Analysis
-
max time kernel
264s -
max time network
285s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20250113-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
18/01/2025, 12:17
Static task
static1
General
-
Target
MrsMajor3.0.exe
-
Size
381KB
-
MD5
35a27d088cd5be278629fae37d464182
-
SHA1
d5a291fadead1f2a0cf35082012fe6f4bf22a3ab
-
SHA256
4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69
-
SHA512
eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5
-
SSDEEP
6144:Th3idhONY259BH1DzJ5PzVNtGgc+F9TBd096cTKAsLEbqqbd+VWM8AHiKn9SlXNA:Th3iXPw9Tc6kVXMHHLEf8l7
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" wscript.exe -
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation MrsMajor3.0.exe Key value queried \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation wscript.exe -
Executes dropped EXE 1 IoCs
pid Process 240 eulascr.exe -
Loads dropped DLL 1 IoCs
pid Process 240 eulascr.exe -
Obfuscated with Agile.Net obfuscator 2 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
resource yara_rule behavioral1/files/0x0028000000046188-6.dat agile_net behavioral1/memory/240-8-0x0000000000100000-0x000000000012A000-memory.dmp agile_net -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 12 drive.google.com 11 drive.google.com -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 10 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings firefox.exe -
Suspicious use of AdjustPrivilegeToken 7 IoCs
description pid Process Token: SeDebugPrivilege 240 eulascr.exe Token: SeDebugPrivilege 4920 firefox.exe Token: SeDebugPrivilege 4920 firefox.exe Token: SeDebugPrivilege 4920 firefox.exe Token: SeDebugPrivilege 4920 firefox.exe Token: SeDebugPrivilege 4920 firefox.exe Token: SeDebugPrivilege 4920 firefox.exe -
Suspicious use of FindShellTrayWindow 22 IoCs
pid Process 240 eulascr.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe -
Suspicious use of SendNotifyMessage 20 IoCs
pid Process 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe 4920 firefox.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4920 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 780 wrote to memory of 2960 780 MrsMajor3.0.exe 82 PID 780 wrote to memory of 2960 780 MrsMajor3.0.exe 82 PID 2960 wrote to memory of 240 2960 wscript.exe 83 PID 2960 wrote to memory of 240 2960 wscript.exe 83 PID 1308 wrote to memory of 4920 1308 firefox.exe 89 PID 1308 wrote to memory of 4920 1308 firefox.exe 89 PID 1308 wrote to memory of 4920 1308 firefox.exe 89 PID 1308 wrote to memory of 4920 1308 firefox.exe 89 PID 1308 wrote to memory of 4920 1308 firefox.exe 89 PID 1308 wrote to memory of 4920 1308 firefox.exe 89 PID 1308 wrote to memory of 4920 1308 firefox.exe 89 PID 1308 wrote to memory of 4920 1308 firefox.exe 89 PID 1308 wrote to memory of 4920 1308 firefox.exe 89 PID 1308 wrote to memory of 4920 1308 firefox.exe 89 PID 1308 wrote to memory of 4920 1308 firefox.exe 89 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 4476 4920 firefox.exe 90 PID 4920 wrote to memory of 3744 4920 firefox.exe 91 PID 4920 wrote to memory of 3744 4920 firefox.exe 91 PID 4920 wrote to memory of 3744 4920 firefox.exe 91 PID 4920 wrote to memory of 3744 4920 firefox.exe 91 -
System policy modification 1 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System wscript.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" wscript.exe -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe"C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:780 -
C:\Windows\system32\wscript.exe"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\72AF.tmp\72B0.tmp\72B1.vbs //Nologo2⤵
- UAC bypass
- Checks computer location settings
- Suspicious use of WriteProcessMemory
- System policy modification
PID:2960 -
C:\Users\Admin\AppData\Local\Temp\72AF.tmp\eulascr.exe"C:\Users\Admin\AppData\Local\Temp\72AF.tmp\eulascr.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:240
-
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1308 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4920 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1920 -prefsLen 26921 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {030f2a4c-67f6-4391-9291-5a4908326549} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" gpu3⤵PID:4476
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2400 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 26799 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f5e5c4f-8a53-4bf4-90b2-8a38b93315c4} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" socket3⤵PID:3744
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3208 -childID 1 -isForBrowser -prefsHandle 1724 -prefMapHandle 1720 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1e805d2-ad38-4fae-9570-1c2d6c2f5247} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" tab3⤵PID:1784
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3348 -childID 2 -isForBrowser -prefsHandle 3384 -prefMapHandle 4076 -prefsLen 32173 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {84570dfd-d799-41cc-b545-1a09ffc1a544} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" tab3⤵PID:4076
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4124 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 1708 -prefMapHandle 4056 -prefsLen 32173 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9aee1ef-32a7-4906-adf9-9f94c28569f7} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" utility3⤵
- Checks processor information in registry
PID:4700
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5504 -childID 3 -isForBrowser -prefsHandle 5500 -prefMapHandle 1392 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28446fa2-9e2f-411e-b325-da93ccc9e948} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" tab3⤵PID:4316
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5708 -childID 4 -isForBrowser -prefsHandle 5632 -prefMapHandle 1392 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0f37f1e-a23c-4565-848e-c0a2883133b5} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" tab3⤵PID:4084
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5848 -childID 5 -isForBrowser -prefsHandle 5860 -prefMapHandle 5792 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b3aeaf8-b31b-4669-88ed-865ea99d223d} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" tab3⤵PID:4376
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6152 -childID 6 -isForBrowser -prefsHandle 6008 -prefMapHandle 6140 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4815f4ac-5ff2-4fd5-a92f-66652775832c} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" tab3⤵PID:3976
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5568 -childID 7 -isForBrowser -prefsHandle 5544 -prefMapHandle 5556 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c94da88-eed5-4bbd-af78-3d9e5905a3c0} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" tab3⤵PID:1392
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4964 -childID 8 -isForBrowser -prefsHandle 5788 -prefMapHandle 5780 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f161189-b1cf-4323-9217-d3df3a2228e3} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" tab3⤵PID:3792
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6468 -childID 9 -isForBrowser -prefsHandle 5968 -prefMapHandle 6456 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e644dfb-7b9e-4301-9bfd-cc022bcef7bc} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" tab3⤵PID:732
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6640 -childID 10 -isForBrowser -prefsHandle 6632 -prefMapHandle 6628 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf28b4f5-e5bf-4754-9332-bbde899cf25b} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" tab3⤵PID:5016
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6464 -childID 11 -isForBrowser -prefsHandle 5704 -prefMapHandle 6420 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f9f9207-e6a5-4662-9db7-05f939588aa0} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" tab3⤵PID:3396
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6796 -childID 12 -isForBrowser -prefsHandle 5972 -prefMapHandle 5488 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {885f3e41-9faf-41e0-b30b-f5ea5a6d65e6} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" tab3⤵PID:4868
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5704 -childID 13 -isForBrowser -prefsHandle 6976 -prefMapHandle 6972 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {db8f6e24-6fb9-4b71-b90d-29599aff497c} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" tab3⤵PID:4004
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7108 -childID 14 -isForBrowser -prefsHandle 6820 -prefMapHandle 6948 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d9f827e-2168-4bc4-aead-e60891853876} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" tab3⤵PID:5020
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7248 -childID 15 -isForBrowser -prefsHandle 7256 -prefMapHandle 7264 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79aed643-9c1c-4ae5-bff0-30abfa0de2fb} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" tab3⤵PID:1644
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7568 -childID 16 -isForBrowser -prefsHandle 7288 -prefMapHandle 7292 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {397fe5d7-ee50-4b05-852c-5134b2eaa48a} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" tab3⤵PID:3632
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7436 -parentBuildID 20240401114208 -prefsHandle 6168 -prefMapHandle 7284 -prefsLen 33609 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {31c86f57-249d-43b3-bf1c-9868409586bb} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" rdd3⤵PID:4860
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6920 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6396 -prefMapHandle 6408 -prefsLen 33609 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {52a271b3-93d7-4bc6-b023-0cdfa655773a} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" utility3⤵
- Checks processor information in registry
PID:4316
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6856 -childID 17 -isForBrowser -prefsHandle 6516 -prefMapHandle 6512 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35ba1b5f-2e36-48cb-8144-89dcb0889663} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" tab3⤵PID:5320
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8xqgylkg.default-release\activity-stream.discovery_stream.json.tmp
Filesize22KB
MD55bd8d0ced2984b88d01e5e80555e16f9
SHA1d058f5986e713f28f90ae897b3ae41c1e1bc9519
SHA256440a390d690814346b1b3b66e059fca24985b6c918d0c83401d1b45552072aee
SHA5122eab670ea70b80f0834c8344a6e537ce2dd6cbf6145da87a1345d1ccdcbcef56695858bca6f6e497c7067a2bc290ee6fbe9f7ce4f25775bd252bb80a4df04e02
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8xqgylkg.default-release\cache2\entries\46E65EEC5D625030F36DA2FC5FF6D9CC9FA9BFE8
Filesize132KB
MD57884beebcc106d64fcc24cefd1a793c5
SHA1c320707fa179f19251934d6fe273e20ef87b9b6f
SHA256920757c7210caa48693f3985cb5b8adb02bcd3fc8745acd36d90290eefa310d9
SHA512e64daa1d0b20e9866a9b1a6f35c522f2c500e88a5b8879e0b1babe2025c32e0b2c83b642dfae28a339dc94cd0acd64d0b2a13259ea5f17ee7602a4b1cbfa21d2
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8xqgylkg.default-release\cache2\entries\7D7E6B11E927478EF8EE1A4E536F14ACFACC6E73
Filesize30KB
MD56ad1db8221ee897b8fe2a0c4ddac017d
SHA1879f98e4a4f754de2bec7b345db38cb75c397a4e
SHA256e33524cf070caaf4d16d450662e1fa4da7a2f727f82708a5d78658bba6e0e74c
SHA512df6eafb689ac0319cd80e8a9e8808c401f237dd3e5345b77799f69d2acfd5e0a37995513d2e05b566393d40b4d8ad5a83c5b366394b17a6f92cedc4617ca5ea9
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8xqgylkg.default-release\cache2\entries\A96F444A924DFE5D24CAB4F9406373189506F9CC
Filesize61KB
MD51ccd33369e4727a9c99c9be680e8d2fd
SHA13dbbf8ff7a750ad3d15b22594cd16749d0ee6cca
SHA256f821fa016b2d176fc97773c52388e1fdfa5ef18577a8562570fb0f2329f2574c
SHA51210dd5a5fe240028af8d14ad827fb4b5ac37ac515dc6e316ac11a159ce14503b98d00a86ed0bc11a11ff38ccb39732065fcec2fdc8c06effa031ef6a8b525d771
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8xqgylkg.default-release\cache2\entries\B9140D3DE4AE5D7C8476FDEF42D99267A27CE5AD
Filesize17KB
MD5a50c53b9146e47f240de6a160ad57b51
SHA1d8437c621afd7dc05ed50a7c6b56cef86d2617b8
SHA2569736c274b742b4c49d2a78f0a0e935b730d778f98a760ca0ee0aff916a670228
SHA512438435b7db25c082468534e4958851092b06b0a58f9801369829cb403c12fd9ca157b1ce5705b72572293ab2d06c74d03ca5ec718415c7eb3b6d34d85a829791
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8xqgylkg.default-release\cache2\entries\BC3B0B6320041CD98FA853BE18DE4077F7EB3B67
Filesize224KB
MD55c422358f3418c8444404da848a397ab
SHA1793170be2dba0eddb3590ae60a5aae0854c5f39e
SHA256227d4954712490b366e226b34a9470603003e189b416975968431ed36a5a2556
SHA5127fdb2cae0c745c6bbb5e17b7a48a2416de07d396168b617f3a53e9bc968fdfc7e7e9ad33de48ec9e1330fcff508bd045f968bb196cd7c460e34360e71c538b1c
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8xqgylkg.default-release\cache2\entries\C13D154EC0C0539313F0A6B10A4DD11D76AAAE60
Filesize20KB
MD5c2fda687df152fd93033fb7da27d8fb4
SHA1e39290513e82bcee20c2706c0f1ae1dcfffd3684
SHA25694cc9ceade10db086f523162ba8f6362d0d2de850e281ac7e2addf99ae4512b5
SHA5126bb71f709f98a9b0674f96d6b882cb8fe95065e08af91a8dec0707bce8f1f58025b73f0fd596ae540d171c28330badb58accacd41273a6e298cdd4d326d3dc6d
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8xqgylkg.default-release\cache2\entries\C439F2126E45D4E6B5BB66B7F707FBA003ED21E3
Filesize32KB
MD522688ca22dcde0064f89dd469b6ae53e
SHA1e03acc58204edde2e688593eeba3c3c5a39fd4fa
SHA256f966a0d35a75f2a047fbe0550f1e51feba219630cf3456dd955ada4d60da0df7
SHA5125fcfe850f0885af23db471c46f41b21734f2fb9862015e2c1e2bd91268555a72a62c652f293f7d27a95923cb125e1bdf92d6df5d3cc682c3309c7a938af870aa
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8xqgylkg.default-release\cache2\entries\D96DFF10839186A498D4B177A2D51AF043DF0863
Filesize18KB
MD53bafbead5e2e9e3627d16e1f78a328af
SHA1a68fb520f237e7fb70b356a84455b67e9568c128
SHA256e9458dfd6000c4882fade9a3bb320a17d7606440c50ab83ddeee58fa55e099b8
SHA512fa1062926bccc4ba64626f73013faa361d5e5bc6bc52f5c9e16989b91e57aeaaa8d772009788db72cf2cea3aaa1cbff2871ffebe62d0cd3a06c63a7ddb63b01e
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8xqgylkg.default-release\cache2\entries\F566670CE64489CAAC266633F8A694E52331A3DB
Filesize36KB
MD5fed1fad3b22c46094aab249fb01385b5
SHA19006375fb6539cbc89845b2ad86f164e7d32e644
SHA2561e3e9d8703d827f7f40716e53d009020ad57ec093e7c97cd0d9c68e7c8bf5a17
SHA5121fb3285bec90dfeb912a9a14b8b644bd952285978a8dde8949dc8e80e26cdb856a7bf9a95e41d0c03663b853c34c17cce86e59f698144ebaf32e072bf31c4219
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8xqgylkg.default-release\jumpListCache\8o2PxGI3eo_acCdqCiJe_gcfUaEyGkGyrfoc6oZhtn8=.ico
Filesize249B
MD51fe6be6ddb7503cc6d3d931193e5c973
SHA147715d99e091fcf490ba41f19a05ad15bfcdacec
SHA256901d7bad3ba91a01e40a3099d3da273d3ecf37c75c5f71230dd3fa3cd0eef0c1
SHA512f49a00024d6d8b3465af8c277dc02af8a5cfe96a8308e9dee6d6cbe5f405ce37ff7c1f2681e9ecbbf750728cc7f2f8fb117c96387edb8f42c34d24c61be37627
-
Filesize
75KB
MD542b2c266e49a3acd346b91e3b0e638c0
SHA12bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1
SHA256adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29
SHA512770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81
-
Filesize
352B
MD53b8696ecbb737aad2a763c4eaf62c247
SHA14a2d7a2d61d3f4c414b4e5d2933cd404b8f126e5
SHA256ce95f7eea8b303bc23cfd6e41748ad4e7b5e0f0f1d3bdf390eadb1e354915569
SHA512713d9697b892b9dd892537e8a01eab8d0265ebf64867c8beecf7a744321257c2a5c11d4de18fcb486bb69f199422ce3cab8b6afdbe880481c47b06ba8f335beb
-
Filesize
143KB
MD58b1c352450e480d9320fce5e6f2c8713
SHA1d6bd88bf33de7c5d4e68b233c37cc1540c97bd3a
SHA2562c343174231b55e463ca044d19d47bd5842793c15954583eb340bfd95628516e
SHA5122d8e43b1021da08ed1bf5aff110159e6bc10478102c024371302ccfce595e77fd76794658617b5b52f9a50190db250c1ba486d247d9cd69e4732a768edbb4cbc
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\RSA1OYMBBS0YUQPLVF2Z.temp
Filesize19KB
MD526c6cc83c0b37cdda290173eb07b7fdc
SHA1baf8bf88793285e5b4a2953bbbb403878ea31a96
SHA256f6e377b12aa51f48de55184c38e07f8b1b370b27a8ffb1cef8e4f2b35fdba999
SHA512447dc7a5d65dbf1fa1d3c6ce955d8acecb93c6372f6b42e622ae3384e5551da58078626e09091db8ed6f89c6ddad1daaca2e0ab0c05298e37e6cf966ee5f7f99
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\AlternateServices.bin
Filesize7KB
MD55ec48b070826e5379d64512b674ccb13
SHA1b45a48076e7f42b22e8683132cf1a00a29348495
SHA2569c4ebfd1415f615cdeef643e9a8cdc874b8e2422dcb29d334c3c2c567ba7fabd
SHA5128712378195c2b5b50d20c43f3b7dbc268fbba3d046087e84761b73467fea334792a41904ae313f33361e0266d5a03b2a38d733f525ffd53534520eb1ba428ca9
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\AlternateServices.bin
Filesize12KB
MD5474120a30f8538720aa4ceb86c57a854
SHA14923b84df2aa5841686047a2778ec446bff867ba
SHA2565cefdd2102ad02538d75b17f408c68452baf63199dfd405dfa70553b9feb0ff4
SHA512a8c1f74943ff169cca70df3952d192164ea461c9eba50e156e0d67bf561d3b4504b2bca7a4f09d998d3a1f88fd0a89a50dc89c84d288c43ba1a180aca9c237d0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\datareporting\glean\db\data.safe.tmp
Filesize5KB
MD578e12abfe80f60eec804f6e72773b21c
SHA1e4a9c957fbd1cf0b73d616f87b24352bb122a31b
SHA25659fdf9f077d0813abfaec33e7e9bab0d01f2d97fd1b46b937c9c0360d5a9ff09
SHA5128e440825d5348e24eb4df96abbf8879b05baf8add25e6a03dcf865606ecb3d5ae7c225dee0379ad2cc6f00f4a9ac74586b265aa782d82db4c1f2a603e1bc7be4
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\datareporting\glean\db\data.safe.tmp
Filesize6KB
MD5ea139ca4fe49629813eed861fe5d330a
SHA16f99a9efa01473756102c8cf5b1f11ec099920a9
SHA2563b23fd9b8561000f056ee7d7dd368f5f07672abb7cac7b3c3616d3d9f519a098
SHA512e384d435cea5441b54ea05c5ac41be0957118c8a5ef745499012f243dd8c5272d3e4841e1e08b77f9a1242d4b4265462783ccef285088c4feb0b633616bf0663
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\datareporting\glean\db\data.safe.tmp
Filesize3KB
MD50142c2f9703a19eb7eadfb1bf2ee5380
SHA1995e3875b39041a79ea84ed31bd8316055e189b2
SHA256ed862e57934e3af69ed583b6fa5d1bacace889762abaac4c9d33c392a5e1d7e2
SHA512870ea51847c25d2e0e881ca088612423211f4b172b18b023d878bcea19406188ae82f0651013768c1c8d0165a97ff6cba66463d6fcc32f864aa6f7cc0f93f828
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\datareporting\glean\pending_pings\4b61ea52-f8e5-4cfc-9c72-70193233c1ee
Filesize671B
MD57986cab1842f6aabcf9b1be43275045d
SHA19db8cc49aaeb84894fa980ffef525f95c145b5e0
SHA256380977419bb38c8f8b9e875fcb1b8d261424c24a4cad3e53fc1d08e69f9778dc
SHA512f1bf18192e4753e8b8169a2540f65a2990709d581e290bc7358900ec540e6c2a430248ef94ebc7ff3df2c6e5d5f9b89f6aa3bc6e3fa7b122f4ee3ba6e79d5076
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\datareporting\glean\pending_pings\713ce1b9-c2c0-4f8c-90a3-f345818c7c0d
Filesize982B
MD5bc988d2874207e86852908ea1a87d4a6
SHA17707dde7cc2bddd16cb83099999214c8f4a15c2a
SHA256d6fd7d11094cbe8ce25ebb061662a1ce2c205fc1752260503af1c6396462274f
SHA5124f2e8e78f1b5b51106f0adb4214c748fba38541fe005f698363b43557c58f7e2255e1f7a501ec7e2f542538d4bf2bb0225b478b7e2f3b01194a02f3152483cc9
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\datareporting\glean\pending_pings\8b9cf316-ea77-40cf-8d4b-4a3bab2e5452
Filesize25KB
MD5465bb9938a32db36b00233f1467bd12b
SHA1e40e11f1b4b94cea064157384a9cbdcb4257abed
SHA256c585231ab4e7bf8de6536c26c10ad5a4463c1243c6f08edc0eef23a2008b232d
SHA51293a9773347a1f52d268bbbd66b47972f2d1b8c0f75a187286e153dbe35a424124abb02171c4ce91c7ce9fccdb7a2c55fa28701bf194e2c69bfa6b5f8b5c07216
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
Filesize1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
Filesize116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
Filesize372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
Filesize17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
9KB
MD5e9f88444e68d818b4ee37f860fcaf0b6
SHA13b68a194ba1379ea19278b7911e6efeab6b383ad
SHA25615db3860fad31d9fd7c048873bba1f752d4ff711a82a06f1d72912850fe7281a
SHA51232daf90a93bd4863835a3e3fb421b69dfa023b484358e9f643cb6ceebfeebb3879c068898b41a62d482d3b5b8ad5bea27e8c0cbc4a72eb50dbb49553dbc4d1e5
-
Filesize
9KB
MD5370e52b65da86449a62446eb9b99b271
SHA15a405f234476c35334a0501bf9be2f9d3cc9343d
SHA256bad322c97a16fc763d405e35413d7779fce6dcf91a3cf5eae6b37b248d783835
SHA5125c99b2447dd33a01d904382ef172d83e0467743bde239f5f637b99fbb405efcf3dcff9ad2798a8e5ab819bc4477944ce8b0c6b3f5a6c87588adc5c72d44083a2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\sessionstore-backups\recovery.baklz4
Filesize1KB
MD5a3de8884b2bd001ac9620864e2a448cc
SHA146f727997f5d2fd16e3973a4eb52dd6f7bf31f71
SHA256bafc9ab14c575e702f7ae448d8d89d30b51f38bacba4b8141ae9677a173e7539
SHA5124f4bf51e7469695210a9d383442a1439bf95018e2da100455ecac2c26846821bf3e167847eaa95f1e57e997b51073b5a10494450a64a5f01b69739cfa10001f1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\sessionstore-backups\recovery.baklz4
Filesize5KB
MD5a1e156315a9d069ad40cbefd1f0cd057
SHA161556d8f08a99b42568cb04d28b2bdc5b4542e6f
SHA256aeb39353bd1cdb9c96921f0c3ede04052a42c7dd8a7f0ac2d9e882255cc9552b
SHA512c60a96ff6f33cf5fca831c4abdab648ee10e633c11e3e91087676956e8eb1f62bd2e747999d507540d7bb05697fc79a2aca8520f881f64c42be83f045e64bd3b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\sessionstore-backups\recovery.baklz4
Filesize6KB
MD5c1bf6ab17fd8bf9afae9b1f34dc0fa7d
SHA16b4eed5c5f20dfc86fdbf53b9654feccf76bf08a
SHA25686460612896ca8099ce0e3fb69df003b46f79b222e947c0a6ef70277f9b03bcf
SHA5128e02ec13fe8e8868d5fd09ce347bc8340feffe6796f017f98b951de5d50a144c1c0a05c63e81b63a299f1cdbe6cedfbaa46ea161b278643e52deb8b000e96d12
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\sessionstore-backups\recovery.baklz4
Filesize8KB
MD52a70d3030df24cba4c347a69b267f083
SHA1c945c303158112b8ac6ff06398c3b7ae02abf93b
SHA256b75aab1066d5bce874fac93776f06fd95e76264ce7f9b82870a76048988fae90
SHA512b4ea67022c9d7166e5f843248754d48451609ae26e22d86eb146f8f5b6c4225306d7f912f4b48070e8e8660a68fd53a6f66d78fae50c833722da2ad5f1f756a4
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\sessionstore-backups\recovery.baklz4
Filesize4KB
MD5cd8a863de302b6870a955a1870fea64b
SHA1ba6aad2f02c682aabd824bd370104c1d876200e1
SHA256f172799ae2bcf7039e105ef1f35bb09290139fb1417f1d3e32ce2dba49ea85cf
SHA512b8071b015f0c8480cae28041e12316420e2a47b6a1a6bd6f7937948e0d1beb850ba209ddfd7eb9586a38c9b24d61d5ada0362a477bf4d416816541ba7fc29964
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\sessionstore-backups\recovery.baklz4
Filesize5KB
MD57b68a3d58f2561c2a24bb8ec06a4775c
SHA15716406abd9fbd218780a623909a2c629192d65f
SHA2563d00ae14356be95846568a7766416fdf0edb54e2aba2202bcad6067569bd8c12
SHA512444305337ebd6214a29c7254a1675fed6ef17d4cade596e20c32f98ea85991a3a39326ba3f3d3a8b406728a4d7a02067c2f9c61b2996231c83960b3c2e392292
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\sessionstore-backups\recovery.baklz4
Filesize4KB
MD57ed4bd1190a3284f0d6336030c249080
SHA13396709fcabb5097a93640f484e8811e28723b30
SHA25680638db4b46b5e8775e18f1833e63e57f625907d0face4b8737ddf5703e7d28f
SHA5123d5129141defff7b70c95485d19eaa6962bb51b3822f54a49f8cdda7fd39cb4d28c7ca2d77d0b2ecc4497f88ee9533cca126e4655eba03e37d8ad2606f7fa2d8
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\sessionstore-backups\recovery.baklz4
Filesize37KB
MD53767738f299fc9226a6e64176b5024d3
SHA192572c81855473093c74da23086d1a52a6835559
SHA25649c48e31c6fae7ab930c5872824bab826919168b018e0f7b30cdfc2bf90b419d
SHA512dd1f109dd669f4e213f0c3facd3f30a763c129fcebf98df2b2d617a320ea703a510b43d2e34dfd6a1ec9acd0f92fb9818c5c26c2021567932563fb8fd7119223
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\storage\default\https+++www.googletagmanager.com^partitionKey=%28https%2Cebay.co.uk%29\cache\morgue\25\{8c9425ed-bf60-4113-a7f5-05e2cbbf2819}.final
Filesize11KB
MD5acc7212edf22d33d44510b7adcbc082a
SHA1c4e32d7bfd04d11f62d59b4e33c5795944c7b28c
SHA2562bc9ecabd7e6d75335df5913e6f367255ce81758dd5d7a723c452839e45a90c0
SHA512a807b33005744a994c8dafc5d1cbd8538024fc915469d97b283e1cac664e7f073f2a09bae7a8a4befb315cf23bc9c4f421ba26ed8b6010f7e3063a35f075b1f9
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\storage\default\https+++www.youtube.com\cache\morgue\65\{a626cb9d-5151-4921-be0d-67f41c8ebf41}.final
Filesize192B
MD52a252393b98be6348c4ba18003cc3471
SHA140f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA25604cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA51207af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8xqgylkg.default-release\storage\default\https+++www.youtube.com\idb\2232182701SeesravbiacteaWDosrgk.sqlite
Filesize48KB
MD5b7fbba02888e7ce06437652052d1c44e
SHA172ee4425366c25f6c0953d04c7c4b7ad5f935380
SHA25656f618ba43ed0ff1ba86d7f9ddd3b5c0c146013d4aac716e1dcebd24a9b1b02c
SHA512e94ad8eeca291f22cbbec683c16941d99568873a1f4bc98c8094c22d8f8dcc5e124a2df69a123c16c03e336ce2cade3053607b00942f1861690eeda4a1e0fb1a