6b01781c1eab825263d48fd257615ec4088fad0563798d282e6343c578b7dd2a

Analysis

max time kernel
461s
max time network
460s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
31-12-2024 21:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Edge Passwords.txt
Size

8KB
MD5

a4f4d5146368f3b15a6d30eaa089cf81
SHA1

bc610aaf7af3f53198f2c84d80ffb8c859659d1b
SHA256

6b01781c1eab825263d48fd257615ec4088fad0563798d282e6343c578b7dd2a
SHA512

7db6784a6b0821375cbe7f4103aa620c2666d4a945bdf5a55b71d4ca04109576f16522a9a7dbcf2f099ed4c2331d4f44ebeb11811152cd110894b2801232d3e8
SSDEEP

192:wFuVrxniyBWqQBWoIziN9BBF1qjNuyzzsgZfLO1oJZbeXypagGHQ2hqK5SjnBpdj:RsgxRzX

Score

7^/10

paypal discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand PAYPAL.
phishing paypal
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeDebugPrivilege	2484	firefox.exe
Token: SeDebugPrivilege	2484	firefox.exe
Token: 33	4732	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4732	AUDIODG.EXE
Token: SeDebugPrivilege	2484	firefox.exe
Token: SeDebugPrivilege	2484	firefox.exe
Token: SeDebugPrivilege	2484	firefox.exe
Token: SeDebugPrivilege	2484	firefox.exe
Token: SeDebugPrivilege	2484	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe

Suspicious use of SetWindowsHookEx 22 IoCs

pid	Process
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe
2484	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4720 wrote to memory of 2484	4720	firefox.exe	92
PID 4720 wrote to memory of 2484	4720	firefox.exe	92
PID 4720 wrote to memory of 2484	4720	firefox.exe	92
PID 4720 wrote to memory of 2484	4720	firefox.exe	92
PID 4720 wrote to memory of 2484	4720	firefox.exe	92
PID 4720 wrote to memory of 2484	4720	firefox.exe	92
PID 4720 wrote to memory of 2484	4720	firefox.exe	92
PID 4720 wrote to memory of 2484	4720	firefox.exe	92
PID 4720 wrote to memory of 2484	4720	firefox.exe	92
PID 4720 wrote to memory of 2484	4720	firefox.exe	92
PID 4720 wrote to memory of 2484	4720	firefox.exe	92
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4632	2484	firefox.exe	93
PID 2484 wrote to memory of 4368	2484	firefox.exe	94
PID 2484 wrote to memory of 4368	2484	firefox.exe	94
PID 2484 wrote to memory of 4368	2484	firefox.exe	94
PID 2484 wrote to memory of 4368	2484	firefox.exe	94
PID 2484 wrote to memory of 4368	2484	firefox.exe	94
PID 2484 wrote to memory of 4368	2484	firefox.exe	94
PID 2484 wrote to memory of 4368	2484	firefox.exe	94
PID 2484 wrote to memory of 4368	2484	firefox.exe	94

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\Edge Passwords.txt"
1⤵
PID:900

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4720
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1912 -parentBuildID 20240401114208 -prefsHandle 1852 -prefMapHandle 1844 -prefsLen 23839 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e04277c-0225-46ef-982b-401c82d904c7} 2484 "\\.\pipe\gecko-crash-server-pipe.2484" gpu
    3⤵
    PID:4632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2368 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9517e57-8f5c-488c-89a9-36d937dc458b} 2484 "\\.\pipe\gecko-crash-server-pipe.2484" socket
    3⤵
    PID:4368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2976 -childID 1 -isForBrowser -prefsHandle 2992 -prefMapHandle 2980 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e64a916c-eaf0-4a6c-a4d6-90fbbb103cd0} 2484 "\\.\pipe\gecko-crash-server-pipe.2484" tab
    3⤵
    PID:4544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4008 -childID 2 -isForBrowser -prefsHandle 4000 -prefMapHandle 3996 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea79ced8-165f-449b-a5f7-110072f03dd8} 2484 "\\.\pipe\gecko-crash-server-pipe.2484" tab
    3⤵
    PID:952
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4896 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4852 -prefMapHandle 4836 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ea948f6-b1da-4080-8f1c-2f2cc9f8e164} 2484 "\\.\pipe\gecko-crash-server-pipe.2484" utility
    3⤵
    - Checks processor information in registry
    PID:2116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5260 -childID 3 -isForBrowser -prefsHandle 5256 -prefMapHandle 5252 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ff7485d-dfb8-49c4-bd44-9de0f94f4145} 2484 "\\.\pipe\gecko-crash-server-pipe.2484" tab
    3⤵
    PID:5468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5380 -childID 4 -isForBrowser -prefsHandle 5428 -prefMapHandle 5436 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2ab75d5-7009-46e2-9fa9-526d61f73f2d} 2484 "\\.\pipe\gecko-crash-server-pipe.2484" tab
    3⤵
    PID:5496
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5596 -childID 5 -isForBrowser -prefsHandle 5608 -prefMapHandle 5616 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {796d9e31-03ec-42aa-89c6-c6bd9a501c17} 2484 "\\.\pipe\gecko-crash-server-pipe.2484" tab
    3⤵
    PID:5508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3184 -childID 6 -isForBrowser -prefsHandle 3136 -prefMapHandle 3148 -prefsLen 27023 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6720bd21-94f3-477f-a6b7-ea2557becfa4} 2484 "\\.\pipe\gecko-crash-server-pipe.2484" tab
    3⤵
    PID:6136
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6064 -childID 7 -isForBrowser -prefsHandle 5556 -prefMapHandle 5572 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {306c666f-7f17-430c-ab28-2af71a03f653} 2484 "\\.\pipe\gecko-crash-server-pipe.2484" tab
    3⤵
    PID:4968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5144 -childID 8 -isForBrowser -prefsHandle 5136 -prefMapHandle 5128 -prefsLen 27612 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbc5044c-99ee-4ba3-989a-b58b55fee815} 2484 "\\.\pipe\gecko-crash-server-pipe.2484" tab
    3⤵
    PID:5428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6456 -childID 9 -isForBrowser -prefsHandle 1448 -prefMapHandle 1560 -prefsLen 27823 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b01ffc36-c14e-4f46-b76b-ad92559e67cc} 2484 "\\.\pipe\gecko-crash-server-pipe.2484" tab
    3⤵
    PID:3248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6640 -childID 10 -isForBrowser -prefsHandle 6636 -prefMapHandle 4816 -prefsLen 27823 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {629bdfb7-594c-44e2-8e8c-133ac4a1ec3d} 2484 "\\.\pipe\gecko-crash-server-pipe.2484" tab
    3⤵
    PID:3804
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6604 -parentBuildID 20240401114208 -prefsHandle 1828 -prefMapHandle 5504 -prefsLen 34013 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3424cfbf-297e-462b-96cf-8a633fe16bac} 2484 "\\.\pipe\gecko-crash-server-pipe.2484" rdd
    3⤵
    PID:5124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2972 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6764 -prefMapHandle 6760 -prefsLen 34013 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5672a322-e25a-4447-bb89-48839d04dfc4} 2484 "\\.\pipe\gecko-crash-server-pipe.2484" utility
    3⤵
    - Checks processor information in registry
    PID:5216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5756 -childID 11 -isForBrowser -prefsHandle 5392 -prefMapHandle 5808 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91406052-b946-40d5-a676-a8c06bf6c9cc} 2484 "\\.\pipe\gecko-crash-server-pipe.2484" tab
    3⤵
    PID:1152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5584 -childID 12 -isForBrowser -prefsHandle 5748 -prefMapHandle 5560 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f55cc9af-deff-4c96-b30c-9f37629be788} 2484 "\\.\pipe\gecko-crash-server-pipe.2484" tab
    3⤵
    PID:3720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7532 -childID 13 -isForBrowser -prefsHandle 7508 -prefMapHandle 7520 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60c1eda0-cce8-4df7-b5ff-40b3d1b153ec} 2484 "\\.\pipe\gecko-crash-server-pipe.2484" tab
    3⤵
    PID:2952
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5992 -childID 14 -isForBrowser -prefsHandle 6484 -prefMapHandle 5460 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {48cb5e01-57f5-4632-a6da-0c71c5d27ae4} 2484 "\\.\pipe\gecko-crash-server-pipe.2484" tab
    3⤵
    PID:6008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5544 -childID 15 -isForBrowser -prefsHandle 7780 -prefMapHandle 7804 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {594fc6b6-48f2-4e83-a2fa-5783f0b664f6} 2484 "\\.\pipe\gecko-crash-server-pipe.2484" tab
    3⤵
    PID:5164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5304 -childID 16 -isForBrowser -prefsHandle 5376 -prefMapHandle 5352 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {31a2ae72-1a34-4e63-bc06-7879ebf4372e} 2484 "\\.\pipe\gecko-crash-server-pipe.2484" tab
    3⤵
    PID:5648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8104 -childID 17 -isForBrowser -prefsHandle 6424 -prefMapHandle 5576 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a36825f4-4c5f-4882-958a-d1dfc5abbdad} 2484 "\\.\pipe\gecko-crash-server-pipe.2484" tab
    3⤵
    PID:5556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3176 -childID 18 -isForBrowser -prefsHandle 7540 -prefMapHandle 7668 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da7f2ad7-2c41-4f7a-8a57-08860b0a6460} 2484 "\\.\pipe\gecko-crash-server-pipe.2484" tab
    3⤵
    PID:5932
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5684 -childID 19 -isForBrowser -prefsHandle 7384 -prefMapHandle 6580 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca6f10a6-4b52-4022-92ce-704a7908c116} 2484 "\\.\pipe\gecko-crash-server-pipe.2484" tab
    3⤵
    PID:5520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7644 -childID 20 -isForBrowser -prefsHandle 5548 -prefMapHandle 5280 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {174affab-b465-42a2-a99b-bf40d614a045} 2484 "\\.\pipe\gecko-crash-server-pipe.2484" tab
    3⤵
    PID:3124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7476 -childID 21 -isForBrowser -prefsHandle 5828 -prefMapHandle 5168 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b3517f7-2f4f-4513-aca3-0f17a78376b4} 2484 "\\.\pipe\gecko-crash-server-pipe.2484" tab
    3⤵
    PID:3248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1560 -childID 22 -isForBrowser -prefsHandle 6400 -prefMapHandle 5600 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {164a603a-789a-494c-812d-2ddda737ef62} 2484 "\\.\pipe\gecko-crash-server-pipe.2484" tab
    3⤵
    PID:1824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5168 -childID 23 -isForBrowser -prefsHandle 4808 -prefMapHandle 4804 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3b2a0e7-200a-484e-8209-c3e911e968d3} 2484 "\\.\pipe\gecko-crash-server-pipe.2484" tab
    3⤵
    PID:2952
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8028 -childID 24 -isForBrowser -prefsHandle 7504 -prefMapHandle 7872 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d71ce8cf-18c2-40dd-ac88-20e43fc5801e} 2484 "\\.\pipe\gecko-crash-server-pipe.2484" tab
    3⤵
    PID:5484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4748 -childID 25 -isForBrowser -prefsHandle 8060 -prefMapHandle 5992 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12a7b17a-3fd5-41f8-8535-686cc714865d} 2484 "\\.\pipe\gecko-crash-server-pipe.2484" tab
    3⤵
    PID:4716
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7684 -childID 26 -isForBrowser -prefsHandle 7936 -prefMapHandle 7956 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d84c9da4-c95c-41e7-a783-abf3efa98659} 2484 "\\.\pipe\gecko-crash-server-pipe.2484" tab
    3⤵
    PID:4832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7520 -childID 27 -isForBrowser -prefsHandle 1632 -prefMapHandle 5736 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcbf349f-2b88-439e-8dfb-7b7496ae3aa3} 2484 "\\.\pipe\gecko-crash-server-pipe.2484" tab
    3⤵
    PID:5004

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x338 0x2ec
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\activity-stream.discovery_stream.json

Filesize
22KB

MD5
f33c304b2d075a58aeef06b0afadd6ee

SHA1
25e34624b42d2267aa3f96f9ba029f790d834b59

SHA256
921ccf8093ccae39cf62eef31adb25fb557fde2d4023dacad66d9f1e3c99da94

SHA512
ad1040c11c9f71292fae641545c6d8aa0812c6ef429525af8b7f206dd34fe2aaa6abcb35927c25489d140a62aba7d4c9e306b718bd1ffb976c7d13780b6a3904

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\030DFD0F746658E278427C0F3D6BC1575C6EBC51

Filesize
49KB

MD5
a4116ccb67b92b98fa05f418515baf89

SHA1
7fcc1c1a9b8672d19babc2c913ab8c5b645f9238

SHA256
faf20e697086387abad55b235e3203172a46df1f596fa5d3534e08ec6cd5f9be

SHA512
9b6e0229912e5aee1e919ec41db5ec6a89b4f8e21ef41cb6fce982b6df8b7e1c6cce06c8817a3e9764159d9ca421cd121d1e0e71867e5ab9f827b68cd3863ead

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\1D21E89161235DF3481BB494D9BC994BD8DFC6F3

Filesize
55KB

MD5
5d5bf47bd10f08fd6ca4578acb9ff296

SHA1
ff999ec90fddd21370e00e5ef8a8ab8c89ee64e4

SHA256
2ae48dc7b19fe6f22140f1b942f46b21cf08ba461218eefb97bc7de18679f1be

SHA512
69c986f95e9eea1311c7b7524a19be9f19bdd208cfdfa9dabfb7e5adb70daa14128701210bce7b7d3ee8085f206d602fca669b37f3a7c456c47f91f5466fa2d1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\3C433C4AF3542EB631954A5F82E0CEAF94A67891

Filesize
41KB

MD5
fbaa2fc8285594c3c798ddf787920570

SHA1
949919d51ac1f10bc2d3382b42ed8205f1a12ff9

SHA256
177826dda993b4218f574e2b7d6bacc6b03fcef38462aa632c0c4ac93302bb95

SHA512
220375d89a01509200048d30e0f433c01994554bb38df9ed36dd927844f4d12d0d7b130cdf3fcdd1a058b107aa218ba25907e79719b6f729dd935bec6a12c1fa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\459BD7A0EF35435F1C4F52EDA995734132D22E43

Filesize
21KB

MD5
d86b50ca6aced4098b8f823d011218e5

SHA1
ca3f48c2d433174b780384f1ef04671f0adae546

SHA256
53b588dd71e2a178e88f1b85134dc7761a89d138268d0ff8e73ce6aeb516f390

SHA512
061165ddc80ba6141e6a29687fc2a298743bb14b8322a3d8dad8ddce86fbc8536e82037f76731629fec58afa5e17d80c566bd33a8c955ca8ec21d6d36f2f0107

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\75C9119CC39F8CF25DEB984372A43FD86284E235

Filesize
47KB

MD5
f3b59165c72690053c6adea566fc828f

SHA1
7e03654bd8e622b22468eca64ae1e2384d51dee9

SHA256
e1ea075d2d885aadbe722bceb5c50bdb77f643c6d926371fe1d1c47223a6475c

SHA512
7cf6227d8257e691cd1b16bfd58ae753ea4e9fa34b336968efca2225223a1ea336f8b9c1756db472682b72ea65c9c6d87841d226fe43e1fc047c7e41e4a8f59c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\A4E673B8FAAA0E7D4B647CDD8FC98918B66F3847

Filesize
797KB

MD5
f48ab1febf5093a5f87b9726600c462e

SHA1
42552e201c185970b50d146099b87d050354c2b1

SHA256
16b1afc9d8e36f9be41ae3fffd5a5f80d87e423dcfe07a4c554002bc42854dfd

SHA512
5864ae587ac5c4cd97346e82481a49b2f48e849ce335cd9a36e957f2c31c226c8603c3dace3577408301f0da8717d8276407fa6cbdd721bfc7e058fa06672d6e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\AD700845F05F37DADBF2C6CA3DDE5D0A94DE11AE

Filesize
224KB

MD5
e3bb5aecc9817b55e57a193a58b64cf0

SHA1
d45e7b7884dd18808587c85ec86bd2083bb0cf5a

SHA256
3f5f40f843f3d690b4bef64e219a8d255394d40ef48ca47e39ab977b6e3af9df

SHA512
6585365f334d61973a3b93b492c9525ed1ffa2445c01fcb836e25d24f8abbdce5086a1f29e99e88b646676ceafd3ff23b5f7f190ba0adba077580e4d3ba56eb8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\AD9E6B0471EAA2348398AC481E2F0E7282434BDF

Filesize
23KB

MD5
2eea8cb262cd4e1869855efcdf721c3f

SHA1
802d091aa8e05b5733c1944988be5ebcd302b149

SHA256
5788fb9a9daae59d43a6bee76e4ce370273d5218c629acc017814f0e9c9231e4

SHA512
7ef336521d16a1669057da61f433e7c15156efcbd89e891bb82eb743dd3e50a54ee6b0f104e01077f9aa181d5ca2ee6964ea93a3a3ee0d50b80525bbdc518dc2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\B8B51E7A6321BA4480748933F2730D657AD2921A

Filesize
867KB

MD5
2dd9dcdabcb1a8c475e10f0d76981cca

SHA1
79c8861249afb1fbfe7ddfa47a19f3313d491d42

SHA256
9a306c77eb1b3597bc3d1d95d69c532b0b9d8ffbb21e2219a187e0ae4287f2c6

SHA512
b9890f6d2e2352a05d3f8010e8e9ca232f316a11283d84171037de47fc26dd793cc4dc366ec8100c65bad5b9c950f5d650a579bd655adf9171314eb79fbfc4f4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\CBB8F17B1342C9EBED79FE2DB6B6FE241DE281FA

Filesize
24KB

MD5
25fc23fe036b952269947312643ea93a

SHA1
9503d7a8a12d29bd33658f684c22b4060bc850be

SHA256
d25320e65999a892be07142d17092a7cc8f813e21bd4737a284a1c42b3c10286

SHA512
79ecd732d493fad3d218685aa705c2c7ab7346da0f557f68fc71d1a1a36b16ab056b6c6ed516f4e13fc699096556fc2b06ef9923ff3f38535df7d089031bb942

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\jumpListCache\v8BrozhWCLV7RAHOlTa5BN1VvifA6zofB_4Oo8emFLY=.ico

Filesize
569B

MD5
21d2c87aed77d9d8719c7e8f7f2b9311

SHA1
d003a6ef14633b9a439f48107e63faa7a1f6ca36

SHA256
a905726cf7ab788eba061ef077bfa23d5690eeb29992ebf9079a1e9d2864dca7

SHA512
a1ab923106b9a5aa099a0a2d985ffe879c71b157eb5a40d457fb851c9a73be57655b2034344bb0d16a7e4a172cfe53edaf2732788ecbfc844aa48abca2c83b79

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
22KB

MD5
1246c362adb550bd78227f11dd5971a0

SHA1
702aa84be605af1f9bdbab688d59e066220a4528

SHA256
51e0328761108ce8b4c8ce27fd0f3f9d50112198bf38a22527f667ba18053fe0

SHA512
72782c226f6df388dd60fd24872837ba8bf562ccb79395ff26f9779d24d57d3212633806481d68dd02b7d2f407f2663afc28c13cb91b3fafa20e9fc6ab3dd3c9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
14KB

MD5
413a7bf9a468848dc76b23dd4b470efa

SHA1
3555a0ed69769cde617a2450adb0816f79012f0c

SHA256
d8d90a723b4ad07ba350b75ced3998a4f62c12370f5828249d65b8c3e872f811

SHA512
4c731385c9346f241e36499f894badbb1756fb6858449eb91c8c5d57a309a16de4ee017ea2fd6efea42781a627fef8c611c1901819b1cba401e8d0f198c28196

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
21KB

MD5
c3ce807d9d1429685fa401e1868452d5

SHA1
f294168f133fbcfd1efe50a19cbf22a9af57bc8a

SHA256
90e9b827c5d8e48aa82f288a64bb57b92c933a2b3b3c8eff87cc617e9613d943

SHA512
32d162af9e3a28a25e3756b92dd1e1baeec5c64b6bb6c5c984d43f9ac9b89b2edd99ca631476c9ac0b118d15e203c3c67406d89fce332d7a42dfc2f334807cfe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\AlternateServices.bin

Filesize
8KB

MD5
42ae3fb51ab7615988ca3d439b4a44ad

SHA1
13943bc25f31bb375ff50a5a2c92babd50d9109c

SHA256
3e7b935a8d02b91d29555bec69c8ed2b7603e190d1dda2ecf902877a113ef309

SHA512
8a2f338f6634cd4b4f023dbee79eded1fbfbb4e273250068fa250690e33e3409b9c7d15b20e0fa707d97a5a952c970222051fd31543ca940fa4e3856d099459b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\AlternateServices.bin

Filesize
11KB

MD5
4ec0e12c64eedce3701ae317bc2e1c77

SHA1
2995dc228c42973d099abf04d9d50261400f8b81

SHA256
da53c9e18bd78bf7ed79ecaed539c18a84c8bd517f0e41b5edcd5d724855cf5b

SHA512
b9e3146f1e1a1f984c548d1a7196f04dcd3cf7fa0c75d3d353f35c41669df0e5e698e47c640019b12de7f7c74f9fc5d0908abc3bb870fa76a5552ab3ad803345

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\SiteSecurityServiceState.bin

Filesize
5KB

MD5
6f42b8d25d77fcdb792539fa65eab0b2

SHA1
bcb8f29f161ff679b3b3048b31d7e681fde640fb

SHA256
6d662c05da584807076afd928f86ea7c5c265c4908d251776d413256ca93d8d6

SHA512
3bb8e6674d8e9f788fdfd3d9b983e32451e8a283ebd6378bdaea7e713e1168dc45421a19ef34764ae5b531e8fa6100de822d34defc2db233c344f09a49d01f46

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
96080a4459b8427c72c31ee1473eee6a

SHA1
d1a354afc4acf54439bf967e3afa65d7d359cfcb

SHA256
7b13ad24c9f402280757951f3ed3e7be4b73ef1025e4e172f2b41c3c2bf5a65c

SHA512
5d7cb495f13f3e39f5905e598e962aaedf00263fd81cf6f51f76d0d86b898f147b69ac8ee383ceb4d74febfc8cdc7307dae1ec71d0cbe20f40823ad440f1b4cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
74a1ce7c2a92d64ecd98f8ea0fca5e9e

SHA1
45f06aa80dc50dc5acfefdf6778fefbb8747b742

SHA256
f9250b437f26e3ee3c95b4f45ef1d0ba3c45cc19c738f642fcdeeb31f8e4726e

SHA512
f00a9943ccb55ac1ff3827b9a0b6d73ccdea02c055af96102548b1718f961422ba617b629b91e98eb934ad72fd9e242267ea163c10c77def8350c0d81c108db3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\datareporting\glean\db\data.safe.tmp

Filesize
111KB

MD5
b1bf9fb24cbcda4c72cdce58c25a2ef5

SHA1
8549c43af0923c075a51ceb91f0d426407e71d11

SHA256
89cd56f8c9b92cafc30994b5266eff9deececb62d9e9ba810c2650e88c2ffd5f

SHA512
f207290547e8085b42d40dbf46722a6c87d6d7074c6f8f1f708c2d89fcda5638d686bf561b046299ada0ab2415f62bdb065e19765202bb990ba2efb0ebcd1999

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\datareporting\glean\db\data.safe.tmp

Filesize
111KB

MD5
44919aa9565ec904c7a7454224517b93

SHA1
32328fa0e816d8a12c3dc7cffabc82d0be004d8b

SHA256
21adf755a99195cd8369c8114f2743c673dd60c3cf01b2ea7c53d285584da60c

SHA512
9ec172e16d2a3a16483dae39fdcc625f940334de5a720f6839b502107f3a5b4a1c5fc4fa480a17c202700e7ed1064f14ec1295c50a79a9d4dabd26082a9324dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\datareporting\glean\pending_pings\36fe4f11-8b25-440d-ac7f-769c4d2c8934

Filesize
671B

MD5
0318f97dbee1d385dd664c697e6ba01c

SHA1
a67acc978af6ecfb346dc62973db3ec61cb72587

SHA256
e0866cfbfbbc78f74efaafc6ed44cff6eb93535db62ef0d03e0e944de3e37cb5

SHA512
45e4ee7a3f32af8c6e170629380d51aa1fec6ab443a558432b89fa1eb122cbdc5e84f6a3fcdacf66e3e0f7cb6c2effeab249597cead80dec24dc2ef4850dcb95

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\datareporting\glean\pending_pings\5aab1249-680e-47ea-a94c-24ec58f11519

Filesize
982B

MD5
8241c83ab7341d2d1cafbd78d473d4a2

SHA1
9a0ad031424449d04dc5d48336c61c5a0132ec36

SHA256
4855389f9c785435b7e5c313e17b085fec04ceb6d775aaf1aca52d79d10acd3f

SHA512
74acbf7dc593c87a0c8b5f2a3cee3b54ffb33956bc8e02cf9bf19ab324de7d788ffb8bccdcf1f57584751f2ebae71d412350edcae7e0404ee5afe3f1e71f2f6f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\datareporting\glean\pending_pings\a07505d3-ce0c-4961-94ba-a1e5246aa6e6

Filesize
25KB

MD5
184e3305d10b775ca6d6b8df30ee03a1

SHA1
79bd2a7804d7f9af722967de09088df58f9b7c90

SHA256
6a8041207b78f3583842848b82b92a5cb377932542b438dde178e407847b2636

SHA512
120e29f50e0ed5e4001ecabe2addf537ebb17746f9fe438204ee16024d81ec820aa0f829d2a6d8d304d6b5119b6a479b5a4b6b49c315fef354efacf7ac2aedec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\prefs-1.js

Filesize
10KB

MD5
78af261e92bb41ad7df49881eb151400

SHA1
ed5ba898df566c66ebd93cd8b29fc7dee386f124

SHA256
825c991db43dcb4aafd1bad9b8304f36b10d995cecff7ec4f7a6e4a8d5cfe74f

SHA512
a22266764b5f599f265d4f2ef3ac4997456e2295b02ef4c3654e01655317fca0b98ce85460f672396b7c4d5ace48b419f0e59d8767b081fdb3d467f89855a936

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\prefs-1.js

Filesize
10KB

MD5
d73cc6d7bec1e68f21d19b5415122a1c

SHA1
789c43975ac58574d9b9f19cd34741e923c7a396

SHA256
4dd9cf1790b9bbafe37b1109027832b77de0440af77b630d145e1a66d29daeca

SHA512
50ad31745776ecab07e98bbf24441b526f8514d5d238f72e530930f296c5aa6ecd9879e3ce7bcc3aa20897c6fa86f995209e46cec81b80ef98e5559a90b54e7d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
aeb8b2095da61ac55b17c8ae0412bfdf

SHA1
b2f040e915517179978abf03e7ce211a7a17ddb1

SHA256
9838544a58a553777f11fd6873c5bcf3fd213db512747800630c378a1e2d856b

SHA512
629db13986ed185a60e278d8b8ed384c55b2ab0a4e0875192dcca7a83e8be4de119e33eba4cd3a1946f4071b5cdd5841c49d745e1d4d25f7e50b5fddb0a60bfc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
f0c71f22ab8c21339c83d1f98da97d3a

SHA1
794881a9e9b457cc18ee289da516666395da06f5

SHA256
fa8b40563f8d90a6d847dda4c92392b451ac65d3420b1a73d4ff53cf1e4188ef

SHA512
6bae95cda33d00a5356f54c7116bf09ea25588ff61452b255ec2fdc5bad1c9e5a41e396c5ccfff1ab12d6bff6a9f3ddc77419351ef8a69df28c46dd00390738a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
e00257f3dad31bee22654957bd069349

SHA1
965d02b49224f3a9643cd1d48dde6fef331c146a

SHA256
a0ef1c974405d7f341aab5f347665bb7b7d385edb8e6d8dea09b70df7140a558

SHA512
81d5f69d65698fed58b0fbb8e17a8ed0d5404ef08c123a581a6ed603504a1b8ad76c9a9b1e0047791ae304e6b2e298e8f57df8092f64a6ada69af245271ed4f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\sessionstore-backups\recovery.baklz4

Filesize
8KB

MD5
c7addca89caf604e27616ab33fd05520

SHA1
f4a39b7d18ee105ba53812127a9ca0df313a5be0

SHA256
f0d45735dd2489e88abcd3db0bb0ebca72d202b4a81fc094b73c165047124a51

SHA512
c8ccf18e63d8c1e576b635fb0eb08c0c9005a3cabddd1d8c5f26268177ef66ea69a74a09e75d207892014355be9fdfe456bbd1157f89b0c43372359c9fdfd359

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\sessionstore-backups\recovery.baklz4

Filesize
12KB

MD5
76ab599513cf9dbaf795d8f3d0de1d0b

SHA1
e3e1f48b732e92363332933719374d715c79af85

SHA256
672f3bc6afa6154c497979f5f4edf5b1dc781a4ec59c00ebb470e02780b6a1d4

SHA512
17be6d0825e628f992d77df83d87195deafc0e9dd2ae3ff7dbf84ab70d0f7bd02a6b8a17446f8ae5e83f148e9f4f4967e71452b8bcbf5921f2babf342f3d3d2a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\sessionstore-backups\recovery.baklz4

Filesize
12KB

MD5
35366a2e412c22772bbbd5ce109a7fe0

SHA1
578cae5adec455dd475264c119eeb88e9d117876

SHA256
5f90d2bf6e52fd7b63b15059039b84c33bfa03435e3a5fb7a54cef0f04416e16

SHA512
e73dfc8c75c2db84b1b458b6a7fc65b337dfba70eb0e3c60115513a365f437a1f0fbedf2688fd9c39ca04130a956ca329c6f88404b7a6d0e5b40fd716a4c2f53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\sessionstore-backups\recovery.baklz4

Filesize
12KB

MD5
2ee23c7d5cd143231d95c14236f83164

SHA1
c22b59b3388e54e730b1bc212b2f4b06c0f2d280

SHA256
8acff4923c44f6b9fb8578bffa94522a9559324b10a26ef35652bd829a283bcb

SHA512
39178c71ce810612cfc5af3875670365451e31496171c6d3c1e0f225076036c90174748f78f947248ed1e20cec6b3ef43d927a7842b438673c533cc43d4a3f56

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
9763bed07f127ed01349ca6b6c336d6b

SHA1
1a1d6f4ea09c6742e6053a81b3237181b7b7d5c2

SHA256
a0059a53da639d2a4594abdfc1f36b3543d05c40008531380f44b18e5f364efd

SHA512
c09e1dae1fc0bc988962e2f7943bae6021d38fb6859b976b01095faf886351653585eafff9f41f46a38655c3f0c60f3132f2ebb4a853a2ae552c9668c20a564a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\sessionstore-backups\recovery.baklz4

Filesize
15KB

MD5
d3a5b878b2b8249b0af3c00728de73f6

SHA1
d9909569a8471a3a353a5e8be3f421a4c0976cd6

SHA256
a0c69bb9f6bd4b4ad9302594fcb3be650bb1c76208a57565ae89361a899f04f7

SHA512
1fcfb37548497399e86598fc2f8f05c8dbb47ccadfa9a5fb4c6d6138092bfe78504ba27d944bdc6f86f8c4c82a4a40545f0537a16d3ac847669f6151b1cc1dad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\sessionstore-backups\recovery.baklz4

Filesize
23KB

MD5
bfa7a1007911ea9a0a25e3d3f83ec086

SHA1
025aa6acb597674bd8607ef4967003b09cd68d40

SHA256
03dd1554d6f885a7aaf4679c12dd1681c6790de186240b57e5d190ac69d435f5

SHA512
2675fbc97829840a4fba01da1dd8be07936961c093c7bf9f5d154418a4a6c59f8c282d408101701ee0bc44edb671ddff7a0666f5b6dd350d40fedd4351d5304a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\sessionstore-backups\recovery.baklz4

Filesize
26KB

MD5
a56c793f7d573902067bbdca71d59bd3

SHA1
ec8c381b7d4bd23d6e02bdf9c377b2da0cbd8455

SHA256
a4e54b8a99312a6f51f8fbb56e71b62315b76d84d73313488fecdac21498d5e4

SHA512
2b76429397b9c2be8768cc2ba335aadd82765cb3e5d4ebfda648882ef0db5fda522ffcd5c2cc8b1b6814099317cca1c1e9ec85ab8eb1705ac4e98b2b919afa13

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
16082b1f7045f5dd06d6d84c90744e9c

SHA1
ca3d6454a8499471f4e5383b9c50dad7d2f3533f

SHA256
7ad4a90adc4f40e15d9f4934414f4c60f990b471104a9469c27557c8155adf3b

SHA512
c036f55e69724df9cb9174d538bc7f74192c5646ca2f6eeb6bce3bfd3a664e8394cad5d8e72a1c6505fce7eca444384a65f45723aa44994ab553e2a1a609dbc7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
05613c022c492b5d736cb60db55f3e25

SHA1
02ccbb3e5bf27b7a7596179da87ad304e90d7f37

SHA256
63b33b230621d2c8a29c6d247c981d079a7a9fb3629821ea485274ed918a4a17

SHA512
c1ed6f80cc42ae84acc40aba5ccbd6bd4f8e128c2295b7a1162f0164e2d4203ed45a74bf1001b1d9abe0377251d423a9b493e40706055a63fe838db86876e479

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\sessionstore-backups\recovery.baklz4

Filesize
78KB

MD5
747a0305399563e37e2784f1f8a5770c

SHA1
c71d8facbd04548f27b3eec1efb8282a1b4f0a58

SHA256
1f67f68f84806ef17ffefa33cd439a95f02e3ae3a814dcd4a3c1d6dd5c876d9b

SHA512
45881d1ceaa2e9b3cf290ffcac3ad6dcca3f3f3329c83f1b43f11fd0bdd059b4fcdee360c0ed62a00c167e5277aa21d4a00e4d453e9db97d533a92dc769007ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
00fc1a3a1990dd1942e2a706b94c6683

SHA1
a9dbc7f220deec314bf70bf0f1ab3b9addda94fb

SHA256
4633f792a97926d9d90a557375ead89c528ed232556092d555b93fb3965d24ab

SHA512
99224f791f73f0c692c86f9f4e86759db92688a2f4fa30dbaf17b245ae93001955af8a610a0833d981eec5e5b6bd6d754ca036dfe4d589e7930baac139406d8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\sessionstore-backups\recovery.baklz4

Filesize
12KB

MD5
61efba44eca3cfc1e4533d9870872950

SHA1
5de211438ca5180f6dcdfbc648c3832549ed7299

SHA256
684db429be791e12566fcd27e3dc4dd3faf0496134ec3b7f977a51ca3e20b686

SHA512
67b351a4401cae235c3b317ba7d1658cb458b19f376328ca1dc0310e318958c0f52a4491b782b42f5b1b25a93a5d9b10777d9cc5a301afa0ea9172e509ca3268

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\sessionstore-backups\recovery.baklz4

Filesize
12KB

MD5
435bf6d7962ea87a9a37bc547e582092

SHA1
7ea7afb8d6433ab5be4b8266a4dcf4137be8d4f7

SHA256
982d8214d82c57e2acd973f86e4cd03f54fc932af5c1c93f1d7de759596fd836

SHA512
1bdde9cc053a1d8a7984416ca885747a7d45b52fca52e51293a15813e13cc790ff44e235751f85f143bca77b70426bf9b079f01f199ce5ea951ae39c11808676

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
67f90583c832d4b26a66b05e97e7ee06

SHA1
cee9f188e771b6280de342242cbce4259753c037

SHA256
5ea8e3c9434fccfdb951325fce09563e4b646d31224fd69ca461db7244e846e2

SHA512
a83c071e86a72015c1ed270f39bfd761e607c23eec02b99842ee93b0ad0d236f6845083eff0628e910357143b8633221644bfb3a9d857851fbce7517ef1b6192

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\sessionstore-backups\recovery.baklz4

Filesize
13KB

MD5
b064637708999295a9792c4381ed8bdd

SHA1
3f208b00c8b8ab658b31e16a4792ef6106d2035b

SHA256
6d841fcd53b355c49c718206e8df9f439c8be1d2b33b0817ad7006b5208b609c

SHA512
fff7b1f1e841f29da69795922b30ff01a7c2295b406fb80a1805ef66765f08d7952b83b43d7c79151496c8c0c751c095185f28cf83c91bd3b45e400e753d045b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\sessionstore-backups\recovery.baklz4

Filesize
23KB

MD5
28193a834fbf852781d23f6cb7a9dcb7

SHA1
fc7ec998eba913a6c65cae64e937332681142616

SHA256
567c1a59bd7b52cbfdfd393afe80037db6117f4154eecb88bf1d0fb59e16f6d3

SHA512
36b5749f2ef7416a64fd0d83be6a8ea8d5076f0645b23a4e8a2569651213f173ca5587e0e721e5bcdee473864fea9d15e243185ab19b54958bb19a6162d3c58d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\sessionstore-backups\recovery.baklz4

Filesize
24KB

MD5
ef759683cf2062eadfe9860fba47a1c5

SHA1
559162f320194f14584853fb05f5adff95c3bea3

SHA256
b44b0848d9e92a7218050129540e3c377bcf228c078e9a72a01767818ce5507c

SHA512
ea5093ab4e71399e00c29cf7c384f2b19750ebfece3b85f9dfa29802508291ac7ed12587be8e088103010729b88ae96c7fa50f42c1ad7c70753337e64af6f092

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\storage\default\https+++www.paypal.com\idb\4100838883aPumzBMxEmtC58Mn.sqlite

Filesize
48KB

MD5
3c0f4a3b7c40c10bba6db3ac2dd7a39d

SHA1
f7f34653f0136075c19829a4549874b04cee1bd6

SHA256
08acd4c1a755fcfff443ac72cdab99eabbd79e54880902dcc1c045dd6f7ea39a

SHA512
ec3337fad45a58fb05e455beff8435bccce50dfb3fde96af86724362dfcbaac9a7074d613f12a1523f23f2dc01283388bb178438653363dc76ac9951ed7b5f20

Download Submit