hxxps://adultdating123new[.]blogspot[.]com/

max time kernel
147s
max time network
148s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
17/08/2024, 06:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://adultdating123new.blogspot.com/

Score

9^/10

credential_access discovery motw phishing stealer

Malware Config

Signatures

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
355	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1512	firefox.exe
Token: SeDebugPrivilege	1512	firefox.exe
Token: SeDebugPrivilege	1512	firefox.exe
Token: SeDebugPrivilege	1512	firefox.exe
Token: SeDebugPrivilege	1512	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe
1512	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3712 wrote to memory of 1512	3712	firefox.exe	80
PID 3712 wrote to memory of 1512	3712	firefox.exe	80
PID 3712 wrote to memory of 1512	3712	firefox.exe	80
PID 3712 wrote to memory of 1512	3712	firefox.exe	80
PID 3712 wrote to memory of 1512	3712	firefox.exe	80
PID 3712 wrote to memory of 1512	3712	firefox.exe	80
PID 3712 wrote to memory of 1512	3712	firefox.exe	80
PID 3712 wrote to memory of 1512	3712	firefox.exe	80
PID 3712 wrote to memory of 1512	3712	firefox.exe	80
PID 3712 wrote to memory of 1512	3712	firefox.exe	80
PID 3712 wrote to memory of 1512	3712	firefox.exe	80
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 1312	1512	firefox.exe	81
PID 1512 wrote to memory of 4744	1512	firefox.exe	83
PID 1512 wrote to memory of 4744	1512	firefox.exe	83
PID 1512 wrote to memory of 4744	1512	firefox.exe	83
PID 1512 wrote to memory of 4744	1512	firefox.exe	83
PID 1512 wrote to memory of 4744	1512	firefox.exe	83
PID 1512 wrote to memory of 4744	1512	firefox.exe	83
PID 1512 wrote to memory of 4744	1512	firefox.exe	83
PID 1512 wrote to memory of 4744	1512	firefox.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://adultdating123new.blogspot.com/"
1⤵
- Suspicious use of WriteProcessMemory
PID:3712
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://adultdating123new.blogspot.com/
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1512
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2008 -parentBuildID 20240401114208 -prefsHandle 1908 -prefMapHandle 1900 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {15b62604-9165-41d9-bb1e-c3bb00607f53} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" gpu
    3⤵
    PID:1312
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2400 -parentBuildID 20240401114208 -prefsHandle 2384 -prefMapHandle 2380 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {086e9294-9362-44c2-bc02-92ba63a19059} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" socket
    3⤵
    PID:4744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3156 -childID 1 -isForBrowser -prefsHandle 3192 -prefMapHandle 2656 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2ddcb84-a7a1-4d34-9078-8858e0e0fe09} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
    3⤵
    PID:4712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3632 -childID 2 -isForBrowser -prefsHandle 3652 -prefMapHandle 3648 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3dfa708-29af-4a99-a2dd-ca2ab9ecec45} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
    3⤵
    PID:1920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4768 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4792 -prefMapHandle 4760 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1355eb99-dd06-4189-8d7d-40b00e03c93d} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" utility
    3⤵
    - Checks processor information in registry
    PID:2732
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5252 -childID 3 -isForBrowser -prefsHandle 5248 -prefMapHandle 4704 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7d3b169-1368-4c76-8a8a-b455ca065d4e} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
    3⤵
    PID:1904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5392 -childID 4 -isForBrowser -prefsHandle 5400 -prefMapHandle 5404 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf9595de-379f-4b67-a866-d8ad57b53087} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
    3⤵
    PID:3320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5596 -childID 5 -isForBrowser -prefsHandle 5604 -prefMapHandle 5612 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b44b498a-8153-47b3-843a-761d6e3aae27} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
    3⤵
    PID:4284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3128 -childID 6 -isForBrowser -prefsHandle 5280 -prefMapHandle 5416 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6bb1bc2-271c-4697-8ca9-c4a9557ede46} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
    3⤵
    PID:3488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5340 -childID 7 -isForBrowser -prefsHandle 3164 -prefMapHandle 3036 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bebcde14-790b-4d88-a4db-124a983bf414} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
    3⤵
    PID:4176
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3548 -childID 8 -isForBrowser -prefsHandle 5396 -prefMapHandle 5476 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {53f6744b-1c0c-40ba-8c54-79692beb0821} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
    3⤵
    PID:2312
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5300 -childID 9 -isForBrowser -prefsHandle 2996 -prefMapHandle 3552 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9aa78bcd-6ed5-43be-ab6f-6bf71a18b5e0} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
    3⤵
    PID:2536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5740 -childID 10 -isForBrowser -prefsHandle 6420 -prefMapHandle 6416 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9fabce7-e41e-45ef-9770-8d06b828bd87} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
    3⤵
    PID:3724
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3972 -childID 11 -isForBrowser -prefsHandle 6340 -prefMapHandle 3956 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {002c8f19-6728-4c21-9c1c-cb2b95abbca4} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
    3⤵
    PID:4688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6932 -childID 12 -isForBrowser -prefsHandle 6924 -prefMapHandle 6920 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {abc27f67-f466-4683-a97a-fb4bc789596d} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
    3⤵
    PID:924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5356 -childID 13 -isForBrowser -prefsHandle 6152 -prefMapHandle 3668 -prefsLen 30580 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0d9f8d2-5cbf-4b3c-8c55-9228bd492db0} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
    3⤵
    PID:5820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6960 -childID 14 -isForBrowser -prefsHandle 5752 -prefMapHandle 6568 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d23cc6e0-33a6-4d83-97dc-14a41a5bfd06} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
    3⤵
    PID:2144
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5744 -childID 15 -isForBrowser -prefsHandle 6540 -prefMapHandle 6220 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e03391ec-99ab-46ec-b448-29e5b7f19bbb} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
    3⤵
    PID:1428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5744 -childID 16 -isForBrowser -prefsHandle 6452 -prefMapHandle 6480 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a64802f-724d-4c6c-9696-cc242effa517} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
    3⤵
    PID:3232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7300 -childID 17 -isForBrowser -prefsHandle 7308 -prefMapHandle 7312 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c3950d0-670f-4ca4-83c9-906dd56b2fbd} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
    3⤵
    PID:4112
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6604 -childID 18 -isForBrowser -prefsHandle 6804 -prefMapHandle 6956 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {84b2700c-790c-42fa-aa66-ac54b81da249} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
    3⤵
    PID:3820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7872 -childID 19 -isForBrowser -prefsHandle 7876 -prefMapHandle 6424 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b7f9365-3ccb-4c96-97ec-bb727a48e73e} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
    3⤵
    PID:4448
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7856 -childID 20 -isForBrowser -prefsHandle 8060 -prefMapHandle 7284 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {399fa191-3cb0-4327-8900-0a470d51c191} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
    3⤵
    PID:6128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8180 -childID 21 -isForBrowser -prefsHandle 8188 -prefMapHandle 8044 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e36d715-76f4-409a-bc53-51efe1bbc2c6} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
    3⤵
    PID:1356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8464 -childID 22 -isForBrowser -prefsHandle 8380 -prefMapHandle 8384 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea274f54-2874-48c6-96ac-6f2102a6454d} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
    3⤵
    PID:5148
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8220 -childID 23 -isForBrowser -prefsHandle 8624 -prefMapHandle 7292 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f33a064-841d-4a86-9b19-ef56520676b8} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
    3⤵
    PID:5616
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8700 -childID 24 -isForBrowser -prefsHandle 8708 -prefMapHandle 8736 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1320b63f-812d-4e86-8ec4-0484095c4d63} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
    3⤵
    PID:5264
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8840 -childID 25 -isForBrowser -prefsHandle 8744 -prefMapHandle 8844 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {31da1704-05dc-497e-9295-f2575dfd5607} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
    3⤵
    PID:4016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9104 -childID 26 -isForBrowser -prefsHandle 8884 -prefMapHandle 8888 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {583662c7-73c5-40a8-bf0f-3502fa7bb5b9} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
    3⤵
    PID:4996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9372 -childID 27 -isForBrowser -prefsHandle 9368 -prefMapHandle 9364 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2deaad2e-47f6-4d02-acd7-0a9de6634ae1} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
    3⤵
    PID:5920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9612 -childID 28 -isForBrowser -prefsHandle 9528 -prefMapHandle 9536 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {daa2eda7-ae72-4b14-82da-6b1a4246baa8} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
    3⤵
    PID:5272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9988 -childID 29 -isForBrowser -prefsHandle 10000 -prefMapHandle 9996 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5c3b9a6-a764-4f4e-a8a5-e2c8dad8b7fb} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
    3⤵
    PID:6456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10272 -childID 30 -isForBrowser -prefsHandle 10288 -prefMapHandle 10260 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8094a17d-6e78-48fb-b759-7010abf2df3a} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
    3⤵
    PID:6592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10412 -childID 31 -isForBrowser -prefsHandle 10420 -prefMapHandle 10424 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89f4f61f-dbe2-468c-9093-f7fc6e0a64cf} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
    3⤵
    PID:6608
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10616 -childID 32 -isForBrowser -prefsHandle 10772 -prefMapHandle 10768 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65d756f4-d4fc-4abc-91ae-8651f6d2477f} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
    3⤵
    PID:6680
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10484 -childID 33 -isForBrowser -prefsHandle 10204 -prefMapHandle 10200 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95869257-5314-4a00-80f2-1b483f9e6732} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
    3⤵
    PID:6528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10476 -childID 34 -isForBrowser -prefsHandle 10212 -prefMapHandle 5292 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aad33e15-e99b-41c0-a5db-d85270a608e7} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
    3⤵
    PID:6536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10468 -childID 35 -isForBrowser -prefsHandle 10228 -prefMapHandle 10220 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f522db93-68a0-4706-b573-e69347222940} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
    3⤵
    PID:6584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10124 -childID 36 -isForBrowser -prefsHandle 7540 -prefMapHandle 444 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c32f7276-1a90-41ba-a4b8-2dd34a5f4964} 1512 "\\.\pipe\gecko-crash-server-pipe.1512" tab
    3⤵
    PID:7912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\activity-stream.discovery_stream.json

Filesize
31KB

MD5
f0ed752062ad2e53392b8dbff511a8dd

SHA1
9114ef857d4e71e4e9005e942afeb9486b49da1e

SHA256
3f3cbab5b3bb8d11c23b5f1fbaa8ce2391c901f48a4bf54df3ba5eaf330a6848

SHA512
6bea8dbf659e850835b2b99569c3f13ee81d70920a1a68485c57590c5af5b33727dcc0edf2dd2a18d042b26010c1ef951fab1bb1ee5b77908c14c7d626f3699b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\cache2\entries\08BDA7F7C1FC83F153782CFED5F2748A534F9B8E

Filesize
12KB

MD5
22ea1eed5358e6a6931f317ebc16de00

SHA1
c15cf25734f17f588a48d1cac7b94c20cbcb573a

SHA256
fbe0384e1c500076464fb200e09a262b9d189ceb814b51031f5dfd8811bd6bf2

SHA512
425eba0951739fd42deaa4273ad0cd449502eb2f13f96b4ca224a6bb151150c532895145fa7809f1bbaa53f950a2f1049749a46e81c2147a0371fae88f1ac61c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\cache2\entries\36568FF4AAEC52E5FBA97C17EE969E667A8159EB

Filesize
15KB

MD5
43efe26da8c93e04a8c5d10b72eec58a

SHA1
8bd281fcd6231ca767fae9cd3dfee66cb40f272a

SHA256
855eab33750ea8dd1744af30e2dba0dcf0482a2fb2c251ce29cdeb73a6e4f39b

SHA512
b105b6fdb79ca589104a5aec87b5d8872faa3198b5f90230fc32a49604b107394b35e35e06361712b3bf9e13703239e7770528f5f39407ebf04e6d739b187a6a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\cache2\entries\3A37EED3D1E6B3845C02BF0570CEDAEFF93A93F5

Filesize
72KB

MD5
219c95dd2f30253416c65ad5c1aaa2ab

SHA1
dca38befd5cb48082323463953e3c81b6eeec382

SHA256
a9b51e425e5ba18d3fdc36d7500c88204b0d65c967e63776adc0a6673e764bec

SHA512
62dfb02fc2b70fd3beca8a0d2ca896706ba22e36003a86e5f01a86b9bc6e6cf657629a745b3a012df8d579577b7a72eadf5d6f988e437319464b2a71e8657789

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\cache2\entries\58329DBA118B4A1DFF6AF2AB1D042B423CD82317

Filesize
121KB

MD5
92a5f0a97f8796d3a65bb8e0d460fcb5

SHA1
db080ca2658abe5b8c562486a88e17af797e079a

SHA256
76a64ad3b5e6f64de5521abbaaf94d6b0388190b6f7e52e8fb3c88d8421c25f1

SHA512
7f51bbd4024ce0cd51e1d13640958fd97c96a702eab59ebc18fc7dbb5f930e870909fa7052c34d3c9110f0c7b8598edd66608c900626ae31e1067d1a78303317

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\cache2\entries\B4495FDA7637F00B943CB5557760EA74C1329AF5

Filesize
18KB

MD5
074ac68e6020f0d86873b6e88a67bb62

SHA1
94aecc6d8cd4e28317219133a8f50b933c06dcbf

SHA256
54cd23e2d6aa49c7c20cae6fad82f2eecffe15548371a3e5c4579c6ec39730a8

SHA512
13274b1388c1cfb075cc8ee01340f594bb4fb0084a754543c6b586b816db104e33a5c39d71be330312fd0f624320e607b4c484800fe99e039ab84a68f57c3208

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\AlternateServices.bin

Filesize
10KB

MD5
d6feb338acb840bf28ac9d91bdbf5f54

SHA1
9be9b293bbbe0f55fb2c2bebeba5ab96dd527c7f

SHA256
068bef6e70029afed1810d303d35aff5833b0cb8a4a57f2c266d049a7ce90c25

SHA512
d0089f2d41994aa5512f70dac153492fc36744c86b633636e836a88c455a974e11c31405df72d9613ea2eba864e80a94a2073973f4889efd2b13c41466a8f124

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\AlternateServices.bin

Filesize
25KB

MD5
1bf783f1b3fb20668520da74849b734c

SHA1
3587b254a8f6258bdb63d494c71dc0a174063a37

SHA256
460710d999333154db38f2f58452866ae7bcc26c96540c099e72663a06ec86ca

SHA512
12b0b56efd8ad7554b66b074d44754c67ed7e189df2b9d0be6b3e7a5142a32c186a7ceac7599970d769fe839d734191905d05935d3ee99866cb0105e4f510700

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
26KB

MD5
22361fc93473994d66f284014b96b8e4

SHA1
e38b5dc2cf0238e05d25db5b72032ecd167922ab

SHA256
1700a44b52c75d2d55cd606a0859389d7b9df185884ac4314b0c0f6b8eed5976

SHA512
bc2d8149d2c651e5b700ef306b1ab272c23210ffdbbfe70e8217fe7785846fd8fa4f88e2c836521168dffcb3932785a47d753ae0908cc959194fe05525898f8c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
d97b30f0589b7b59bdfc77d2064bb757

SHA1
eca0330000c0a7060051e124817d9e272b28580f

SHA256
e6e705d61fbcb34901f2a9425e125832da52f94a4e913f8829baae8446e6340c

SHA512
b7078e18d40bfb10840cb60d6f32afb39b52c59fb0c92906c8f0b3dab696b4cb9202a1cc73c989e93b12022a51876e843d05152e3f0ccb363402909abb3c458a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
5b5b0388ab271800e682aee64c6f98e6

SHA1
bf1bf71ce17f59863dc2bf03176dd437ccafea2d

SHA256
5c446da33ff1182dbd8960b7e90372cf5ec40169b854e84f7193f5c6a0d28296

SHA512
61782fd4d47256b633c0cf1c9c9797a21fb8e7a261e7e13adec7b450d1b7f881ea3059cad221cf7d6c5d76b0ba63f3c245d51c1b65e5d65c2c85193e19bd0820

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\pending_pings\4ffd536a-c520-4b65-b449-0b9ee98ce792

Filesize
671B

MD5
471430b30c75e639787c01068a638c9c

SHA1
75e33b806ba7103b76826311e6e6643edbcb79f1

SHA256
d4c0b3fbc66db7c04e26adae974755cce400e56df356c14440a722873bb32689

SHA512
3bef4fe832c7ee8a1f32b34725a43cdb134bfc754a1984e406b117b315ec7fd9f3a220d78fc10b5716110c0649b549e93fc743801cc6afcf8e3129aeea071a1f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\pending_pings\a845de53-06bc-45a5-8670-c4ec43454cc9

Filesize
24KB

MD5
30b88acb9b93093ad77ce64d3f5733f7

SHA1
5053269d61fedc623be1e59185b62a23c080c6eb

SHA256
8ca1fa170237f9d367bc73171a374c2a8ec07d9bdf0100171d09d2d2c0f0eaa5

SHA512
497a58bde52c8bd2aed9b00746babebb6575721a3fd9cd7ddb90cde94e2baf6a8b53ee2a954f6450c67c764408f102544a962f0f50328865f02e408554282b3d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\pending_pings\b4637152-ea4f-480f-a471-6b6ed597e1da

Filesize
982B

MD5
9bb8e68b218de098b32d52af4b6870e1

SHA1
9b7c2c8369ffd407dc59cf14f95302c7ab60956b

SHA256
6c5425e7aaca4ad6cd8c7e17a56f1c1ad18c3571ebf88cd7261c916a602a9a07

SHA512
3e178f93c62602d09a805170a4ff22cf920c98b46bdae814b1d92358f6e7d085132025f72d56b342c11e158a72ac201b8b05cf1780ce7ef0828bb49473330a38

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\key4.db

Filesize
288KB

MD5
b5e70c178d9bc3e6c159cab4eb3870d8

SHA1
497512464ddf6ea7b501ab6ff732b7ffe9a8287e

SHA256
632fb4571a0630acc05a0f317537589a849f2efd6863242eeaf54d837021bf26

SHA512
c8cab1a9082d178550843fbc5cf985670d5760f1a652cc6f9013867eeb73ffa62acdcae34261b82cbb1efac326c9c000b09bc5b7ee4bbc68882cfe94312ada5f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\prefs-1.js

Filesize
10KB

MD5
8aca3406d5883a8a257a198ea4869742

SHA1
21ea5fd1965fd6bf838e3bed6126fe5bf5d988f9

SHA256
26d21449fcc091925fc65720e58c491316600eafbc665962995853c53c00a91a

SHA512
36487902df1a845fe5f035d07c8ad76fb293ddfddd6648a1456fe4982ed7caa64213e0a554751b3f68360ebe3db75ee7f0394104b20d3060aee4b2fedf9765cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\prefs-1.js

Filesize
11KB

MD5
5a5c4e047741a92d6039e3e960351b34

SHA1
06caae101eadafdd77e8ffa63f235f772706ac3e

SHA256
f7136fea9e0852909e18bafffbec476ef6d1d773a9a27c4f9fff7ad5fd611e90

SHA512
b63b182a54ecce676f7514ff7126e6d327fe780658372e7a6ed2db05022b8e6f60b868d67fbf14abcb6522fcac55b06dae054c36a5ed927666950b593184e71a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\prefs.js

Filesize
11KB

MD5
5d7a0503687e5cb140f9815bf49bdf9b

SHA1
8b85ed72df2e5f38fd69abd7d7817307b5d96bda

SHA256
f2e6d15ffead9269df4d6a3d05ced37fe1c15c16a93c15b57722df7bfe8a75fa

SHA512
642d86585fbca67ccb5691697d9f34e6ac97f8958623a5a9f15cfc1162a567959a3becc6244b6b51fcb43b753b08f04d1db39d3a226467880767060545b6ad51

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
c7d1256d9f1c273c0ee9787199b5dfc8

SHA1
e692dbc246ea4659dff9f5d7880c6e36b7fe596e

SHA256
3b5832d3b9c3f1d0c99b204fad6f6920fcd0fb2b29be37d2cacf5b9b206b441c

SHA512
1686303f14d441dfcc58bf82179df3eb9ae855df35273d23cc892406a379a167abd50cb5c1724032c8b32d0b9a887cac1a11ef498dd9eacb0756b424d68c47a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
b91253280b7030befedb092861e36698

SHA1
88938f8dd3b6a6fb1eedce7ae597c68b6bdf3d34

SHA256
e2e75dbde587cbca327c6a2eab0be8267ab10ace334c858fbf965d85898963a2

SHA512
2d1a8665ec54ca30ca02f2b6118a258f6d08383b3b08113c7c015205e55c77d3f0c968c8e40510ffd3ba0b48ab9ab45d771cdf47a94adde30a0cfecdd1cbb2f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
4da847fa3d45cd6a6fc316e83addb92e

SHA1
cbf8b838dfe98d1e1ee68b4f59c089856781413f

SHA256
fc21e1b1ec72d47b87dad3e85342a0114d18400b86e79a18ca2624b664c07085

SHA512
2f5a8f54eb035027faa143f120115ed357be9b5fed3b35f9dd660eea1720d3ab0b23bc70517f52647125933e0f3647592984dc4ba27759a81ad3f4e57f021df6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
c89aa59808ceb07c355b3d4d52705fe9

SHA1
f81d41b6f2200e53c9bb3b1ecb90cf415a983225

SHA256
d0545bac9860d6e6715e2810c2cfa034e01af4b04edc95dececf2cb922910ebf

SHA512
b2fc029d964ceb0cd5be6fa092dad63c430d3cc6c2118ded2e0ca57e5989ccf9996a0c043be333f8b1a65cab7446b466b1ba735d41be082706c2833a0c1cbb9e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\sessionstore-backups\recovery.baklz4

Filesize
8KB

MD5
ccd6d4b631912faff5c2bf2f37953374

SHA1
6bedeef653871aeffb335e7de647fd766a57b895

SHA256
9e4c73d9baa33295623f98222ecffe8a5cf3a500b20a6da489149102825e161d

SHA512
b7512cc1414231c920ba7a5252ed49c94bc83ef604aa58e955df1060a9d16b6491480b77df8d33be8df0a66604062742a17b6a948186396daef6d5346c4f8f8c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
7e3b4f66c5da5976e419bf97a65456af

SHA1
49d764ae7a825a9703270004c2de76f64061ae87

SHA256
9bbbaf59dc40e57abe68b69733e922f0bb5a6733e3451a402e9afa06bf348118

SHA512
37cf925adad92c9bb40e0b09ac353f3638136da8bc80844e6c5ecf8425925f5276d5835b22736ce7e23b804933738d21ea316096fba56332b0702d784a4d64f4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\sessionstore-backups\recovery.baklz4

Filesize
14KB

MD5
90dd06b5af307f2e9519d7d8ae3e6630

SHA1
82092529d9b11ce583916949825d80cbf297824d

SHA256
a21a3825c5af2bc7a4bed234e47e1c75ff3b2a820ecd5904fbd72f819d7e1070

SHA512
4c003b4d542e67db1bc6289ce960806a252a954c366c1be90d46fbe6cd4bf2d73a60af50186ae5c87bafc3c575cb8ca9a21efae937d409d6520fb16a4aefc3fe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\sessionstore-backups\recovery.baklz4

Filesize
13KB

MD5
18b92e1431eadf534f14a9ec3739a525

SHA1
a73b7379ebfb5d43074b76fc69c3794298ea65af

SHA256
0c5b15b084f8feadeec44eff82c334e24ae73fa62179573b8a384d692c50e69d

SHA512
443851b55c94094eabf85d4deae7918c4d18cdcb020b938b2e285956dfc33202c24a215dde6f662d196fd52244096d7598c78b2170c367cd69acb13f930fefe2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\storage\default\https+++tours.specia1.com\cache\morgue\255\{9a2646f3-fc09-4d55-8dee-a46bd84b62ff}.final

Filesize
140B

MD5
28bbb974de64777ea76a0fdd6f0e5991

SHA1
a06ca933ca604c6dac92cfc76aed927411a35030

SHA256
0f961d5a6102c87a03fd70c69a8720d935cf1593c451c5b1dd2f569db0d7c41a

SHA512
344d52ba67005d7455b7c88d71a40ae80c3931f18697cf977dd0ddf90d6c478e0c735c8bc19b5a27c9943a22bd4169e52e3a2d2887013498b8e16a4012f48f19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\storage\default\https+++tours.specia1.com\idb\4235617677ioztoo.sqlite

Filesize
48KB

MD5
2a882324c051c9f25d829eaee6250340

SHA1
9563cd575baacdcbfa99819243a1d6a6d166dfda

SHA256
c5f933f2e94efcca14e43d1a59a6a69dd42eee8bba72d35d2f818a1074af00da

SHA512
82d27606836925ad49273c0c2e2755e5b0f8ca42301383f8903309a04e04605fd54898ca478199fafa1619e83346d9f819e9765de4985e336e3166ac92345fa3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\storage\default\https+++tours.specia1.com\idb\4235617677ioztoo.sqlite-wal

Filesize
12KB

MD5
36b3e1e99a716d53bcc8f3273790676c

SHA1
ff199e15cc55fc056c3d7c7941e69f570039ae0c

SHA256
bc06055510de8c421eede4946475a9f5f058a3357c238cf8e5d1623f7f21e786

SHA512
6a4d655abad7b633548f9672790c7f47d747df3c4c21769ee7ee7e83b1cc4b0a8662955d4ffc91f13881264d34f62e26a3f3d10b2813e6ef6fb2e1fb95eed693

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\storage\default\https+++tours.specia1.com\idb\4235617677ioztoo.sqlite-wal

Filesize
8KB

MD5
533fbaf5235a208d697a5275fd7e447c

SHA1
10683aa0cc7748ba8c1ead7044f6da3324157047

SHA256
16a481ae510ee13421b056f12b7adf7d5c5a5fddb3cfdbb748739b06a4caeb57

SHA512
83ce9d328d8fa1281db61bcf08021db1a39e0b16be82a3501d0d5a1e47d1e4af6d197af5e7cbb8f9ac4f20e854e14211512c8edbf411dbbdf229a9a8e8ed5b0a

Download Submit

Resubmissions

Analysis