f0138c69713ed2807308428fa548c2fb7c3477f1f627f75c7cd7c4cda1c95b74

Analysis

max time kernel
142s
max time network
150s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
04-01-2025 20:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sigma boy.txt
Size

9B
MD5

da798c933c57b3035e79c562907dd961
SHA1

26e9cfcc21d137d71708463af01e32e2962d4ec5
SHA256

f0138c69713ed2807308428fa548c2fb7c3477f1f627f75c7cd7c4cda1c95b74
SHA512

2cd7f6eb05f03a4a8924facdf8542e1da515a25910639033787a47491a403b0c058685f04b0c178cc43ace29f5c1c87499b31dff96f8134cec0f5753e283d6d9

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\bd659422-f3ae-4e1f-b4b0-6e228000ed7b.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250104204546.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2062871678-1047416116-518495306-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1192	msedge.exe
1192	msedge.exe
2456	msedge.exe
2456	msedge.exe
2968	identity_helper.exe
2968	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2588	firefox.exe
Token: SeDebugPrivilege	2588	firefox.exe

Suspicious use of FindShellTrayWindow 23 IoCs

pid	Process
2456	msedge.exe
2456	msedge.exe
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe
2588	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2456 wrote to memory of 4316	2456	msedge.exe	93
PID 2456 wrote to memory of 4316	2456	msedge.exe	93
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 3340	2456	msedge.exe	94
PID 2456 wrote to memory of 1192	2456	msedge.exe	95
PID 2456 wrote to memory of 1192	2456	msedge.exe	95
PID 2456 wrote to memory of 2512	2456	msedge.exe	96
PID 2456 wrote to memory of 2512	2456	msedge.exe	96
PID 2456 wrote to memory of 2512	2456	msedge.exe	96
PID 2456 wrote to memory of 2512	2456	msedge.exe	96
PID 2456 wrote to memory of 2512	2456	msedge.exe	96
PID 2456 wrote to memory of 2512	2456	msedge.exe	96
PID 2456 wrote to memory of 2512	2456	msedge.exe	96
PID 2456 wrote to memory of 2512	2456	msedge.exe	96
PID 2456 wrote to memory of 2512	2456	msedge.exe	96
PID 2456 wrote to memory of 2512	2456	msedge.exe	96
PID 2456 wrote to memory of 2512	2456	msedge.exe	96
PID 2456 wrote to memory of 2512	2456	msedge.exe	96
PID 2456 wrote to memory of 2512	2456	msedge.exe	96
PID 2456 wrote to memory of 2512	2456	msedge.exe	96
PID 2456 wrote to memory of 2512	2456	msedge.exe	96
PID 2456 wrote to memory of 2512	2456	msedge.exe	96
PID 2456 wrote to memory of 2512	2456	msedge.exe	96
PID 2456 wrote to memory of 2512	2456	msedge.exe	96
PID 2456 wrote to memory of 2512	2456	msedge.exe	96
PID 2456 wrote to memory of 2512	2456	msedge.exe	96

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\sigma boy.txt"
1⤵
PID:568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\DisconnectResize.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ff89f5c46f8,0x7ff89f5c4708,0x7ff89f5c4718
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,3929456603993703899,12167366639877651826,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,3929456603993703899,12167366639877651826,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,3929456603993703899,12167366639877651826,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3929456603993703899,12167366639877651826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3929456603993703899,12167366639877651826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,3929456603993703899,12167366639877651826,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:1928
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x264,0x268,0x26c,0x240,0x270,0x7ff63f695460,0x7ff63f695470,0x7ff63f695480
    3⤵
    PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,3929456603993703899,12167366639877651826,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3929456603993703899,12167366639877651826,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4420 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3929456603993703899,12167366639877651826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3929456603993703899,12167366639877651826,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3929456603993703899,12167366639877651826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3929456603993703899,12167366639877651826,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3929456603993703899,12167366639877651826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3929456603993703899,12167366639877651826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:5604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3929456603993703899,12167366639877651826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
  2⤵
  PID:5704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4492

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:232
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2588
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1872 -prefsLen 23839 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c14fad19-b7ec-48b3-abd5-50ab2cc0c1fe} 2588 "\\.\pipe\gecko-crash-server-pipe.2588" gpu
    3⤵
    PID:5672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2356 -prefMapHandle 2304 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {efe777fe-23b6-463a-901f-a2928c531997} 2588 "\\.\pipe\gecko-crash-server-pipe.2588" socket
    3⤵
    PID:5744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3044 -childID 1 -isForBrowser -prefsHandle 3140 -prefMapHandle 3128 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1064 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc4cc05f-5293-4d6a-a744-602ab6e21068} 2588 "\\.\pipe\gecko-crash-server-pipe.2588" tab
    3⤵
    PID:5416
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4116 -childID 2 -isForBrowser -prefsHandle 4108 -prefMapHandle 4104 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1064 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d56a291-c2cc-48b8-81dc-1200e9a82cfd} 2588 "\\.\pipe\gecko-crash-server-pipe.2588" tab
    3⤵
    PID:224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4740 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4788 -prefMapHandle 4784 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {facddc34-e8b1-4f24-87d7-fc80f4eac569} 2588 "\\.\pipe\gecko-crash-server-pipe.2588" utility
    3⤵
    - Checks processor information in registry
    PID:6060
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5452 -childID 3 -isForBrowser -prefsHandle 5444 -prefMapHandle 5472 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1064 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fce07b6e-8cd5-4288-a49e-3720be72edc5} 2588 "\\.\pipe\gecko-crash-server-pipe.2588" tab
    3⤵
    PID:5604
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5632 -childID 4 -isForBrowser -prefsHandle 5304 -prefMapHandle 5232 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1064 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bec9f73f-f5ed-44fb-8b36-0970217b22dd} 2588 "\\.\pipe\gecko-crash-server-pipe.2588" tab
    3⤵
    PID:2320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5824 -childID 5 -isForBrowser -prefsHandle 5744 -prefMapHandle 5748 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1064 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8426d33c-95f4-4213-ad5e-9024d277a011} 2588 "\\.\pipe\gecko-crash-server-pipe.2588" tab
    3⤵
    PID:1304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6200 -childID 6 -isForBrowser -prefsHandle 6192 -prefMapHandle 6168 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1064 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f605a012-08fa-4e85-ae89-fd2e1e958107} 2588 "\\.\pipe\gecko-crash-server-pipe.2588" tab
    3⤵
    PID:4552
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5488 -childID 7 -isForBrowser -prefsHandle 5560 -prefMapHandle 5572 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1064 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {edc44265-cd9b-45a0-a4e7-7c41fbd04f43} 2588 "\\.\pipe\gecko-crash-server-pipe.2588" tab
    3⤵
    PID:5980
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5260 -parentBuildID 20240401114208 -prefsHandle 6448 -prefMapHandle 6012 -prefsLen 33706 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ffad623-d50c-4db7-8133-44b0d436a7b3} 2588 "\\.\pipe\gecko-crash-server-pipe.2588" rdd
    3⤵
    PID:780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6452 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 2652 -prefMapHandle 5024 -prefsLen 33706 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32e31d47-621c-496f-8f69-3be6573e2f4f} 2588 "\\.\pipe\gecko-crash-server-pipe.2588" utility
    3⤵
    - Checks processor information in registry
    PID:1064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2740 -childID 8 -isForBrowser -prefsHandle 3132 -prefMapHandle 6076 -prefsLen 27447 -prefMapSize 244658 -jsInitHandle 1064 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2c431d2-048f-408d-b9d3-b74d35ae8858} 2588 "\\.\pipe\gecko-crash-server-pipe.2588" tab
    3⤵
    PID:5784
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6164 -childID 9 -isForBrowser -prefsHandle 6904 -prefMapHandle 5240 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1064 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba204739-61b2-418a-98d6-3a4fc19ce2de} 2588 "\\.\pipe\gecko-crash-server-pipe.2588" tab
    3⤵
    PID:5224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6404 -childID 10 -isForBrowser -prefsHandle 7052 -prefMapHandle 7060 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1064 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {457c5041-172c-4992-bdc3-99b326167328} 2588 "\\.\pipe\gecko-crash-server-pipe.2588" tab
    3⤵
    PID:1184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c3b681f1b553061b1d406dca73509e1

SHA1
1d0902a780b041766c456dca466ed6dd88db979a

SHA256
45099d50c298e321f628997d58aff82c1f91aa302cb6a46f5c8a2819a53685d2

SHA512
b6e59b2da8bce61cdb2f0bdbe6dd0486c68bb583a1066cafb979314c4c1baeab4136d9d958e9e9ef3a36b1d7988ae8518080b8aff9748c102d05646aea914283

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
165b9ab5b6100e149d42942970795741

SHA1
873ef2b7bb080cee1f9eb80920edb54a235fc326

SHA256
fd01e423cf1b8c61bbc4e1c63f3cd70a81586a9d03a88eebd6ec3a16a1910364

SHA512
5ba31ba647b158325e7282ff6dc83e683b62895a1e3ebd5445a1f121d6d5fdee4b39164514f7c442bf67dbefcc7965c3ee946333e77047ced40df144aebef9ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
dc010c967f889f9f002997b2a18477ce

SHA1
bc90359855084f97a0b86ebe62e5528897d52484

SHA256
30f414da03136cf715429a77a682faa40bf13e195ca2428c9cc6d26ddeb290d6

SHA512
2b38a2f214c8ad02c8cb834caf16e78395a9460d97ea79a1da035bb4a2056904364cfb0af0fd946a026cfea47b73733256244b91c2b1e0b2437894e39d5fca96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
f1a8a1d2128d09e60dcf33fa9a71e752

SHA1
b23224de92b256ef98b248cfa662b2b09b68f3e1

SHA256
5c6b6d3f9b524299ef6bc54216379d35362776d8825a04696db907bc8a9f51e7

SHA512
32d72bc4e647cb72b787aed9347e6e4c55b3044a2293cb7aca938689685e67d90332f0ef3c4851c7383070e4e5c00d1f3f0859ed9a1336a12488427cf44cd3bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
784a03c75e662b38a30ee7575ea0a356

SHA1
fcc38f61077362f1f087588abebe87d6feadb42a

SHA256
ba2bbc72d4b1a42b9f78ac8a92fa732f31ef680510c0392940e2409e89eb058d

SHA512
ff017ae329f90720172d2100913c6031864c95285eaffafea2f2150935754fc90052dd57c5f7e7350acaf25d65211267629c85fbb4e0fd7b0f4a599c2e5fc8b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
d98468bdd95e51e07576d2a291732065

SHA1
3cf38b6e422c10b350c7de7a31f0ba8f3195e510

SHA256
0220aa7183e41184a8c562ba2f0542769e41350961071bc254ad7b0429398c28

SHA512
366378169952ac652262eb54f1a43ed97ac439272a825cb124225db99b8a0cf99da50cdb72bd702d76bd437e9d45fa672d9190205b76ddcb1350be36a499fc8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
916B

MD5
6d4e38ba2b1c35ffb3c637cb97559632

SHA1
00b728bc3424094615f52b52eeb614dcc00a455a

SHA256
2a820948a06bf605e3dd9550e2fd91d65a9adc914ddc2ede9d4f92242ef8d654

SHA512
0e878f65c51c1be28d5b20d41d57e63e102b4a78af7accfc4bfd62f5d8b05e1747e685739477ab09ca9cbdafdaab54f105d0fed344f7929da2e690f143e094f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
31039cb0550021514899724a3717a7d0

SHA1
fcce5d507fd4f5513952b946f1f6f94e3a5c0375

SHA256
b3024ca3e65436212f3cb625f9245a166c590869fd42f7f8f7573e0404534b53

SHA512
c485ab8d213702662ace0b70ca6438474a003eaa31fb134be58ffd534a477b1d1fc7cb13e4cab5227aefd70a4c970c4e0bb8827ea8c9f68c8e3d9d1f08d4fa66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
dba6a65a98aeab0703578159b885b088

SHA1
0bf299820ab6a98330eb4186f592734d914d6a07

SHA256
657c8981c338b06cc7868eb964afeab62fd7380576681439044177ed3b78fff9

SHA512
95220edd275e482d907d2e1eb2793f8821422fc598e786b8f2f5f580c24e7608672f52b61798ba739e216bec4e0be9779eacab6f6e70812542969ef05b1b7316

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
768f26e3c79afbdf94e3de6ea24b7c01

SHA1
4a6736cffc1a485f2b219a39e6c202d35e1aeebd

SHA256
c486adff94e3b6b83e5965079046fc5469a58bbcd64981b0772bd7efd1089b39

SHA512
57a54fc2120cbe121909df06941046b5e6ff9d50056a7cb3a3ba5623a80a21fdc9f7bac88b704f1560e23f617306c6f7a2fd5494b576c0fd1365792124912bb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
65e20d716e1508611951083b93f574a7

SHA1
fd60e660f237e93da68b2ab794286250d64559a7

SHA256
82f27cbe3a38ce9a8e36f1d5da1c3dac75a39dcf7bbfde8831bc5575d5af6e8f

SHA512
0711193784402930c6a98c6dcf0af416923d7ee4f4b66a7f76541bae21110e75905d7eee28880d2e5b6398c9d8c9a0718dd215a3e5a5a0d6aad3683811cbfd76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c5e7aa503c3fab4b3b15e9573e3fc695

SHA1
20b8b2bcbb2b02dd376898d5cf496937ce2d5d04

SHA256
97dee92a1e951e1ea5c952d9b3e13fc5995b8cccf06e41db0d99a2163301df37

SHA512
96657c4db062ded4a6e11bedda0cc548d66556f7dbbbe9e619908c91a541ce9f8af7571268d571dd7c675e3930e845168f406fafd9a81bb7dbd8f8de91f0050b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3bb18d6c65cbf9097f4310427417a410

SHA1
9b03e2bf04d751e5401f45897a692f6b6d486118

SHA256
8fb3f7708b56be489bfb36ba3d17c33cdef794bc2615ae5db66b9506731468ff

SHA512
728cfa8e1aef591e9eab7dcfaf05ab942151973e90136c26073f4dbb746ce807ecba44caef1599a7806aa264a6c11471f3c3a244cc88e96e4287d89b21eb3e4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
eeec2e8fdb3d10926be7f7f005a6add4

SHA1
ef91d915a57451a526ffde4634f1152c6a751104

SHA256
3a35c99ef359936c246b01412cf6c3bd0a7b190fbfefa584d62cc27e6f6522b1

SHA512
c2044601211d75abf5bea962e73760289ec660326f7e8fce5a588a6a7672923682fa45a0876f197ec75c943d780bd06649d1810edb8331a293365dcc415cb4c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
524c0eba78201e8faad29c29d0a611ff

SHA1
b8d23f3f70313f9f0f8c1e293e70a3f8173adea9

SHA256
693ac11a04057152b30e8d26dc646186c3e54bbe397122b457374d92620fde52

SHA512
5481d83540551f9999d6dbbe94c7ac200b53bb81e5d9a5a94761274332a0b4e4aad05a9689fed5b9ad6fb2c1d06f91e2730eaa4f53950f8e14cef5cf2af452ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
66ad1467e3d376cab93f822542240f42

SHA1
1ea77b0927003fd7be7cecfb10facd2b0f5d5561

SHA256
cc7b8ace02bb37219f67302de73411302b732e74fa9ca4db46d71192fa8d5cd3

SHA512
2c7cfacca75776bd5afe6ec15e4c7e2c344cb492bda1f2c5b0c70d39888b2a98b87ef7d53b28b73f7587b6886eef514bc92f0db16c36c6347c8cdf26d2a64fe6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
7f88b8fb792e4371e438d4cde8980e66

SHA1
791a60818d0ac326114d4202ad13a2777e1064bd

SHA256
0db2cc6d77bdfb52f89148f2419356c3eb1d927410b4c7002c8af8044c212b8c

SHA512
6158da80a1b14687740ae09a6338a282997c849862b8fbf1f8aea34e23541151f9c82ba5a78f3cc686754fbb3a9cad7869e4e2d401f73f78162b35460efa2736

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
498051397276425808dc5f83301241e2

SHA1
56b4b282534de64f83a583e45bc5476ebaa850dc

SHA256
9d8f7cfd281af094c1fa26afc24748446ba4e6d2f509a7443dfda1abdb718f39

SHA512
7ff498eb5676811ba41af81f0c793037b32d89017e1c6705f6b18f5ce293753c184e8cbff48bd8e6eee9e9ea8026579e515e2d07a79887dc77d99ec6772382f8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
d6d772b2cdca40db466e0e0337c3cb62

SHA1
f01397efa714e2dc9e5126a138a441e3dcb0987f

SHA256
71cdca9c93796e15e06397309db33f1aa69f7d240114230661208d544f09eb62

SHA512
8f5f0ad4411c5a85052dc3d27f3f7b3a6dae879f27b82e7e7579da246b7cdd2a9a4c746db33ba0dfa9573a503a54e0463865ac797bc62fc0031a47c3b7b3d4e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\otijbhkb.default-release\AlternateServices.bin

Filesize
12KB

MD5
a374b695162b8d7a1b3551e78fb6bec5

SHA1
cd50f2fa20f18c3d91bf3a538f034d15fe998627

SHA256
304aae027cc1c3455d956ae7c7265bfc8b34ac811970cbb58ba14c5a57131a45

SHA512
bc06a4adcd056c1bc2b1667af958db2c9d6b98a09d574d0131711e97b01b29aa7a4dfce86a29eba356e275573d64e13a0d97fce5c0bda92aebda00e566379cf1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\otijbhkb.default-release\AlternateServices.bin

Filesize
8KB

MD5
12586c830cd77bd704abfb1fd5f81b84

SHA1
0e0623d473208e22337e5a288ed4567ec9a5745f

SHA256
5011c577c468121e1da19971000c4422223320ee8b4dd8cc07019576b0a43084

SHA512
ec14d5f5c417f2d57593bbfc7f1b45540d4f69e304f7ecc7962e1cbd8ba0a5576b3122e23c71285be14027380d5a9fa01f02643dbd6251f15bc549ea88578961

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\otijbhkb.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
eaef520f6f7834672b57b5e8a81088b5

SHA1
a1b3278430705eecf9fe09ac8d685fc087daf30f

SHA256
4e86b34533cfde2d0c5caad42c998d8c6eee34b23359164ad52be93361c6e7c2

SHA512
d8a6d2166125be96a4b103a3df14e361725a9298fea83548cf054b7e0d6bc04591da8b36a83dd85a464255616dbb4ae8b48dfa8b2b2fddd04c1c401100b7b1ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\otijbhkb.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
9f6a88e82742a33163d89dad9750c599

SHA1
255725aab1271c2c7d0376c19c607aec055961fb

SHA256
fbd7454dbfc21d596709e86cf1733902d114606e872e19bff9fc2ec678456778

SHA512
2f94317c445d4f3ce4e2a15d18a3b5073048a754ec90dc131db6aa6473905456a3c08f88d57dfc36a728b98f2de9a624c55e828b19da9fde6d9237c32033fd6e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\otijbhkb.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
f75c515558c72592543bae58a55d618d

SHA1
f57c61edd0bbdae80b54c0c4b953add7923c953a

SHA256
479ae7d66e2d7678350644965e9f1dbaa1ca70c7046781a0f6e48a1b861b310f

SHA512
beaecdebe87f6857023ef73b0d4ad425e75f29132a873836e51f725974ead73c8c811737d183e25aa47319859363ea412f9e6666509dd45ebace0870ec0e89de

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\otijbhkb.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
ec38ca1c07e50734aa9502c8ddfc4fd4

SHA1
9a247522224d72d0b003a896f9467ac3faab89b3

SHA256
b99ecc7ebf1c3de1e82d7a56c4746aa6b74ea2770e4e4f741c63ba5c3e809c6f

SHA512
274fe36eb6caf13b7dddfadf12e429a58b709b1735982aaf56a702371cbaaa43aab90c4686cb6f89df18cbcd57841e1b2e2273b02cfcfaba06848623297b2cca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\otijbhkb.default-release\datareporting\glean\pending_pings\5a621d87-2c29-4364-84e8-7499e91228ea

Filesize
982B

MD5
780a2d9fb06d4dcb8d8b3222a56757bf

SHA1
9b33c5f08ab451f566af4159ee0ae4a91a04e62a

SHA256
cf3ad29be63b7ed41b4322b5c152d79d5629b050f77d8acc57f97a1731d57173

SHA512
503ee79bdcbbcd3eb25057b43c30f6e9e18478188bb93658634aba40d75bf0cadb1925b334800be0e90dd5d12fb6215eb50c25ef0d0fb81a7dafa704ea013388

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\otijbhkb.default-release\datareporting\glean\pending_pings\9e14cf71-f0b1-4cb4-ba87-a57240495f4b

Filesize
27KB

MD5
e52ea7f7845a23006a4e3ec75e5e7159

SHA1
16f3b6e0dd823d893fecafebc5625584de6c5bbf

SHA256
b12504f912cbc964ebab819681ffca463585db36ec251b19e97ca487e76fd45d

SHA512
0fa7879a7a84edbd09cbd82a6eea18c1c79947b722880e82c0b632f5b855c033f1d22e5a5a82e831c2e90045c849a044f71793041d2cb5361d478fa62487708d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\otijbhkb.default-release\datareporting\glean\pending_pings\f14c838d-f1cb-4f82-a79d-0532a2184e31

Filesize
671B

MD5
854f500db56f119f4a971117f75debdf

SHA1
31a3b308a619ca91157ff0365db3305de30b5d4e

SHA256
e0c19fffa780b9936f5533f04f0519abc2baf11f3cc9c1b745a31bc8e1f502ef

SHA512
f7ec757ad702ddfaeb56ba8c006ad22afe839ddd0d8bfe325d6659b446cdce77276f6badd997ecd8ec97d831315243d2ffaa7e17912f47e89668e03f973eaf84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\otijbhkb.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\otijbhkb.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\otijbhkb.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\otijbhkb.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\otijbhkb.default-release\prefs-1.js

Filesize
11KB

MD5
67224bc622570fefc764b00e90cc99f7

SHA1
7845886af830a3f9bd80a247bf82f744e3079d81

SHA256
80e5407bcc2a807e367ef1c05a738cd507cdaecb0ebfbe255f0b91434fcccb6e

SHA512
a0554dacd4044ea01d7b797046be266bc3baaf0e86337a82df7e617e9a504154f6ba1db14861722d71fbfa73ed2bdbddd02ea657833bf30f2a12cb2c6f327ec8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\otijbhkb.default-release\prefs-1.js

Filesize
10KB

MD5
ba97acf96c7dde6b85a52a5c8c88a21b

SHA1
030dacfc5ef1f536697b4e34a1996903aa3a756a

SHA256
c30d21c9e3b1d546ea388c0b9f48aa5458b9b41a6d5deb04865bf417ffa8a42c

SHA512
231f9fafc8cc06beeb76c4325374d068c9c04d239083a637113fb43378b26d678e9b9248e51ffac52fc668f273680bd3cf149c6ef33745ab0a45fc7fc3101f7a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\otijbhkb.default-release\prefs.js

Filesize
10KB

MD5
8cc6df54a3a11c49027d55bf648c6805

SHA1
fcbe7dfa39d934a497a1f14b6712c86c415b501a

SHA256
f482f449a2cb0e92ec05e68a0ec7bea882d44d20d34349c43a357e3df5093066

SHA512
e896de29fde9bf841e0a9e69c4be29575226af070e2f67a17d3b9d5409968a85cd08a0eea692a82c1da1c2340520c3c1899810fafa54236b9f89e85cfe0709b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\otijbhkb.default-release\prefs.js

Filesize
10KB

MD5
3ab781e80bd4ae55b31736c76455a9cd

SHA1
d1000785efbbee5bdfce218fe17e7d899ef01841

SHA256
5a169da3a2011cb9ef69ec3da9687b0b22cd4762c1bb2cb3bd77c1563cc6f639

SHA512
14d8d81ea1833c5a696cda90ef372dd8954934e4320ae35dac60afe6f869e452587f271f18bdf9be5b71b3052b40021ab54fb0726bff046f1ea7f3c907ed079c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\otijbhkb.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
0fdcc2aa3534007aa43f92f52d60b152

SHA1
18d3d70ddfaa27047c667a9eb027237a55706c99

SHA256
5da1d0343b633b5e8c15590dec56995d8a71aa4100864a25e514c83722ceb737

SHA512
c02a5c4837a4906514e209a53d7896d266f5001067c3fb9f747bbc6ce5068f7349163f09828726265911016247fa763e7ba5efbb5a8976099d408af1db8f9a49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\otijbhkb.default-release\sessionstore-backups\recovery.baklz4

Filesize
17KB

MD5
a185131e282ba4f1a3a597cef658ae84

SHA1
072083a923f40f2293cd264d5e8fd86c1b1f8269

SHA256
9c77af74977f102d0e53ac83d55ec11f1a84d74e04c72a8df6ea26d0d1d21799

SHA512
f67e7f2beb25b2e95c09578bb2cdd437ad7f3c317548e5509382819e09d9f03fa482a109ba51af213679c45bcb55e1874c880ae3ab014706d1a7ba5af5e80d6b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\otijbhkb.default-release\sessionstore-backups\recovery.baklz4

Filesize
15KB

MD5
0f596a52a050c64c1fe026068ed81ec0

SHA1
547c916ee4b0f86d821229f6b192b9047f201c52

SHA256
87bf177bac0cfe131f0c8ac9841a27a9d1b88931cdb5d93868a6575c76e114d1

SHA512
8692694f788cf8c9c366621a8443facaf6a89a3c07239c5f5f441784294f359acaec6b736aed47ff5e586a3486d89aad2f8a7c05d71d7123c533c432bda58209

Download Submit