hxxps://www[.]terabox[.]com/

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12/09/2024, 18:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.terabox.com/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
388	msedge.exe
388	msedge.exe
4144	msedge.exe
4144	msedge.exe
2428	identity_helper.exe
2428	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	5320	firefox.exe
Token: SeDebugPrivilege	5320	firefox.exe

Suspicious use of FindShellTrayWindow 55 IoCs

pid	Process
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe

Suspicious use of SendNotifyMessage 52 IoCs

pid	Process
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe
5320	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5320	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4144 wrote to memory of 3312	4144	msedge.exe	83
PID 4144 wrote to memory of 3312	4144	msedge.exe	83
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 876	4144	msedge.exe	84
PID 4144 wrote to memory of 388	4144	msedge.exe	85
PID 4144 wrote to memory of 388	4144	msedge.exe	85
PID 4144 wrote to memory of 4624	4144	msedge.exe	86
PID 4144 wrote to memory of 4624	4144	msedge.exe	86
PID 4144 wrote to memory of 4624	4144	msedge.exe	86
PID 4144 wrote to memory of 4624	4144	msedge.exe	86
PID 4144 wrote to memory of 4624	4144	msedge.exe	86
PID 4144 wrote to memory of 4624	4144	msedge.exe	86
PID 4144 wrote to memory of 4624	4144	msedge.exe	86
PID 4144 wrote to memory of 4624	4144	msedge.exe	86
PID 4144 wrote to memory of 4624	4144	msedge.exe	86
PID 4144 wrote to memory of 4624	4144	msedge.exe	86
PID 4144 wrote to memory of 4624	4144	msedge.exe	86
PID 4144 wrote to memory of 4624	4144	msedge.exe	86
PID 4144 wrote to memory of 4624	4144	msedge.exe	86
PID 4144 wrote to memory of 4624	4144	msedge.exe	86
PID 4144 wrote to memory of 4624	4144	msedge.exe	86
PID 4144 wrote to memory of 4624	4144	msedge.exe	86
PID 4144 wrote to memory of 4624	4144	msedge.exe	86
PID 4144 wrote to memory of 4624	4144	msedge.exe	86
PID 4144 wrote to memory of 4624	4144	msedge.exe	86
PID 4144 wrote to memory of 4624	4144	msedge.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.terabox.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbdffd46f8,0x7ffbdffd4708,0x7ffbdffd4718
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,596665293900363655,14171087378079350969,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,596665293900363655,14171087378079350969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,596665293900363655,14171087378079350969,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,596665293900363655,14171087378079350969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,596665293900363655,14171087378079350969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,596665293900363655,14171087378079350969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,596665293900363655,14171087378079350969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,596665293900363655,14171087378079350969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,596665293900363655,14171087378079350969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,596665293900363655,14171087378079350969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,596665293900363655,14171087378079350969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6732 /prefetch:8
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,596665293900363655,14171087378079350969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6732 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,596665293900363655,14171087378079350969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:5532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3644

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1824

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4388
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2012 -parentBuildID 20240401114208 -prefsHandle 1932 -prefMapHandle 1924 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a34fe87-58d4-4c9e-b495-fe62bd08d8d7} 5320 "\\.\pipe\gecko-crash-server-pipe.5320" gpu
    3⤵
    PID:5760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2428 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d34d0dfb-2c33-4990-8954-8b002507fd8f} 5320 "\\.\pipe\gecko-crash-server-pipe.5320" socket
    3⤵
    PID:5816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3200 -childID 1 -isForBrowser -prefsHandle 3184 -prefMapHandle 2968 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a88ffbd-c554-4cac-8f00-50a901dc8d8e} 5320 "\\.\pipe\gecko-crash-server-pipe.5320" tab
    3⤵
    PID:4196
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3752 -childID 2 -isForBrowser -prefsHandle 3724 -prefMapHandle 3720 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b055852c-2c09-456b-83dd-caac839bab66} 5320 "\\.\pipe\gecko-crash-server-pipe.5320" tab
    3⤵
    PID:6108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4824 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4844 -prefMapHandle 4832 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8548b679-b23c-442c-a45e-e5ad901f4368} 5320 "\\.\pipe\gecko-crash-server-pipe.5320" utility
    3⤵
    - Checks processor information in registry
    PID:3408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5332 -childID 3 -isForBrowser -prefsHandle 5324 -prefMapHandle 5268 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc32525d-1c12-481b-9bd7-fd20427ac2b3} 5320 "\\.\pipe\gecko-crash-server-pipe.5320" tab
    3⤵
    PID:5508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5468 -childID 4 -isForBrowser -prefsHandle 5476 -prefMapHandle 5480 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b636bf5-6c95-46d0-8ede-fbd44d23fa57} 5320 "\\.\pipe\gecko-crash-server-pipe.5320" tab
    3⤵
    PID:5496
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5668 -childID 5 -isForBrowser -prefsHandle 5676 -prefMapHandle 5680 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73e4a741-f87d-4f5f-b519-183647373c78} 5320 "\\.\pipe\gecko-crash-server-pipe.5320" tab
    3⤵
    PID:5520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6312 -childID 6 -isForBrowser -prefsHandle 6304 -prefMapHandle 6300 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0822f588-3395-4d29-83a5-0d880fc7eae3} 5320 "\\.\pipe\gecko-crash-server-pipe.5320" tab
    3⤵
    PID:3384
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5956 -childID 7 -isForBrowser -prefsHandle 5928 -prefMapHandle 5924 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c86fd7c-e9b1-4ca1-9913-b9cec05a606d} 5320 "\\.\pipe\gecko-crash-server-pipe.5320" tab
    3⤵
    PID:720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ed0f0799c48da0cc135407e590c1ba62

SHA1
bdfd1f752ee4261a031b947ccba804084c313a5f

SHA256
cac9aaa4a3914b2c4d151db8602a0b673eb7c41d0bd6e97773ec9f72f5db1cb8

SHA512
1b6b6812bce47a6a1c1f385b63c28d8b7ce2de088da93b7aeb69997b7373dc3a17e6e4e5ee3ca5a45cbd0f5e1da6dbd318e7d30717c537237488348adbfbb419

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
cfe7432db04d1268c241dce94d8c8606

SHA1
cd1a02e769ae33200db9e81ec7b9b75cd9a5b21d

SHA256
e517e8f30065a650bf43d66556cf68cac4091eb3577ae84936900ca9861f172b

SHA512
5bb5bab21f888c2820ffefb8d474af1cb53c1a080f31c46f7dc90f4de3fdb98418743eb89d7f15d7ef2d94a2f50ca6c06c49b81ea0948c1bde1439a8c6efc135

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
56396bb3fc9c8d472c23fb2f36f5cb0a

SHA1
8efd045a309e51aa4a38940ffd5aaf8d75b486df

SHA256
8abb5bb6479584c228614c248b62f57878172e93d24d22e22193b45ba2c81d9a

SHA512
86d9e9872adbb528213dd1b37e646e86ea17dfed32efb282d0bff5ed7eb695c5a9a6ec7cc635128f20364cb2be4b7b285c2adfc0cbb969960685d92e6170e208

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
785f2ab93c84a5be540c4c24f5b34221

SHA1
9676215ef643b90d779f04560c72c0a452a259d1

SHA256
ab9a52cfb8e12b171f1f36357c627d87346e7caa1a50e69565f054f0bb16532c

SHA512
5cb4b791655c5246419b19a2a6ce6d10383d5c2807aa03f34209858cb3610f782becfcb766f58d2df67be30d3941876b4e1a65d2989a2a7b862a58a6f14d7fce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fe17983354c47c62188cce6641c8c8c7

SHA1
8013440aecf3477971baecd5deeae209a32ef89c

SHA256
ab16757903f62bc94ab58b05352c5e42e71e2931b3f3b074f955fad13726e8f4

SHA512
0f5a42bb1658d1a796896be2a84470855cd64c151a73ce0cff5cbcfd5d821d064f5f624094a1c2654ca0d8d858d61824e1fa217433cab91d50e20e68a04404c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
009cf4155cb83040288bb0202b33fb32

SHA1
6f24717d74602ec388e4aa17cc4c3cd275c3cf79

SHA256
cbae9cc93c68eefbf8d2684b96f42bf20a2de8513a69366c670e2aac40887f13

SHA512
56101875cf6c5db5fdd1c8ab0509a90de250f6f8b580cc7be3cd2fd3b2b04008cdfe75f720dc169096b3fd56464acb7e7948ba3a95b30979e7964e1933c8d373

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d67cf8e0bd7526f7a07258ee67214a8d

SHA1
e081301ee2880540f30b8ada98914ee2492bdb0b

SHA256
f7652d8e4e8d493e515bdfd84ce3b64c8ca5d7a3dc2f031e2d0762e5cdafe618

SHA512
096ce95464d41ec6861423b26786878e6335a07f834f78bafc393c9553a8c3f7a58e7638a553cc230118ae9fdb4445bd9c51ae6c8c9e27b3291d155fce9e67d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\0f302611-ff76-46a4-bf25-b23e06fe1be8\index-dir\the-real-index

Filesize
960B

MD5
2d0449fbe8c2ec0bd9c0fcab4c06887e

SHA1
ede4352f24efd930a312f491593fda68cd204240

SHA256
dced368b023c4afc4f1df90dbb4756ef0abc1f2a580bad4f180fadcd69b7eb16

SHA512
16ecea97dbd241411cea8d3e5da36f330daa73249d8753a73b59f6b29fe7fa015fb13f276ba2ccd93ec1b40392a7c98c7e993a211170ce497f526583f823b4a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\0f302611-ff76-46a4-bf25-b23e06fe1be8\index-dir\the-real-index~RFe57f2dc.TMP

Filesize
48B

MD5
cd5095e1081530cfe40d46b9940ef07f

SHA1
677fee98930857abe7b02e70f36848496dad40cf

SHA256
a1a234627867496676f4d74242001884114b9c68ddf1897c92e3f981a7b70568

SHA512
2465b348ab4a484c5ae05f037d69131654501c3c84530c4fa097a62f2a7a83da0d54dd36bbd1ee9d4ccef8769c055a22159d5d8733eedab6b59c210a000702dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\3df58bc7-f54b-4888-b4fb-e1a135613567\index-dir\the-real-index

Filesize
72B

MD5
ef0f2e9c48a86d1f989a590e094863c2

SHA1
0686e202eb66be97bb15ba52ccd2b54da5460e05

SHA256
b1d740e07a4b27208fcae6e60af5d9004440504037ab0d50a23bef10c57d11c4

SHA512
75b976bb5b1573240a4d97ab50516eee07755d595383c8a5cfbd90169f3b4c05c55400119d61ee266fde1ca1901a646808f3626089667365ba4f90088faebdea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\3df58bc7-f54b-4888-b4fb-e1a135613567\index-dir\the-real-index~RFe57f2cc.TMP

Filesize
48B

MD5
585fb7a96dbe483a650dbaee41031371

SHA1
c2bd4a1dae1d79ed922054feda078aa29b0f0eb4

SHA256
f7bcd5d8f7741f2b73d2ae009e2edb6ec64724ff52b60e794543f258192b54ba

SHA512
04149e9d05bdd797ee4613aac7d90dc5d9c394e787c40a4785aaa15c777b0359cb363c1fe9e0c7efa1be8051db5997a2853b50bae52fb90d0a7b7ed1647df6ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

Filesize
204B

MD5
08ab7a392f897b7a7d74f62066c3bf57

SHA1
ba13585cee973bf01532710a870d92d5f3bc84e5

SHA256
9bae6eec1f435a6d123d79fdf0b5d80595a4e23de7c2f2dcf293de029f3aca4f

SHA512
f44290c2b22d82791943a7b5c31b555e9106a1062aba5126942bd151da26c421a7d95bf8104f7307efc4bba9cb1c0f30923bfa8898fc3ee74b9fec7ce051f9e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

Filesize
201B

MD5
5369b5448d59a4702d641e9baf569085

SHA1
b16c38bad9afe02e32dfa34edf2000209920f9ff

SHA256
c1ad314c03684d54372481f0d83be06f448c6715622c2e7cb2a31d0070de87f4

SHA512
3657f4b4a28b2d4b75637e7e2cf451889bf5346830f99534687143427b1e88dd0f99bd2bc494792ac6e99469c55796906865c6832cb9729431b3892c2a92f5af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt~RFe57a8b3.TMP

Filesize
109B

MD5
8fa5cd635c4318d220d3aa2a20f3737c

SHA1
f272ea56f734101439056988b2630ea0cfd4b25b

SHA256
f152a3afa708b060ca6b0c06f44c0ec5632087618d5c0ba30437ba95fb9ec047

SHA512
e136ff96ae8f7df2caf1f25b67ea3a2478cb93d082d526a58633adc5568a5d02c2945a7eedf386a1c398d6d7e297257b972571206ccc7c4c00a27ab88b8f1ccd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a6b1842b99c2a2ed32bc4543462a76cd

SHA1
64b4707a620404cc47304c43e54209bfedf5927f

SHA256
44fa54fe2ba5c58c38e135019665087c31ff192cae9a24ad41c35bf47e37085d

SHA512
22d7a54f286a790b358fe7e70691be772a14e8be57f607c6202070761f1ff83bba8c06e0c5eef79a0327b4ae6291cbcb76ddfb566193cec2ef738fd54c872859

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f28e.TMP

Filesize
48B

MD5
5ffc0a4755aa2dae86cb7279424baba8

SHA1
a90ebb8d90e71cac5a442e39bfa99ac5b8bf715e

SHA256
e526ab438a0bbd9b66309e3b530390ece4cbc74d30776be93b030f7a92ffdd22

SHA512
ee51a942cb4d193b3c9a6512c350117ae88b8d6fd47e970824a147c5766e6292b4fe545741927b460f9184446da81c2ac91172412fcc78358a1d4f09aff8aea1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
60815cd00e37843c649ae3b408933b60

SHA1
bf142c600e3f4c475861a0cf5ca6aec3f577ae94

SHA256
e6d15f63b537f1358abebe4bc6556d7609c5d315481d0bb2888fd203886e5b02

SHA512
8acffac56043ef250d51913731bff180c97b679e97d780e97c0bf118198c722a8b38c41a45ddecf449933186f7afe989bcc14a55e845bee6355050cefdf5b15a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f136aebbe44c2d1b708c2be55a3eba51

SHA1
3ef1d5b3bc2ed9ea37e3d4d10c8259a5f72d8a6e

SHA256
d6c24d7fb92409c599db29f383abf4c0cca9763c70be810cf5c9fd7f50491ec2

SHA512
8bd824c13e47de41ef4548add1cad01e312559743187df530759fbf39f7fc02368235c5448a5ab03f32c780fee022a53075cba187a19342169e0fa81f87a7369

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bcb8.TMP

Filesize
704B

MD5
6198ebf7a22f3ce5fd2c1891e7e0a2a0

SHA1
ac6be1d4f130162934927c09df3e49615abc613b

SHA256
61e8e4a776f7009c58074403c3ff1719b48932aa98cc626e31ce12d6cdb3aa11

SHA512
6d6755c4da2787cc4644f15ed8309ff302dd1212a1763b5e4b004c93279289267c4a29794e8ceefd4dda4c5c0074ea5a9ead3f9607964aa71a20ee731b485bab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
872815400c4d56948e4004e02f3db97d

SHA1
50d3dac47140aac1d3565076b0ffe81954431c01

SHA256
6b246ef4dbf10a38d3917922ab5e826e4987fb2a1e224e7d42cdb98ac118727a

SHA512
39e168dbb154b48ead64e1b99d8d495aeb24567cc957a7fa5aa9b3c701eb86326aa6fb8cb50491b4a53740ff536b0e54d826e4921bf9665c7c053191174a0d44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9b68bc5098c13bf0002fcba078d9d8c8

SHA1
7db62feb10f9dc6b34cda08e3f9f498b0831a1d4

SHA256
e7c073752965ec7ca8bcacd338160891249c3122df2f4a4da9e8dca76a0d2e40

SHA512
6486512e2a2c4c69ff12649953ab51c54334c955794197ff4bf9c093dfd73b2f257408620c4cb970f598dffb5b858346f25673b5eabe73df543796d651a71880

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\62C514A3D9BDF3FCB31C6A5B8A4FF2FC8BEF667E

Filesize
221KB

MD5
2b090ce986a34c5fdf53578e38f0329c

SHA1
1484f88abae8758509dc9d547a6645bc7c42893f

SHA256
dee0517fadc33d99f5ba8cbe9a07d935d23f846bbd54eb53b3640eaea68cdb69

SHA512
9f67a75bfde3776451355c6d9f2fead1293ba278bb49fb4e4dcd4e4cd2e88c34e9226d8425a2606ca8c199827d3d46117069674fb117c66c5efc6bb577bb09a1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\B7493171F1C7EC9204873E02C5A4FD3214532DAA

Filesize
60KB

MD5
8214a0ae7af7d29437a64bf8026dff18

SHA1
b60b50f42c71c18eed71698bce53552b5966223a

SHA256
1174049f7e866aba76032750d23abbccd3fa6b27c0189fbc29d220af3e0074a9

SHA512
299c86e60718d00337a11905a14301fe7d91cb09a3764e582e2ebe0987118245506b878cd7a0d1dc52e800002e705ee9ae1b141cb90292b099a5ae74772213ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\AlternateServices.bin

Filesize
8KB

MD5
de80cd5d20a7a9a02a053a324a1647c5

SHA1
b06b335184f8babf42cbf385edad1b8bc247ec82

SHA256
28bace12745cdec1005be7d4a320b430d65fcfd26164b3079dfc0f1d8f0cb3a4

SHA512
3050e3a1eb4791a59ca76b873b826b26e239e23b483b8601cb32106f94ff750174acf8fbeced979293b710096f1c188f920b5247605eb60c049230b9801733bb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\AlternateServices.bin

Filesize
12KB

MD5
c4c3a966a67ce07c96e8a9d195d2fcd9

SHA1
f6cefb742325a10cd1db15797d74577c92ce9af4

SHA256
4639816dc738a780b3d716014ad89bf1eac41d7223a73003ea60a53b9b9b0c3e

SHA512
ae69d0920da9a73d5eb0aee80366c22cbe231124eb098b6fa278f0f236c7c3f3f36966906fa1697984c3b988930bd8f8870c9eae15f92f88f23c4bbee5b616f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
cc4babe0c3ef5bba6661ab49ca434f0e

SHA1
6bf9601de90a830b5c62c405202b391c622d1f8b

SHA256
868de5e63d767738ac725984b6cc575485e53189d30fb24920b55f2075920a46

SHA512
246119a9a02fdeb13dd3a5a8ba85d484f1d49415d1f551e41cc06751135865698ffe31b6db5971cbbd0a29726a67d17677ce58ecd675b3c3679912fa63cd7894

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
599fadf204cd54ad7a41c11623b56f57

SHA1
984b90094c6b466eccbde0bae5c57a130e10d708

SHA256
d4ddd0b2ff91822210c5abfb820f5f3c83df5ba3091cf2622ed1d09cf1c86546

SHA512
4229ef295ad4b664bc7f49d32cdb6ef595f60b96ba3134bf71adb1adbfa2ab9c0e9b2b1c7068b67edc78e8104c9ea807a08b52498678d9147ff73795df4d385b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\pending_pings\25065e29-27b7-473a-bcad-ac26ae6a8d99

Filesize
982B

MD5
7abb50fc28d634ba39c9a2b8b9e001e8

SHA1
5cb69993793670429c5b742d6f19d66e61ef98a8

SHA256
072a88dfc96546ef197580bd3a5ca757b80fab2cfdba063cf2895640e1570126

SHA512
23c76e58ac85c5aa5c5756e965d89c3d16050a134d985c190e8abead2390a872b4f36e19a8df865fa6f37d85ecd96c86ea83737765a4344b9f2f6ef39e66cea9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\pending_pings\5beb06ce-8aaa-4cfc-bbea-705519cc0d9f

Filesize
25KB

MD5
ed4dccfd93119831c85753474f5f5e21

SHA1
5d185bd113ab07392d99a7ba9ca24ea7fa205f27

SHA256
697851748d45d36ae1147b72b858b45ac51384dee50ffc9a200cf9c0ba8cebd1

SHA512
f01859064c6a8bc41e6b2f0edb0a9028a180f074282e3048c4812bd2996bf6678f12e23f9fed033729c196e60cb695855c14e954d87a29d5fc46cfec0ac3a3de

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\pending_pings\7b20ec8d-73e9-436b-94a4-c6906a9f5aec

Filesize
671B

MD5
1bd45b498d997de41a4a0084045b0ca2

SHA1
dc33f7058c16f6d3e8a54f4e9764f1b680d39ac7

SHA256
6c1d8b74d184a937d73802b36388d7a93fa6aadeaa3980837d23fa71202ecbdb

SHA512
b5d7629fb7e04e65b2d9582197b9ada1c17b642c418d677822dc07a519a701fb64467253dcc48519165f3876566936d1b8234858aac57d3f28ddd63714772fe7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs-1.js

Filesize
11KB

MD5
bd036e857f3067540298ed629f2c2a09

SHA1
c415d7961a62da0688a541ef9c0572baf6d42a24

SHA256
719fa5b62b4bf7adbf37be10144c7f4a4d0651f25c41e797417437c6bb4d93c2

SHA512
7cc7cff10f7ed1431f42668da3c371f6427b317b506dd6cd5b020d2fb14ebc47bf2d6fcf3372d20888875534179e269f62b8145dea3bf52445a250bd6275e5c1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs-1.js

Filesize
11KB

MD5
d5be57cf26978e7fac4950fc96e060f6

SHA1
2e5a549a2c66920d719d016a0da42093fe58bfc5

SHA256
0f8898235ab6cc5c05c13a24839ec8e394462bf5a23536a2b3cf6fcdb7cb125a

SHA512
1042942730c48f5cd42db5d94e774d62e78e1594608b8638a4adc58f8ac2d9637650ea8805ac09fbb1d0a5881f24e7c8a86f51a7fa945d1bc0d211db38ad861c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
59a7f57e73ee044a129c5bcf76a51ebe

SHA1
095e638b00ce23f6d41caf7e9f697b1e7ad7a291

SHA256
5ae14f3d0450f7a7ab850121ac3af8e86b957969b6e2b6d37c6909548567e20b

SHA512
f3ccb8f8c9616929be0dc9409dca9e867cde5b7ce1e5b82287a80a40653760f9164ab8fe3ee3be7dad58664f331b773f08e05a5abb475303c3d0fc6f9c3c3ab9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
87b16eed0e10f82fe4c709f4fa35a169

SHA1
3be9f8bd443cf0ac7762ec9554b443cd5cd6d331

SHA256
bb87c5840b65d1ab0f52c9d2df480926a53594279853af4a19412433a472a546

SHA512
a99c83d15a6d11ea88fa827fe294a811977830e2162f8f6a7e3ef23c3abcba23b098fd4e6dda69d1f77410ac11ae532f892db3fb3abe634a6b5d69b73a7c5f89

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
96c628b027155e53b3344377acd2fbb1

SHA1
d12d2fc90bbabe4352c7b77155406fd7479dbc13

SHA256
15bb0e31bada4298474d2efbe0ffc585d7723423a397ec639a4dd2e2d21b9936

SHA512
98d32fc1e99527f4a8c338243735ac7fd04aee335c050aec3e5164ca9d578e0a6df6a72db33034b6c34d5071fa0ff9c653ffde3ed8bb0a02f66cca59243b7cf6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
003a98386ee8d81c57cdbebaddbd8abe

SHA1
1fdc77e53dc8ed087ce66ddcb3175323d466db51

SHA256
81485be73cf51aecb5c4e417c94882f8f79fd11f2e9b2b10d93ab52c0b3844a8

SHA512
e18acf0756fb2b006b38069339dba872aa938fe33175d26bdaba84bccbecb851c12799d310dc9f95e8320c9ab5295cf5b33681e376cb5eacafd6437cd5ff5fa5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
384KB

MD5
10d032afcd702db0a562e2ea14374933

SHA1
502f5d35c861b9c1f41690d3a9afee5aa8250155

SHA256
908a7aafb06d1447c5b19f57a017688dcab859d89ae27bc6f3ea85fcd73cfb86

SHA512
ddadef56a674ac5b23a8d6971091d6df9ddac34983baf4bb9431d3707a282d0b9c364f6b61225a3d2b2e1eecbce1afc6618636fe3c756629ce1de313954c7987

Download Submit