hxxps://sustainability[.]google/?utm_source=googlehpfooter&utm_medium=housepromos&utm_campaign=bottom-footer&utm_content=

Resubmissions

18-12-2024 17:54

241218-wg1lpsxpdl 7

10-12-2024 19:16

241210-xy39lazmgm 7

10-12-2024 14:11

241210-rhjmcsxlgz 7

12-06-2024 14:49

240612-r7fxrssgjk 8

Analysis

max time kernel
1634s
max time network
1754s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
10-12-2024 19:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sustainability.google/?utm_source=googlehpfooter&utm_medium=housepromos&utm_campaign=bottom-footer&utm_content=

Score

7^/10

steam discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4464	msedge.exe
4464	msedge.exe
1608	msedge.exe
1608	msedge.exe
3596	msedge.exe
3596	msedge.exe
3944	identity_helper.exe
3944	identity_helper.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	3872	firefox.exe
Token: SeDebugPrivilege	3872	firefox.exe
Token: SeDebugPrivilege	3872	firefox.exe
Token: SeDebugPrivilege	3872	firefox.exe
Token: SeDebugPrivilege	3872	firefox.exe
Token: SeDebugPrivilege	3872	firefox.exe
Token: SeDebugPrivilege	3872	firefox.exe

Suspicious use of FindShellTrayWindow 47 IoCs

pid	Process
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
3872	firefox.exe
3872	firefox.exe
3872	firefox.exe
3872	firefox.exe
3872	firefox.exe
3872	firefox.exe
3872	firefox.exe
3872	firefox.exe
3872	firefox.exe
3872	firefox.exe
3872	firefox.exe
3872	firefox.exe
3872	firefox.exe
3872	firefox.exe
3872	firefox.exe
3872	firefox.exe
3872	firefox.exe
3872	firefox.exe
3872	firefox.exe
3872	firefox.exe
3872	firefox.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3872	firefox.exe
3872	firefox.exe
3872	firefox.exe
3872	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1608 wrote to memory of 2712	1608	msedge.exe	77
PID 1608 wrote to memory of 2712	1608	msedge.exe	77
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 1468	1608	msedge.exe	78
PID 1608 wrote to memory of 4464	1608	msedge.exe	79
PID 1608 wrote to memory of 4464	1608	msedge.exe	79
PID 1608 wrote to memory of 3940	1608	msedge.exe	80
PID 1608 wrote to memory of 3940	1608	msedge.exe	80
PID 1608 wrote to memory of 3940	1608	msedge.exe	80
PID 1608 wrote to memory of 3940	1608	msedge.exe	80
PID 1608 wrote to memory of 3940	1608	msedge.exe	80
PID 1608 wrote to memory of 3940	1608	msedge.exe	80
PID 1608 wrote to memory of 3940	1608	msedge.exe	80
PID 1608 wrote to memory of 3940	1608	msedge.exe	80
PID 1608 wrote to memory of 3940	1608	msedge.exe	80
PID 1608 wrote to memory of 3940	1608	msedge.exe	80
PID 1608 wrote to memory of 3940	1608	msedge.exe	80
PID 1608 wrote to memory of 3940	1608	msedge.exe	80
PID 1608 wrote to memory of 3940	1608	msedge.exe	80
PID 1608 wrote to memory of 3940	1608	msedge.exe	80
PID 1608 wrote to memory of 3940	1608	msedge.exe	80
PID 1608 wrote to memory of 3940	1608	msedge.exe	80
PID 1608 wrote to memory of 3940	1608	msedge.exe	80
PID 1608 wrote to memory of 3940	1608	msedge.exe	80
PID 1608 wrote to memory of 3940	1608	msedge.exe	80
PID 1608 wrote to memory of 3940	1608	msedge.exe	80

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://sustainability.google/?utm_source=googlehpfooter&utm_medium=housepromos&utm_campaign=bottom-footer&utm_content=
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe1d1f3cb8,0x7ffe1d1f3cc8,0x7ffe1d1f3cd8
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,2633552199661810473,11847854531935383689,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,2633552199661810473,11847854531935383689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,2633552199661810473,11847854531935383689,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2544 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,2633552199661810473,11847854531935383689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,2633552199661810473,11847854531935383689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,2633552199661810473,11847854531935383689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,2633552199661810473,11847854531935383689,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=1892,2633552199661810473,11847854531935383689,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=5112 /prefetch:6
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,2633552199661810473,11847854531935383689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1896 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,2633552199661810473,11847854531935383689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6276 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,2633552199661810473,11847854531935383689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,2633552199661810473,11847854531935383689,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,2633552199661810473,11847854531935383689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,2633552199661810473,11847854531935383689,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,2633552199661810473,11847854531935383689,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2884 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4152

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1196
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:3872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1944 -parentBuildID 20240401114208 -prefsHandle 1860 -prefMapHandle 1852 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {20744efe-ccd4-4cd3-bda4-ad9556a86e33} 3872 "\\.\pipe\gecko-crash-server-pipe.3872" gpu
    3⤵
    PID:560
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2332 -parentBuildID 20240401114208 -prefsHandle 2324 -prefMapHandle 2320 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {768c7dfe-5ff4-48a7-89c0-f0e174fd305b} 3872 "\\.\pipe\gecko-crash-server-pipe.3872" socket
    3⤵
    PID:248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3036 -childID 1 -isForBrowser -prefsHandle 3220 -prefMapHandle 2956 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4a43917-1818-4bbf-911f-e3691e83631d} 3872 "\\.\pipe\gecko-crash-server-pipe.3872" tab
    3⤵
    PID:4380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2748 -childID 2 -isForBrowser -prefsHandle 3388 -prefMapHandle 2688 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b97233a4-8d3d-4dbe-b41e-a6111ca92a18} 3872 "\\.\pipe\gecko-crash-server-pipe.3872" tab
    3⤵
    PID:740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4776 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4764 -prefMapHandle 4760 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00d9ce68-6992-42c7-9b7f-7793bbfa0f78} 3872 "\\.\pipe\gecko-crash-server-pipe.3872" utility
    3⤵
    - Checks processor information in registry
    PID:3372
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5404 -childID 3 -isForBrowser -prefsHandle 5436 -prefMapHandle 5432 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {06a402ea-ed0a-4c7c-82e9-140faaa00969} 3872 "\\.\pipe\gecko-crash-server-pipe.3872" tab
    3⤵
    PID:4396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5240 -childID 4 -isForBrowser -prefsHandle 5572 -prefMapHandle 5576 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e331c0e-4469-4870-8820-b0cde00985ec} 3872 "\\.\pipe\gecko-crash-server-pipe.3872" tab
    3⤵
    PID:3412
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5748 -childID 5 -isForBrowser -prefsHandle 5756 -prefMapHandle 5760 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {490dcded-2256-4c2e-9586-88db2560f336} 3872 "\\.\pipe\gecko-crash-server-pipe.3872" tab
    3⤵
    PID:4332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6280 -childID 6 -isForBrowser -prefsHandle 5748 -prefMapHandle 5404 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b78bb535-b460-478e-94bd-a398edc46247} 3872 "\\.\pipe\gecko-crash-server-pipe.3872" tab
    3⤵
    PID:1068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5528 -childID 7 -isForBrowser -prefsHandle 3400 -prefMapHandle 5448 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f55a2924-1af7-4e6e-b582-6091fab5a078} 3872 "\\.\pipe\gecko-crash-server-pipe.3872" tab
    3⤵
    PID:3716
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5564 -childID 8 -isForBrowser -prefsHandle 6048 -prefMapHandle 6580 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e86576f-a640-4fd2-836e-17b9bb6c3825} 3872 "\\.\pipe\gecko-crash-server-pipe.3872" tab
    3⤵
    PID:4644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5716 -childID 9 -isForBrowser -prefsHandle 5104 -prefMapHandle 5356 -prefsLen 28052 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {574278a6-0a80-4375-b809-7695b6e70b57} 3872 "\\.\pipe\gecko-crash-server-pipe.3872" tab
    3⤵
    PID:2704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6476 -parentBuildID 20240401114208 -prefsHandle 6804 -prefMapHandle 6796 -prefsLen 30584 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {00dcd258-b9bd-4fdf-a2d9-4b4056d2e1c8} 3872 "\\.\pipe\gecko-crash-server-pipe.3872" rdd
    3⤵
    PID:3844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6956 -childID 10 -isForBrowser -prefsHandle 6928 -prefMapHandle 6924 -prefsLen 28052 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {367e8076-7291-4982-bba1-387e7e3f4c76} 3872 "\\.\pipe\gecko-crash-server-pipe.3872" tab
    3⤵
    PID:2568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7252 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 7140 -prefMapHandle 7144 -prefsLen 30584 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {90a443ce-59b6-46f2-9c9d-70fb357fff68} 3872 "\\.\pipe\gecko-crash-server-pipe.3872" utility
    3⤵
    - Checks processor information in registry
    PID:3000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7472 -childID 11 -isForBrowser -prefsHandle 7480 -prefMapHandle 7156 -prefsLen 28052 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a39af7f3-04f3-4f61-8b54-40dcecf7a602} 3872 "\\.\pipe\gecko-crash-server-pipe.3872" tab
    3⤵
    PID:5592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fdee96b970080ef7f5bfa5964075575e

SHA1
2c821998dc2674d291bfa83a4df46814f0c29ab4

SHA256
a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0

SHA512
20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
46e6ad711a84b5dc7b30b75297d64875

SHA1
8ca343bfab1e2c04e67b9b16b8e06ba463b4f485

SHA256
77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f

SHA512
8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
1de5c32af11afa72edfdc9acaaf0fdb0

SHA1
f99c5fdf553bb4a03df52b3ddb359833ec0f2878

SHA256
e381b29ffc86d6373ad8293b2d3d57fe899a8aeda41cf7d3c32db3b140ad6c80

SHA512
cbb6d473f07b31f92b4e3969e89990fd4dd059eff5d873d8d5ca88fb9a2082dd9058a8342d5406272c991c217f5a0b7603dc46ba30edb289e306a9fcc257e95e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
e89ff26760a9201e2ea34a0060ba766c

SHA1
af8fb1394949539e0681a8a688faeaf1990108de

SHA256
b2e21ecd859143dcb02f398592cb3c10dac91de4b9afef3944f6f2bced87390e

SHA512
1c7170492ac4e7dff52c8bc8efe13258d94f32fe1c82b238902a5788e8404e83db4ede5693b20a5e62d4426f2376f8459ca8d348e96f6ba94c2c7907797a4e88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
02a8a3fdb792f8480e1e35b3caca6aa8

SHA1
74c0aa98530c735c4e63a658c3261b721e94ae40

SHA256
0e410429f41640ad80a1bcea3de7eea430a2ca0776b4892c963fdad3efa71cb9

SHA512
f78a1b6624679687901681014387133d9ec43bb140820584ec79b34f8d624bb45397ad1564eee5fd1b99e5728d2089632ba399ec88fec1903c5221d9e4cf744b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b9becde8d5927b5895ccf8074a5c3538

SHA1
92af1b33942822bcee438eddd6b0a1edbe2e84b0

SHA256
80113ee5f2b6d169e11d15d8989046fe3bd9a27a902f0eecd926da4e71ef49b6

SHA512
1dd6e57d0a61febdd8f5c2201bec7a92280d12cb3aa778faaf34eb5c0a7d5655773efaa5052dc8618be8b9981f3840d47059e91e99af7c221c1f65c0f683f8bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0f2d36242e49fe2a789a26f7f32afb29

SHA1
e90c61b0e07022d523d06ad3f4affd12708a42a9

SHA256
6ec353bd7e94591e9a80ad1f63666274876b719d5faf798cbfa0ae7dbabdb024

SHA512
502d442a9abd5716dd673b35f4f583e34ec5a9f9d43adb3a9a4e587b2e35c597ce8a7d75be24bd88694181a0eb39f668140a5f8da3f3104c0d0a56408c8cf0cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
13fded684fd41c66ca0657493c960bfe

SHA1
fa86335114b7b80c9b22c5cf2e96bb00165c51e1

SHA256
b09bf9927982c1bb8e05d1d0c4c918fd0e742da6d7e4cac481b9bf3f050d3332

SHA512
dd8215af6fe8e890a61da03931e9d8d245bc794de5dbd784b792bb4116d05062cf0695af2973a380c31a46ee3d110b0baa3f76e26c71cbd09f9ee6a2564e2468

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
88fccfd2b01454e884bdebaf49ddbf5b

SHA1
691c05914f8a4983ea27b84bc49e04b822ffa7e7

SHA256
e73d96ccfbb4c505111de3cb6ea5d356698bcfc344c52bf15d4ad87b43c23507

SHA512
982030fb7a2869b075c97adccd77a801489f39be376b6d2b004387a5ec3a32ca10fa87d3c466697600a7730ad6e08350b7fb8077e293b362ddbed382c5a2ea34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5aff2e29f9e4a673d92e09a63d8ed57f

SHA1
2f4e109328a41c863b3beeb3cdc50c9ea9c3893e

SHA256
4f3a2c1ca66eb163416a8eab279b5ab43566869799f9e93d7dfc2188ca652895

SHA512
ec216fdb8c5c2b289a5db9b433a691ae497d2127fdb0164e73612b3cca5ac0b76e2d97a76f5a96b2c95fb0ad2e243cd7f7c71f3fd42f21a9ab82b54646b44f9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
99f7b299102b1e4ae91611326e4d7a57

SHA1
79163638dd183e8840226d665a01e377a7c12b8d

SHA256
f524bb515b904681b27deade0076299b72345e653ba3d947a5f40366e4756377

SHA512
21f7cfbd5725a2cf5a3a50f83e4b0f351e2388195db5a117c63e1e506ae55e26cb032a844f0b9362ad9de11578496f0e660cee6a17e1f82cbaab2d82162155ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
75266726bac0fa348210eacb535eef12

SHA1
625079c5d2c828e2622620deb6d17022b4e007df

SHA256
fd76bf3eafebc8c6a423da48816d6488c0ad1a7ed6d0ff0a3796de1d7ecddb51

SHA512
790a5b0ca0580f521d41c50f83b5eb2c932219189825f4fd98467e8ff149faf4c2eba31fc57ed5e7231fc54439fb6f333e637deda91fb7ee22f06d78464c0d0a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\activity-stream.discovery_stream.json

Filesize
18KB

MD5
f955b65995684118c7721ec099d9d860

SHA1
5d4e23b7e38ba097446d13eccd18c89c3ecb841e

SHA256
8aaa8f786d00e174b15b1b19c4cac8b5f8f3978d12ae45fd3fffa851443d0ee1

SHA512
f72aab673d4834afb1d4ad24f45a9eb09a9c1afeb699c12a54bd27ad7ced2b3f02087acbdc8bd7aeb4436048b7b0e837fd386c3fb2e4616c22496b68ee029c71

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\199223F815E0FC5824DE07DF4AD76500A994642E

Filesize
23KB

MD5
a2d5d6aa1f0e98790dd6ba457e60cb51

SHA1
c0e54d9c7688cff876b0cd351b07c7fbff8e3707

SHA256
241924f9be5c20861d95c98ecf42b1e17fc579b19be692a571ac9953191174ce

SHA512
747fe2249ca774151973ae903f49228ecf53c142d397135c3df2d98c7d071bc619d6666665c5dd34efdf00f0000470053d13c08d97f092e0adc2197f67539ffe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\4C18F2016606B43D054C8200B2142B749FA7F8F7

Filesize
23KB

MD5
a748903e4a1904862094053e761e6d69

SHA1
e069145f0e8593eb5bfc82c1cfcf6a4a125f0f1b

SHA256
4af3542737f6d215bbeefda96e7401b5357b1903a4a9a572877cf48d6a6fe904

SHA512
060aa781bc84fc67e24ed0d30e55d10cbfac8ec1d8213249194488b5db02bc4aa9c8e146e09d239f7cc57fdf6858432dabba34f0393de63af85c69c1c254ebba

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\7436D6224AD6EEF3F39B52AE57D3FA931C390158

Filesize
24KB

MD5
471e8ce8c58d1769cddcd541a11935bf

SHA1
bee569d89219e8429a62cd544f9f50eccb4f5355

SHA256
c414b9f16c2e670412f11e43bde553cbd5d3188f8dc6496ceff2bed5dd23d07c

SHA512
c1f442027c1316e079ca735f75b7d035a24f58380bbad715dfe9288273e1dffdee2c43305c8034bac12b378e80cbf565391c0cb12ad67106892d34cf45d93f30

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\794B56F79A6F17C1BF3A3136854414967FE8FA23

Filesize
51KB

MD5
5dd1f15dbf3a9ee8b58dac340c85efca

SHA1
cad80f02838c6b9e2f581ce52b747363aa6c7e3c

SHA256
324d13ef43a42b66a62806547cb5e526c0cc7c639e1f5e3dbf21f9adb95200f5

SHA512
b8576a8e9a0380297f9a16595a7c2a3fe835263ce1076d66e8bf79363ac65ee3a8dfbb96648105b020ae7b10a3f7142a52dc79289be480e3b304b5e2f80bd689

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\80FAD77CFD5EE1B32AA33A3D6D69F957944C4982

Filesize
12KB

MD5
8452adecf8d862f98a0b13be251c70cf

SHA1
3e4c9bec9e915fcaf61a5c8f8d61f069b95e8672

SHA256
afe83b8907648c2611cd0ed51c5309d92bd43a50068f42cf371075578e2e4498

SHA512
160e1e25e4c667e121e575ead1f88ece6cf312ce65fdd5995c849ec08d8615c2e0855dc7b4ca9e4acb2c2fac037a4b9fbd39d461738e5c212b74659bc08edc34

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\F9DBBAB64146A4C3B1C70E57682DF9E14B4075AC

Filesize
60KB

MD5
008d5f11cce53737ceefd9b7e3f0fa2c

SHA1
236cc988b141fa6bb0a8995f1003683337ac3abd

SHA256
72934eff03c42543aa68935348b6112c57e4cebdc360e1fa0f2f34b35242a53c

SHA512
5277cdb5ed885c5d86b3af7a6c2d5631c47fd0cdf3f1be18cca52251840ad4ab7fddfa2a8ebf9aacbcc2d4d1df5de8858d0a1d4bac1d667580979f09789fe9d1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
16KB

MD5
460325f4f38c4bd836b87cc4afdf1825

SHA1
5e2521c838883d484ba0cde069b95f51c4af2457

SHA256
30420d67b6d3be882476936d40c700bd7b033ce951d557df58783cb90c09fb99

SHA512
277f790dda255d902af7db803da1c7ee977ab7df1e5111ba1b3ce697244333064c3ded6eb0bf921d90233e5f00ff89ea4067d17b813c5156af4b615c2f5cd2cc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
6e7f78778ed33061a525d159b28ca341

SHA1
91715e8a746131785ad33b65074d9b11fc986ae7

SHA256
d5ed3a630326ebbeb1b3c4013bcc031283e2003fa197982758744db9db051b25

SHA512
dcd9d560d143abd5768583d58dd7a3501d295891fcd607553bb9a80abf27cae65fbe79d5807568b71c103e43477cddd16a50eb65f0685b66aba2e757bac1f556

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\AlternateServices.bin

Filesize
12KB

MD5
5a90960c17d4f34f576cd616bf60e850

SHA1
877b9fa91029822a712133bcb97aa24c7ee81e3e

SHA256
b677103a61e061bc434abaeee3616611edae55ef0dd648083fed398de29d67c5

SHA512
be4bbf070490b3a83afbbc30e045940acf154403a6d2fa4279bac29466a9b99f88545e332ebeb7c33494f28af3e35166fb985db85d8147070f225a2a53af628e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\AlternateServices.bin

Filesize
7KB

MD5
8db3caa79c833498a0c2ac3ebe7d4cb8

SHA1
10de74537c50c881491c15bf5591295cf5c1fc21

SHA256
4a809aeb60606f7aec8597c38d1e1cd9b2353cefef9888fe23e5a1e6bfc354a5

SHA512
12bdccc019e7d4a00b1c6b7c31d8a7adb3ff4a1da51e327fe33818ccd24d7b1ad4b1f54df83cbcb88133aad490037785ae88fbe2082ce779bef53d089ba26162

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\bookmarkbackups\bookmarks-2024-12-10_11_8VjzqSwmtqWutgfS4lkHNw==.jsonlz4

Filesize
1009B

MD5
d09e0770c9a6098005e20c4cb7a240f7

SHA1
1ac27e5428372e8a3567fced290a82ac275ed20e

SHA256
64385dd70b96360672a2d630a06b7e08f2616a225b9af955825836d9c7b73262

SHA512
57f293a8ec263128d0e9c7aa951248695a7b92e808107b1ec442ac2cfdf06b77e21361a3c0c9931f1590bb18c7b8ea07932873ef5400cd495c909466789604de

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
1b6fa3cf221159e993dafa1a17afd794

SHA1
258a2a2c763ed205bf5d1fec34cbe62a20706127

SHA256
4a091f9b0da71127ab3cdb79f6656445d1cd456de78df7f95193322e701bacaa

SHA512
379f4075b2883a5b733a1954e714f6f2203c910a37b3dea2a40e624e0542799525512a5c7a97f4e316dfa832da796ee78e5766b11682951becfffda4a515133f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
e9f5921381c1ba0421920baa1e75df84

SHA1
5ca043fa378bfa5473426c0359829c5795c7d31a

SHA256
278d1b814d836c0a143b5c6b2a8cb105a203bb5ff063473b46857875092b8eca

SHA512
38d553518e57c6195357afedf29dd958ab61cc8edc962ed4f793854c021a55b975bfcfa20225952f28fdee111ed0c3d9ff2dbf4b68b764bf0e3da57d6d582383

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
22399085d4deb175ac8cd4375e8da427

SHA1
47f4ee9e1eda4ce1c83afc8cc428e48d769fa9a1

SHA256
efd31f09f46f5b3c28d7515a8e39516022e643e65c821d8a6ba2d34dc5f1ed16

SHA512
58274e143aea122efb067f7278f8052684030f47a82e996ff0eaa5722439fdbf676a085637e6ada597fe017824ca85a7d30531b7747348f428d42b809ad777db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
87KB

MD5
8e61e0978e7faa8e0faf08ca031532c5

SHA1
ffd7f4dd50c0ff76636a1f3a370c6f22640cf6bf

SHA256
0dba6df122069495bfe9c56b40a382228ad8a235c7df60fdd807b2aebf3c18bb

SHA512
b8e437a75a60034e8d3d2bce86471cf511e3f35bdd8079c113c384fe53f6edef79799d118f3ec437abb855081a1e583c0ae3fbe485a531d54ad3fcf8dec3de15

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
87KB

MD5
692b69ecc0f9c5bfdea7c7c9e45716e3

SHA1
b4dd12bc2ad5503309550d1ee8f4520241f6a379

SHA256
936e559e3292428084ceb797f5fb13977d96be216ab9c8e4ea552974129cefa7

SHA512
0fc73a0d0c2038652ec92eff2dc131d1905618faa75ab5ede86a81ea704af03a27d294f8450581780a9efcb6f40d792b7d00e9c382b576d0668d14189f30cad9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\pending_pings\852a0f03-8c5f-49ad-8cc4-65b8fe6e069c

Filesize
671B

MD5
5555bf16f79711ede8d8db5c70ea3127

SHA1
69aff5b13cc10cc960e0d2a7d4e82dcbe6c35988

SHA256
595a7512efb7ef6de26f40f3ad63577ccd9fc149cba667f9a4a51b2193dc93ba

SHA512
b337b3f3128d43e8674c0a2eccaa4db4c8fe0549061e20cd5ee0c42c3a8b90ee7a1a05cc2a6945a7b51a1d56f8fe14c85372d26379cf38f740fdae5e49a27bd4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\pending_pings\ba4fa227-3b80-4d1a-87cd-3db453eb6d0e

Filesize
982B

MD5
ce3196c05ac713f543b6fed0810223f3

SHA1
44c7e178c93919c7d4f590d42b571019c483f546

SHA256
7d0d75dd6092779a97d2de3d8f9d1f28ecaf107cc60ddd2607cdc5ddd92d545a

SHA512
cf211cf04eb1e2e099670afca5e2036aa99f7a6f769d63177c150b0308de565eb28d9911fe15c0be19046e9f4d6ac342358c1dbf9a8c2aa01c6905b9499384eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\pending_pings\d59524a9-cbaf-4d19-8b0e-c35dafa53544

Filesize
26KB

MD5
28924f49e0e63394108a7a41442bce64

SHA1
94ed5bc554a8d9f7d1bd78943ea2429a7a573d67

SHA256
1759c119e71db91879e7ea7aecda616d88b847a6a46230c4c739ffd69b7e39f5

SHA512
bf48fa7aa59622d4a1aff7945761e822e72df33489aacb97247a6c63d818c581a215f88457a182b3ce4631ad097d87be7d8cadbdd910ad4e51f35a3e7b11fc4e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\prefs-1.js

Filesize
11KB

MD5
9589a8fb97f6af2c561a382e40000e38

SHA1
7b6cd7cf1862239e4ea04da998917a35763aa6c9

SHA256
054c7f56e53360d2076e478fcd49737869f59706bc0be70fb80cd702f986ed6b

SHA512
3c718eebc405ef48faafde5a05bf0d2e3ae79cfc08f120f6fbbdd36e75583ccb596e1f8fd766be92c233fd9e82a66ae70833c11a15cd606b9da14c5f56a60185

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\prefs-1.js

Filesize
10KB

MD5
b060c2e32817a7ad966d5b08eef235fc

SHA1
e19214a759a0390bd04728481f597216ea7a61aa

SHA256
4bbf6e53a4f0a2e3a21529f03de2e5a6c5ab383f94ce2b6c730bbbb4721e9876

SHA512
3436d040b5f539453aed131c2792a616a8a41de52f55f6aa2919359d29a40fb54a0ac0121b60202e724f129bf0fd102f62497eb38654b7b62973affb60aee50d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\prefs-1.js

Filesize
11KB

MD5
250ac0f3a8f6294de16827db55dba444

SHA1
eff5e9f78f75ed2a3a01fc5c714a531d7342101d

SHA256
73db50523bf25d70d46c255b11cefc5b62eb88bba2d165f238904cb525bfc974

SHA512
1db3380bec882c8f7aed82f18ed3f0cd70a719567db4e431a6cb494faacd0d017de24a1f47f9fc6c79b8cf966f8885c2ae2fdefa01619841046a101ffd9c128e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\prefs-1.js

Filesize
12KB

MD5
b9f3545fca5a1a927af324187f2512e9

SHA1
f46f974ebe11e7a393c2ae6378e6f824f711ead9

SHA256
43e790efa17eb07efb5e237fa757e4c2f6065c8e2ee00ba9e48591e454b6b412

SHA512
781e95bcb4b5290d3eedab9de541dce9142756a4c8086d460d4499b4b4d3741c1240bf4ef718ba9c0ecc341b12a449430bef3fa26b300193798ba6e56eaaff59

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
c8c0e57607b61e4bf0750b4e367095a5

SHA1
a184647cb6950ea49cbbc1a66460e453c220a801

SHA256
85b3e7e76146e268ecb2a7bcc4981309aa7ab6e6c22a769db82de9fa4ed58e10

SHA512
3136b23d8c45aacf52e74a2dd628db4ddf3288bddc5b3551ed34815fb2986c20e361c7c8e943d994a7248896de00acd8fdc06b06e94b86814850e24936b00294

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
b042ee7959a0653659053f2dda6d56fb

SHA1
8e6ca3174d91c1ccbe87bcfc6afcffea05d61b66

SHA256
b0ea1261b48bc1d0d189fef3a525d0b502d99194572984733a57fd2c6ca26170

SHA512
b7cb8ab1a7b5a16a6545f8bfd61dbc2dc2b01c9eedbbc685c11f4323738e5cdb4aefc5c2d72b08bb872de9a7284859d6414554123efaca8c972b4f304e1a3531

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
8471a292a531b3fa0ee615ff02c4f53c

SHA1
2a96c7b690506af46e1824d81a8df1166aa47c15

SHA256
b3c1dd2e2e94b58239ea5e642bb20c60534cae0adfe2d0856fd3e68c305926d2

SHA512
47782c1e126ba500b86a4f9875707f6164dbb98bfa24d541e3a6e6e08fef108241c2ecd4819dd7b59b1b14f9a6632810a43dff7209994c9286b7bf06253e42e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\sessionstore-backups\recovery.baklz4

Filesize
41KB

MD5
ec037538fff6a39a135fb1c745254097

SHA1
81f137870cfc5f98bf69c524acc3456b117e2c4a

SHA256
03d6ede5fc0df3836513a447cb00427e8664666dc228ed26942ffcbab47f560a

SHA512
7c8976a8cb2d55450a337fc5666a538a0190eb6d24eb580f49e3c7dfa0146132fc66c3e57f0b8d21c4407d34595f04f2da0987b15cc3c6cbbb5f3d0f95a1ab70

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
5ebd5bf3995a980c857098a340a530a7

SHA1
417f7f1b8c99d0dbea2fbd9c1d744ac2b2a0a6a5

SHA256
199172593690c04cc9df606643fdd3f9db602e7528bda072f008dceea9388e14

SHA512
00b87245311c980b6742f948874cd5f723ed4d8acc207904fdebc1ac0b1cb528a8bbcaf648938a04e3ccc262bdb9041f67e4047fa1c6fc14f831fb6046168165

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
6f5c9ecc692ccf1df46c6554203d386a

SHA1
f3aca9a079e96bf84eded7d890901b016fa567a5

SHA256
490d92a93255c1d573661608e7966d679edf95c90cd3849cfcfac7ba957b68a6

SHA512
6f79094ad9b372d4f4b8d44f6741bca9c27e9e458c03d2b595a0810a15b1547e8cdf2ac3aef3e809d1a2797b1fdddd1d1ddbb0bd9d05167c201ef6cb218540fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\sessionstore-backups\recovery.baklz4

Filesize
8KB

MD5
f799ed2221773d0247db7914524fef4b

SHA1
a565f1846544c373926175a9802e224db09802e8

SHA256
60e8d303f01ea1f18918d55c059ba5b28af7056ae9a3779ba29c07b899776114

SHA512
0e96dfbe16f11892d3a37b95e1b57146cd0f98c145e7ea4587510d31e935535bb2b65b4d5cabd694e98d4d8c458438825e55fb0c34c387d0985aebc536adf46e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\sessionstore-backups\recovery.baklz4

Filesize
47KB

MD5
9c3cafec09baf259fb5461620020b0d8

SHA1
1db24caeeac1e969787fbffa24c1a9a899c69162

SHA256
275a0722260c2abc0d4fa108326d7f504fe50a141f8f995c7c6ee31e5ccce43e

SHA512
02de87e221d04ba757c50e2299ae9b9ef3254f5a4e18770896d5b1e311bd3f34b631245c5dd9b2374e2b60e9e8ce1b542e380ef6f73a37544cf9b95d7b8af3af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
600KB

MD5
64c207a0d84a230674dcfc18ddda4fa0

SHA1
b55ef247d09ffd78999b68b97565ddd66e3ae9cb

SHA256
b513e0d4859cb6bbbd261ef6924b638f069ab25a185e9b2b3cda27603062194d

SHA512
dfa2240fd5511ba7898d37a654aee3f6f04ae83d90e35e8315736d8c84b953850836593c03fe9acfb34fa25d364bf16372ddea36aeeb67dbaadcb589a7d85858

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
376KB

MD5
5d0a485c6575ffa77a45a9789921f9f0

SHA1
207468b870c413099bb675a3e162346ee2d417bc

SHA256
728b08f74ada44e54c1b8c28beb43047e7f2c34e6abf27484626975807a5a17c

SHA512
fc94ec23d20863fad9ac2e97d919efb4d40bb9a914df7ecaeb063e6284cb008bb5ae1ec37eacc25aa3ea706ef1f00f769632314bfd5ff615b4dc217c3ebbc279

Download Submit