hxxp://torproject[.]org

Resubmissions

01/10/2024, 17:23

241001-vx7vaa1flp 8

01/10/2024, 17:20

241001-vwglps1epn 6

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2024, 17:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://torproject.org

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
46	discord.com
49	discord.com
50	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 22 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2092	msedge.exe
2092	msedge.exe
2032	msedge.exe
2032	msedge.exe
4988	identity_helper.exe
4988	identity_helper.exe
4152	chrome.exe
4152	chrome.exe
5788	msedge.exe
5788	msedge.exe
5788	msedge.exe
5788	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe

Suspicious use of AdjustPrivilegeToken 22 IoCs

description	pid	Process
Token: 33	3972	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3972	AUDIODG.EXE
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeDebugPrivilege	5656	firefox.exe
Token: SeDebugPrivilege	5656	firefox.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeDebugPrivilege	6432	firefox.exe
Token: SeDebugPrivilege	6432	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
5656	firefox.exe
5656	firefox.exe
5656	firefox.exe
5656	firefox.exe
5656	firefox.exe
5656	firefox.exe
5656	firefox.exe
5656	firefox.exe
5656	firefox.exe
5656	firefox.exe
5656	firefox.exe
5656	firefox.exe
5656	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
5656	firefox.exe
5656	firefox.exe
5656	firefox.exe
5656	firefox.exe
5656	firefox.exe
5656	firefox.exe
5656	firefox.exe
5656	firefox.exe
5656	firefox.exe
5656	firefox.exe
5656	firefox.exe
5656	firefox.exe
5656	firefox.exe
5656	firefox.exe
5656	firefox.exe
5656	firefox.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5656	firefox.exe
6432	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 432	2032	msedge.exe	83
PID 2032 wrote to memory of 432	2032	msedge.exe	83
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 4148	2032	msedge.exe	84
PID 2032 wrote to memory of 2092	2032	msedge.exe	85
PID 2032 wrote to memory of 2092	2032	msedge.exe	85
PID 2032 wrote to memory of 1172	2032	msedge.exe	86
PID 2032 wrote to memory of 1172	2032	msedge.exe	86
PID 2032 wrote to memory of 1172	2032	msedge.exe	86
PID 2032 wrote to memory of 1172	2032	msedge.exe	86
PID 2032 wrote to memory of 1172	2032	msedge.exe	86
PID 2032 wrote to memory of 1172	2032	msedge.exe	86
PID 2032 wrote to memory of 1172	2032	msedge.exe	86
PID 2032 wrote to memory of 1172	2032	msedge.exe	86
PID 2032 wrote to memory of 1172	2032	msedge.exe	86
PID 2032 wrote to memory of 1172	2032	msedge.exe	86
PID 2032 wrote to memory of 1172	2032	msedge.exe	86
PID 2032 wrote to memory of 1172	2032	msedge.exe	86
PID 2032 wrote to memory of 1172	2032	msedge.exe	86
PID 2032 wrote to memory of 1172	2032	msedge.exe	86
PID 2032 wrote to memory of 1172	2032	msedge.exe	86
PID 2032 wrote to memory of 1172	2032	msedge.exe	86
PID 2032 wrote to memory of 1172	2032	msedge.exe	86
PID 2032 wrote to memory of 1172	2032	msedge.exe	86
PID 2032 wrote to memory of 1172	2032	msedge.exe	86
PID 2032 wrote to memory of 1172	2032	msedge.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://torproject.org
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9991f46f8,0x7ff9991f4708,0x7ff9991f4718
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,5171151696907278289,4273747709337418782,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,5171151696907278289,4273747709337418782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2492 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,5171151696907278289,4273747709337418782,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5171151696907278289,4273747709337418782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5171151696907278289,4273747709337418782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5171151696907278289,4273747709337418782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5171151696907278289,4273747709337418782,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5171151696907278289,4273747709337418782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5171151696907278289,4273747709337418782,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,5171151696907278289,4273747709337418782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,5171151696907278289,4273747709337418782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5171151696907278289,4273747709337418782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5171151696907278289,4273747709337418782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,5171151696907278289,4273747709337418782,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5171151696907278289,4273747709337418782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5171151696907278289,4273747709337418782,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5171151696907278289,4273747709337418782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5171151696907278289,4273747709337418782,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5171151696907278289,4273747709337418782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5171151696907278289,4273747709337418782,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5171151696907278289,4273747709337418782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:6008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,5171151696907278289,4273747709337418782,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4868 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1420

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ec 0x2fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9879bcc40,0x7ff9879bcc4c,0x7ff9879bcc58
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2068,i,17998263985773427406,11852990883260411211,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1948,i,17998263985773427406,11852990883260411211,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2284,i,17998263985773427406,11852990883260411211,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2260 /prefetch:8
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,17998263985773427406,11852990883260411211,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3392,i,17998263985773427406,11852990883260411211,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3688,i,17998263985773427406,11852990883260411211,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4516 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4724,i,17998263985773427406,11852990883260411211,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4716 /prefetch:8
  2⤵
  PID:5212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4728,i,17998263985773427406,11852990883260411211,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4672 /prefetch:8
  2⤵
  PID:5220

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3184

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5640
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2032 -parentBuildID 20240401114208 -prefsHandle 1960 -prefMapHandle 1952 -prefsLen 23602 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c523443-169c-41d4-ab71-205f32aaa3ea} 5656 "\\.\pipe\gecko-crash-server-pipe.5656" gpu
    3⤵
    PID:5836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2444 -parentBuildID 20240401114208 -prefsHandle 2436 -prefMapHandle 2432 -prefsLen 23638 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f548273-e211-425a-9c2d-2452f3849d8b} 5656 "\\.\pipe\gecko-crash-server-pipe.5656" socket
    3⤵
    - Checks processor information in registry
    PID:5896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3068 -childID 1 -isForBrowser -prefsHandle 3084 -prefMapHandle 2896 -prefsLen 23779 -prefMapSize 244628 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {94e2518f-5d9d-4a86-9fda-2e7d3c1c9bc8} 5656 "\\.\pipe\gecko-crash-server-pipe.5656" tab
    3⤵
    PID:5140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3824 -childID 2 -isForBrowser -prefsHandle 3816 -prefMapHandle 3812 -prefsLen 29012 -prefMapSize 244628 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e428aa59-ed44-41bf-9be2-f824dc17b0a2} 5656 "\\.\pipe\gecko-crash-server-pipe.5656" tab
    3⤵
    PID:3732
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5028 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5020 -prefMapHandle 4988 -prefsLen 29012 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {359ba64a-6406-406e-b16f-68576a7e3995} 5656 "\\.\pipe\gecko-crash-server-pipe.5656" utility
    3⤵
    - Checks processor information in registry
    PID:6756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5300 -childID 3 -isForBrowser -prefsHandle 2764 -prefMapHandle 4556 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d93be19-458f-49ba-be01-917147633738} 5656 "\\.\pipe\gecko-crash-server-pipe.5656" tab
    3⤵
    PID:6988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5444 -childID 4 -isForBrowser -prefsHandle 5524 -prefMapHandle 5520 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {46e56f21-7137-4705-a0cf-2b6daf82777d} 5656 "\\.\pipe\gecko-crash-server-pipe.5656" tab
    3⤵
    PID:7000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5620 -childID 5 -isForBrowser -prefsHandle 5636 -prefMapHandle 5632 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc24a5bd-9382-438c-b47c-a67636210a18} 5656 "\\.\pipe\gecko-crash-server-pipe.5656" tab
    3⤵
    PID:7012
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    3⤵
    PID:6364
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      4⤵
      Checks processor information in registry
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:6432
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1820 -parentBuildID 20240401114208 -prefsHandle 1748 -prefMapHandle 1740 -prefsLen 20321 -prefMapSize 241207 -appDir "C:\Program Files\Mozilla Firefox\browser" - {36e0b02f-a38a-4f98-a573-d68cd1747a84} 6432 "\\.\pipe\gecko-crash-server-pipe.6432" gpu
        5⤵
        
        PID:2072
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2188 -parentBuildID 20240401114208 -prefsHandle 2164 -prefMapHandle 2160 -prefsLen 20321 -prefMapSize 241207 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {06b5b43a-5897-4829-a3f7-05916c61d8e7} 6432 "\\.\pipe\gecko-crash-server-pipe.6432" socket
        5⤵
        
        PID:5172
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3572 -childID 1 -isForBrowser -prefsHandle 3536 -prefMapHandle 3532 -prefsLen 25677 -prefMapSize 241207 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c827d101-89e2-43bf-b94e-fa638ac38732} 6432 "\\.\pipe\gecko-crash-server-pipe.6432" tab
        5⤵
        
        PID:6812
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3796 -childID 2 -isForBrowser -prefsHandle 2344 -prefMapHandle 3036 -prefsLen 26499 -prefMapSize 241207 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d287d3a-c974-456c-9954-ffaeedaffaca} 6432 "\\.\pipe\gecko-crash-server-pipe.6432" tab
        5⤵
        
        PID:6896
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4180 -childID 3 -isForBrowser -prefsHandle 4172 -prefMapHandle 4168 -prefsLen 27777 -prefMapSize 241207 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b9a0bdf-188a-45d2-8bdf-e7f5be500b36} 6432 "\\.\pipe\gecko-crash-server-pipe.6432" tab
        5⤵
        
        PID:3732
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5132 -parentBuildID 20240401114208 -prefsHandle 5348 -prefMapHandle 3056 -prefsLen 34163 -prefMapSize 241207 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4f446df-81e0-4fea-bd91-28767dbe5c6d} 6432 "\\.\pipe\gecko-crash-server-pipe.6432" rdd
        5⤵
        
        PID:6792
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5024 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5404 -prefMapHandle 5132 -prefsLen 34163 -prefMapSize 241207 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8951320-e196-436c-9d43-4c874e088f03} 6432 "\\.\pipe\gecko-crash-server-pipe.6432" utility
        5⤵
        Checks processor information in registry
        
        PID:6656
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3856 -childID 4 -isForBrowser -prefsHandle 3076 -prefMapHandle 3060 -prefsLen 32804 -prefMapSize 241207 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9149c0b2-8f63-4e0c-8063-0416367d5bb1} 6432 "\\.\pipe\gecko-crash-server-pipe.6432" tab
        5⤵
        
        PID:6260
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5712 -childID 5 -isForBrowser -prefsHandle 3684 -prefMapHandle 3604 -prefsLen 32804 -prefMapSize 241207 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3304446b-89c6-4765-b989-969cabb43732} 6432 "\\.\pipe\gecko-crash-server-pipe.6432" tab
        5⤵
        
        PID:6276
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5872 -childID 6 -isForBrowser -prefsHandle 5796 -prefMapHandle 5800 -prefsLen 32804 -prefMapSize 241207 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d993428-59a5-41fe-81a2-c9c55831745c} 6432 "\\.\pipe\gecko-crash-server-pipe.6432" tab
        5⤵
        
        PID:6296
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5732 -childID 7 -isForBrowser -prefsHandle 6132 -prefMapHandle 6100 -prefsLen 34106 -prefMapSize 241207 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d162d0b1-8ff7-458e-9ac3-5e5e8d991fab} 6432 "\\.\pipe\gecko-crash-server-pipe.6432" tab
        5⤵
        
        PID:6796
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6400 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6388 -prefMapHandle 6372 -prefsLen 36778 -prefMapSize 241207 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e383579f-c26f-4afd-8ce9-46bef4c6a6e2} 6432 "\\.\pipe\gecko-crash-server-pipe.6432" utility
        5⤵
        Checks processor information in registry
        
        PID:3544
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6544 -childID 8 -isForBrowser -prefsHandle 6552 -prefMapHandle 6548 -prefsLen 34106 -prefMapSize 241207 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c33b0050-d2d3-44cb-b766-c3ebeb5611c8} 6432 "\\.\pipe\gecko-crash-server-pipe.6432" tab
        5⤵
        
        PID:4484
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6668 -childID 9 -isForBrowser -prefsHandle 6728 -prefMapHandle 6724 -prefsLen 34106 -prefMapSize 241207 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {96d8fa88-31cd-4c51-82f7-6c823de9d0fb} 6432 "\\.\pipe\gecko-crash-server-pipe.6432" tab
        5⤵
        
        PID:5672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json

Filesize
102B

MD5
7d1d7e1db5d8d862de24415d9ec9aca4

SHA1
f4cdc5511c299005e775dc602e611b9c67a97c78

SHA256
ffad3b0fb11fc38ea243bf3f73e27a6034860709b39bf251ef3eca53d4c3afda

SHA512
1688c6725a3607c7b80dfcd6a8bea787f31c21e3368b31cb84635b727675f426b969899a378bd960bd3f27866023163b5460e7c681ae1fcb62f7829b03456477

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
48dd686f837b3f7c8a6547efe656dc0a

SHA1
8a2e3a6483a9a81f2e03cc76f775a40ae8d30dd3

SHA256
7ee054baa9cc40287f69c41139878c499b62376b004e844c476ce4ed06f65135

SHA512
a5453849f9cf709f13530126a98168cd1acc429d7277d6e9d2881ea2a4e3b08ef4212cc8958caf5aa50e7b08b21c039a9c9c09003d9cb790fa26a996d056b61c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
140f729049c0c6ba27e23781ff6308cd

SHA1
2ceddcfb627c3f57710fe59a7454b46dcd530fd1

SHA256
7a05ae736dccf54b3e05c830322de3a27579696c9e9d07b678bd79fef8db37f3

SHA512
cc5cf1764005d9003fe0710fcd895201610bac03093aa742820ee7c2ada6d842f4b57951a10a61c64d3cabd189d58ee763636ef8f7620a915bf5cee98bfa0dd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c7bb871e9b027da6d3899cc3e5038c93

SHA1
7058aa60e45b6325c2210178c152a62915551335

SHA256
d4bcf2c69554ae747ada424fd578aca4253435c0c0409c0ed765563317d08723

SHA512
d48c4121033f85d712ad43dc04baab7d4037eabd84959e8e855b40b07a2130d0d463aee6e97d4d23ab832f6259b21b0a745c940233934ec0774abd1f061713c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
baf4fd542110f6dec9ff533137750110

SHA1
1958d9a1821459ee4f0ffb125c8eed4221fedf96

SHA256
2636096f7b45626957c134496427a0b4db018226c2490dc2749b0a2825b9bff8

SHA512
530916338206edb90a55df7d6ac1de069f0da66a61a1a56e72c9be2058af4f96e137ce7b8d13ebd4b00e5b35282f52df4835830b02d7d096d71061b30152b1ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
600B

MD5
93f2eb60df709fdc3df5122cb9615251

SHA1
e91dacc9aa68d60751e2931742bc2c9f17678b17

SHA256
fbafb88efa3c6e450abe7d6881ec0827d39be67385038ebd66f71b4e432fd260

SHA512
e116dfd0b5034bc149fb454bb82a157facc3aadff96fccaeaa53c68b2f51b3fcf73df584e930ddada980591b6f4509483274661a4f94f71d6aadb98aa276d68c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
437280cf7c6d6bb05f54c681f6de6953

SHA1
4961617ff332128550c8753e138ff115568ac497

SHA256
4f6e603748ac3a95a66a05fcc63a894c0c38464e685ed7d0e363ce743673e8ca

SHA512
705387f71851bfbee4ba153cf573dfc86bcc9229415e11aa0aeb3ba80e01d0dbaf01a748ce226e14e3dd6b61690f990b91207ea337e04dcc8f30d8ad4b93b889

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5d81206de7ff21ee7daf8e0b39aa0bfc

SHA1
264354364b88336e4548fc35a4ab160da6baf22a

SHA256
de8f2ac01c4745692c0d2ddcfe1f3a9482588954997c4771c81425f13d43a1f4

SHA512
7ee9b9c536b396f025ef8d23e8174be681610ae11ab604afc5d4f2a24dae66cb924dfb16d76d5eb9b1e9d11d67c864b11dae3026278b66d619cac3aa77323c89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dbbcd5dba6e543fc254a4068863af197

SHA1
f6b4b43a5f7d1f9f286fa803783d0f50f0eeb888

SHA256
78cb97d2dd7a956cf3ea4e33e146d43797137d64fafcdd0f48203358ec801b84

SHA512
169c1afd8c1a2db464d8877b785de61e8ea1d883c7e37f3c7db11aad07de22c2822ee413c42feed4b7b082b0f265d180db9eae18c91c66c27b37e66d4626267a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7743b49f1fe48cacf16d01273c3a4922

SHA1
9d72134a7f7cf3f2b193f8893d7ec74fce27ec0e

SHA256
a342e59a031c4acbe3b7239de3b7b338435e4430f0f607757bc98a9f9c231b0a

SHA512
38bef36756496e88b970d9efad48f283c0c491791da0bad0006c995980d38045d1d9774ab5916b8c4d5afd15a904c7604f048e53f0f0de170d8d57de1a541377

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7ebff973b319f10949b6f3cb2208eee4

SHA1
62e7753038790470c52be20d61b6f7b85c25cb4d

SHA256
ce39cff9f8ff2709db32fefc0501cf5d3d60b514f8c248c1f88ca09499bdbd74

SHA512
05c387acd57cbc5806dc3b615e3957903ffbafb14d6c92cc532ac153e378a54e23ea4c43b21e0eeb822c9e759925d957e1f3f4ec875f3557aa1b65240289363f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ea02.TMP

Filesize
204B

MD5
76832ff44df7711189d423db7ce14f71

SHA1
bed80749506fc43cb23b0d1f218186b4853fba76

SHA256
7e426e01ed1cc47b14cab596cd83b2e84fc4fb971e64bbb709232a21ed0b791e

SHA512
bf1da06b2d1d7c2b08b64763530efdb1311c16a433da10374c09f6d70b74aac1e57d8b817bc86c3e25a76dc8f57cbb24c75d17949688fec689ad208fed969166

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ec8df1931312bc175ce9a90ec5683312

SHA1
81f1368843625b15858f96f114ec02449ea73f52

SHA256
776525775578e43ba98650a88bda59cc991b6e84fb8c6110457ec7f24a5aa88c

SHA512
8b0df5e61d26e3fe1204d3e38e4481e70d013f858a5f120c2f72b768533734476a34e81ed40dda54043bd98d4802c89532b82984377dc99a17753995694fca4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
beacd2793fa1f1f612bee42cfcfb83c1

SHA1
99acd59a6ef9e55a39813736a6f2a2bd4c9ccd0b

SHA256
fcbb06b4b3e9c82e70ddbc1b01e75eae2446507e65a8c46febea2141daed4949

SHA512
24379a952edf955f0084bba14f4984573179ae51001d73feb3187c912ee08512edade17c3bb4f75d16fe114b54b77ec91e920231ee06fb4da8fb9797a37992f0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
d05ee21fb6adceffc6aaa6e486574f8c

SHA1
355cf6b3386fce14ec0a191cc05a0390a8ce7816

SHA256
69b27ae1507aa2422a3d5bc66d76d2e06f2675632887c325cab4cefc57bcaa33

SHA512
d7a04c7e245975fb9227a22932bfc161e0a53926905a64bab59fe8b4242724e9fbfacc8865732aa99d687f22c5f9a696488780146924aea9dbf17f0e8fc29485

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
dd6752c04ac26fb10de32bc6b675692d

SHA1
847317ee9432d62bc0f3b97f8e41836df5eab601

SHA256
ea5324a02474bb04985bde2edb5ae08ced855b2c0962a653ce84bb568af57c80

SHA512
f17442b5404df46f6e5818758a6d9e7a557917d3240efc6c5250efe9663fd24f98ee621d8ef594d29c8a2581ae3dfe31d5a4f3e0754efaf896c2bffd7bd1d736

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\cache2\entries\2AC7273A9B373092930F436CFAF426497250FA3D

Filesize
9KB

MD5
c85f39c8119529f0ee8ad61319f32288

SHA1
d4630814a14aa1edc96d89cbedc302d6bc4157e0

SHA256
6341a5a7e8fc798624c6839809477b8d78b84fdb6e203bcf4690b82a94314879

SHA512
8272a73c6d6281c8c7aa955134d17be89678bc8332f2d839ded6b00cf5f886e448659e5bac34106c8ad7e2634294358fed9c524b0bf43ee70ebff79a78a21acb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
15KB

MD5
e229f297358084be20589e18fb49263f

SHA1
41df1c3699c47765ddfdb2462574069c165f122d

SHA256
1b18dd419677da961e1d9919c7352b84d1d7c59c76ee8b505c5ed8a1bf0e9d2b

SHA512
474514f91b14cafc6abf8cf2e29ea0ac9c5908ed0b1cee5def8c1bf669f0eb22c8081086a06a26082ecf54f87554ef44466007309b21d095d9bf9d7d6b1100fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\cache2\entries\7BFCF32544F467F973AF267DF4EB4842EDED0C1F

Filesize
16KB

MD5
8f0aae9d024d467efeca5d95916fcb60

SHA1
cc3822e28a9d835becd50630ebde0016523c891f

SHA256
4e9c8fdd91cbe1a9dde1a489613ba5dfbc7f3c7d9f578c2253696fa2afe5044d

SHA512
6030ee0c5a851631917520f6b2b1d221a47265c763bc87a3b87dfa027afcc065d43ea87d55257dbf3c1654c9dd5dcecc9a7e89a8f120d5312d6d4cf38002d692

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
2f905d9c49e035fb1b50a3a00908b252

SHA1
a3b0c25cb5ce75db8812f75887e3187b68c11911

SHA256
3b9ce3d26813760436befb8432941173530d40075ba58c6613d2c1d625b0352d

SHA512
53032fed7e4cd0f8c34d7de33a91a590ccec0ba266d91c58415e93d4a91a42cd23c2105a1f51b887de3c3f8d48e0b1a69e8d563e9552e3fa8631de098a183505

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\cache2\entries\D0F48A0632B6C451791F4257697E861961F06A6F

Filesize
130KB

MD5
d0d66e3295176dc12a7651290194af98

SHA1
d73e3e272015b4dcaa0754da086ba7672c0fed71

SHA256
4946a07c63128e31577684c5eab1a47fcf0aa13ef1aa23f173ceace8f10ba374

SHA512
d2c701520478cdbe26b4021fde6cf319055c4a9324d10ebc1b1a5cbedc63821bc5b828f29d566031bfb254f9dd43760d627ed474c96d705b51e11628a727bfa4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\startupCache\scriptCache.bin

Filesize
8.8MB

MD5
97033e105f3f3dea13abcc97e7eeb96e

SHA1
fdb1ed743608c8fbc84eea31779eecfac5fc430c

SHA256
9ef4499c0bf8efc37e07a98b26d07b1c27a4ecf0a20468f20317a892846cb89f

SHA512
8d568e6d56b9c61734ab53dc8cfe8901eac2f3b320277819c4ae0f5c3fa9b9c4154668722cb74ace4ba6fcd29fdea4928d29eb6a13b009f3d9807cc2da3fee5d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
f709dd21071331d0c72e507bc00502c6

SHA1
b01c85f61075dfdbc21d6d5fd08bd10ad24adadd

SHA256
28d2cda1fa262fdf60b714f291899aa8f502078a1ae1244027c40ef5be1f49b1

SHA512
1a72e2093ba3c756918c0d19d597e309bd51654479e84cec08b0235606cad7fa991689cf91f173edbe0f378d9d252a2aea5235bc2df93d9cef18c592961692e1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\startupCache\webext.sc.lz4

Filesize
107KB

MD5
6bd3796dc0023a736caeffe1be5f8fe6

SHA1
716e985f78af249a2fe25522e6bc9632ef723096

SHA256
d99fe4e7d9b60225056eff277c3e98aa1e2d7a11bc3e56404d76849ed07a55e1

SHA512
113892b5ed6f5ce4c8229e86659567af6bbaacba81bfad1a64675a52406ae38a5d079043a272893b1ece49e7665302b297b87cec3deaf4dec704d55f3b704078

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i846u6xs.default-release-1727803258135\activity-stream.discovery_stream.json

Filesize
22KB

MD5
71fc83321bc3a3cf4b977db1301960fb

SHA1
b4fc1b32b5000ef602efe5f632f5ab84f2219e09

SHA256
669fcc7805523c1da269b28074baadaa234964a935ba14a4397d873ec2631ce5

SHA512
529b9b1aaed044298982e667d6202e3ca4a63dcde26abd35c4ed635b23395c3abbbb7f296cfc395bfb8d2d5f53d76d6277aad8ebf45edd9919ebbf2632a3f4c1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i846u6xs.default-release-1727803258135\startupCache\webext.sc.lz4

Filesize
107KB

MD5
77829c52d8e9c3e69a53154476918fff

SHA1
b1804cba64c8b94c220a0d54bf4631023c331fc4

SHA256
500cd65e004746e0cc935f40bc578a59522ea6b5cd1df80ea35ff8d34027016b

SHA512
0d909430dc902fe2f95a2e3629c0cd4b80195eed9924d9ec35c2af095e7983f4493210c791383090c543c6a5dd8d0714086b83befb9502232cfe2870ead8438d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-2

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\AlternateServices.bin

Filesize
6KB

MD5
41052e742223f8277ecd60c154374a4b

SHA1
44cf5ac1033eb81e47270fa4bd5b77d4c475015d

SHA256
810796faa43047e99c8cc008dd8235be73a91b2ea4fe920144656e1d3bd9bf0e

SHA512
31db2ea5d0c2b5da4d59752d1eb2eccf908942c9696f420bff5a98587fe640aab30223582cc0fa7ea669a78bed68b723bff89c5c1b1185ebd07b3c53ad9bfbf8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\SiteSecurityServiceState.bin

Filesize
858B

MD5
c82a9fbf30ec37fac899acf038fcfc69

SHA1
05f6b980c3ebe1294b2d11fb4d576c8ec9d53848

SHA256
0e3eeb9dd625ca816bfa979c86649777c38f54e7fb311665a58585798c8f34ff

SHA512
38e994441614a1a551fc96c4e6f8cb4d0b2d8e2ca77ce3e07a04aaf34ef6ff427ba70e4bb76801119a01772583da3304c1942d9a4fcdf8b82ce392c2864b5055

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\cert9.db

Filesize
224KB

MD5
591d0e2a03e8e0474617c4ba3722281d

SHA1
78b0f2dfe9d76047e26a1d923aa0fed0e29730bf

SHA256
ea77fa7ffe5b03f2e46f4803636b7d15f40c19a892941f48be8d26db32d39e21

SHA512
f81dd8fbe13f50a912b1411c53ba1a5a38ddeb572bd966e736f251e089ef491f39a8b126e71a2c6ee84b9496a6d710795b0b5198374599a6dc46086bb564d2cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\content-prefs.sqlite

Filesize
256KB

MD5
b5acd9cf58ba89e643e7b2e839e0707e

SHA1
82c2b9cbea4acb50b446b786818287be7b0b8b61

SHA256
4d4fd87f1cdccc9f826ab7de2b3980db6fe4ed328f079ceb24f680557da9667e

SHA512
1fdaf5173a2fa956e3793b3643b44d928a4c81a1599bdf4b057396bfca5948ce1097194dbb5f528959c8cf4e34d058922828236c6060b41510e9ea2cb9ed424b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\db\data.safe.bin

Filesize
17KB

MD5
d7c86e3793444cb1b06a109be22fb58a

SHA1
50b1e5a346012af2ee57586b0b831dc77812c056

SHA256
c02e4c3826aa8a2d76bba79ba13f859384457d66cca942d98f246878c06d1412

SHA512
318b95afc37d9993da829ec83082b8265b1cff37e790fe2de71d57e764991187d90c0040fe69b0fc4bba6d3ad9b7e6c26c4a37e0d20d3f8f4a93f11c05b05d26

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
af575d8c062fe624b31bf2edb1430a6a

SHA1
f228daca3f054dfe90eae84e8817c24cc70198f8

SHA256
a56082fa0edcb0d63672c35b9bc6205c9385d1fe37b58944af38b0abd6e67d0d

SHA512
6e87e9d7da8802e647513ad382362c42916d97fe68f56a08623e45e3a846485cd8c8b73c9ecc7b45c29cd11bf8a688a82f1f93e51b192876eb8889bea14c9235

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
d9a3439ee47a308188e76f4a94dac4bf

SHA1
148880eeb874083c6e7936384215c45d0f9a4c6c

SHA256
78e8cc951704a86fac3bf4edb30986d6db882fc320ddb0f84408d484634f48f8

SHA512
2e792c2ce1a2805face67b56257deb2a5f7e5c94e460f19fb3944276895b15986c8bbe8a2e54e339cdc56e3756cc3327657fcd169637e7e1d15af645bc50ac33

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
59d63ecfefeb711cf102e796757af757

SHA1
fce0c0b7e0cfed752344bec864832406d0962222

SHA256
26691c3e22b1dff60a4ad07765cccbed0dbb5f52c87ca2c82198a1ba965e2244

SHA512
c99033a03f58f80905add17777824a8b3b3611efb0441b0288b8cf88d3718b33b0f9e23142dce783bd4f50eb52781de7202e2aba164a39dadda3e5c1e30cf37c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\events\events

Filesize
104B

MD5
defbf00981795a992d85fe5a8925f8af

SHA1
796910412264ffafc35a3402f2fc1d24236a7752

SHA256
db353ec3ecd2bb41dfbe5ed16f68c12da844ff82762b386c8899601d1f61031d

SHA512
d01df9cab58abf22ff765736053f79f42e35153e6984c62a375eb4d184c52f233423bb759a52c8eed249a6625d5b984a575ca4d7bf3a0ed72fc447b547e4f20a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\pending_pings\06466eeb-65f7-407e-b83b-e9a4e56eab58

Filesize
671B

MD5
8052d608fd6217ebea1db89a4d62ce56

SHA1
90cf1e81234065453e56db46acfab37c988775db

SHA256
aada76899894743700ee1150b8563640d9b1a26469569e5c7878a0f5315bcf48

SHA512
b219426e6f819f587716a022b1544b385449ce40a0733bca4a6901f3d052406efc71eb1b793bf1fd39e90362169b9168f7c9c122f17bb3e81a60efd83ee2634b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\pending_pings\d720cdf9-f1e2-42a9-80ef-a1ffa736f721

Filesize
25KB

MD5
7dc4dad90f44d6108aed8e60649ebfaa

SHA1
605a623742f5cf9781e2646db9ca8256c046fd97

SHA256
dba56acac80876896628e2237f55289cb891e689940691a71aab023179b537aa

SHA512
39c25a44c03f72dcd4d5da40aaab2fc599cf3d4f9eb94349e6f03c1882c0dda69c7afb7ba911aab3b3202644da92e4a6a783f6b451b848d53640915430fa0b60

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\pending_pings\f9987f94-c704-4875-a6d9-371ca58123f8

Filesize
982B

MD5
4f8de78df1ce1d3a70b08883a200e2f8

SHA1
bb2d83633ebd8ded2394a8667f5d4df532bdf22a

SHA256
7a846845e74c1f75702478f656673afd6559d90966bc541bbf6949ac1f4374e6

SHA512
7b42ca29cabab4f4eec1429631b97e35eb6def1622ca371aebac6acb3ac5a06b2349e7ab92f1ec6e76c6fe0e55de6b90489f789985aa475765f2333f537041cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\prefs-1.js

Filesize
10KB

MD5
ffc8995c518939e6d73bb46985844d4f

SHA1
6b8dc3fd3cd5c7ee71bae3f25f390a06227292d2

SHA256
11fec9824d86fe534d09768f48e87b9f76b907271a111b9a08967e6373ff9676

SHA512
67602348a71190efa8a0dc9c1c88d8a983225b7b12bb9f860497af1877ff1522c8561dfbf4e155af3929c960cdfb76f75cbbda7e507731fd3f66a8cb64d993fc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\prefs.js

Filesize
10KB

MD5
5da9c693d2ffbb0a2cf932e902aa7c4a

SHA1
b7ff2a8489e60a5ceeb02d55520ae460f9a624ac

SHA256
c0e7eecca77b98413cb75cfc5b5e33da2b15babb6c7dc3ca95a97d3afbe0ab01

SHA512
6432d2f353a96757187a1f515a6bd10e245d8e927b12e79e5122b66f666fccb32f8bcb9d3e2de5645830e7c6b0f6455bae8ab9eb069523a4d1441895dd94306a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\prefs.js

Filesize
11KB

MD5
0d5770ffe75c5b3b696f212e494c5c58

SHA1
47d7939f5a7257e1727f287fa7cf363fb29b0649

SHA256
d9ce53edf266221d6534b10a4e04ece2a157ffdd17a22ffc849216bcd4d7ed1d

SHA512
f7a09c8dc11762abcdf83e2ca6ce1d60f62ba2c58a741c898fcc39cbf3aa1fbe2345521b74e4dc809fff8d721bb8dcd61e8cd77641725162f4e3ff58fd756324

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\protections.sqlite

Filesize
64KB

MD5
d7e5433a87ae3a30de4ab9adc47023bf

SHA1
4edaec48083abd90bc532ba8dd015fe209b0e439

SHA256
c2da29c9c40900e9ae211f9083849b86355850faa503062d14ced549563f273e

SHA512
9b28c36dbe02dff99519fac684c8cb88b8a40b06454524ebf79e576bd22cd94ae0eabb2655aba32bc118767f645d4e12da06764ca5d73c4e42fc2c2e0c343961

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\sessionstore.jsonlz4

Filesize
1KB

MD5
b3e13ff8a49dda754f0e2603ae4be8df

SHA1
625536102d072c73fe77e2aee0b4dc25737ae10c

SHA256
2b0880b4cd6b88ba24d8687c37cc81286e928c1e4b0ae338f18fbaee3a4d30eb

SHA512
5c31a10e2054f67df852fd4de358e344323ebace6793a55ed89ffb34ca75fda184d123f22758e9bbee53c1d1df19b79f6de310b0ec76c94603d02dfc38725bd3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
114426d6e26e03d330521d9ea5faf288

SHA1
119ac622cb6fbb9a4532305ac969ba32bf02d03d

SHA256
dd7cfaadd1ec6d8b1a1c48983f1462dd194b7012e1f03fdade24190cc7d0b398

SHA512
67257a5a8ee6519e9cf9d9d0936d84c507c5a0300145c06576a0946d95c6d08a37d6483d6ecf9f9a03ad42e2e59afaf12b771ad7c8ef461b7ed0edfda00faf61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
368KB

MD5
873e7b230335f197d0aefe558f09f25b

SHA1
80b95390179e3b7e55bd19ae65662251a7d474f1

SHA256
2c3ee098a2bf8a43a525116960cbf25b7ad714d0fca294e8623457c7eec4089f

SHA512
962686c833a2253b60e70ea43677813e82f5d45c88789ea4e71a3c41bb9bdb96eab810bff3eaf7b0780e40695724d9ea33a453fef0bf20eb371556e91ed1ca8a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\targeting.snapshot.json

Filesize
4KB

MD5
2ef20c34bcdf5582c0385660b7040d23

SHA1
224f8e2961bb5d1e609e73244c1bb8d6f6bdeb7a

SHA256
ebab61e106f8ad7eb70490c3660998ba59964b7a285b1516c4c46bd718939058

SHA512
d34d7f6174522d8eca06f5eca9fda34c697b3017f66e499e373b9c141fd13685e085664e0fcafc719510f8cc33fde8b77d5e5eb3064bc106750fc9fd68e44b2b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\xulstore.json

Filesize
217B

MD5
3c7edbdeecdb47fba617e3d03c36b0d3

SHA1
53628ce8c5170810fabafab8e001bfd971d47825

SHA256
c3db6f2519b071b7441022f9ed508b0da5ba40295be0ee449a27bd6146595d04

SHA512
bbf56ea374114173f7de198cd71ac6e75276b0f30926c6690db512f45ac2e54d099d990c285578f702696494d2884d8550e5dddadeee01077933034ac3817842

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i846u6xs.default-release-1727803258135\AlternateServices.bin

Filesize
7KB

MD5
ef8397780936eb9a6b142a50ccf84462

SHA1
83516a628576b80d15d9f5eef74e36ab6ece79af

SHA256
0635bd2d7a57ca1e6f5925696986ce8a46c73fc123afed780d6c5341ce64def2

SHA512
31a10a8e3e24af371ab3885dd760403d55dbe674b70c8e2f98855c9d06b23e8fdc40fe531b253d9a252a94c5f4c794ea34ce4c447913d62a74cf4b869925f0eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i846u6xs.default-release-1727803258135\datareporting\glean\db\data.safe.tmp

Filesize
3KB

MD5
805c8a502c1b061bae34cbc290f00b37

SHA1
a6f7c8d04f3b02c88bf7754bb1c37f32e446683d

SHA256
f615ee006432a3c44881e890d2b8088f51f280b1254c6a1277155acda170b1a1

SHA512
94e98ff8cf99a13a4ec320b5138092b9bee0138f15fdc6adccd8389f91ad8b2613f69192e11ecb1e01af8838a73a9d2747977661ed25d4c19b6beb5ad904696d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i846u6xs.default-release-1727803258135\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
fab8aae3adb797fae8b9073140a2aaf2

SHA1
c97cc899698519765fa567ebe5ddef317ced3167

SHA256
8d91b0efaa16f488d53074dc1560bb8900df0e44a32f506fdfe75057ae03d6a7

SHA512
e149eb601d20ced59eea2569c0f7e801e528e8a56da6907390a5339288658918099522300c4d93446781f59b165b4483f3aba62d65f103db8c63137f209fdd0b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i846u6xs.default-release-1727803258135\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
53d75e871d769b7cc33e4d5e284206c3

SHA1
31ec77f8be17cd2475f231d5a7154929c1518ce3

SHA256
76f0f26cb6b7263f04e8a04b28a4004386d5049d9dabf5fac94f3bc7a87b023f

SHA512
1be70949111629ce9a67301689d7d3988959dec6492ac4d6904aae22185b66d3651ec3ec8654075061063d2bae044ee29df8c07f7cc4dd9e943c4f68c023ade7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i846u6xs.default-release-1727803258135\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
1f5b4238be6391b29059cdf4f02cf0d9

SHA1
30f364c5cce61bfa98ffaa23c58199aed5cfb79d

SHA256
b815de81f3a5e0ab947c2df6b16d77075717346daf37aa8e22ac700aa71ae390

SHA512
5e0a4cd7971a25305888354a4a6e183ce7fa0c7437253dd320fa9440437e7340397d8110ff4cb738a942c0b342b3a520b01cabfaa3141e26ea038dcc16e6dd1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i846u6xs.default-release-1727803258135\datareporting\glean\pending_pings\0659c5e3-e6b4-40b1-b011-ac7d3a1d9bb3

Filesize
566B

MD5
38c3c1e0ffd9ae33ce026c28759e5542

SHA1
360f401c7e205e195df68e75b0c2332b4d383f03

SHA256
6b4bf0fc1dea8c7e77b6cf1d40a01465a287df3b84c4cad46f03fcb59b404913

SHA512
ac47eb56f9a18db839e1cdf9a7afd92ddcee6ccef070718cc1821538f03cf6644a32fe47e8f7c3062b90ed53c48f555bccb92eb778cd81a94ce00afc73694a37

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i846u6xs.default-release-1727803258135\extensions.json

Filesize
37KB

MD5
12d91c19d3f571bd726eeaf146c3e62f

SHA1
6ac47ae84c91bebd253ed0a69c408ecbe4ababe7

SHA256
61115456b79858c189d89f1cf4ca59d20afbe77b5e337c2883fbb2af2b12e418

SHA512
fd973b7c0ec1814e361f196f7da226d3b31ef9bc20f765ec278a4e786a54573c06187dff76bdca31c6ff153002ead8128a59a69b73160df390855cb734b8c3d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i846u6xs.default-release-1727803258135\gmp-gmpopenh264\2.3.2\gmpopenh264.dll.tmp

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i846u6xs.default-release-1727803258135\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i846u6xs.default-release-1727803258135\gmp-widevinecdm\4.10.2710.0\LICENSE.txt.tmp

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i846u6xs.default-release-1727803258135\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i846u6xs.default-release-1727803258135\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i846u6xs.default-release-1727803258135\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.lib.tmp

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i846u6xs.default-release-1727803258135\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.sig.tmp

Filesize
1KB

MD5
36e5ee071a6f2f03c5d3889de80b0f0d

SHA1
cf6e8ddb87660ef1ef84ae36f97548a2351ac604

SHA256
6be809d16e0944386e45cf605eae0cd2cf46f111d1a6fe999fec813d2c378683

SHA512
99b61896659e558a79f0e9be95286ebf01d31d13b71df6db4923406e88b3ba72584ef2b62e073b2f5e06901af2c7d1b92d3d12187fe5b4b29c9dd2678444f34e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i846u6xs.default-release-1727803258135\key4.db

Filesize
288KB

MD5
1455e8f85b446fff727875deafdc4ffc

SHA1
83cf6a5be86080204dae2eea26f2eb012b42fb89

SHA256
138ed01468f1adceec11dd01365ac2bf8d6461e12da84393b39f276e70e14740

SHA512
99085bf8a6648b2039ac735bc85c6152599e4f8bfd256c695e9b35186ba2c339563d829dedc220bbf62451e673722073440172ea8c19e888163f5572e57ab796

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i846u6xs.default-release-1727803258135\prefs-1.js

Filesize
11KB

MD5
09a8ed9a2b6f3732e043b58c9ff59936

SHA1
b600a9dbf801bfaf69fe34c02fc05d2388efe53e

SHA256
03d5880c9fb73f5e40a20b7c8a2a663a86d0671a7fa199d0867c6f354f0cc08f

SHA512
9d5f2b059c43860777a0cb5b6f430ede09e8fc486fe071343a95c982e045cab79f02419414c18bfcdaa276d53e24cd211c19910e7b78a71a7934e12a3d36a1a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i846u6xs.default-release-1727803258135\prefs-1.js

Filesize
11KB

MD5
eac02492364c17f6bc4de03ddb3fc08f

SHA1
7243f9a8cd4a4225b33772b7d14b88c2aed3227a

SHA256
9c36c196a0e1b97004206b223daf16ce030d054ce0ea5ba6cdaa8d114d24e186

SHA512
1ee67e7aff65cda34f7faf54ac02b9117aae352c12be68b29a8a9d86e27e22b63a9afb9c00ac904ab045ed2905cbf3b2b115281b76b334917927f8239c9c4759

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i846u6xs.default-release-1727803258135\prefs.js

Filesize
1KB

MD5
ace759ede6ebccdcdecd3f28d4d6f159

SHA1
6fc9d17177ff16a9d13a1ca9d760e9889d4b4070

SHA256
851aabc825aef1d14648a64c199818ee56dfb85f3084c38adb94a657c910a186

SHA512
d3bb1103d519a5ed76ee8221fea78b4931facc7aae682e857705e9c504d7a5328284d7cabd28622c9996f899f135c0a8ffd5b6b31a59eb720c76f308fed33405

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i846u6xs.default-release-1727803258135\prefs.js

Filesize
10KB

MD5
770d5dd07730950d5304c03d48d2d44a

SHA1
d9351fca58a4c1c93dfb2e1b7e276cc07859561b

SHA256
8c9e5e4607bd5bfdb31800c219f6541a3b246dee49aa3d799ec163c8ac3bb1f2

SHA512
509d066a02ad858a4e50684f4bda7cae474b4b7d11b58b77f4e71e966f20a3aa88fd81c68c64b97f30d40ca7bd4926eaa68274252b10dd60da4c83ec0eaec091

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i846u6xs.default-release-1727803258135\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i846u6xs.default-release-1727803258135\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i846u6xs.default-release-1727803258135\sessionstore-backups\previous.jsonlz4

Filesize
309B

MD5
0ad4e2407f7a005bdc13a3138d9ea445

SHA1
dfe63ae9fb4e2b1b7303bd56cb47a3991f73c4a1

SHA256
663e8b0246c132919d45b57bfae69c5d6e75a554be2cba0b88ac7c791ecef822

SHA512
4bed87e4993138cc0df88da2d9cb26d1e21544de0ca66324ac3c55b4de820111062f65f1faf53e6f0b5d6acfc892d833c31c2db3feac6bc0d6ab52183a95e136

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i846u6xs.default-release-1727803258135\sessionstore-backups\recovery.baklz4

Filesize
778B

MD5
2d5707fe4ccaf1f2b03cf2e489bb6cb4

SHA1
37acd0a5e76cd115185ac059c7a33d6029a72d46

SHA256
bc70f0920a6da8824ebe9f456b27d6f18479430069ca80f1653db835911417c7

SHA512
dc3987874ae31ce312a5e2652722c02a6584d51c8bba3491ce3d519bec4b52fab545d0d7c419c0aea6b30bd02454f30e21c2a0ea4d697e0fe43025a4dcf38b2d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i846u6xs.default-release-1727803258135\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
319f5d3ae6395d5655def0e19b6ee8ec

SHA1
ff9cb67f5330829a00099630a167c5ca14f4e634

SHA256
365ea796cb4deaf19560357424af599bcc89dccc7311c1132d668189cf012f3e

SHA512
9cd03cd8007eb8011f47e204e620360a80c0a7aab3b62bdba1e1e70e164e5c78cd91b6cfe912ce7a086dbacafdc9f6d5210ae749966e4c8f485818e809451d3d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i846u6xs.default-release-1727803258135\sessionstore-backups\recovery.baklz4

Filesize
625B

MD5
8317032291a68f5cbded4aa9fd9e0162

SHA1
e84dbe3a8cfaa81f34750425bcaa7d9460989bb1

SHA256
27cad6aa816109c42c7463920667b13c6cbbb54bc571400a3381333e254af091

SHA512
186d0d479bc98f932a4e26b0cd86167e31a375976de1866a45369321e307f67a61a05f1e91f98b69349f34091aaf9c72143886aecea73268466a5de7555bde1c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i846u6xs.default-release-1727803258135\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
98ca2ce7eaa71203cc41d52ddf90700b

SHA1
9336d2b896dc019c2f21938bdf01a0be56126051

SHA256
c61563ec83cbfaab063f3575ae6a7e0ecd50281aa03d7f446083df4cf26b8b9d

SHA512
dc852f1ce9e911a5ae098751883dbeb684b5707b9ed6c3cd6cf5fa9bbd4f35b84512b5d8ddee10ef0f002a09100a7fc01271da9397ba4430ee4ce8fa9dfcbf5e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i846u6xs.default-release-1727803258135\storage\default\https+++www.reddit.com\cache\morgue\116\{e0f08ca9-cf24-41c9-84d4-c2c6c44b8374}.final

Filesize
2KB

MD5
d106e9d73e807ce0916ac3fa51d1461b

SHA1
a1138b90f539ebe70efe33fa35f96f237fc2c059

SHA256
1ddaf57a54e90c2f53b0f3479651a124f56d1ea3ade097cd0bfa0157de62f942

SHA512
28a0a450cb47d9dbdc743a5ff5e472ace7ffcdac7644d155378e9a848563b58061110f7fd1e2006c4baf1229efc138f6f3ddda847f1191557765529a8e3517ff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i846u6xs.default-release-1727803258135\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
152KB

MD5
6ba47e9a2a40d44aa463db3163d8a449

SHA1
3ab9d5433d0aaea78b9c504ed0de1386797bcbdb

SHA256
213a1d0755fdc8a60be6d935e9afd6d49a6193d01f53efea2fd53823e3246e5d

SHA512
8703baefe7c5247dccc23482dd1a4fc62395b09573641ce041ab0b44b93068c94aa0291dd25f2d53c0a315c0b648aafaf110602a5f4d8c5529fb43bcc6cf557a

Download Submit
C:\Users\Admin\Desktop\Old Firefox Data\fz3nlbuq.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shm

Filesize
32KB

MD5
b7c14ec6110fa820ca6b65f5aec85911

SHA1
608eeb7488042453c9ca40f7e1398fc1a270f3f4

SHA256
fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb

SHA512
d8d75760f29b1e27ac9430bc4f4ffcec39f1590be5aef2bfb5a535850302e067c288ef59cf3b2c5751009a22a6957733f9f80fa18f2b0d33d90c068a3f08f3b0

Download Submit
C:\Users\Admin\Desktop\Old Firefox Data\fz3nlbuq.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite

Filesize
48KB

MD5
a6778b7ac7b081a98dce23f44d0523cd

SHA1
113b20fcd13de89d61ca719eba005f8c6e0fccb5

SHA256
7b5a5ebbcd3e886994b66c25773b202e67ed635a8fd6ed4c9610ce89cf0614d3

SHA512
c81dd759bcd2cda648b369e4298eeb57a337e73ae73c7f53800b2d1bfb523f4fcfe0c28cc4d158456a4470e53997505d9f8c637a1adead2cfeb0de3fb539a79b

Download Submit