b91e01bf8ab93d715679d40aa0acc1aecf9f96dcf6dbedb03b7beaa90e14cb2c

Analysis

max time kernel
429s
max time network
1147s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
28-11-2024 16:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a5NEvjtajGe.html
Size

4KB
MD5

1f23116a72af5ea456ba258f14a76c92
SHA1

e8b9f581215f1a4a31c915afdfda07d0577d67c6
SHA256

b91e01bf8ab93d715679d40aa0acc1aecf9f96dcf6dbedb03b7beaa90e14cb2c
SHA512

a7d8e71c2552e79bb33ce2759afa57da9c6e0ba99e1dd5a110594fcdc9b097b1110b7b10267b75ba1836bf5559d15678902cf505ae43d72233813468aff857da
SSDEEP

96:3wAEwbtDOsauy9U+BunHE2MQTJPK9KiW2KsYKGhLiTyW8:3wV8tDOsauVLMQTJPK9KiHKsYK2LiTyh

Score

6^/10

microsoft discovery execution phishing

Malware Config

Signatures

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
3340	powershell.exe

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\ai.ps1:Zone.Identifier	firefox.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
3360	schtasks.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
3340	powershell.exe
3340	powershell.exe
3340	powershell.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeDebugPrivilege	4216	firefox.exe
Token: SeDebugPrivilege	4216	firefox.exe
Token: SeDebugPrivilege	4216	firefox.exe
Token: SeDebugPrivilege	3340	powershell.exe
Token: SeDebugPrivilege	4216	firefox.exe
Token: SeDebugPrivilege	4216	firefox.exe
Token: SeDebugPrivilege	4216	firefox.exe
Token: SeDebugPrivilege	4216	firefox.exe
Token: SeDebugPrivilege	4216	firefox.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
4216	firefox.exe
4216	firefox.exe
4216	firefox.exe
4216	firefox.exe
4216	firefox.exe
4216	firefox.exe
4216	firefox.exe
4216	firefox.exe
4216	firefox.exe
4216	firefox.exe
4216	firefox.exe
4216	firefox.exe
4216	firefox.exe
4216	firefox.exe
4216	firefox.exe
4216	firefox.exe
4216	firefox.exe
4216	firefox.exe
4216	firefox.exe
4216	firefox.exe
4216	firefox.exe
4216	firefox.exe
4216	firefox.exe
4216	firefox.exe
4216	firefox.exe
4216	firefox.exe
4216	firefox.exe
4216	firefox.exe
4216	firefox.exe
4216	firefox.exe
4216	firefox.exe
4216	firefox.exe
4216	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4216	firefox.exe
4216	firefox.exe
4216	firefox.exe
4216	firefox.exe
4216	firefox.exe
4216	firefox.exe
4216	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 912 wrote to memory of 4216	912	firefox.exe	77
PID 912 wrote to memory of 4216	912	firefox.exe	77
PID 912 wrote to memory of 4216	912	firefox.exe	77
PID 912 wrote to memory of 4216	912	firefox.exe	77
PID 912 wrote to memory of 4216	912	firefox.exe	77
PID 912 wrote to memory of 4216	912	firefox.exe	77
PID 912 wrote to memory of 4216	912	firefox.exe	77
PID 912 wrote to memory of 4216	912	firefox.exe	77
PID 912 wrote to memory of 4216	912	firefox.exe	77
PID 912 wrote to memory of 4216	912	firefox.exe	77
PID 912 wrote to memory of 4216	912	firefox.exe	77
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5740	4216	firefox.exe	78
PID 4216 wrote to memory of 5164	4216	firefox.exe	79
PID 4216 wrote to memory of 5164	4216	firefox.exe	79
PID 4216 wrote to memory of 5164	4216	firefox.exe	79
PID 4216 wrote to memory of 5164	4216	firefox.exe	79
PID 4216 wrote to memory of 5164	4216	firefox.exe	79
PID 4216 wrote to memory of 5164	4216	firefox.exe	79
PID 4216 wrote to memory of 5164	4216	firefox.exe	79
PID 4216 wrote to memory of 5164	4216	firefox.exe	79

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\a5NEvjtajGe.html"
1⤵
- Suspicious use of WriteProcessMemory
PID:912
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\a5NEvjtajGe.html
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1988 -parentBuildID 20240401114208 -prefsHandle 1904 -prefMapHandle 1896 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9843d3ae-0fb0-45da-82b2-cb5bd2978306} 4216 "\\.\pipe\gecko-crash-server-pipe.4216" gpu
    3⤵
    PID:5740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2376 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad7c2549-3101-4663-ade4-03789363376d} 4216 "\\.\pipe\gecko-crash-server-pipe.4216" socket
    3⤵
    PID:5164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3172 -childID 1 -isForBrowser -prefsHandle 3120 -prefMapHandle 2900 -prefsLen 24739 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95ecede9-9b41-4948-9636-7da7a77c70ec} 4216 "\\.\pipe\gecko-crash-server-pipe.4216" tab
    3⤵
    PID:4312
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3384 -childID 2 -isForBrowser -prefsHandle 3652 -prefMapHandle 3648 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {43f58c9a-a8ec-403a-909a-c95c9f9efc69} 4216 "\\.\pipe\gecko-crash-server-pipe.4216" tab
    3⤵
    PID:5984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4236 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4168 -prefMapHandle 3592 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c023cbbf-7afc-464f-8c3d-1dc2f08d9074} 4216 "\\.\pipe\gecko-crash-server-pipe.4216" utility
    3⤵
    - Checks processor information in registry
    PID:2440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5488 -childID 3 -isForBrowser -prefsHandle 5504 -prefMapHandle 5444 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0c326c1-2d16-4529-aa65-dafb9859a841} 4216 "\\.\pipe\gecko-crash-server-pipe.4216" tab
    3⤵
    PID:5844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5612 -childID 4 -isForBrowser -prefsHandle 5692 -prefMapHandle 5688 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c7809cb-f312-4b0f-90f7-163a7aa712b9} 4216 "\\.\pipe\gecko-crash-server-pipe.4216" tab
    3⤵
    PID:5472
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5844 -childID 5 -isForBrowser -prefsHandle 5584 -prefMapHandle 5588 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f66c5d3a-5607-4bd6-bcf5-f193c9f581df} 4216 "\\.\pipe\gecko-crash-server-pipe.4216" tab
    3⤵
    PID:2112
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6124 -childID 6 -isForBrowser -prefsHandle 6136 -prefMapHandle 5688 -prefsLen 33262 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {87cc4ef7-855d-42ee-8dc0-369b43534ca2} 4216 "\\.\pipe\gecko-crash-server-pipe.4216" tab
    3⤵
    PID:2428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6308 -childID 7 -isForBrowser -prefsHandle 6304 -prefMapHandle 3908 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff56af0b-c575-4376-b99e-7b6b5c0f778e} 4216 "\\.\pipe\gecko-crash-server-pipe.4216" tab
    3⤵
    PID:1816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5240 -childID 8 -isForBrowser -prefsHandle 5224 -prefMapHandle 5220 -prefsLen 28134 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65273e27-19bc-449e-958d-63701165f989} 4216 "\\.\pipe\gecko-crash-server-pipe.4216" tab
    3⤵
    PID:1052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5716 -childID 9 -isForBrowser -prefsHandle 5788 -prefMapHandle 5784 -prefsLen 28134 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {161ed47b-ff66-4ad6-86bd-d0e3695eeb75} 4216 "\\.\pipe\gecko-crash-server-pipe.4216" tab
    3⤵
    PID:3032

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4280

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "-Command" "if((Get-ExecutionPolicy ) -ne 'AllSigned') { Set-ExecutionPolicy -Scope Process Bypass }; & 'C:\Users\Admin\Downloads\ai.ps1'"
1⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3340
- C:\Windows\system32\schtasks.exe
  "C:\Windows\system32\schtasks.exe" /create /tn TurnOffScreen /tr "powershell -ExecutionPolicy Bypass -File C:\Users\Admin\AppData\Roaming\TurnOffScreen.ps1" /sc onlogon /rl highest
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:3360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
45f36f20cf7317abbfb056739e1ee475

SHA1
ed08db6998d2d55aa1ab52517d2a417f21874131

SHA256
03b6735035927e8fb8fcc253ecce1bedf0e74d4b16501e8b1d44b6213b500423

SHA512
8ff0088ebb83d30c597b0938fca16f7b91813d5cdda791fdac55fd5368b69a55060582348c3d05d810d1144c800bbffcd5940ababbe7560c9aa642e82655d242

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\cache2\entries\3F6187BDFA96FF4CBE6752F8878B0379838C32AF

Filesize
1.2MB

MD5
b90c103d9cb166eed4408b16b56c8435

SHA1
181cd64153add4b33ebd06b42d004a29cc0735f3

SHA256
fc4d6f2c2a4fe2d6fa3f076a22ddd6b3e90b0956e160e7136fba0b07809c96f2

SHA512
495572d5ebcd80ab3fee233080615dd95dce6de834638443533cdb7ecd21abdd4c057f396a0697807038d28ad65a6a7cae0eba0eb4b9ffb8d422eea56e465323

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
14KB

MD5
74ca89f5d8a787321f82c6f951e6bc0d

SHA1
e73e6c156f032276298760ca5177f5e9dd150769

SHA256
25d23069871f3a9bcce54d003bda127dd239a47b837b6effda5feaa2a4ee22e1

SHA512
a6fd5a0a78437b3c183268e6962140060d123ff7bacc100c52803e46cdf3104acb9b9d523a91484ea1859093922f295f462396e4d321eb88dfe60cb31d47ea8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_i5lsy4em.qvw.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9WI6S0HWXQ6IBO9UUV4R.temp

Filesize
20KB

MD5
f4b1771efcfea54fea93e14dadaf8422

SHA1
e78ff146a43bd3cabae3db6b60213288bd9be528

SHA256
b781851ae64f93abba7d57d2680fda30b1ab45537dce47de47bac61bf532fa8e

SHA512
0dc27993f1f619684282e6a920d31ee9b24c16106db9a04cc8c99fc7c6cbcf23d7c13a53c4146b587674a48a8c81e65fe1600aee94a927158b1e3dcf48758368

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\AlternateServices.bin

Filesize
6KB

MD5
1300d945472d8da685845885e1e780dd

SHA1
3bbcb06f5c6fb97ec4124fa2d575bec75601bc83

SHA256
d07941a76b9350c7d3fa5c5d5743ad999f4382942d33b0394baecb4912643c04

SHA512
dfc6f3560de941cca221bdbb023dd7f4953fc3aa7121063710c0a27d0513c1e62560f794fb094b19795760e842094b7a7bf9dc3e96ceb462c557df8ff43b2d4b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\AlternateServices.bin

Filesize
8KB

MD5
308bd7997249146106b6c018f347d1ca

SHA1
9471ce2cca4165773ec5a49fb42915d950bd85ad

SHA256
2261dce795c8787de5f712630fac50d8332f5f2c11b66d107dd6495f4b8edb3b

SHA512
32bbe4714baca28953da7cb603411203d2571453141e62fc7f48acf110fa8bf0266883935cfbf28fe08af8538492de0cba0736aa9b976f6b5a54347da5c302ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\bookmarkbackups\bookmarks-2024-11-28_11_zrihSVbctqiR1GbiTiRGTg==.jsonlz4

Filesize
1004B

MD5
c03c56b2eb1e6e75443868b97725feee

SHA1
74fd17c3af18ab01ea6cf4347180824fc6d10909

SHA256
55c073e7bd619821be5d7d0292b13a3579ff11aeea4dab936f59505b539e2cda

SHA512
6963108ab0a50031b1c9cb43f0a858168df8afc65150d28f356ef2414f186c7de1b14a030ea02f8dbedd5b7208ad8c1f2edbe1ba4056ce2a7f31a628487b9f62

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
0fa250dba7a77f243dc29eaf756d16af

SHA1
70a3dc0bc63c39fcee5058397d155672d4d103e7

SHA256
8eba3c189af1edd7f1625d9923d05591ba243f43e742110412213dd48c020714

SHA512
252454496e298b679bcffbd0d85980e26019db27772058ebc21cf1fed5060b479d94e5cb9bedff7139caa63b3180133c37d9f17a7c745c7b3ce7044277b3e2fc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
70KB

MD5
6a74c5f231626efeb8b261334e7e8dc5

SHA1
f88573e46ca0afbf9e3f245293985224fe449a38

SHA256
3d4f8bd6ae5fb41a87c757f09cde4c008b458fd8a81574a7efab2b3192e46350

SHA512
09eebd172c2071bd21aca5f87f2aefc882e97960d7ecc2e2b5b0f910fa31b27c2b33519296562918dae48fba8c515eab6f64b6656e3888e906c45ff709f7eec7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
12e99ff1194db6788f8702dbe6bc7398

SHA1
30816b4df3a02dc6e1cc55f142db35f0aba2b00c

SHA256
caa23efb19e69f45c0af11f15bb71e5370acda42e9e6cece1ce29e1e2cb966d2

SHA512
c5ccdac38ede159ea3d935e342aa5835a4440fc61efc71daf55ee4cc0aeda6cdca5e4c35727244ef9585f4e59bda1b4bac2bd6bc3caa6cd2843512aaa65fbe77

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
3c8b90d5efabf67eff8cc96d4c49594a

SHA1
1ff3e4f4650e24b8109496ddd2f09aca66e1e1e8

SHA256
1ed9f92e8779824f37287ed46f3c5a3537f35508d7d430a05091056ed7988d62

SHA512
1188366cd221059d743c3658b0c6dd109bb6a72bd425a5966109e8f0acb8b80fc3be390c44f29a6170501c2c7e9e031e84a60343bf5794000d16d3287c89f4f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\pending_pings\2cac8465-5947-432d-b0af-865e2de1b564

Filesize
25KB

MD5
1167085178cdee04d5c20f9c10643194

SHA1
9c5ff5e4050501fe66f4527e1fc5f1d3e37b9a2b

SHA256
37b56f25793f747d7c53c8ef670de043436a883121b75626716d2102ccc806ca

SHA512
8866228a5794e7d0778fd37eda1e4737b4fbc9ac10ba9a091363d69db468e7abb5aceaf223022df4076f48988e4d5437fc03d1b7de59e712b1a77daa6a653d91

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\pending_pings\8750c8ac-2e48-4546-a7b7-cd819e4c29aa

Filesize
982B

MD5
21486abecf36f2fa5e636080b167e44c

SHA1
b7f7f1ac244438d9464c5d3a46778a5c86239d1c

SHA256
a5964bbdafe7867d9475872b706dc8c140832000473c1efb2e929d2c480fcc60

SHA512
963ba2d78a0b927963e26c7184a83f7e61571e10a2cb1535fa0448003a4a4ee50ffe299f34f2270ba2f96a2c07db21c370990608029289da17e16e30a46bc4f5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\pending_pings\ef6d97dc-af88-4e82-ae75-0dd08dafa1ee

Filesize
671B

MD5
c3eb4331ce084e5ed76753e81ff33628

SHA1
9536cd57b310f7bed1f1a381359e2d7d11e5134d

SHA256
f2445a8c2730833c7eb82216ac2a7b6a7684321114098984188bd187ea74df7e

SHA512
8f3882ff66c31937e19b55847b50b2365939afa8e02d47ad4ab448234dd75264fa366b67f1bf0adae95210e78f968fc2bd0ced55195cbb93b7936d47e4cc6028

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\prefs-1.js

Filesize
12KB

MD5
e56746b40d379717e51abfaf19a6c57d

SHA1
d6a58b06286cb4ed536c7b0d338f7bd1f3e400eb

SHA256
3d76e5e14a9280167a9da0de2167061d570d0d096f5bb3e723079d8ef707ca88

SHA512
68cff73cf1debc20d3fb4cb30a5acf5e85e9809da3e97b82bea3d9e759c5ca96023767a954a90e4ad5a29b6d8874bf8d3173ed3af9663cec63611e0cf6865382

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\prefs-1.js

Filesize
11KB

MD5
8f52162306f166da55bf3c7e393b01ab

SHA1
45674e4b897cfec3cb0f990c1509b07d0d68073b

SHA256
f963facd7205938a81bbe05865b9a939ffa6916e154b2cf960c6837a72d50960

SHA512
754d5fa9dbae424dd86231005c811255f630233a614bdc2a4904f291644d80f0826087f29e2b2c635315156e01e0a21924a6ce0b3099c8bb8dab87c89507b516

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\prefs-1.js

Filesize
10KB

MD5
cd4282283a2ead7468b0e166df20c454

SHA1
cf3b0e1c5060976c4d03ba2796968501789af0df

SHA256
5f180066a0edfca4ab1ec2951b719206fc1a16b69080d3532317ad978a35842b

SHA512
77edb9345363886e78c335abe624f04b9cec4fd7731db56d2058ecaf4010da4881b8698406282cfaed3fa6fff4eb5db462c544ab39dccbe4ee2fb8ceeea57bb7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\prefs.js

Filesize
10KB

MD5
c995771f65ac708628a8911cbbc94c88

SHA1
79881bfc33aea3dd65b5a7966be5558ddb861068

SHA256
198d73373106865c102fa7bdd83c2266ff8b1fca42dcefbbca6839a4eeb6b3a2

SHA512
2cf6c51471063c0f0b2eed23aa875679fe1318d67cd6aeefd3063a5670aea0023b18a8d243899ddf0e8ab0001ddf0f0d09c41188314ff13cf6fc1d5d5b4d5cfe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\prefs.js

Filesize
11KB

MD5
19aad4dd3ccadfe0ca4ef9a5cc95aa65

SHA1
6a6df7a77279ee0902b3fddbeeb09623dbee98f2

SHA256
b48949f9b9e7180f3dc4aa405b610da16e225ff0d85d9ee6ef1aa97ad086e632

SHA512
c8357e1daefbfe3ed972e9c6b20446dda730aa31771c0a79779529eac84cd43050ae69f5006609f9f0a6b998d90ea947233ccc201d497563352e718023d1a890

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
d54631775d176394dd7a7e6c2de50c72

SHA1
010443a3e5a1619b0b43041ab4a88428e7146d1f

SHA256
8593e71d447bccd528aa142f526a018caabc58fbabbb77412a5fdffca4ccfe6b

SHA512
307db50c6768a12222dda98e70846236a8bd7736491299df28a66759591758fdf116f4893f388e3bb17da419b69400c1c98966d054876e359c4dfcaefbbcf5fe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
35c325031f21100ae5ec24f84ef2ccf1

SHA1
8b49dbdb9864dd495942bf487c2ba9c66d8207af

SHA256
449695bccdf8e36fbfa31219fa397c354eb66932e5abb3b69dfd57fbe629b361

SHA512
02922b8de9c02b1eefa6e7f615a4fb9dc6521ff2ca1cfd8e49f09dd164a2b58ad07acedeac6616640b4353b02a657c681c9af5bcd33c8496b79dbe2c061ddb2a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
4a3943c71d00f929ddfcaaf919dd1823

SHA1
c5bee26d07e15dd260d3388d1434c4d978499a49

SHA256
1f26ba998641e44dcadc533372704cde7b1652d219e4f7e012679f30fce5f5d8

SHA512
a65a724b414eb495a4489604e71ba669b72c17b2b7e4244c6c658bead7bd1b0151c6290176cda8129a77961c33eb6739addf874bf3a4e885c42b4ee907fdc889

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
4d92331a39860e9d5e1f957417b76bb3

SHA1
db51e03941e46703850cec5983bdc443358108c0

SHA256
28cc5b9098db6ecd3b3433d66ac7a3513a8d5e8a0033b3cde8792ea9eb4253fd

SHA512
8ce99d9e20630b1bd031bfa597065f18ca1995222084f34ef120b8c2dbbd48239299899a355a7c718e50dc2de2f79ab0f8e951b2d44320519518ce0675a53eaf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\sessionstore-backups\recovery.baklz4

Filesize
8KB

MD5
605dfdaafdb3b4564be76fa3f12b2f1f

SHA1
7169834053d702a2ecf7f09424dddf3047be1d1a

SHA256
04a0b632fee007867e2dffa5fe01e0648158a82bc838060f5e45523d80040c9c

SHA512
5615e07cc8824640b5aa4f460f6fa36ff1631ff55aae8a00622ca50c789c0b62c4c83bd7c668e91afe151b527a0edf6546c4489f325f584a0963b477f855f510

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\sessionstore-backups\recovery.baklz4

Filesize
10KB

MD5
b1c5a49cca63dc6a81dad4541f9dae56

SHA1
f90d3cd9b7c2553db59426b1e62c00bd859aaaa9

SHA256
6339892407034e6748498d0ea8c381bc339428b4991eaa4d955e7d0241a9a239

SHA512
713d6ba87946721a9ba0c419473df3975e907aadd6421a09ebee910ab092f83305213b8fadf4d66cb686cbce7ff27c2445fab5620adc7904a0c8212685e2f2ff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
584KB

MD5
e656ff867659c649d9c666cbf2fdeecb

SHA1
b28b720101f838abd9c3a12627ed17247b324845

SHA256
a35fcfbb638e37bf9324dbcd0d62dd89b046fa4e725bb3e18bbe06c7bc885483

SHA512
fa6aa59c6ce2cbc279607e3e159c51ef3d72492ec1fdf916956d7019c962183c869a217635da104e46340f0a66d0459584430105498bd5fb60eca5be499b4dca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
600KB

MD5
b9848cc2694f0811d6586745ac9849d8

SHA1
659da271f45dbcabe2ea72d231bc26ab553ec7c5

SHA256
d01dabd1a43a4ec2ae87965f0776c7bb4815e12e888b52a364cf59ffde418c88

SHA512
9e7b2e7ff17a983ffaf44e96e506407d754769156332761ef9dfa096acb32f8b9c9fa3143cf5b65d2ff56f39efeeb41981228bf2a66a87eb8c8fdbf11e39f86a

Download Submit
C:\Users\Admin\Downloads\_XypqD7c.ps1.part

Filesize
1KB

MD5
84157a91ac26da12234caa7bf9b49250

SHA1
73035728ecbc86ecd18f40d74502e9fa52426810

SHA256
b8347bc43b69dd318de299e0b3d1bad1aaa7803828f621d3d96658905cef6f39

SHA512
1baf55d80e0a7e29a8ec3cd7893914b7b95682cc8790ea9b0d144a6dff82d1d52b5726a207a8c02eb3711986a6e4ef5b8d4163a2d2d976baa5bf384f85d98491

Download Submit
memory/3340-537-0x00007FF815F30000-0x00007FF8169F2000-memory.dmp

Filesize
10.8MB

Download
memory/3340-536-0x00007FF815F30000-0x00007FF8169F2000-memory.dmp

Filesize
10.8MB

Download
memory/3340-533-0x00007FF815F30000-0x00007FF8169F2000-memory.dmp

Filesize
10.8MB

Download
memory/3340-527-0x000002CDB0B40000-0x000002CDB0B62000-memory.dmp

Filesize
136KB

Download
memory/3340-521-0x00007FF815F33000-0x00007FF815F35000-memory.dmp

Filesize
8KB

Download