2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14/12/2024, 22:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HorionInjector.exe
Size

147KB
MD5

6b5b6e625de774e5c285712b7c4a0da7
SHA1

317099aef530afbe3a0c5d6a2743d51e04805267
SHA256

2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d
SHA512

104609adf666588af4e152ec7891cedafd89ad8d427063d03fb42a228babefc59428b0c8b1430cb3fc319a5014d2ee1083ff2b74fa585cab2d86cdad346e8b08
SSDEEP

3072:ckgHqUGSCoEslON/q178+oO3BAE4T/DvueX:cNHqUGSCPBh+7VST/Ke

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133786888914612453"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4700	chrome.exe
4700	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe

Suspicious use of AdjustPrivilegeToken 27 IoCs

description	pid	Process
Token: SeDebugPrivilege	4480	HorionInjector.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeDebugPrivilege	4976	firefox.exe
Token: SeDebugPrivilege	4976	firefox.exe

Suspicious use of FindShellTrayWindow 48 IoCs

pid	Process
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe

Suspicious use of SendNotifyMessage 44 IoCs

pid	Process
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4976	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4700 wrote to memory of 3464	4700	chrome.exe	93
PID 4700 wrote to memory of 3464	4700	chrome.exe	93
PID 4700 wrote to memory of 1912	4700	chrome.exe	94
PID 4700 wrote to memory of 1912	4700	chrome.exe	94
PID 4700 wrote to memory of 1912	4700	chrome.exe	94
PID 4700 wrote to memory of 1912	4700	chrome.exe	94
PID 4700 wrote to memory of 1912	4700	chrome.exe	94
PID 4700 wrote to memory of 1912	4700	chrome.exe	94
PID 4700 wrote to memory of 1912	4700	chrome.exe	94
PID 4700 wrote to memory of 1912	4700	chrome.exe	94
PID 4700 wrote to memory of 1912	4700	chrome.exe	94
PID 4700 wrote to memory of 1912	4700	chrome.exe	94
PID 4700 wrote to memory of 1912	4700	chrome.exe	94
PID 4700 wrote to memory of 1912	4700	chrome.exe	94
PID 4700 wrote to memory of 1912	4700	chrome.exe	94
PID 4700 wrote to memory of 1912	4700	chrome.exe	94
PID 4700 wrote to memory of 1912	4700	chrome.exe	94
PID 4700 wrote to memory of 1912	4700	chrome.exe	94
PID 4700 wrote to memory of 1912	4700	chrome.exe	94
PID 4700 wrote to memory of 1912	4700	chrome.exe	94
PID 4700 wrote to memory of 1912	4700	chrome.exe	94
PID 4700 wrote to memory of 1912	4700	chrome.exe	94
PID 4700 wrote to memory of 1912	4700	chrome.exe	94
PID 4700 wrote to memory of 1912	4700	chrome.exe	94
PID 4700 wrote to memory of 1912	4700	chrome.exe	94
PID 4700 wrote to memory of 1912	4700	chrome.exe	94
PID 4700 wrote to memory of 1912	4700	chrome.exe	94
PID 4700 wrote to memory of 1912	4700	chrome.exe	94
PID 4700 wrote to memory of 1912	4700	chrome.exe	94
PID 4700 wrote to memory of 1912	4700	chrome.exe	94
PID 4700 wrote to memory of 1912	4700	chrome.exe	94
PID 4700 wrote to memory of 1912	4700	chrome.exe	94
PID 4700 wrote to memory of 2604	4700	chrome.exe	95
PID 4700 wrote to memory of 2604	4700	chrome.exe	95
PID 4700 wrote to memory of 2736	4700	chrome.exe	96
PID 4700 wrote to memory of 2736	4700	chrome.exe	96
PID 4700 wrote to memory of 2736	4700	chrome.exe	96
PID 4700 wrote to memory of 2736	4700	chrome.exe	96
PID 4700 wrote to memory of 2736	4700	chrome.exe	96
PID 4700 wrote to memory of 2736	4700	chrome.exe	96
PID 4700 wrote to memory of 2736	4700	chrome.exe	96
PID 4700 wrote to memory of 2736	4700	chrome.exe	96
PID 4700 wrote to memory of 2736	4700	chrome.exe	96
PID 4700 wrote to memory of 2736	4700	chrome.exe	96
PID 4700 wrote to memory of 2736	4700	chrome.exe	96
PID 4700 wrote to memory of 2736	4700	chrome.exe	96
PID 4700 wrote to memory of 2736	4700	chrome.exe	96
PID 4700 wrote to memory of 2736	4700	chrome.exe	96
PID 4700 wrote to memory of 2736	4700	chrome.exe	96
PID 4700 wrote to memory of 2736	4700	chrome.exe	96
PID 4700 wrote to memory of 2736	4700	chrome.exe	96
PID 4700 wrote to memory of 2736	4700	chrome.exe	96
PID 4700 wrote to memory of 2736	4700	chrome.exe	96
PID 4700 wrote to memory of 2736	4700	chrome.exe	96
PID 4700 wrote to memory of 2736	4700	chrome.exe	96
PID 4700 wrote to memory of 2736	4700	chrome.exe	96
PID 4700 wrote to memory of 2736	4700	chrome.exe	96
PID 4700 wrote to memory of 2736	4700	chrome.exe	96
PID 4700 wrote to memory of 2736	4700	chrome.exe	96
PID 4700 wrote to memory of 2736	4700	chrome.exe	96
PID 4700 wrote to memory of 2736	4700	chrome.exe	96
PID 4700 wrote to memory of 2736	4700	chrome.exe	96
PID 4700 wrote to memory of 2736	4700	chrome.exe	96
PID 4700 wrote to memory of 2736	4700	chrome.exe	96

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\HorionInjector.exe
"C:\Users\Admin\AppData\Local\Temp\HorionInjector.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdcb6acc40,0x7ffdcb6acc4c,0x7ffdcb6acc58
  2⤵
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,11853932327997635833,18167844619592481080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2052,i,11853932327997635833,18167844619592481080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2468 /prefetch:3
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2112,i,11853932327997635833,18167844619592481080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,11853932327997635833,18167844619592481080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,11853932327997635833,18167844619592481080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4564,i,11853932327997635833,18167844619592481080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4540 /prefetch:1
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4804,i,11853932327997635833,18167844619592481080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4872,i,11853932327997635833,18167844619592481080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4876,i,11853932327997635833,18167844619592481080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5096,i,11853932327997635833,18167844619592481080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3304,i,11853932327997635833,18167844619592481080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4020 /prefetch:1
  2⤵
  PID:2748

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3988

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1496

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3300
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {58ed6219-18df-4254-a932-d4fbda1fd49a} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" gpu
    3⤵
    PID:4276
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0396809d-0e35-43ed-978b-c291c6ac3018} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" socket
    3⤵
    - Checks processor information in registry
    PID:452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2924 -childID 1 -isForBrowser -prefsHandle 2808 -prefMapHandle 2804 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1184 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {325e3ff4-4e54-4437-80ae-8168ab8972fb} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" tab
    3⤵
    PID:3304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4120 -childID 2 -isForBrowser -prefsHandle 4112 -prefMapHandle 4108 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1184 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {147c37e0-de5c-4bcb-87d7-4ddca39139f0} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" tab
    3⤵
    PID:1624
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4948 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4940 -prefMapHandle 4936 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {365c190e-b47e-467b-8774-c71e775fee7f} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" utility
    3⤵
    - Checks processor information in registry
    PID:5564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5292 -childID 3 -isForBrowser -prefsHandle 5224 -prefMapHandle 5280 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1184 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {119b060e-0b11-4e7e-9c65-17fb896b354b} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" tab
    3⤵
    PID:5988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5412 -childID 4 -isForBrowser -prefsHandle 5488 -prefMapHandle 5484 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1184 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38977207-ec01-47f5-9221-29a140865601} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" tab
    3⤵
    PID:6000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5396 -childID 5 -isForBrowser -prefsHandle 5624 -prefMapHandle 5628 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1184 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd660795-2e2f-4ad7-aa5d-4b2b30dba954} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" tab
    3⤵
    PID:6036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6016 -childID 6 -isForBrowser -prefsHandle 5804 -prefMapHandle 2812 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1184 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55dcc4ca-fedc-477b-9102-4df71a89ab19} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" tab
    3⤵
    PID:5920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4628 -parentBuildID 20240401114208 -prefsHandle 6300 -prefMapHandle 6244 -prefsLen 29357 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c45348c-17ac-401f-8b59-ef33358d655d} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" rdd
    3⤵
    PID:2068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
3d8acd3a57d05b0284f621eaa5c3f268

SHA1
dec62989f04baaa9717f4f68926d9f6af717d0f9

SHA256
e5203952b3585a710e30ce691c687707bc15c21a5408f6ccc15073f2f655c480

SHA512
cab48db1284c6fcb7ba7c5f5418ea7a098d113166cb54bf6c389deaf03a709d10e5b3e322ac2bbc840be4c4a674c119b369bd4a34e75419ac34e8dc53c47be8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
8d7ec81482605a6e2c31895f9c0a07fa

SHA1
441fdcf24680a1ebc84286a7427100da0eb5e240

SHA256
c12c1c7120c14d432335bbea5a65daf34b5b1d0202a3f1e9111e10f7ae3cc1be

SHA512
3787f053d3fbfa883578c568a1d4109372448769dbc7e3a748ad183c12ee5e163ccf43121b2dda0d0172b088a02bbfe359bad7d0690fa1b2af5d83724c3e0762

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1997d9816d0714d406244fa21078121b

SHA1
b8a46738db24a84e2107c9181722c049d7eb20b6

SHA256
e457dc09fd8ba8b36c6e8838154ce5f8cef7ac7c23c0a2c682505604fccf010d

SHA512
49fdacdc199d7eb7330daaab5a00a6f9dbfedc1af4d11141991b8c49ee423b1ca6cc6bfb95f85d270841ff194cb722aa01930130d91261bb68c6f7ab52582c9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
f3273098a5d5be150c26478845ebd776

SHA1
66adb5cbd14c5a68b32dcd9596f1cfad16d7866a

SHA256
6d07b99b7484b78a5533af8b10481730e30fe256858904859e7bba853e19987e

SHA512
f9a604664a9dab79ba30c715bc590eb1e478f483fc209ba236358ef9be45e18aa656995759af8e7ccca36e14c34393f6d563449b830a87130b3aea3134ed53ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
f57831932d9c82c41da27f31e353a101

SHA1
de4732f68de4f68ec96baaeb8f64eb926d4c57b4

SHA256
37779f691dcd905f215bbad943e9474b9cb0f1b23155d4ecbb46e23cee820a44

SHA512
489b7eeb0e687875db7340d0c4dcabecba6b0c65d7d3864843b06d80f4dcb9635294ca8e560c6b3876812711c93d302bf4bebfa954fd32f341aee703d2da3bdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bcbbd488d98d9a0733cd21a42f546ff9

SHA1
2163e1fa6d5f091e898fa332e429c3caa6c64132

SHA256
d0de3b595a38abd5f53e825140801bc058fe9193214c7f6f9504d6fd264610c2

SHA512
97ac6a5e1a64e349584aca4b1fb24dc31e0e7620bff8b2e4fccac7524f7b9a4917529145d5774e521c2b15706c443b3f3f154ffc4020068c58904dbb0c67f814

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
641d418bc4c3736b95643d77118c7f9b

SHA1
c41eca3ed15ff5cec53be4d5b8983e44193f9372

SHA256
c2c7006a92e8f6118b808364ced36a54e38216cb3e7e5a92be20ac459ca6bff2

SHA512
e311ebe86904afb09fc3eaa1785b60f7f7a3fd1daf2ebbc90a043234157a294fa78d87e0aa680c3507b94141ee8046e926de001a0874bdd82aaddfa368e428d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
95257b9142bb715958882c2f30e9f9f7

SHA1
d00c2c960561aa68604f29cf9445f450c1e3ab8f

SHA256
d369e58f85f2b193e8ecf8dc40bbaaf47a1b876b415deb9dde0ee547ec75dcc9

SHA512
4941b86c258c30b955d2242725f79dbabfedbb25cbcf6c664af1e291264bec17b08eaaebb949aad1c79d33b256b9cfa600ed95fe9b5adb4883d277ec063382ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
a6fba50e9691ad89cb7644ef6621320d

SHA1
9ad36d8f3eacd1be8ae54a6ed8b2b914804764ab

SHA256
1efd2a1d7b0c3b1fb6ff3478cf82728c5e7736b8f20f3253b501baa920f1cad0

SHA512
db94aa7b7c0cda68a6fcaf16723a9ff375146b713c5b14f228925a746061199aed971c1584e9e029edefaa53baa1577c2a22b6b9e1aed6fe44ea6a4084c7b32b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
4d9cfbc5934a77df6a9d53b0050faeba

SHA1
5b3910c1c65cfd1559e37df80ca90ff95ad0b32d

SHA256
6964bc197a642ed00cc2f3311b2a3e35f259f5b81649f1f8ba90c0b87ee226a4

SHA512
7476053e0edd89625a6cd2cc3fa3e11a9f18e7e89be1eaab891c1ee5ca1a6b38405edd01e32c9e1585c7ab478696957534a235b9adf2dc000500fd258b43230a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\activity-stream.discovery_stream.json

Filesize
23KB

MD5
d6234ec1fa6d17f44c1d1e5e937c8fc4

SHA1
7b61af61d216fb75ab3c49bc356eebee9b3708a8

SHA256
5fd33e650793ef7e7bfd7d5257610c89f288cd4ffda7c4e37d7efe71926f5155

SHA512
89af05a2d8b8fa0478eb6078411cfe559272e3555e0425e8596065eca87681d611e7831715c9de37b2c5d49719c096a34024511f323b66a8a1176fab68da9121

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\doomed\14516

Filesize
57KB

MD5
8efb7b0f6963ddf019225b6c3b10a65e

SHA1
a807845fcf41f2cd9ab8154f9889902c9c394484

SHA256
b509f2213d09e6ebd949ccdcd3b140e3a289857472379fa71babb1b686dcbde3

SHA512
0a37e88d865f8967a0c5f72b4748d237a1f7946ddd90d3f88d9cce70ceea682b2bbd09fe6ab00412e696f9820210c15348740bf42310e56dc1acc0dbb25e84a2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\doomed\23311

Filesize
37KB

MD5
27b44fb803950953713199da7160dea3

SHA1
c3a92dd2a056064fd79dfce64bb5a6e8972eac71

SHA256
713d41d97164ff32a7415ff0903d0987a5c0011d1ccd385251abab656f248378

SHA512
f20d5a90759cc206e9dd8728960bc6e4e4d61cc8c63add4a2c500a63caf14d51f40cfdf27df0821de6e021530cc1a6dccac108607dc2785c0b3840919c2f9be4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\doomed\32507

Filesize
62KB

MD5
9c01c7ee0991adf20f6f60020c0f48bb

SHA1
1ce2a9dfd54339e4d6a9520fcdf3385b9507aaa0

SHA256
eb2882f9b26b26c4199f6e8da34df96877235721190a037c332dad8b0987bd40

SHA512
9f4b8f00ebc34791f73ed2e4a360125d145fb724c43accb991c6f596c1a1c7f811e02c4cd3efea4e0dbf078b608aee9a8adef08285cff51b2cd430b094463c08

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\doomed\4638

Filesize
58KB

MD5
ca6411e11cdb50eaec267c7fed8c0c66

SHA1
1d3aff1e0c4336878c13004d88a31bce52501013

SHA256
4f64605961481522400d2bab50debbba96db2ea75c5108674955f183042fcddf

SHA512
0f4c0d68e92c64a34bd768946d914b1f4cd1d6f2bb23cbf0b895695a26386f0c9f38252881b272c16989437e0383b97a8d082ae8d9a015e67edbc97dcc6fb1ba

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\2681DF1C05D8B1BC372A0505C935A59887AC240D

Filesize
44KB

MD5
62f4dbdb6148f23ea3d30406a49bd5fe

SHA1
acd300a4a151263d436a8f62aee8a7ee740c5f15

SHA256
afc646c4f714e8955615c6cbe35c6df37754ab2db52591703b045120893821a5

SHA512
209106c48c574ab2f0bef82a0b40ab9ef60f7faadd5a8294a1677996148b5e151a1637db21d4ae436fb3902b850425c15bfaabb293b81284edca25dbf6a1cef1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\40A8F58CFC1A23A6BAE836E45F467F9B93975806

Filesize
41KB

MD5
8fa1d4da029a23d1b31f69098693066a

SHA1
d4275ad1fa86eea963edd8e0a52f378e8c0dbd01

SHA256
cabb91ab903f5cc639f4912565d2b002ca828f87de13b25a2b1c81bfa8072af7

SHA512
9e554e0f48e0d28c571f3e6e460b79dcae0908d66375a1bbcd97b4ae7e7dd59b02b763d721bd9b2eb745fbbeee0d57d334b2fc3f80b5c2c1ee9af01944257c71

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\43BD39D133B5D8B5C684E66362902EC5440AE052

Filesize
45KB

MD5
8c549a66e2a14ec87025de73359d5d3f

SHA1
720c95a8747ed67a8cab0747968429a51d8cbf60

SHA256
2aed45e73f448898ee5e052d84242b729d05c9af13ff0d3ba86c7be5554d3a80

SHA512
e711aefdf8db08045eadad6834299510dcddb2b7c2432ff70a001598167372477d2d115a867a1e4b1e89a03fcca42ab976aa2bdea5df4d395d8f910d9ae0738c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\48A773B8B92BFF039D7CB5A9DA03A6DC953D7D7B

Filesize
43KB

MD5
9598718df19530964281e061044d0cd0

SHA1
9f3bfa50c48817b9d4c3df6ebc4998308e7cc1fb

SHA256
e7625873d8e4230832654f004e02595a532eab74bd8cba1b86b85f636ca5aec5

SHA512
27677f6b5fe611ee8f1d6c8eb2913a2c3bb852c04fbb1dbb87c6a7dfe6a0989af47e5df959eb123e0f40b9d4dda415dc3bd32186708516bd19338c5ff873cb4b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\4EE9D7C5E0E043DE8D54889E202400ED0D3FC403

Filesize
26KB

MD5
7760bcb42189ee6e2bd620e4ccaaa2ae

SHA1
e8d0f770cd43dc89cdd3f932116a09f4b480d74a

SHA256
a7db1f15f57c3c0603655b4ed3f576965c7dd35b102a0e515e0b192a1c162300

SHA512
844eda96d5869e35689c69d071f8d37f0c162e24cffd0fa12861b42399489cd53e2b89a57f37b7bc9898e298f87c8d1ca025ee153a8a17a7446fa0f237f250d4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\549C94847E35BE89DCE95DF86EA39378F22E5078

Filesize
99KB

MD5
c8034850485555bc96d211db17f40d6a

SHA1
a963a3dbce51662bafccf1210b3d17021d32b1db

SHA256
a256bfb89ebe1ca2a05c37151fc8436bbf5aaf20f3a0c58be18d33e3c358da75

SHA512
a6f9bb27fd0be1d2465e6dc17487455e08f092a333677d603da9913b465772f959b89a3c1c85aed4d4652a6db33b24e6416ed50a40a10b6492e702bcceb541ff

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\599142DF625667510471E6F6C4AD12BA728D6AD1

Filesize
19KB

MD5
20dbed8bb3d133819d9cd6e39f49a1bc

SHA1
e8b9652c80af2eb7c80c86c546692ec47fcbc268

SHA256
3db076c3a9a8eda99f370d54f43749571d8bf2d89843b7574cc4eb1599df3e00

SHA512
4b19f66017314df449b8266902e09fe6aa864a0294382b16d9e5785c762e8ca6f416d6e76fbf09d7b573eca21bd1a2f5c570ead793f1eaffd11998a2a337f898

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\5B5F81C77EA4A0D4425E62E3D6F82E571526EBF3

Filesize
34KB

MD5
e640b743b10895271fbabb55a990bae4

SHA1
19369ad907a6c31229741909ae2022e1ab799e7e

SHA256
ff31e2e614556a0abfd98dc25d2f0ff6701a91dd358ec111b4b998a9decaea65

SHA512
5eef090b88af7e77cf3e93067621bbf102a4a423b9d093e3b20d913cf2ec94cfbf801e57255c8a597d1643a2addedaa3d204cf1c09e9fee5d040f7aca3f5a5f5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\643973A72CB665816E627CECAEEAC7166A356FB8

Filesize
19KB

MD5
54b2e028424005f73641dd9890abc624

SHA1
9875f53b2cfbbf606a200e4fa1d19f22445336dc

SHA256
895f8d3588053a060384e5fcf5ff13b3e514c3e958c2cce14fb07b36f37de789

SHA512
8a4066c95b346299e03c24d1d5b52c56ec2e3dcbce4e2b873e7762b72f24b4b96bf87fbd5222366997fff4ae9b5e4ec19aaf87fea834a54e538770e38bb1256d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\6CB8DA195B83F1EE369C11A33C63581DBAD64D6E

Filesize
15KB

MD5
76e5d64fe4540c04ec4e53bac592afc7

SHA1
43a92ee7e78e6cf7948ca0e7bafacbf0f6a36ec3

SHA256
51949e288122e778d0c1cc8f3680b00f501c9b9dc48ff939b44a38cc27b42e8c

SHA512
6a573d9e7b2e7b255c9a07fb3de3d6a5c77d5fd49eefdecbcfebf4832e85f5666bbaa3978a5c84eb1274091728d61cb4292badfa2559eb061ce5d84bfb08f803

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\77F17670A6CFC9F4FF7B438AF400023A40138019

Filesize
42KB

MD5
a3da7e41a4546a2d598140661b113303

SHA1
d91a8694d8ef60ec229c3319ab9f1b976e26f7ac

SHA256
68f2b32d42cbc1ad1c29a2b8fef09797daf03be610ac21b5e406aa644fa07e04

SHA512
1e4bb2229cfb53939603052c693ba04777cfaef2e022ec86211851284cb3224a91feb63ffca1ed1153bf0bf1a9f9146ef41993cd307a61192ecf52a4bbc2eddd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\7F56A44F4D07DDC89426299EC16736604D8DFFF1

Filesize
49KB

MD5
522dde5b2a3084424bfcc84a158195fa

SHA1
9ac2b5255fde3df9c80b403cb1354ae93670525f

SHA256
4bb83cb4d564c870302029e9c6bd696f3f83fd9da0aaa6e2d2af5caa7446c850

SHA512
25beb7c4565879dfc0dfe31fffe0693a640d566e20477f9a0d7f9281b3e750ae2bb3b58d625c1d991c27ab9ed6ca7c2b442cb8a5274ca298906411ff2c56f7ee

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\99D94A175C44DBE35FA74693FC9F1522D4469D97

Filesize
30KB

MD5
3eeb9be9015f2627ef727f423bf867a0

SHA1
f830061ed51db0b68715e0d55c36281c72b5ef91

SHA256
f3856ef30149c98ad6d464a5fbcc267ddd44d60307c79033288ae439ae8c9d48

SHA512
7dd37ba53105915b820a2e5d027c8f821b64f6fc5559b4ffeed6b7948ff0cdc66d323cb209c3164f9b2a3b7a4d730265280bb502a530db8b99f3973eca28225a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\9F53C0FA75BE1673C3831EA10A7714D921F268E8

Filesize
129KB

MD5
6064115deafea3aa1bc747f00b91ba8d

SHA1
c06c3fed396680ca18339aded22dd15af214b0d3

SHA256
fcd2f1f54cf400f9e603af43910ec121dabff6604db4e6b79f3ef85be46dff0c

SHA512
618feb356ccbb97a83350ee494573b36ff2327d76e82d4bb083f90cc4486e880fc8847baccbcbf93bb66c574dc51645f3e52e32878f603ddb3e863128b7f42b5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\BEE5D48767FF1CEF9FF56214E35A935A5DC57102

Filesize
72KB

MD5
e3082bd69762ec5ec40e5b2d70bfa9fc

SHA1
8b10a7f915c47306129252341ea2214bd9bca4eb

SHA256
dcfb626eacb663a839d86c2b5e34d56899b609575f5d4bcb81e46c7d4aa52f29

SHA512
208daa240ca889019b300ee40f034a4a18ad9aff958207c371c1ec045ad32e4a6290b35740d8091522dcdeb4cf8a9d3543c29a03eb48fb8efaf92280fe3bb209

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\EAF17210F28F22D6EBC808C2C1515A0B71A3E8BA

Filesize
17KB

MD5
49e62701b869479f31c416fe982c1568

SHA1
e7523032f6428635922a342b398e6d7061994e54

SHA256
9e6e0b60315bb1a142f6936bc93f6dfef11754279c0c1a38db4d05c1aa961410

SHA512
3177688351f740b02f935ebe956f1c00211dae99d1b4090b1d9488d1c2a6a7033ac248d57db01e17c3d0cecb4bae525c671f7e351667bbe505cb9867ce55ec21

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\F7238E2D6FD33D777BA92C46B87D7C03780BB3E7

Filesize
63KB

MD5
a4dcb2b30b643d6315f61b5c145cd21e

SHA1
28fb5036eaea19d10ee7e71d927c5d3a41b46b28

SHA256
1d0c04090e0919ee5f896979c2798fc69575f571d1d0015cc4b78156950e9913

SHA512
7a8e5505cfc995aaa1cdf4226dd4d120c6681fcf79fecbc41722cdb4a825b021789e711431be7809d8ee916528740cba7c2e1afa80bf7817554b11ca0f81b2e1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\FE8C7ED83AC6A963BAD075961E125BB34AEB7534

Filesize
115KB

MD5
1530bab725e936a03bddf0cae9b90163

SHA1
79b76898cf56beb6d98183f8aa39b976efe049d4

SHA256
5a7e034d62aca2ba7dc7ba612ab92326ba29f5ac053fa15151c80d4ce7542fba

SHA512
e403a7d9f6efd42ec0373f7673acf64c1fb722ff302606afa1c21cb2df353e79b937f42dc98d771e4ed4f971eb8c43eb722fef1964c5aecdd88ba95c0c129c6b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\AlternateServices.bin

Filesize
8KB

MD5
b0eada5de23438e602649d0c4e4f9f9c

SHA1
36d697bf346fc4a298947ad24a13489ef0294ff9

SHA256
f8fbfbcbe5c123e20c5f5485cf5190a1da4ff4f1609680d1f731f18f2a190b02

SHA512
e66d5f43a24644979b1e6e1b0f2c9903d8d28c7cc067aa484180c1c685cfcc8c2e06e1f824bfde90e662e8a1bd22c86988e8ac111832135b2e44540ae42f12d4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
f0dea259cf1efd98d8e240a4e064408d

SHA1
250e9fefbf827b4b1fe0bc5cb0b7c7286abf6757

SHA256
ee8329fd5f9d588f743bc862db14a5b956a239490ca4149674f75243fec95b37

SHA512
dff2ef925ac6e62dcac0368d5a3e47a66f6df58b26c8e8952e3cf90d8ce22348dcce67c05b13ede1c99e4b26caf17204eb618ed6df5845d0f04f8051922f3b66

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
8245ab065a6f2649216bf62fc46b1ca3

SHA1
97555d6fd25b8d6c262535c25e12e8a3b3d841a3

SHA256
2ddc8328f3e8718d23eb7d1e940745a5da0d3d6bda111b30916f6249ea3e93dd

SHA512
4fbe8738357e506349943e1a5400ddb9560255290cb039989855e3720961e02eb99781cd3f05b3c0d6c06c1b6788639a090dba1a310dbdd023072e6b9388878a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
4de9da3dc0be6c8cb099279346e3cc86

SHA1
02a00c7aafd65b16b583292ee9c37e0c143c6c9e

SHA256
15c638b88bb7ed0185e8a346f3f708bafc81aafb8e130ffd2db9b4e12f79c6de

SHA512
f15dbb8aa2c227fd904a1b47802652c63d3a15e8254b27d33a4c64b2ebafc536b859071c11e09fd475f61f335b6983cca41c88473c4ca8e752de11955d6a7428

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
12ff6f4657dc010dfa1004d2faa7df4b

SHA1
543c9cde183912350d9e05263be246da6e235df5

SHA256
7cea05cce611d54e33ac0075a4b944ebf95c9bf785be21103e678f8db616ab0f

SHA512
3673166f4203617fcf16a3f47396d66d82918a7b8392c26b580e621af8349ccb29c03ab4f9f39fe0d0082ee1c4fb0bee46bc3269826ecd9f9f2d4581ea79889e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\pending_pings\193f36c9-24ca-409f-bbfb-fdf36a4efb37

Filesize
982B

MD5
41e88ce6c16fd6b4e59590e3226358bd

SHA1
279851844f39437625443738343132772be77fe7

SHA256
8faf505f9dcc328cc3c15218c56922c596215319ece353a1a10ea6a9a905139b

SHA512
1d07f195f4f0531ef5eae805b8f822c0bc0f6a2c0fe70e16e2c1168a8c2428e6c43b95852934c496fd948c09cc9a43f19a0acad291e64daefac53dcc53da83fe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\pending_pings\358a1c02-6e9a-4c49-a09c-35db8943fee3

Filesize
671B

MD5
a98e5330185d7e747c7bdd048b158103

SHA1
52b8f65558d84582542b0cee9a323633a962178f

SHA256
0b854d700ecd9ecfaea34cf84457c2237b1eb439d86e2444ecc9b1eaad741432

SHA512
418cd911e70f54f5da588baa4a2b03198a061f384014c5b085e723244962d41ce58c06f2cf819e9037e1caee6876a8d7b36c29e4c546b800c62847713536e3e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\pending_pings\44acd80d-5070-49fa-98d1-f3467119c7ea

Filesize
26KB

MD5
dbb7b1e1146c5f83e508fabb9bd7ac44

SHA1
c7b96676e0f538737b48a4f28643979563612128

SHA256
3c338092cebaa13709cc69b11bf3663bb9d0b64383cdb0fa6175efe77937e85f

SHA512
77a06e7ffee1b3cebc7bffe5b8ef5d01f40f14407e7055f630daa14762095286194720bb2a96ace64a1bd65f12651136298e0720badc4813b49a8104dff308a0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\pending_pings\791c5b31-c616-4747-afa0-3586f760aa6b

Filesize
13KB

MD5
c807a232f5e3557423037def399ec735

SHA1
4873d6256815bb06f553d00d8783b9ab145241b9

SHA256
2b08e8756ac884e1fe66b0b5a5948d0370b05a162ae98852c361240539f0a0e8

SHA512
f2261134f64f67b2faa2aac45a812dcbb80fca727a81b0f77a63c1005d8c49490a48dc5a17815a215f804df8a90f8b6458d69865c4520318366ab8fbd0cd53ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\prefs-1.js

Filesize
11KB

MD5
c9e0036d2cb5b1a55de6fcd2297636e0

SHA1
45b179f2afc6aa9e2f76f0343d7da261509b5c91

SHA256
b7b5c21add1a6ab4360c57b858e8408ca6f42f69ac0bc0f69522953091057541

SHA512
56830679aea7f2146cddb531c61af8e90a1cef111e1df7c12f8543ef99ea352bcfd2dfaf292fc2b57bf01260eeebe465428e5e109e7a9af1dcaa7cbfb546aa95

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\prefs-1.js

Filesize
10KB

MD5
6dff540c464b63f689a4b7fab7cd6e31

SHA1
bb6290fe238f4dd543c07bb44511b4f0eda135c8

SHA256
e3d121db3e50b0e7466bce5ac4718fa8d3c8efd6948beb2f6f777f8acee95f85

SHA512
edfb0d5072515b01378c84063026860441490ca34334ed8459b697dc964cd25597e015a2da37b8f1a5f54dbc4b3d4ba6a55e094374b6546fb3ce4d8a484f5553

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\prefs.js

Filesize
11KB

MD5
d236da3a376530c6c1e92187454088d9

SHA1
2c02cde4e5c70abfd279e12dfcdcc7763cbacecb

SHA256
11f7bdf0abbc226fc723930c882378b2bf0c821cf2094898def2b1ca3192558d

SHA512
ddaa5b60e5a9533d8d8fc6c2667f56cc727a228e4a9fdbdbad8dfe83ebe534accb4be9c741665ab54e3b5e740838f770c2ffabca292f4978dab398a35817cf25

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
ef17d3ee49915e02404b86e09a1c0c5b

SHA1
e2b5d43e75b9388e9e620012bf6b74fb4fa669c8

SHA256
856b9744d4c6f2d396c3b407219e462ebb966945e8205890ea20860eb527e9d7

SHA512
3e0ede9779f36c990e1a0e6b8946d272c0af853656f5f92f4bb013a0e8429be27e581eb5e13cfbdff24e4e87a054b98f58fa811fab98a1c7bfd0e139d4364411

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
47132e45d2cf3186cf6fad878fc175be

SHA1
28458177f1a2ba9234974eebef0ee67f555bb128

SHA256
11cc416310e9eaa96513c28405ef731a15441625c70ca86914465515d083c26b

SHA512
099a3e747c7a4308446ac930a812cadf6e5d4d06291ef0fbef9af14ba46071d2428ba3170fc5df605a1d8507a5d2b8073d415ce8609264246306bfe9faedadce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
ff876d13ccee2c059b400ddf11722f22

SHA1
f0cd6997128f9169ee1181b1fbe98c8ae671214a

SHA256
ccab4b98bc00a39004940e472e722ff0aef9561bdad398845fb6967638c7faaf

SHA512
88428d8cfd1e07dd4d654415b2ed40157bae53d6f7ac19bab4132f98d24dbc1d6055d4a8749d035aa579b2448c1d273f0ba2572e22a283e65c16923bbbb1beeb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
376KB

MD5
c8658d528b61ed9929394157042cb3fd

SHA1
2ec7c04b527d7548e99364cc5961a96da9e101bb

SHA256
03a2feab3cb746ef0d084cf56392ac589b2944355bd94797a7eb7953e36b06c6

SHA512
77a751113031620febe193f539f781c49d82fefb158c54c17ea7854dae12f64766edcf5af143ae48848c492c3ecc10372dc9b9865d49b45c7844b0a6ca17efcd

Download Submit
memory/4480-9-0x0000016E79F10000-0x0000016E79F1E000-memory.dmp

Filesize
56KB

Download
memory/4480-7-0x00007FFDD2E40000-0x00007FFDD3901000-memory.dmp

Filesize
10.8MB

Download
memory/4480-6-0x0000016E77950000-0x0000016E77958000-memory.dmp

Filesize
32KB

Download
memory/4480-5-0x00007FFDD2E40000-0x00007FFDD3901000-memory.dmp

Filesize
10.8MB

Download
memory/4480-8-0x0000016E79F40000-0x0000016E79F78000-memory.dmp

Filesize
224KB

Download
memory/4480-4-0x00007FFDD2E40000-0x00007FFDD3901000-memory.dmp

Filesize
10.8MB

Download
memory/4480-3-0x00007FFDD2E40000-0x00007FFDD3901000-memory.dmp

Filesize
10.8MB

Download
memory/4480-2-0x0000016E79960000-0x0000016E79A1A000-memory.dmp

Filesize
744KB

Download
memory/4480-1-0x0000016E75A40000-0x0000016E75A68000-memory.dmp

Filesize
160KB

Download
memory/4480-10-0x00007FFDD2E43000-0x00007FFDD2E45000-memory.dmp

Filesize
8KB

Download
memory/4480-20-0x00007FFDD2E40000-0x00007FFDD3901000-memory.dmp

Filesize
10.8MB

Download
memory/4480-0-0x00007FFDD2E43000-0x00007FFDD2E45000-memory.dmp

Filesize
8KB

Download
memory/4480-1317-0x00007FFDD2E40000-0x00007FFDD3901000-memory.dmp

Filesize
10.8MB

Download