cfdb48b4ca8a4bd81e178b89eca8d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\places.sqlite

Filesize
5.0MB

MD5
8e601c9ff7d7a39cc6602ff1fd6fbd36

SHA1
c351377c319a82b180a8a233db53f895321754b7

SHA256
ce81c42273e9ebe3015ba0f149a09ecace530c8a8cca22094bb6491037aadfc4

SHA512
3732cad4cac8a1740b0adbf03a9b08f58d7db028231ad8a0d677741c5c533697858a226ebbb42eb9620d4f81679dd4b7333186ae67a762307743c062865b33e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\prefs-1.js

Filesize
11KB

MD5
cc2afc928bc872327148bbbe89035149

SHA1
071fbd063bdc79838dad4d23529a6b98930de08b

SHA256
5f3c6e8aff3bd72006fec18f04dc59c7f99ef3762b3691abf8f9bedfc999bfdb

SHA512
0b8596d6026919504613efa7be22d0ba8c81553e3311cf804a4b917ee7d217be09c0cc4cbfc6496846bddc481f45ce061c2262594cba954766ecf43574bdd2a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\prefs-1.js

Filesize
10KB

MD5
c4211bb08b32c2d198003b5caac7b106

SHA1
fe6081fef8276bd36fc9f0af044d4b3336fba834

SHA256
4d470cd8a9c640210069ca62061ed14e5b811aba755a28076cf7c339f1b05429

SHA512
1de6b29fa07b4dd65ecb67c4e582813b2e3cb30372afb6ab59e0f67fc5671ca06f81d671ee7f51ce3763a2fd0d8b856f8ac43d6b60a5d14e2b6b20a5c5c0c2b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\prefs.js

Filesize
12KB

MD5
ab4b7266e91fe25b4ebf85475a34f1a4

SHA1
c21749039c941e352e20fae37de82eb4af5ee50c

SHA256
8673546807512b7b1c1e47ee37fa5b92e58d12da8a60b29b4e7625afdef98132

SHA512
695f37b3f677f90a49792ee736d1da000718890809eaede0243792dac90f4412c34218c3250510b915535f4f92f75b0b594ba00b1605ae35a2de999a9cf4f830

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\prefs.js

Filesize
10KB

MD5
06c5cce4a28266f61fecdd9ba19f7a93

SHA1
bcf8073479fcc7846de4fce0d4dd58b9d508153e

SHA256
d306a948ca96340ad7af20f311a652c5a9b4cbd167b455ed52ac8e8f45cce6db

SHA512
acf6050ed45fe9e79faa542a70a65570342952eeb5c4426923ca91f0c283680cca7b85957541cbaf1fb38576c09e1d12bef7f83b6e0cdbfd80af7c10c34cfbaa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\prefs.js

Filesize
12KB

MD5
ccd7293ac8c6d5433b52e3170d1a1676

SHA1
b70a630d0038aa7ab0c2b2adf25894bfb7916690

SHA256
baa2750082cd2ff57ef8c4b079a7a806c308443a153249ebe904f675014854bd

SHA512
b5bdfd5a926aa065db79b14fd4d6dde72d1c1c1dcf44f323af0680ada231462171cf84da7123c5fa2bb550baf3bf94a9fc84df516223ca56a7833708cbcf1613

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\prefs.js

Filesize
10KB

MD5
95e847625db8bf9fb93325a629f11a6c

SHA1
f6913f6074a4c0429dde1d80c111d97e9e98489e

SHA256
6d02bde14ce42470c17aac2a4134007a29d3ac9afdfa2c0bfbdf01025b4431d7

SHA512
34d009597db306dc6438d698bec93fe41736a37a6fc907ff37af98b1cc5bf28edc162f9f8697021285103dc921ccbcefc320bd42eb75aa2ba3da94176ca294c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\protections.sqlite

Filesize
64KB

MD5
76786a4c0dd19d88d6d3ed95a293bf2f

SHA1
b0d6d676127a7694fc6e71ee57fcc2ffaa621ff7

SHA256
1a2564c1ba20b8038d35c2319258d94dc15d97914dcf753b31c48b79940dfd31

SHA512
8cd3298e2ebba763d3c80ac4b17e44af7eb63b46304967d0c6316d314baf8611c05f7b9979c2c5c329ac167aea0246e8c9f057ffbb272481c13fd5e4b4bcb2d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\sessionCheckpoints.json

Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\sessionCheckpoints.json

Filesize
228B

MD5
a0821bc1a142e3b5bca852e1090c9f2c

SHA1
e51beb8731e990129d965ddb60530d198c73825f

SHA256
db037b650f36ff45da5df59bc07b0c5948f9e9b7b148ead4454ab84cb04fd0e2

SHA512
997528e2ecd24a7e697d95cd1a2a7de46a3d80b37fd67fac4fb0da0db756b60a24648b7074255dc38f7651302f70894a53c3d789f3d7cd9f80fb91bd0cade4be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\sessionCheckpoints.json

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
700fe59d2eb10b8cd28525fcc46bc0cc

SHA1
339badf0e1eba5332bff317d7cf8a41d5860390d

SHA256
4f5d849bdf4a5eeeb5da8836589e064e31c8e94129d4e55b1c69a6f98fb9f9ea

SHA512
3fa1b3fd4277d5900140e013b1035cb4c72065afcc6b6a8595b43101cfe7d09e75554a877e4a01bb80b0d7a58cdcfe553c4a9ef308c5695c5e77cb0ea99bada4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
b7844654d274bc82376047aaaf66605f

SHA1
adc60ec2b01b42eb954ca168939f3eb7d9078d90

SHA256
4f7cd3ffc71548a363bbe642e1a9ba88ff1a3c40c8e2fc30bc011a519c931fc2

SHA512
c2bfed3e60372db5dad637af72490acbe17be3aca2b3814789ba892d6ed1f19efc55257219818f248172a00fdc1792bc8a5d79ed67b5265c42ffe3311ef14443

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
8368411246dc2a58092ae7f6ba00304c

SHA1
27227f65ea852fd517a4ad19c75ae7e9ceab0740

SHA256
983ee2dbd214f0942419add95130a20be7f346d8fac6375e7c29089989c5485f

SHA512
f619ad1dcbf704692b2da5c91d6b4799c9eebbfa6d1f5e002d0529536d24e435adb94756bcf69948ed7517ee62fefcf30f6bfe6ba62be5969a4ceac2d0708425

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
11b49a340e38daec914c19bd282e819b

SHA1
4c4f5a90643dda6b000098f8e79d391fdc4b13b5

SHA256
642e4c4b473f6370be1f1f3facdeb5144513aa1d2b7902eb41d20464208c2a35

SHA512
bbb34e6bfb318d8ed720cb648331af1b3c2079fddd295efb3ec12666280a22ac0eb7a09ba2db366f616e1560e50e5b3986d6465903ba7e36dc3e14aa28886093

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
0b93e1d94d9b7e1f7ff11e1a00478929

SHA1
87bd107722cb5977db86000dc688cd22320f194a

SHA256
d613c7d0b91230a3f562783c5971703338d46766ee703907bf7f9bd03481ddd5

SHA512
0e2ec2a2443fcb80fa7053ff72a0eb9b93b5ea90f54544ce4ecf70f16a38727cfaf826b2d1e7af1278d1a68c9b9914c50a0b31aa41f1fb33476d9e6daa7880ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
8d5e82dea7060fe606ceb89bf3c2f05c

SHA1
2934d79e2f15197118eb7dfaa5278b28c5ee3cd4

SHA256
b58b492c2b002b0cc0806cd7c46a3bd083b39ddc483d687e2651d0f121452eda

SHA512
6c630d5378b0f95a0ff6460efec2574c173ac67fbeced9fe110afacd0b1b8032cf1db322acb5afd199802ce1379b8c3d52436ecf11aaeda60bfeafc3e0fc9654

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\sessionstore.jsonlz4

Filesize
1KB

MD5
b26d205dc7e090f3a27ff2f00dd6e0bc

SHA1
d4df7f46dd4ebf3d63682c2e658508e649f2f7d9

SHA256
1356a5281e23d7dc788785b7e0a025f32ffd7e45646e6dc31173ea58ef841b57

SHA512
dc7d3c1f7f4ad08413d5d93ec980360c90aee8c4710ce0c866da456d4960190095e3a17e6abe289fd547f87826a3a4068bf3725c503afbf1abb57e696b93f8ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\sessionstore.jsonlz4

Filesize
5KB

MD5
3bb7db62a8585baedc0c4676047583ed

SHA1
603ecef694121efdb792e17118bf953606d4a2c5

SHA256
ae50151a4a70e3e7337cd578742d5896e68e8d486d077fef2f811c486537ab18

SHA512
523e0d70bd70f33323d776a21af3d31b3feffadcd746015a544f66836de2c5c68b4dfc0a67e3001a65b5cd4f4b99868a48425b8ab5514a17740255d90073fb43

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\storage.sqlite

Filesize
4KB

MD5
472ad66812c346f9b263c1dac893b72c

SHA1
c84cb12d6201310f8dc4aa6ba314969c72bf91f2

SHA256
14b7328d4769fce01bb192a79f610a4e9d534260d71762451f2bc073d19d3085

SHA512
c1741077efb76051477e6a9187b3446567f39f99a2df860e99ca589aef0142aeb077cdf2beb464348e3d733109a6cd861e519130fcd6a068b78e2ed95a01a2c1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\storage.sqlite

Filesize
4KB

MD5
23605e20ec7b9c605b210ac3996e7a62

SHA1
e01d89d33f05c4e7ef9eb63d1487b297b420ac86

SHA256
1387ad3f14749464f83e64bff542db5bdb73d1ec9a6556bbf3041d943a7e3003

SHA512
63f6a0102efd24da5fd50b0fc6ff00da33baf2cf3cd2fb1596e6293aaf551ec41b2ddda9b868f606c3c7269132e282d06d3c815b75d71ed9c2e46354ce588450

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
339bb75887eabf7c947d355ae69e0f2d

SHA1
e25cff8dd2de89805811c9ffbc27590a54dfa71d

SHA256
637169efee96b7acede49134bc2430843b0a0dbcf025cb7988e9dc1cd7138d0e

SHA512
dab780df3b85b80b53eb95b770b973890d6e94ef7cd23cff188fd9382452c1362fed9796842a586b3d9fb60dc82b62d7dbc560d901c7a7428b7ef03972a31ba5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
b4f7da65e24dd33c278844edeaec9095

SHA1
288901a33a41dff766e211b1af12e66bbe39e6db

SHA256
715bfad7e6b4eb64154ae68411a46b38a85e1fb1a350ff8b1042460c1cb9437f

SHA512
7a995a63a6ee3b063672e1611245436f72a28ca54cc11e194100f971c13836a68d5e93b950551bf188d9fa37ffddc36a6771b894c4368361c950c71cc66d3d87

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
584KB

MD5
fccdf71d85d5f6e64a8bacf1292e71fc

SHA1
0c0f94ecafb0ae5372a9856923f0d6e1dc295f79

SHA256
fa96616d1d4a565dd483145e631c60006de6f2bfc5725ccedf9884fbda9acfdc

SHA512
9a0cce5a93f4d4afb941523dccd1be621b1355fa18b1e64aeab46459943a5d7347979383417372b11155403b66a6a1a7cb62c0cf4984844bc4ef487311b54841

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
376KB

MD5
f78745ffea208c8e189501fa02c05f93

SHA1
844ecb2a4e3a2d7eaa1b390a4b620f4d804ef26d

SHA256
aecd3707cd284b78c3721cde25e785288e35bf9a1d0802cef23f42af88944014

SHA512
308d6452f2afcb9834fcc91584a19a0a5c19e8a2a000ee6ecb445d5d37ce48abcfa8c213dbbf1e4769c690887e181c94977f2afffac9706198ab084d30de2931

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\xulstore.json

Filesize
120B

MD5
8d689c06cb844185099c0398a280537e

SHA1
57073c7526ec37e94bb9db44fedc6d50276f7a6b

SHA256
96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d

SHA512
3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\xulstore.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/3956-41-0x0000000000400000-0x00000000004A2000-memory.dmp

Filesize
648KB

Download