6bcc4031e11d5d905a3be9f4ea95f90bd0530da865b979744869ee70fd536054

Analysis

max time kernel
146s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06-09-2024 01:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6bcc4031e11d5d905a3be9f4ea95f90bd0530da865b979744869ee70fd536054.exe
Size

896KB
MD5

33c800ae059656e1c13d9bbbf80c9865
SHA1

18528819cdf8189263a347dd76a9da563e467ca3
SHA256

6bcc4031e11d5d905a3be9f4ea95f90bd0530da865b979744869ee70fd536054
SHA512

07ab0d0d9b122c842c4f84f5d9b76d1e899eb948098e9d0cb23550612e78e47e5354a43eae25208e742ff548b257a9f43a63e3197946446d7b4fc5259505d8ae
SSDEEP

12288:lqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgarTL:lqDEvCTbMWu7rQYlBQcBiT6rprG8avL

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation	6bcc4031e11d5d905a3be9f4ea95f90bd0530da865b979744869ee70fd536054.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6bcc4031e11d5d905a3be9f4ea95f90bd0530da865b979744869ee70fd536054.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
5024	6bcc4031e11d5d905a3be9f4ea95f90bd0530da865b979744869ee70fd536054.exe
5024	6bcc4031e11d5d905a3be9f4ea95f90bd0530da865b979744869ee70fd536054.exe
2224	msedge.exe
2224	msedge.exe
1264	msedge.exe
1264	msedge.exe
6124	identity_helper.exe
6124	identity_helper.exe
7160	msedge.exe
7160	msedge.exe
7160	msedge.exe
7160	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	3420	firefox.exe
Token: SeDebugPrivilege	3420	firefox.exe
Token: SeDebugPrivilege	3420	firefox.exe
Token: SeDebugPrivilege	3420	firefox.exe
Token: SeDebugPrivilege	3420	firefox.exe

Suspicious use of FindShellTrayWindow 49 IoCs

pid	Process
5024	6bcc4031e11d5d905a3be9f4ea95f90bd0530da865b979744869ee70fd536054.exe
5024	6bcc4031e11d5d905a3be9f4ea95f90bd0530da865b979744869ee70fd536054.exe
5024	6bcc4031e11d5d905a3be9f4ea95f90bd0530da865b979744869ee70fd536054.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe

Suspicious use of SendNotifyMessage 47 IoCs

pid	Process
5024	6bcc4031e11d5d905a3be9f4ea95f90bd0530da865b979744869ee70fd536054.exe
5024	6bcc4031e11d5d905a3be9f4ea95f90bd0530da865b979744869ee70fd536054.exe
5024	6bcc4031e11d5d905a3be9f4ea95f90bd0530da865b979744869ee70fd536054.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3420	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5024 wrote to memory of 1264	5024	6bcc4031e11d5d905a3be9f4ea95f90bd0530da865b979744869ee70fd536054.exe	84
PID 5024 wrote to memory of 1264	5024	6bcc4031e11d5d905a3be9f4ea95f90bd0530da865b979744869ee70fd536054.exe	84
PID 1264 wrote to memory of 4424	1264	msedge.exe	87
PID 1264 wrote to memory of 4424	1264	msedge.exe	87
PID 5024 wrote to memory of 3244	5024	6bcc4031e11d5d905a3be9f4ea95f90bd0530da865b979744869ee70fd536054.exe	88
PID 5024 wrote to memory of 3244	5024	6bcc4031e11d5d905a3be9f4ea95f90bd0530da865b979744869ee70fd536054.exe	88
PID 3244 wrote to memory of 3420	3244	firefox.exe	89
PID 3244 wrote to memory of 3420	3244	firefox.exe	89
PID 3244 wrote to memory of 3420	3244	firefox.exe	89
PID 3244 wrote to memory of 3420	3244	firefox.exe	89
PID 3244 wrote to memory of 3420	3244	firefox.exe	89
PID 3244 wrote to memory of 3420	3244	firefox.exe	89
PID 3244 wrote to memory of 3420	3244	firefox.exe	89
PID 3244 wrote to memory of 3420	3244	firefox.exe	89
PID 3244 wrote to memory of 3420	3244	firefox.exe	89
PID 3244 wrote to memory of 3420	3244	firefox.exe	89
PID 3244 wrote to memory of 3420	3244	firefox.exe	89
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 4260	3420	firefox.exe	90
PID 3420 wrote to memory of 2548	3420	firefox.exe	91
PID 3420 wrote to memory of 2548	3420	firefox.exe	91

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\6bcc4031e11d5d905a3be9f4ea95f90bd0530da865b979744869ee70fd536054.exe
"C:\Users\Admin\AppData\Local\Temp\6bcc4031e11d5d905a3be9f4ea95f90bd0530da865b979744869ee70fd536054.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1264
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd4,0x120,0x124,0xfc,0x128,0x7ff9b35146f8,0x7ff9b3514708,0x7ff9b3514718
    3⤵
    PID:4424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,13081393586734117028,5253979250203083579,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
    3⤵
    PID:2416
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,13081393586734117028,5253979250203083579,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,13081393586734117028,5253979250203083579,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
    3⤵
    PID:3132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13081393586734117028,5253979250203083579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
    3⤵
    PID:5100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13081393586734117028,5253979250203083579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
    3⤵
    PID:3536
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,13081393586734117028,5253979250203083579,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
    3⤵
    PID:5572
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,13081393586734117028,5253979250203083579,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13081393586734117028,5253979250203083579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
    3⤵
    PID:3292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13081393586734117028,5253979250203083579,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
    3⤵
    PID:5012
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13081393586734117028,5253979250203083579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
    3⤵
    PID:5488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13081393586734117028,5253979250203083579,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
    3⤵
    PID:5620
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,13081393586734117028,5253979250203083579,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3200 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:7160
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3420
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2012 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1920 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ec1a1bf-8236-4eac-9f07-fdf8edefbc15} 3420 "\\.\pipe\gecko-crash-server-pipe.3420" gpu
      4⤵
      PID:4260
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2452 -parentBuildID 20240401114208 -prefsHandle 2436 -prefMapHandle 2432 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d86da655-5a32-4bff-bff0-682d4ff9fe97} 3420 "\\.\pipe\gecko-crash-server-pipe.3420" socket
      4⤵
      PID:2548
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3180 -childID 1 -isForBrowser -prefsHandle 3140 -prefMapHandle 3080 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {888cefdd-eee9-4b70-81a3-a2e59e09e334} 3420 "\\.\pipe\gecko-crash-server-pipe.3420" tab
      4⤵
      PID:3772
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3472 -childID 2 -isForBrowser -prefsHandle 3648 -prefMapHandle 3068 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1647a42-8858-4983-95fb-f2e4a27edf03} 3420 "\\.\pipe\gecko-crash-server-pipe.3420" tab
      4⤵
      PID:1476
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4312 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 2844 -prefMapHandle 2840 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff5e6c49-8141-4af3-ac10-ad16b474080e} 3420 "\\.\pipe\gecko-crash-server-pipe.3420" utility
      4⤵
      Checks processor information in registry
      PID:5184
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5468 -childID 3 -isForBrowser -prefsHandle 5432 -prefMapHandle 4340 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {101c266e-8f1a-414d-ba1a-04671b5be202} 3420 "\\.\pipe\gecko-crash-server-pipe.3420" tab
      4⤵
      PID:4404
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5572 -childID 4 -isForBrowser -prefsHandle 5580 -prefMapHandle 5584 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1e83e79-4fa5-4db0-a8f6-90f42d6935ab} 3420 "\\.\pipe\gecko-crash-server-pipe.3420" tab
      4⤵
      PID:2260
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5780 -childID 5 -isForBrowser -prefsHandle 5788 -prefMapHandle 5792 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a0f3cde-cc9b-4198-899f-0c6b09340ecc} 3420 "\\.\pipe\gecko-crash-server-pipe.3420" tab
      4⤵
      PID:3464
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6356 -childID 6 -isForBrowser -prefsHandle 6336 -prefMapHandle 5448 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d719c7e-eaa8-4dbd-a6b2-573bd1b98675} 3420 "\\.\pipe\gecko-crash-server-pipe.3420" tab
      4⤵
      PID:6020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
81344e331713c5463aeef887848ae142

SHA1
382c4587181bb7adc16be7941b853fa7050842cc

SHA256
c6180aaa8f858f83eae8447649ac5be2ec1ab20eb9dc35bba849f4619e00a4b4

SHA512
9507097c76dc410f933e4057c00253801d8ba38fa9753968851470edcc5be6a7cfcf5321f6603a9d5256b0c9537a33472e5e5b4a17a3f45bcbaef5b00c0370e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7e2a64fdf4ccad8f1b2144eb13d7b180

SHA1
225518f265df82fe23356dda62b6542db9c139be

SHA256
66cc24fc0d6a66589614c1260ff10ebdfa8038618543768b3cf9486352af4ba8

SHA512
fba7e5d1fb2438cd47f3896f5ce637e5c64d74ce6e87fbc81aacf28ba6758f2852296de9d2f0e814dd888733b08f3be2d0ef6e0d6a946a5b6854a0ca10d434fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0bdcf0598999badf64eb6c0c75013739

SHA1
11d4dd49dd464220b5d045151b01c9295d5c4df4

SHA256
d54f00c2353eed992bce69b7e1a0b3770430f0dea8603c5eb7871384683843f2

SHA512
90686b59a1d4e0b43238eab2736c95241e6df1ec58defb4b4b0ebec3a61c3cc842736ccfa2dcd1e4e133c943134d073f54da92d780c12dea2096b2125cf05ac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3246b9dc6bdf9fc9ae21a0e002287c0a

SHA1
bc94200232698bd53369f71c199d24fd1f5e0b81

SHA256
480b73c64354481727850c22388cf56249d113edd27716d567488dc6c2bf54b8

SHA512
d0546f28118dd33ea56444224f991190472594640130397d0eddfc36e45550b2bf6e6e24e6c29fdd3f6be68a5f7a4100be027dbf560b071ab48e4d90bbe65dd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
98b3790a64b1d83ad607817b929271ca

SHA1
31da51e7d2a415b454aab9f068f63c9d1ef32594

SHA256
bb8a004b1435998b934574ea93f7c9384b31a1c69ceaab86829c4773507cf374

SHA512
3e49c28a14f8ad463e980aa1105d717b1f112a0b9c09e39d8c8852940fb536ce892a6059515326b5cdb53e2372262df930a27ab1163b61d36a00695049f97d7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
57a4335e4c1f6594cebd0e7914d577b2

SHA1
29f19b56b34f50e2dce371f507d6e636c47f9f3c

SHA256
572bd36773973fe9086c77413bffa84448c4b101a22daf31a41ec362e9c13689

SHA512
fe7235caec6b89940c2308a237353e30aaf0a97651cdce771af8f80fe98cbe7d600430818d990268fee3c31d7ed3c538b04106cdc2c666459dc0a804acc8ff09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
091595f4400070c86635345962649d9b

SHA1
9b3026a648d1f31bc57f06b311f25347f79754a2

SHA256
f378fa6fb2b04f19fa55f23187dad791b743ab80f66dfeecc3de0afb288edf66

SHA512
968538582560a700daa0634d3c152573864db029fe5bddb3568c38c60eaad8ef9c170e9c69ecb9256a5577fa5c51ae4cb59bc34c538e29674cd60de0ce828c96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58dbb5.TMP

Filesize
203B

MD5
78d1f8e77413ad49f45b6242778bd5de

SHA1
ca321e7e5254ed3aebf8163b5e43b797aad53d3a

SHA256
780952f973d56491bbcfe6d8a433f6a57d40e38f29c80b6971a284f31a960327

SHA512
6aa3ea14954658f52fcef82099d91e276cc1fc4f74a3099afa6e96ed3c3ee551d6ecfd989079172ed4d0fc5f5b4d4dc1fc2ddda50a930f752f48f54c198522ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b632f1bfbd39d676abd051db3c24d172

SHA1
6f3de823f97d6d4a9662b60bf62710aadcb51384

SHA256
66418d2e5f8cac379e868c75f90867f6e517a2227d18782595c31151eb67fcd4

SHA512
e1341c588546f4b654ac3b1d2fa14c289089b9cadc4a59393f8cf871182c31ed2cde981ece8125ee9b605a83af4d517ddfba00cd5cf0844b017bb5133ef14504

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\activity-stream.discovery_stream.json

Filesize
30KB

MD5
16b2017c8052496e4f9e84701f45260d

SHA1
f9b3c02d22787081ce72ea3c3020bfc801ad875e

SHA256
0b55da1cef87809b908c1eb3852bed55b43b0b819aaeca7a11055f1f85438977

SHA512
618169eac103dbcaf72109d1779c75818f1e85511c16e09bd1f83e648ceb3792e81d946bfc5b829090caca71730aebba1141192849652cb7b8bbd8a117913a91

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F

Filesize
13KB

MD5
9b7ad9680339c4661307f06476243396

SHA1
abc12dcc7df9bbf81517a112727a21788ae9574a

SHA256
1a6bae02862dd9cd0c98008b24fcdc447250b312008bb464a376396c61c215d0

SHA512
4d3aa0bf8be095f38f0cb026aa7d1880792cbcae74ae5763c13a4fbd18003bd16d2120d8e170ad52c922499ebbb33ee9d96c7e8e403e4b82b93819154f361541

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\AlternateServices.bin

Filesize
6KB

MD5
3f05dcb5a7574aab1464c88c218e59ca

SHA1
c8de194fb12befae97d59cea10e9a369d5845425

SHA256
1af5e53e4b2cca101295eb1bbda7f53138696348af3d358a293b4aa011eee0c3

SHA512
1d389f6d6d266169d7398177a8f3c4efede441317f7e50bf03780ed7d2b796e5cb79e9f08bfde61e4c33d04208a1da86d302382aed3de76d2e4104c8bbe3b4dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\AlternateServices.bin

Filesize
7KB

MD5
caa0b53fa7e8cb591e5068946954bf81

SHA1
60b366d9c998730407e82d1de998383586e68259

SHA256
78874debd255362f466aed7e410b4069db86a91d5ef6a0c840357a08b6d2af1d

SHA512
5ebafe97224d0f449af6a178d7f7fde2b99207a0926f4ce4aee561bda20ab0f789baf7acbcca9de361abc6b62d76957f9c0657503d51d7bdfc6347196a4efff5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\AlternateServices.bin

Filesize
8KB

MD5
c383928f0049bdea4c94c598c595f4d1

SHA1
12ac6cc2e608146b9b82a768e843b82b2beefac5

SHA256
423fa957ecc4e41abc40b5c8c1a14d9995bec6b8ec13eff9a48828e92e0b9685

SHA512
7bb36203ff1888ff4c2309b7839a08de53a58854d152348259ceb7447d3877b69b8e85ed9a7a018bf4ca49ff419044b1baa38a20b065b58e26218671399041f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\AlternateServices.bin

Filesize
12KB

MD5
18d508443827b0487084582b8af179e3

SHA1
56e2db0367aeab78b85f0ce713db2e1edf0923f2

SHA256
fa44a53ffaf00ff90a6cb2ee90bbec3e6a13cf39007af07a666ce0bcdd191481

SHA512
32eebd42b4cad2c32364da0c2ade7524ee9d7b237cdb59b5528598b10272514b7de3473f426caa8a02646b2dd0cf405ca0d896370e0bb21d6d022c82c004a3a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\AlternateServices.bin

Filesize
16KB

MD5
5d17f02edc82c9e40cf2bc032c2cf38c

SHA1
d16b7bd2a291aa17a5b07269630df8180916539b

SHA256
031c836e6bdf3a22777f98963e392942d98a2dcc2221ac0fdaf9bde6ce2b7c90

SHA512
9ed119d53ea0ffa129481499e3ac865823878ff39bff69695044d353608c1579bf7c2d66c0b587f4e57511bb7f45b9fb0520a66b3a08183b6c3d0e9e7f2128c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
8d4da124ae5902dc77b5f64af0a020ab

SHA1
cf7ccbcc9f304e30c7381bbefb3d28f5eeab185b

SHA256
48f3095b8a240b98b2e0f4254c57063d7c8e240239e9ff73910c10db16e3a56b

SHA512
50bcf1e0d2d8540b1f84d50e94299b4f3ecdf2de3097d80c726ba82dc9bde313b5e67f87996176c082890f06fb47dd3fb986ee4181698c5cf97d819f889d4b48

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
25KB

MD5
a7f6a0439ca49448248c244ada2bc934

SHA1
8dbc28342e1a2e0de096f84593dceb989c0726c1

SHA256
94e0828c802bcf822cec742a1a7b365d4ce6503cf527ad5a7fc008335bc2ea72

SHA512
ff11fe3d9ffc801e734aa5b2722edc9cf8e0635759a27ba061358c0b9e90564f313a91b5274f1ef04dbdf5b288bdd9a5212d02335206b4bacbde27eb7b0c676c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
849a416801a249a9397e13e27c80abf4

SHA1
b9e9bf6896fb80d4d279d5de4b8d3d3f266a0224

SHA256
67246f5ea58596dceb9021ac13b94a3f882da12307a521d97b8bd2037bd898a6

SHA512
4917c5918555163aad988f6cf09950409eb4c081ea0da8887bde7537995e450ae93fd4c7e58e4539ee4d51e5626cb78cd3ead1812a7bff38530d18bf1d9b42be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\2fae5a1a-88ea-4be8-a52f-17cb531f9f85

Filesize
659B

MD5
05bfda15f61a145c68c5bbac6dab61f3

SHA1
0916cc55a6da2db116128442d115de1a5eb9d668

SHA256
3fe0ae6f1c0abc9be6d9601020304f13b4410f64c0bef4063be7e1902bcdd8c1

SHA512
06b3222fc099866da8b82aa959861fe9e1c291e8a2a058eea5cd76dec531b82e4b09a83ead6c80be8721e1cf5d948138bdf2b4bc6d0f6c22cf69b72bcd166948

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\c3e5610e-85fc-47ed-8008-106cdd462796

Filesize
982B

MD5
f832c83feb388455e967c9f0eb7017ab

SHA1
3a385c2f29c888f9a052b8aff07bcb370648dfb3

SHA256
bd25f56a63058b1efa4068c28c3517aa03d35716208db961d716159804677eb5

SHA512
769cd63535797fcadc54d09ef5fc22d86feccd5d3257c9433ee7488c2eaf01b99d3e17996c074cce96214f6a6b3d0581b73dc54c8a9e51119adcfe12bf829d69

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\prefs-1.js

Filesize
12KB

MD5
2a315e7331bc037e7513dfb39f0a260c

SHA1
cf59c8aec0b8e2c925a3ea1944373066fb3be1e0

SHA256
27cbc55b20af36044772e1464a3086dd6dab6dc14fdd92cac9987e7a5026768f

SHA512
1026764d4c1790e2e52530903e319bec9ed64432665948e7cace205b4012e90b65f2d60160f8238bad7ae89d1837295f8d3974c7a3db03a04ae23558a0800a58

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\prefs-1.js

Filesize
16KB

MD5
b20763db3cbcdbcf389293db8ad2c13d

SHA1
c8be2d65cd0975d15137ee62cf33977ccf4119db

SHA256
fce2cc7a389fa2b8822b976890d37d2306fef3b2568d50cd200a7576161a1490

SHA512
c7d8e84abb7580a2f77e85c8df3bec1657e7402e9bd01ad40a9512e12e29874905ce73b38a544c4ed8f9bf78a84afff0b45d9ec48c14552a59996dccf906b617

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
65d8a348365ad95c6070826b7a620a32

SHA1
93be80be83f147e563ec5ca14d209950bad9fabd

SHA256
1e05fd1eeef5a89bd16128ac98e1445617c9fbe45f384b3b7cdfa1d7e071055d

SHA512
011033e9795dc7870b94973cae8e8b2509983399f25f08ee5afa43a03b5910122c8975ff92d79511877946ad6c75a4e6c3d6e0f07a4b04e78ff37359dd75973f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
376KB

MD5
5bef36aee869e915d57334ded9610ad0

SHA1
1636c31672ef76ca2e2d9f86f7bd121613d86d9c

SHA256
18295cf05b35de3e48ca83356cb26f0ca38140b35cbeed0ceab6ddac8e189eac

SHA512
56500ad410dac891d61cc889f9b59ce7bb3db19d34d26fb87c26239b6d6ca3bb2046761870038009554930a1ad5af41de5a2698ed892dbb97f8ae59f8ff6121b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.2MB

MD5
8711009b21374f9b9283e71717783e74

SHA1
5fd4fa270e091c5835f4612e87cafb320fb47434

SHA256
c6e4d8ad19855951fecbeff4f1b618f03dc4eb88aed7e022c4501b98c3408b54

SHA512
5e54859aeea9efeaf09e27d74fcef2654be2b45de75a9d6a9a0c548524f2d857b775050137a1619c2553e7a4f8b9cd011decb35846f337cfe40b6d4d5c85e8e1

Download Submit