hxxps://www[.]deezer[.]com/explore/features/transfer-playlist/

Analysis

max time kernel
158s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/09/2024, 16:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.deezer.com/explore/features/transfer-playlist/

Score

9^/10

credential_access discovery motw phishing stealer

Malware Config

Signatures

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
754	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2816	firefox.exe
Token: SeDebugPrivilege	2816	firefox.exe
Token: SeDebugPrivilege	2816	firefox.exe
Token: SeDebugPrivilege	2816	firefox.exe
Token: SeDebugPrivilege	2816	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe
2816	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1316 wrote to memory of 2816	1316	firefox.exe	83
PID 1316 wrote to memory of 2816	1316	firefox.exe	83
PID 1316 wrote to memory of 2816	1316	firefox.exe	83
PID 1316 wrote to memory of 2816	1316	firefox.exe	83
PID 1316 wrote to memory of 2816	1316	firefox.exe	83
PID 1316 wrote to memory of 2816	1316	firefox.exe	83
PID 1316 wrote to memory of 2816	1316	firefox.exe	83
PID 1316 wrote to memory of 2816	1316	firefox.exe	83
PID 1316 wrote to memory of 2816	1316	firefox.exe	83
PID 1316 wrote to memory of 2816	1316	firefox.exe	83
PID 1316 wrote to memory of 2816	1316	firefox.exe	83
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 1632	2816	firefox.exe	84
PID 2816 wrote to memory of 924	2816	firefox.exe	85
PID 2816 wrote to memory of 924	2816	firefox.exe	85
PID 2816 wrote to memory of 924	2816	firefox.exe	85
PID 2816 wrote to memory of 924	2816	firefox.exe	85
PID 2816 wrote to memory of 924	2816	firefox.exe	85
PID 2816 wrote to memory of 924	2816	firefox.exe	85
PID 2816 wrote to memory of 924	2816	firefox.exe	85
PID 2816 wrote to memory of 924	2816	firefox.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.deezer.com/explore/features/transfer-playlist/"
1⤵
- Suspicious use of WriteProcessMemory
PID:1316
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.deezer.com/explore/features/transfer-playlist/
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2032 -parentBuildID 20240401114208 -prefsHandle 1960 -prefMapHandle 1352 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2413720-1b77-4bbb-a60a-4954b13a1f60} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" gpu
    3⤵
    PID:1632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2444 -prefMapHandle 2440 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0be68be8-b7f2-41cb-9862-a38a1a7f6516} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" socket
    3⤵
    PID:924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3152 -childID 1 -isForBrowser -prefsHandle 1688 -prefMapHandle 1804 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {db0fc63a-d6a7-4b65-80ba-15c5a85e83e8} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
    3⤵
    PID:3932
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3692 -childID 2 -isForBrowser -prefsHandle 3684 -prefMapHandle 3680 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d27364c8-937d-4992-bb1d-157d902a01f8} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
    3⤵
    PID:2416
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4268 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4444 -prefMapHandle 4440 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9353d99-f0f4-4f57-9280-843845dce622} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" utility
    3⤵
    - Checks processor information in registry
    PID:2620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5360 -childID 3 -isForBrowser -prefsHandle 5404 -prefMapHandle 5372 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b13717f-820f-48da-8318-a898f6673004} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
    3⤵
    PID:1568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5536 -childID 4 -isForBrowser -prefsHandle 5544 -prefMapHandle 5548 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99c928e6-d72f-40b7-abda-6c1fc7ba522f} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
    3⤵
    PID:812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5824 -childID 5 -isForBrowser -prefsHandle 5744 -prefMapHandle 5816 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1c52b50-b35e-40b6-a04c-8b50ab31384d} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
    3⤵
    PID:1908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1416 -childID 6 -isForBrowser -prefsHandle 5156 -prefMapHandle 6600 -prefsLen 33958 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f2c45fe-7532-4344-82f6-cf003515141a} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
    3⤵
    PID:4320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6732 -childID 7 -isForBrowser -prefsHandle 6720 -prefMapHandle 4008 -prefsLen 30981 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {897d865b-f0dc-493e-a0e7-fd0a4db3feaf} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
    3⤵
    PID:436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2904 -childID 8 -isForBrowser -prefsHandle 2788 -prefMapHandle 2808 -prefsLen 30981 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6cceee5a-62e1-4925-ab0c-0653bb1e30aa} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
    3⤵
    PID:2684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5488 -childID 9 -isForBrowser -prefsHandle 5508 -prefMapHandle 5512 -prefsLen 30981 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3604cb2d-4e6f-4d00-a326-cab6eab78bd9} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
    3⤵
    PID:1792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7608 -childID 10 -isForBrowser -prefsHandle 7688 -prefMapHandle 7656 -prefsLen 30981 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc3d8098-ecc4-4143-a645-f9dd8d78becf} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
    3⤵
    PID:2136
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7700 -childID 11 -isForBrowser -prefsHandle 7776 -prefMapHandle 7772 -prefsLen 30981 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37b47fb7-89c8-424a-93da-728354aa1792} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
    3⤵
    PID:4884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5216 -childID 12 -isForBrowser -prefsHandle 4008 -prefMapHandle 5036 -prefsLen 30981 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c36e98ce-21f2-4e3b-ba04-c8f313477057} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
    3⤵
    PID:3560
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7744 -childID 13 -isForBrowser -prefsHandle 8156 -prefMapHandle 8096 -prefsLen 30981 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e873632-c03a-4291-b55d-0552d7fae7bb} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
    3⤵
    PID:5464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7700 -childID 14 -isForBrowser -prefsHandle 8244 -prefMapHandle 8248 -prefsLen 30981 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {48227a81-15d8-4667-97b6-7fc58a8d6f49} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
    3⤵
    PID:5476
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8416 -childID 15 -isForBrowser -prefsHandle 8424 -prefMapHandle 8420 -prefsLen 30981 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9cc874b3-1954-4a00-bf56-3331918de4ab} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
    3⤵
    PID:5560
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8680 -childID 16 -isForBrowser -prefsHandle 8604 -prefMapHandle 8672 -prefsLen 30981 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {87459b5e-20f1-46ff-a7d9-2d3082cf651e} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
    3⤵
    PID:5572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6296 -childID 17 -isForBrowser -prefsHandle 8788 -prefMapHandle 8796 -prefsLen 30981 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e626502-9d7c-4487-8299-f2893f5a4b15} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
    3⤵
    PID:5636
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9024 -childID 18 -isForBrowser -prefsHandle 8188 -prefMapHandle 6072 -prefsLen 30981 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c45e150f-f0c0-4965-a52f-ba5e75fabb29} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
    3⤵
    PID:5440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5572 -childID 19 -isForBrowser -prefsHandle 9600 -prefMapHandle 9044 -prefsLen 30981 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec7c5afc-3d9d-4d77-91b2-1ff8f77d8b4f} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
    3⤵
    PID:5472
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6424 -childID 20 -isForBrowser -prefsHandle 6708 -prefMapHandle 6616 -prefsLen 30981 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb704e6f-a1d7-403c-bfdd-2703e326d967} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
    3⤵
    PID:5484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10344 -childID 21 -isForBrowser -prefsHandle 10328 -prefMapHandle 10320 -prefsLen 30981 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {23998f07-d72f-4d5b-8727-cb90b33adcf7} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
    3⤵
    PID:5620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3592 -childID 22 -isForBrowser -prefsHandle 10356 -prefMapHandle 10352 -prefsLen 30981 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b02c3c1-a6d5-4d34-a9ec-00ab5a7ba67d} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
    3⤵
    PID:5648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10680 -childID 23 -isForBrowser -prefsHandle 10756 -prefMapHandle 10752 -prefsLen 30981 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86344542-75d4-4304-b4ef-89ae7fb1dd9c} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
    3⤵
    PID:668
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11104 -childID 24 -isForBrowser -prefsHandle 11112 -prefMapHandle 11116 -prefsLen 30981 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f095a22-c631-41c7-a086-2823337bfa7f} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
    3⤵
    PID:6668
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11048 -childID 25 -isForBrowser -prefsHandle 11176 -prefMapHandle 11180 -prefsLen 30981 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40c722b5-02ea-402d-bbc4-4d0a39bb96dc} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
    3⤵
    PID:6724
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11292 -childID 26 -isForBrowser -prefsHandle 10856 -prefMapHandle 11300 -prefsLen 30981 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {04ed67e0-be4e-4894-86bb-516a52948396} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
    3⤵
    PID:6804
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11336 -childID 27 -isForBrowser -prefsHandle 8788 -prefMapHandle 11064 -prefsLen 30981 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5869f34-3cda-4c2f-9a47-0d33bf4d1b64} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
    3⤵
    PID:6768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9580 -childID 28 -isForBrowser -prefsHandle 11476 -prefMapHandle 9988 -prefsLen 30981 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27b52d93-f956-4ff2-b330-0bd4a3979c9d} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
    3⤵
    PID:208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3012 -childID 29 -isForBrowser -prefsHandle 8916 -prefMapHandle 2912 -prefsLen 30981 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac15458a-8642-4a66-8a60-b1fd3042c21d} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
    3⤵
    PID:6932
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2996 -childID 30 -isForBrowser -prefsHandle 8928 -prefMapHandle 8940 -prefsLen 30981 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3842fe72-c628-4484-9d2d-fed812281de7} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
    3⤵
    PID:6940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11780 -childID 31 -isForBrowser -prefsHandle 11744 -prefMapHandle 11756 -prefsLen 30981 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {722cc2ea-74b4-4cab-81ae-e060c0eb098b} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
    3⤵
    PID:6236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10672 -childID 32 -isForBrowser -prefsHandle 6784 -prefMapHandle 11660 -prefsLen 30981 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e86990d0-cc55-4b99-8ab5-5a6070bd17a0} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
    3⤵
    PID:7260
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10960 -childID 33 -isForBrowser -prefsHandle 11324 -prefMapHandle 8956 -prefsLen 30981 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {990be4d8-fc50-4704-b827-aeb9aa0a86e5} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
    3⤵
    PID:7268
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11204 -childID 34 -isForBrowser -prefsHandle 7016 -prefMapHandle 10204 -prefsLen 30981 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5ee5497-ddfb-4db1-ba23-a434413b4203} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
    3⤵
    PID:7276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\cache2\doomed\17343

Filesize
18KB

MD5
167766d76cd6bb17cd008d7047ec514d

SHA1
2feb8e6993fb5e7e7bf5abfd6a2803eb959a42ad

SHA256
af5f69695031c4c70c0ebd6b8ac6048106fc65d722cc917a38716739d7bb4bab

SHA512
cee1bc7a8747fb51d34aedbef7dd7e740c3952b4f2166fb7e32ab9151f6c40b313df27f0c2722e1d099bd892daa7c168b0c3e3df9cc1d40a5b4b1a005c2827eb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\cache2\entries\0034A2FBD9A726CEC5C90AB5C3361AEA4AD51759

Filesize
54KB

MD5
9d1c0544ef48fb39a54b771c9973d1fd

SHA1
97c64304a9943cf20245bfcd9f4d5f5fcb0644fb

SHA256
3869958a67fef9353730b315afe84d23787b671497e83e3b3b237824e30fd05b

SHA512
de5bec33743d395b9f52296ec59c3187414e3d77f631ea304882c2f7deda5248cd35a82ba38227f8267c1e43527cce81ede667163567f89e6224f82e92a4d700

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\cache2\entries\37CE26FCB0C1888DB53A4C5B88C765B75C894342

Filesize
65KB

MD5
5b9399be3413adb72f5606a01ace2817

SHA1
c7cbdefbaecab70feb345156875902181601c53b

SHA256
535a07d1a8ab3116b266da9d555f0432246de8af3a73276dae675ee80fb1d723

SHA512
d8ca99cf37d7778c4d38926d8a240f65d3420f8b8efbbd7c35a4b08a3cca2224d7de6e7990ed2138f3142584c282fdf363b7d9e6a1f3ff94eddd901d11b3c464

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\cache2\entries\3B05AFD1FA35CA712C96B9CA15DB60E50823FEF1

Filesize
41KB

MD5
ac57209127e6af3524ff4af77241d0a0

SHA1
c0e5b3176cec0f0af589e24ff666682b87df1778

SHA256
e2ab4e99f34cd36fb2a8b4563050508668778f64bf7162b7d66c2733a4cce457

SHA512
93cb1e865ae73f41b91ec8e22bfd73a7ee3d979612ec5193aea4c5c8f6ecfe1ee38085030ef8dfa54dabfb3475a265f107ff6cbfb773a85e6f739c7d3d83cb88

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\cache2\entries\3F4DCEDE79FD383BB574FA0661E5524815E97C66

Filesize
70KB

MD5
c5e75d21e2534adf12ca37f49f02ce8b

SHA1
6e55e57e8cc43f80a028de35907ff172178ed7f1

SHA256
b7129126f5ebce121aaf2e5d2e90f0e373d2ce748828be574db534ec1f3944cb

SHA512
5277739694a0f2ee8385e8b3f207810e87fe9eea88f3e3df4ceb376c3e69136295768ec3154146b1aee5cf889e970923194a13c0f4478bddca8a83263a4855d3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\cache2\entries\40B1A671208DA899605F41FADBBA76003F8100D8

Filesize
13KB

MD5
39088af2a199c953d21e88f806d9f6d7

SHA1
d74cb708d3733359ead815143fae41a4c072eeb0

SHA256
7356192502466bae83d9024c7e2c2e9ea6cd9fa0a1b688903c7415a6a5d7be9e

SHA512
ba92986d3354eadd1129325af915510fb4ee22751c8128dda5a9931a25e9e2139e1ccc459d6a2ba5ab01108024ec248aaab5890f288d0f09fbcbc49039ba0f77

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F

Filesize
13KB

MD5
57d0de579d0dceb24972791d0847ae8b

SHA1
e5ce779ca3503bf34365a0b92f211cdc4e334531

SHA256
8a949d6845bd1c3310df1e6514f0290c94f3218ae73fc1961a0e9de544824817

SHA512
d8f8b98941e2153d49a59cecf34590d52247f8f319496b80819f31cd62f0cf2699ede9c3346ca7f95294a88ab677d2898dfe29bf09282c5dd2a63b7f9d614501

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\cache2\entries\8A735169B3B54B2C3554078F16113A1FAB0ED9DE

Filesize
1.0MB

MD5
3faa66641d511ca07ea9e74bda726425

SHA1
b929fcc132729c17de663799961d609314dd7dde

SHA256
6edef30a3b15e9693bf4894fdf4b6239469c50371b19f17ea9b15bd2e00fdd1b

SHA512
ef85fc52fac2ff813acd079798866f9d651dc59ef5d3b79dfd586d98c880c645dfd06c8a1a0673f6d91e6732ed225a06ba619849d4422eb814667504c5098657

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\cache2\entries\9D6A55C34F63D730632777CC9B67760160EF8BF1

Filesize
18KB

MD5
24f07665df857604d8d38b0b5face0f0

SHA1
b4bf2c97e918d8e1668043820ef25274e94d2a3e

SHA256
de9c7def6e0b20184a346e8a97807541f086b6e5a2c95ca2a9663a7fb38d7099

SHA512
89687b70d5e1cc251cd639c9c9d6628fc162be74dcf4da0b1863355ff7839a94fd7c0b8509354f02c077be317e1b287ee2c580a540641d94325178a7ad174bf1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\cache2\entries\A2440028C43A0027B7896C9AE5FEF6DE04A329F5

Filesize
85KB

MD5
200ce85b24c510218880783add71d20b

SHA1
bfb15b30ef0a14073ff93291f0a8012318868298

SHA256
b12d762516f86b658a255c67218c0f62650fd794820ca61044b2ec7c0fd54e0b

SHA512
5813c34bb59d4c0da484707f40e594009864a3c3c1eed2d6f8c9ff3dbcd39df52ffad3f797053fb9c6daba6b033a9c0ee4aa3d21b60135b02c164649a8312116

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\cache2\entries\C023792F2A5BA40DAEA8DF3A02528C9906C0B10B

Filesize
70KB

MD5
c4e4cb5725b6ac53370babfab23608fb

SHA1
5fcac4d040a40fbca44ac7aefaa35739493b20ca

SHA256
2c3061285ee50deb36d7c5aedfe294a8ce76d106ea4ffe790962de2a229a183c

SHA512
d2b3c6c459871e34eec5729cecd3206e68d617c6690457323e569ee1a6b107f3188920675f45f5bf575dde1f21c3b308f6f370e4512b5f1b46246725a3fd873d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\cache2\entries\DA600A88118671EA95C11E61196B54A6A4484FD8

Filesize
26KB

MD5
804f5e4d4b85362f33a9c536e9ccf24b

SHA1
d13404cde13e291467fdb368a9de560746bd9d0b

SHA256
ea577417c09d08bdbfaa1158fdf6084a6db78eb73629d56935ea9a68813c3d6f

SHA512
ad32c5fb8fd8eb3c65d8d0b24ccbbc15fda7394f8bd3069a346abd96b089c41a07c8dfd13060ec5f5f39a4fdbe2d4da0a3ab6a958f83089b9dc9916af4406fe2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\cache2\entries\DE13A8F24FFFA0307BE448655791A74C125A6AC5

Filesize
141KB

MD5
21da67a9fd3fc1dbf76a30b502dcce9b

SHA1
16fada1911682509a0c1f91bae1bdd12f2c61052

SHA256
ce27dca0e44001e53dd973bd187d4f936d41a4d49356f059f4c394f4e77f5458

SHA512
01f854a98d922aa35848f3728ca504d3bb638944f8445ca0b6b98b0dd25b266710f54c4908be812f38d15b8ad44eb0e2399f4b7f77a0842da4175df542667004

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\cache2\entries\E5892C418338BCB755DF86B424E7AD2344CB017B

Filesize
108KB

MD5
a7a9e3270bb67f9c88e192ce066f1894

SHA1
5d3a29a447cd8bb50eb2f79230c5c2dfbd7a8328

SHA256
a900f625f3c817bb016721b752f896b328edc7aeaef282088cd19c0ee5ac4f9b

SHA512
340ed2c5f0460d970f2e73a0a2ad91d20d21c7c726dc0298dde9983e90a2cc0a6a6a1d48a2e7996f6ef43a440f98968ce939682e6f49db7f25994657d2682247

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\AlternateServices.bin

Filesize
6KB

MD5
11fcbf33e5a5d26ec3414c23c7690f34

SHA1
adf8902863c208e341f13e2283a071e681a37828

SHA256
718534c1f221936ccb2d8c50f7306cc0279d9a5bee5321d76dde19e3c55520fc

SHA512
a973caf89626c476ea14f3e90328a12983d95a7f3a0b96020787b9e66017bca035ff1eddb57930af8628e5e013cf2ae63f7673ee926bdcf461dde856c229a054

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\AlternateServices.bin

Filesize
12KB

MD5
48d38c2c2c85a187e9782f898a39668b

SHA1
ecce8939cb57454d847ed36e06a2f1a83cadd45d

SHA256
5efb750acbe60b3d8c09ad9cb46fc9ea0712acc18acddadfe7e760126f0eb5c6

SHA512
eff83bdb1cbda2c5298359b02cdb32d579cb39e0039a7f52ec064a4bdd237e10b56c3927955766728bcf8ee27f06be90f27c0d244d2358c095f5b037413e365e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\AlternateServices.bin

Filesize
7KB

MD5
0aed045f152ba1a76a6fb480efcd23ed

SHA1
c844cee7cc82d7359c3f2c93a2e98f8e6fe604c8

SHA256
8be1430b91ab2a6545e74823a45383951c8c1f038e9dcf8ed648d5eee85e2092

SHA512
209f01ff60be04df7127485bf6c5afd18e89724413dcaf02aa0d6239077b0de40fd4ed75b66587b80295da643f61015f9c02cc6ad5c79cd20e7d974385352add

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
b197929af4c1a9505725033771eb1bec

SHA1
270475bd9dff3bb912bd3e51eb03af55f5e70900

SHA256
4e08f439ef493cc43cff457ed48db73cc28de88b97de6c2e5bcc40ac8228fb6c

SHA512
a83ba329fc4a234ca8cb7d1460fb49badfa2f05de71890e2525f1bb108bd01855c97b08d2d4e58f287d40313969759b7cc638312dcce815dede632767d76fe1b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
bd0d1d795bcd6bbd03bd2bd7dd735ec9

SHA1
82a3d61bb8375351bfc3169152547064b7f378c6

SHA256
43bef735b77ead427eea3a25df959857e408fb13736c851cdc45b4a41862988c

SHA512
82e95ef2479638479bbb68d7789fa6da7f891a05d6ff91cdfdf071eefb2ef51d861f5a9c9dc1e4cc912c8945ebafa705f779382b58474469d95567ea9885626c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
0f2790486d190c3e80488698829e3765

SHA1
e07c209130a0173a693d6823da7314166c0c65ff

SHA256
a7583072f5d281d6250b7124036a5aadbfe987c727d867340e59055847bd7227

SHA512
de5ee7e69c86dc3e8ca388777e35d60608f8defb0741bd5c7d417843dffa58b3e4cffba0f35fb463a055c1f1c3214f44daeafbd02d12f47351de2e1ab5db84b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
90505b9beba5ce31442dfd43e97f78a3

SHA1
2ce1f1b570e0e5fcaeb382bdd6d86e0e03a75b94

SHA256
3e2a86bd98efbe3f19d1399e6c9cf808b9a4ef2a109aa2f25673b087cbc02cb5

SHA512
4725f71b6f8cb7c43cededf3465764deeca848353a7cc30fe23839026fedc0519ece565feffb251fdaba4a29cec994a30e8e60b3200d5cec3799698fba8944c0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\pending_pings\47e6780e-680b-433d-a636-f68e892102fb

Filesize
671B

MD5
d146c7f20fae372f046e154a28a1fbbb

SHA1
1da07f5f05783451b8a1df8a5583fc026f7aad56

SHA256
108f114fbb0fa2d58966fbb21800999d927333b376ee7dee81f892b787c2acf3

SHA512
d8804d70683468bc7b1b84066010593a4f7717df6a6dbf2e985dfb68a1da251d38ccf0e9a0042addc0fb45834fcffea8e515e5f5382045714adad18050cd0d7f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\pending_pings\c81c2b64-dc47-4e7b-9e78-e043053f241b

Filesize
982B

MD5
77c232b2a3580317afeacef24beaf66b

SHA1
4916a75aed8af135cb5723fddc1dfb61aabd63f1

SHA256
33f96af9947becd5fa547e973dfeab113d6ca4a945da21fdd640e93d7f866e9b

SHA512
b62741cbec656e49313e1f6b7f942bb262aae934e66ee51629a3599a518fb9362415c61fa85f0db883ad1d3e9927d46979b4af8925433ab8a8c94263966233ef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\pending_pings\e00fd3a0-2d4c-4800-b1fe-91c03bef924d

Filesize
24KB

MD5
8dc4e0eddf22b37e2f03fbfbe59b3cb3

SHA1
b075f9f969ef9c739645f54ca133ae4c4af5eb1c

SHA256
f6519871932014b3159819614e67b23d10a512f8aacebabd4f3ef8285e13f509

SHA512
53732e53fefe52dcc0fb5cbd381bf4f5958a9bf148c88811fdef5578d8bf80095e636d3d7068f8e87e4da1fd95d1047a0047d63337a8ac120fc88d4180956d3a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\prefs-1.js

Filesize
11KB

MD5
9333fee4457b2acefd7ace794f9fd7f5

SHA1
f725110f14d98c173f4672d9f3b50b33020512a3

SHA256
7ee1d5f898d7132c185cb92d5dc2386c1fac1b6e2bef8830f6e5961ef0b07ec5

SHA512
e60cdae2d69f90dabab848b98aeeb65eb11a7f0163e4664de6abc214083499cb602bf02d770cc03419396b65fe7297c53166fc8bdc5f2969108540e607d28131

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\prefs-1.js

Filesize
15KB

MD5
570d8e177ad436fc43c5697744f95fe1

SHA1
712fa5e1d4d30a48da54d616d7c3f223fdc118ee

SHA256
e258dd499b21e82bcc63a17e0dd0987e0e40e907d91dbf88e672b07bf747196c

SHA512
5995446c33a14ed8d2abe04b62c848752c602585955260a9e2034488bdff45969c9060c4e5ed2a75cbcf9906bdf07bb224c1843a62cd6ba4eb97ecb1bba58cde

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\prefs-1.js

Filesize
14KB

MD5
a414649f38434276b595d815f7bb6ebc

SHA1
7104a05f818d03081d2ea054c542dbcb87502e78

SHA256
4d3729e39e5f304c554bbb97c7dad040121e5f052e01a37223f96c452316d817

SHA512
3c83c14a9088e9d79c1e3051d35249f1c86289e3ecc8a114de338d7173eecbcfaef69bdd481c5efb389bb1fc33cd9437b569cf98d812901b76dc25c3a5c7be35

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\prefs.js

Filesize
11KB

MD5
934b40f364e5eab25e07c61a9673dbb5

SHA1
5eeac1716d117a18f58a8cedac0ac11b2f5063d7

SHA256
2dad2d191095cfdeb202b3aa3e1f2181463aeaa431572e32f600001a639f1705

SHA512
7fda326855c2e3620eeb66807a627d6e8a89a995971b9cd52840929cdd79c8d913b36cc4f4ea4318b5676f120775abc4ed5a8e9a1d1aa7eac4a50f159797f4a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
d630964651798aff9fdb3b1329b2e705

SHA1
dd24c56c593a23905c41189dfc5f73f515271890

SHA256
a48c066ec7b6725547d70db96bb9c8cb202eec5b0656151a28f97707c935f4f9

SHA512
bebb2c04396334244458db3cbc41bf7bb59ae7442ad0933bcf8502ac1bd1d5e03db1ce7313e578f753f67ac400b51b4ac2c044951574dbe25d117027981c43f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
e72eb2c3b286e7717756ee6d165511a8

SHA1
2a8566e3aa5ee3f555db7493ec9b9ba2c832d813

SHA256
f9e4f9dfe689209be4753f78081f32e3bff5b747bb2ee8829acb60ab10d048d5

SHA512
b1715c3187cba2ca1a4ffa8479630aa371a75e4e86a3c2e8709091db94efead20b0ebc69477e68cc442b98f5c1dcd3482cdbd8386a3a3eb8a72b23ea669f84d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
6359e3829e3d59a9dc0a5f5f77bfa824

SHA1
03aa79be0780b6bfd2331fbec28693447910a560

SHA256
cc739a852daa512b1545b0f8e7d282ac9d0f25219b71fdddc61af84797d6402a

SHA512
425ebdd26204b15a6582ca8a10251941255fb630b2f3a02e3c98c48930cd27464ca9bf0dc4579f754e2d0e35951f57ee4efc5c3aca845f511b8e0c149de97e71

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\sessionstore-backups\recovery.baklz4

Filesize
8KB

MD5
03d03a97f9a0870c2cca4e8228bd9639

SHA1
0145f05c68868c2c9aa2150d9f67fe7ac0cc9e5b

SHA256
b74d1bd8a7bb35d0e24fab1373ef1be093797c05de413959755025143109efa2

SHA512
c33c77e6bbab851130bddba3312d157a8fb5bab903751b375237b6593605491e670ca4f148e1cf5fa3e067f8c761517834d159be58096f9fc68a664090ae379c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
90c877081da4e6a56005dfb76cef0515

SHA1
ecd6f0abdeea2cb93911e5cda0af9f7ce5ac87d4

SHA256
1ed786ffb5da4a87704c236c50718828798358747424fe55bc81f29e41a0bed9

SHA512
7651139bd3764f6ace141f45ac7d1e2c43a3d84b7eee91f58e1d0b3de3f314f70e2bfee7aa1482f86091fd8475fc5ec3dd4fe982bed59781036a072c441b4838

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
a08f24099939a6a0d6018a875bb162b5

SHA1
a53409502da9bc413a6fa6aa448a3b4becda25f2

SHA256
d0149426847fed1376239934d05f59dd488077ab8a3a8d8b9444d873294e51a8

SHA512
27e5f639cc3d6483226ac319f83589a8eb8de2add8acc0a57af5e17e01250b1c5485718cbf24f16bc23d318e4b54beae82445626a9279e09a8e57d41996b3b49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
7ab8dda3873d69856f38d60b31e46d5f

SHA1
5efc2aef8da222058a171ffcc38ad8d7ffbbbecc

SHA256
a153df7f46adb2dff332be0035d9e2cf09f72fd6da083757689a15563466d6da

SHA512
f2c164c7de3a443f4a4cbae0569ed90e4cd9fa1076646451efaa15075fb511446c92762e27421008bec2e715ac610eb152d1d170b46fd0ac0e05d9b307e146e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
376KB

MD5
97e39a3bde05fdd6bd0194817342e49e

SHA1
75f63d9005f5ca6dd2ccbaed4003284b073b9497

SHA256
e8a7fb3c47a05f71f63d027f626df3bb597c7dc1bf96ec246ee5847b82b1f1d4

SHA512
4e634a745322274a29ed14f7176de1aef6d913b37c9f1ebf71e673c219b9572717d196a3c75bd485d458d8005c4e8d74eb61afe4d4efeed4947fc7073d546055

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.4MB

MD5
4ba0ed887f9b517acb449630dd5bf4a3

SHA1
7e55170993cb26888f4621c6c825cfac04fe9b95

SHA256
7dee2f5156d50d2d99db13b2206c06e094d377ca58b42fb5709287287687377a

SHA512
272f63a00e7c7cd08dd1edccc9b15e5dc29deab178218699b2045f268e1d2f086799503d7daaad44cdb88571aa44f9ea44bd23dcd173539deb314daf8957b7d6

Download Submit