2adc0d57769484c1d72d873cc4e9b20fedf5e552ff9f36ee572253a1ef864318

Resubmissions

30/01/2025, 12:46

250130-pz4yhstlap 4

30/01/2025, 12:42

250130-pxdcsatkcl 1

05/01/2025, 16:12

250105-tng2ts1mdn 10

Analysis

max time kernel
28s
max time network
34s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
30/01/2025, 12:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XWorm-Remote-Access-Tool
Size

281KB
MD5

65144d8fc0b5a0fde2ee124726fad169
SHA1

aa7aac2d1b5a9be008ca9adf74e457780e170f89
SHA256

2adc0d57769484c1d72d873cc4e9b20fedf5e552ff9f36ee572253a1ef864318
SHA512

6be657e20bd9fc572bb1abba83b0e7d85d13ecbd58aeefb6e3ef90a6e321698d7448a3b40f12784424c3d37a1fdf138d5212c129efd3691f441d4280cb49b476
SSDEEP

6144:c4NPJpOL/saqkPV9Fe2LtcIDSsmwM9XvZJT3CqbMrhryf65NRPaCieMjAkvCJv1N:VNPJpOL/saqkPV9Fe2LtcIDSsmwM9Xv6

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 20 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4168	chrome.exe
4168	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4168	chrome.exe
4168	chrome.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	1676	firefox.exe
Token: SeDebugPrivilege	1676	firefox.exe
Token: SeDebugPrivilege	3488	firefox.exe
Token: SeDebugPrivilege	3488	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1676	firefox.exe
1676	firefox.exe
1676	firefox.exe
1676	firefox.exe
1676	firefox.exe
1676	firefox.exe
1676	firefox.exe
1676	firefox.exe
1676	firefox.exe
1676	firefox.exe
1676	firefox.exe
1676	firefox.exe
1676	firefox.exe
1676	firefox.exe
1676	firefox.exe
1676	firefox.exe
1676	firefox.exe
1676	firefox.exe
1676	firefox.exe
1676	firefox.exe
1676	firefox.exe
3488	firefox.exe
3488	firefox.exe
3488	firefox.exe
3488	firefox.exe
3488	firefox.exe
3488	firefox.exe
3488	firefox.exe
3488	firefox.exe
3488	firefox.exe
3488	firefox.exe
3488	firefox.exe
3488	firefox.exe
3488	firefox.exe
3488	firefox.exe
3488	firefox.exe
3488	firefox.exe
3488	firefox.exe
3488	firefox.exe
3488	firefox.exe
3488	firefox.exe
3488	firefox.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1676	firefox.exe
3488	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4016 wrote to memory of 1676	4016	firefox.exe	83
PID 4016 wrote to memory of 1676	4016	firefox.exe	83
PID 4016 wrote to memory of 1676	4016	firefox.exe	83
PID 4016 wrote to memory of 1676	4016	firefox.exe	83
PID 4016 wrote to memory of 1676	4016	firefox.exe	83
PID 4016 wrote to memory of 1676	4016	firefox.exe	83
PID 4016 wrote to memory of 1676	4016	firefox.exe	83
PID 4016 wrote to memory of 1676	4016	firefox.exe	83
PID 4016 wrote to memory of 1676	4016	firefox.exe	83
PID 4016 wrote to memory of 1676	4016	firefox.exe	83
PID 4016 wrote to memory of 1676	4016	firefox.exe	83
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3580	1676	firefox.exe	84
PID 1676 wrote to memory of 3144	1676	firefox.exe	85
PID 1676 wrote to memory of 3144	1676	firefox.exe	85
PID 1676 wrote to memory of 3144	1676	firefox.exe	85
PID 1676 wrote to memory of 3144	1676	firefox.exe	85
PID 1676 wrote to memory of 3144	1676	firefox.exe	85
PID 1676 wrote to memory of 3144	1676	firefox.exe	85
PID 1676 wrote to memory of 3144	1676	firefox.exe	85
PID 1676 wrote to memory of 3144	1676	firefox.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\XWorm-Remote-Access-Tool
1⤵
PID:3148

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2812

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4016
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1944 -parentBuildID 20240401114208 -prefsHandle 1872 -prefMapHandle 1852 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe4cfc68-6800-4864-8952-fb99565b0720} 1676 "\\.\pipe\gecko-crash-server-pipe.1676" gpu
    3⤵
    PID:3580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2348 -parentBuildID 20240401114208 -prefsHandle 2324 -prefMapHandle 2320 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dcf4261d-d2fe-4c1e-af3f-836ff1960a85} 1676 "\\.\pipe\gecko-crash-server-pipe.1676" socket
    3⤵
    - Checks processor information in registry
    PID:3144
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3160 -childID 1 -isForBrowser -prefsHandle 2956 -prefMapHandle 2736 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {176a04aa-0745-4e96-ae46-3dde54669ba1} 1676 "\\.\pipe\gecko-crash-server-pipe.1676" tab
    3⤵
    PID:3380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3588 -childID 2 -isForBrowser -prefsHandle 3656 -prefMapHandle 2952 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1472d2d1-fcc6-4aa1-8e84-642f6753fd37} 1676 "\\.\pipe\gecko-crash-server-pipe.1676" tab
    3⤵
    PID:5068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4288 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 1484 -prefMapHandle 2544 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {87a67571-da2d-482e-89ca-ce20790e4457} 1676 "\\.\pipe\gecko-crash-server-pipe.1676" utility
    3⤵
    - Checks processor information in registry
    PID:4916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5580 -childID 3 -isForBrowser -prefsHandle 5560 -prefMapHandle 5564 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b0e1f4a-31c5-4966-965f-b27e732431c0} 1676 "\\.\pipe\gecko-crash-server-pipe.1676" tab
    3⤵
    PID:4780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5788 -childID 4 -isForBrowser -prefsHandle 5780 -prefMapHandle 5776 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2860fd2-fa30-415b-8645-17b14dfd0116} 1676 "\\.\pipe\gecko-crash-server-pipe.1676" tab
    3⤵
    PID:3576
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5696 -childID 5 -isForBrowser -prefsHandle 5924 -prefMapHandle 5928 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd35e892-a655-4e04-b771-92e16cdd6be2} 1676 "\\.\pipe\gecko-crash-server-pipe.1676" tab
    3⤵
    PID:3564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    3⤵
    PID:2316
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      4⤵
      Checks processor information in registry
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      PID:3488
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1824 -parentBuildID 20240401114208 -prefsHandle 1752 -prefMapHandle 1736 -prefsLen 20321 -prefMapSize 241207 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebe718a9-7b5b-4d34-8fe9-b8a90fca2383} 3488 "\\.\pipe\gecko-crash-server-pipe.3488" gpu
        5⤵
        
        PID:1640
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2156 -parentBuildID 20240401114208 -prefsHandle 2144 -prefMapHandle 2140 -prefsLen 20321 -prefMapSize 241207 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0ae612a-9042-4289-b6dc-afa4e8514108} 3488 "\\.\pipe\gecko-crash-server-pipe.3488" socket
        5⤵
        
        PID:880
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3132 -childID 1 -isForBrowser -prefsHandle 2832 -prefMapHandle 3228 -prefsLen 25667 -prefMapSize 241207 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc001b02-b8cb-4196-a684-63cfe55370f3} 3488 "\\.\pipe\gecko-crash-server-pipe.3488" tab
        5⤵
        
        PID:2432
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3820 -childID 2 -isForBrowser -prefsHandle 3812 -prefMapHandle 3808 -prefsLen 26534 -prefMapSize 241207 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22de680e-7d34-40e6-a3fd-1075a15c5186} 3488 "\\.\pipe\gecko-crash-server-pipe.3488" tab
        5⤵
        
        PID:3500
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3660 -childID 3 -isForBrowser -prefsHandle 1256 -prefMapHandle 908 -prefsLen 27719 -prefMapSize 241207 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1a89e31-2953-4076-bd22-75fb5a21b92a} 3488 "\\.\pipe\gecko-crash-server-pipe.3488" tab
        5⤵
        
        PID:488
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5524 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5436 -prefMapHandle 5492 -prefsLen 37937 -prefMapSize 241207 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {894123ef-e7cb-4719-b69e-37e59864306c} 3488 "\\.\pipe\gecko-crash-server-pipe.3488" utility
        5⤵
        Checks processor information in registry
        
        PID:1140
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2992 -parentBuildID 20240401114208 -prefsHandle 4748 -prefMapHandle 4756 -prefsLen 38002 -prefMapSize 241207 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86ebeed3-cbf4-4e64-8527-1c366206a345} 3488 "\\.\pipe\gecko-crash-server-pipe.3488" rdd
        5⤵
        
        PID:1404
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4044 -childID 4 -isForBrowser -prefsHandle 3412 -prefMapHandle 3376 -prefsLen 32929 -prefMapSize 241207 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aedf18ca-07cc-4bc9-8ae4-edbef490e8ec} 3488 "\\.\pipe\gecko-crash-server-pipe.3488" tab
        5⤵
        
        PID:3484
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5764 -childID 5 -isForBrowser -prefsHandle 5780 -prefMapHandle 5784 -prefsLen 32929 -prefMapSize 241207 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cd61776-86d6-40fb-822a-f9f85586b9a0} 3488 "\\.\pipe\gecko-crash-server-pipe.3488" tab
        5⤵
        
        PID:3016
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5952 -childID 6 -isForBrowser -prefsHandle 5960 -prefMapHandle 5964 -prefsLen 32929 -prefMapSize 241207 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d58bd840-c4f2-45d5-91e4-1b79047c8f12} 3488 "\\.\pipe\gecko-crash-server-pipe.3488" tab
        5⤵
        
        PID:1084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae5e3cc40,0x7ffae5e3cc4c,0x7ffae5e3cc58
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1768,i,11278677401996509264,14458113613439384398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1756 /prefetch:2
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1704,i,11278677401996509264,14458113613439384398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1568 /prefetch:3
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,11278677401996509264,14458113613439384398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2252 /prefetch:8
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,11278677401996509264,14458113613439384398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,11278677401996509264,14458113613439384398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4472,i,11278677401996509264,14458113613439384398,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4468 /prefetch:1
  2⤵
  PID:4016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffae2973cb8,0x7ffae2973cc8,0x7ffae2973cd8
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,11327133652494998453,432299312797967246,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,11327133652494998453,432299312797967246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 /prefetch:3
  2⤵
  PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,11327133652494998453,432299312797967246,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2584 /prefetch:8
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11327133652494998453,432299312797967246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11327133652494998453,432299312797967246,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:5344

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json

Filesize
102B

MD5
7d1d7e1db5d8d862de24415d9ec9aca4

SHA1
f4cdc5511c299005e775dc602e611b9c67a97c78

SHA256
ffad3b0fb11fc38ea243bf3f73e27a6034860709b39bf251ef3eca53d4c3afda

SHA512
1688c6725a3607c7b80dfcd6a8bea787f31c21e3368b31cb84635b727675f426b969899a378bd960bd3f27866023163b5460e7c681ae1fcb62f7829b03456477

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f1d2c7fd2ca29bb77a5da2d1847fbb92

SHA1
840de2cf36c22ba10ac96f90890b6a12a56526c6

SHA256
58d0f80310f4a84f687c5ce0adaa982eb42fe4480510399fa2ae975d40bb8bc5

SHA512
ede1fafea2404f16948fe0b5ea5161ccee3ee6e40c55ff98c337eac981a6776b9c73dc030a5c59e4347aec91259f497539206e71949c33adcecbf2c846709e14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c1a24fa898d2a98b540b20272c8e47b

SHA1
3218bff9ce95b52842fa1b8bd00be073177141ef

SHA256
bbcc378fcbf64580e7a48b4e7ca9be57fa0a1f2e747f488325685bdb18d73a95

SHA512
e61f196e7f1c9a5fe249abe9b11eea770fb2f4babc61f60b12c71f43e6fe9354cf14869daf46abc2c2655bce180252acd43c10562a2dcd31fa7d90d33253820e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2905b1ec74c66529dce166a24fb53991

SHA1
517b9bce064321c3326aeafa078200fb85a397bc

SHA256
1032083a3d3656fdded5bdca3ac2981e10f0c799902a518ddfa7e37aedaa3cb1

SHA512
bc944c280ed2d0fcfe2850c64bb7049599182e020e112b69ca5ef9d07952215ebeaa2932fcb27af821a9b3b5bf68cefde892d6dc829eb072d5f996996f440232

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\activity-stream.discovery_stream.json

Filesize
22KB

MD5
e98bbd87416b1cbffd13acbf4453c017

SHA1
03e80acce985e4d167eb637febb3f66364a7735d

SHA256
087e64b26161b6ea4b73a01791f987818e93c8078aa318cb4aec8569462baf87

SHA512
0f3a2f272714294851611ab1bf04d8927e019b3a550621e620ec286f3f483658aaf4661009c73a883876b58405a22b26af06cd6550d7c5e5bb3ec56a029eae05

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\0305BF7FE660AF5F32B4319E4C7EF7A7B70257A3

Filesize
13KB

MD5
1f8fc72ecd2b8dcefc0590b0ba3e642a

SHA1
1d9e7bdafd9bde7fa5fe8561fe1ce5e7348a1c23

SHA256
f659ecf0ebf76482a7c2a94907079c42006040690422ebb934df0b5fa34984fb

SHA512
d650efcc32802d700501a0604b3b5974d2319ca663144d7936501c42def802e35f7a6b7fccc5ceff09d2499b763a53922df297993d241309284554b1969a2dba

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
910ddd692c6a0f379980720dd49afeb8

SHA1
7f1fb7a0491f7b2ec87b198d866d0f8fedd48eef

SHA256
57ff269b27924d874d452c8095a237675215de777f36a836ea698596d6a5178a

SHA512
21929222065b93dbe3e20615f1de0ae0c754da0831abd70a9127cdf4212e9155c93935231e7f962891ee8c3b58a62664f9f8821905af8a03a5ebffc6426554b1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\37373F56CBD822F5FCF64BA01E1320A0924D8460

Filesize
24KB

MD5
ee85d82e59f8815eb1c90e1555d511af

SHA1
101abefb069530937b8577b874aa05b3ce438333

SHA256
754508f6384fe28c37a326b44f7a6c7005fc3552e02e50de6243bd197dc2afe7

SHA512
94b2041999ad3b4811c9758e7051e195f470cf6151802e6fcff71089e71da40ba13e5573fbbd303bbe4b3d83cd06282c5c13edd0e481c9fb4b84cf907afa77b1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
24KB

MD5
a028723feb2a2c9effa138ee5606bc10

SHA1
9e36e34007ef3427d567c54ce935372c1d3ef52b

SHA256
4e3a4e20e9accdae052b9ebf458b6f03138acc6264498b243f683e48ae0fded3

SHA512
e653ab465f358ba70d53aa17f179eb89923c96be638d0e714e6b7e4259304e5ec34cc43bd7668f2ae60229d006904c97d41cd734bc017813761953ce7d481b50

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\7BFCF32544F467F973AF267DF4EB4842EDED0C1F

Filesize
16KB

MD5
5b0b8fc3783df541a8d11e93e11f9ee9

SHA1
78960ea56cf9a6c81cf4ad3840ba1cf7898d5ee3

SHA256
bb8db34af46cceea30f0fde23c87c183254ae2290c064fb89d877951ffaf2269

SHA512
415fc1c736daeaa56388500736bc2696374a9477c6486405c36be22b894001e6982c6983be5518f31ba892fb6b3440fc74887c1c7a8fdd6effcc21989ebe9a5f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\CB594844997EE5E36DEED66842500F9C2FC241D3

Filesize
11KB

MD5
89f6a86591f188812a5ff80a652cf8c1

SHA1
15251dfe33da0320aa8fbda00449c71b83336d1c

SHA256
25b7f708eb0136d728de1820a395d637ee22788695f7dcbab3da1af877d53d45

SHA512
041109c4c6cf338ef34720adc15f3839dd0f66dccbb8f0434623a013e0bc1c1ad37de61b5ababb1374da7748eca3342a75aa60c98a389521f3f65a907442eec5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\D0F48A0632B6C451791F4257697E861961F06A6F

Filesize
129KB

MD5
07ae45f30c2de06290b1e6758f95fb0e

SHA1
e7298554f5d7b2f6164bf8a198c49f67e8257bb4

SHA256
522bdfb946aa12733bd03c078cfe8ceff878c7e6d35e3775f3a892f9623148a8

SHA512
f43e6b196c7dca2fe0c94c52822860b66635c16e0ecab90633af114193aa2adf35b6fc5346f3d059b16e89191a022bfd8c174391804992fa1b3d85ece4c9f8e6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308

Filesize
9KB

MD5
da2f25cb655f77f4d0924a4a9cb1cd73

SHA1
ed04951bce4cfc46a6be2c82cdd11750a800d673

SHA256
e64605cb9496a853a9482390c0fa0f6c0fe2cedffb71f0e80eb9f8de979f3eb9

SHA512
f654c1dd0af0224d763a18f096740a4b520e62520d6e2c5bdbf116c9dcd798e46ce3a24707ab8acfe3304b206455bbed87dd697e95572baf6a7e11c4d77b480b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\startupCache\scriptCache-child.bin

Filesize
462KB

MD5
24d6c20c2371bb9028a30bf2a6c873cb

SHA1
0c3e9dd4ae0d70fa241ff9c9104bc8800a8e703c

SHA256
5531f258fd34995aad0248d4781fa9182332fdad29406e3dee6d99fc2b7205ee

SHA512
a06ec9cc88980c6a9c8f18f65a205599f49eb62071d5a06e0328853de9e888687eb6eba70d7f0e4bc8d403a5cff532d2f93defbeefa3d469986c0466d8e02dc9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\startupCache\scriptCache.bin

Filesize
9.1MB

MD5
f0f0796a698bb288261a0aeeb3cc3354

SHA1
94e7ce66ca0388ff61ee875b4dbf0a3965a2d9d8

SHA256
20f5c6bc0ca95b397ef3dadeaca3fbe062b106c206de7fbe82ba54c52e55b71a

SHA512
096894fe537a0f118b7481f0675c28c777a67c8a302c6360cce165fbae330569a4a614e1913a9f19efa3ae6696cdf521385ed1ede3ede59352ffb68e07f1a265

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
8396dc75e86df3f2733361bbf75aee58

SHA1
0ee6c4d84206217713ba126bfd47c2d33fbc57d5

SHA256
5f5b45fe62f7a897bd4d14a60db15c67df75865235f730806a1b959925e8175b

SHA512
87ed8998b8906bce32e5718022d338d35903ff8371e5efff1851fc423194c48167aaabeddd59469e0172b4665cd08dfe6abea07f6956c8e2ea526c92fc0a25d8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\startupCache\webext.sc.lz4

Filesize
107KB

MD5
5a76bb7ca33ab8ee1ef9582ec06cf748

SHA1
f8f15975cbae2212aa6e60f6ca0996ce081a6ac4

SHA256
1d0db5fa30ccf7a702269c47a2ae808df845d1dadfa1603dca19a18749583229

SHA512
95f7e58293eac42b3364bc475967ad66af7d84465249b9dc4b8e5fffdf2fb311998685534eaf794364f2890814e9791ba74f49f3a48fe7c3394c24a9673ca7d6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o2w7kten.default-release-1738241244194\activity-stream.discovery_stream.json

Filesize
22KB

MD5
62e7e5c48c4e773b632416ad6814ba8f

SHA1
0bd2ee899c59d3a7037b860bcb8f3e17134a2baf

SHA256
71ca1074331787eb3ed9f9ed208142a82e0efdcd0035ab8b7a3f039cb6b40c90

SHA512
660a477fe0afa55e0de2d1744ad72c40ecfbff4cf791d8aeea3430dc351dcd29ffc69d6053702817f62366e0127d1f91d2fc16f2325f69fdef520ac1eb9e2314

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o2w7kten.default-release-1738241244194\startupCache\webext.sc.lz4

Filesize
107KB

MD5
79a3813f0efdbb6f9f3eed0ecab3b472

SHA1
4292ee09cd12b4899806612cb513b47115d4e6ba

SHA256
6950140925bd782bfceec73c0de0837223758d6e0acefc82c9022c2921884bc1

SHA512
a52ca29aee35d39c2a292dda952e9d6bdd296139f62551ab2df6c41159b9059860ca2ac67be4792a69caddee78198bb35601783bcd00d826af8a1b5dc5955097

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\AlternateServices.bin

Filesize
6KB

MD5
15521ccf68dcc7bbb7fbc6aea6d9513c

SHA1
895ab17677a97521278689989d7b336d3dfdf5cc

SHA256
4fa4188e40327ce32cf72c865f291e105289c213fbf2a641aad64e4b50109853

SHA512
14c4a4f7ae855ac4b3f25773fddee7726a23b947ce7cb93c1ee462d6d65f20efa37c490714105858a37e89db13554788ec9f8f609c5edf39d85ac2d3b92b59f3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\SiteSecurityServiceState.bin

Filesize
858B

MD5
d4b753dfe6155f939d1abb5171e85d1b

SHA1
612d3e094b7a0c2bd57592f4da7dfb76c25b39fa

SHA256
a10e7f9797f8643661514d385b397009c65556a056be68077ec7b085369137c7

SHA512
c26af8d43add701cc5b3d76afdcf5126f528959aa4c464819e05db6b2397e9c2ca21e23c62c1559752ab71341cca071feeff99a3c6c0ba1381a85a8494a3d7ed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\content-prefs.sqlite

Filesize
256KB

MD5
b5acd9cf58ba89e643e7b2e839e0707e

SHA1
82c2b9cbea4acb50b446b786818287be7b0b8b61

SHA256
4d4fd87f1cdccc9f826ab7de2b3980db6fe4ed328f079ceb24f680557da9667e

SHA512
1fdaf5173a2fa956e3793b3643b44d928a4c81a1599bdf4b057396bfca5948ce1097194dbb5f528959c8cf4e34d058922828236c6060b41510e9ea2cb9ed424b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.bin

Filesize
7KB

MD5
4fccdf57e91975ac485021041758e8f6

SHA1
5622a3e414b724359288c85db6d60a8c3c288657

SHA256
a4478af51045bccf5656fd70d0678c2cccb941d5aceb08e2735725f9eca17607

SHA512
792313300c1790a10a378a607772a88f903e09916fa8d4ece2dc4c5af758be8337e6c8904b64f340eb26515aab9f961395d09073fdba625e443b93529216f3fc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.bin

Filesize
16KB

MD5
d332b1c1b6f15dc5e81bd368afbb85fa

SHA1
6451386292551d64b24328b5ffa552cc79009f55

SHA256
64953ed4b3210cb02b4fd4dd0f5b03b439b4d8368c9e4e0cabbeb4a02e4c2021

SHA512
bb23af0ed3c5b4b3689309f62745873fb15f7d752da3608bafd7c07f0752f1511488ec4e4d27efb928298cc10ae96ad99db8780b57933e99598670a91a28e90c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
48fbe6334328ebd5950806265ff68629

SHA1
3fa632c9f06672284b4aa571a5096dc0160f381b

SHA256
ade2e93591252b3e2bdeef2985137134598d293a1972c3a2419875848a51c1b7

SHA512
2cdfb077b488c90b9fdde811c50fd9634adea01fddcb85aba1a00bfc89365fd68653a6ae358852dc8b5bf898a72beb2c5cfadfaabf84bad212a45bcf7f890287

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
bd838a6d0f3ef8f0953e82e154ee07ab

SHA1
447daaf204c9606e6506fce15afd89fa24f45118

SHA256
14e29e738e44fe362ac8ec49df236f615670b522f7841af17fed0a0b529aad65

SHA512
6ad3b6bee3e3d81602e30611a48733183d8b1fb2c3d4e88673d16de8887d6288e299ab681baa02d58a93b7e21912d41c41186e228707e8d2c9a300c8e9a8fade

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
d9b766a133e4e754b08139a146ec470c

SHA1
03ac37bf8f8fc4c6492eebe047198bd0beb2c7d5

SHA256
6dab4d45bd89f0d7b7b6ef4ddd2da1f5a0121bca68028469eaa849f57452aa03

SHA512
cc37582d59e0cbf4f2e23874159f6667b6d84510d15025f58a89559e3737f4db7169899cf85418e750f33e61b663ba12d2eaee9cc8ded10d08e41c31ffee7a9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\events\events

Filesize
104B

MD5
defbf00981795a992d85fe5a8925f8af

SHA1
796910412264ffafc35a3402f2fc1d24236a7752

SHA256
db353ec3ecd2bb41dfbe5ed16f68c12da844ff82762b386c8899601d1f61031d

SHA512
d01df9cab58abf22ff765736053f79f42e35153e6984c62a375eb4d184c52f233423bb759a52c8eed249a6625d5b984a575ca4d7bf3a0ed72fc447b547e4f20a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\pending_pings\12c134a6-0743-4256-b49b-08231ea027b0

Filesize
982B

MD5
f3cc97d5b78daf2acbb24cc063fc0afb

SHA1
b46086473fd475f07351101e3cb91a7eb037d99c

SHA256
be1b3cbdf9b840d4d080cadeb82cce4679bea8e35620f166398566732afa24f9

SHA512
21ab1318bc3ecd4f342fb687247a1d054db71b45c74d2e82f84b456bbd13f8dc2a7b8b6dcf7eaaafe9976d2742f8656720e9d0cd1fe120c9c4f13d560e83febd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\pending_pings\730869be-f9f0-4a3d-8cdd-088b5be1f312

Filesize
671B

MD5
e37c6198513f8db257da621a65d7071a

SHA1
d138d80c9ca3f2805095059ae3d5c2d4e361bbc4

SHA256
f0365216e3c1d90602d73eac629dfabe96ff4d2b6db96839f5e8c04b0cf581e1

SHA512
0342541f360d0f47a623ba6c8f9d690dcb88d74f984d35b505a21e33fcf0ccea709b5e00e524c6531892d61752d67accd62eeaa64eea2eb6ae3718715e6813c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\pending_pings\b84d9fab-ef7b-4568-a1dd-e02e537873c9

Filesize
27KB

MD5
207a3b0fdf3175f26c4c8df5346d36bc

SHA1
eaced5bda0b54560981bcd46571c70e51d1e7a15

SHA256
6a6710abfadf8055c60281d94c1bb3f33f0220b00c1fb518f2cad8cdd945da4f

SHA512
02590c34d9c6dc052f1afe6780bb34beafeb94351b36ecba7c75b9c22c59e17f98e519f8bd16e4a3344f2a0978a1489e5d5994f4c58a219e5c7a30d9e9591620

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\prefs-1.js

Filesize
9KB

MD5
dcd77695ba9c8e890129de816cb93a88

SHA1
0e355084896443b44577b1864c68004790bcb642

SHA256
9adf67c81b9684ec6865a08c2c5fd2b3eee041d70541d5b83fb6a05318990d23

SHA512
db1840a07a44abd317db4a04174a08d84701545488a49c06f5a7c0402d5442a22ae764c570ecd0c0b9219d868595dcedaaf7f599f0ed80c3aa80876184763e91

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\prefs.js

Filesize
9KB

MD5
0939f141fe1257f6f6441d3e32a2e59b

SHA1
c705e0c3f94e5943895891177e8a59de713bbf59

SHA256
99300f162b7e19bb514da0bc45e4cfd6ae97c6e4d27e911685bca5ca2259a0d1

SHA512
0adc24fa68467e0f2c06ecadb5f349b4829a10c42056dc2fafdd90ea5e2e2b90d5af6f5e52cf7afbb5c7281a305a314e072298b89907d5ddf6c1e8a082de60ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\protections.sqlite

Filesize
64KB

MD5
d7e5433a87ae3a30de4ab9adc47023bf

SHA1
4edaec48083abd90bc532ba8dd015fe209b0e439

SHA256
c2da29c9c40900e9ae211f9083849b86355850faa503062d14ced549563f273e

SHA512
9b28c36dbe02dff99519fac684c8cb88b8a40b06454524ebf79e576bd22cd94ae0eabb2655aba32bc118767f645d4e12da06764ca5d73c4e42fc2c2e0c343961

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore.jsonlz4

Filesize
1KB

MD5
9299ddfa367ce0e2c61f57d2b5475c01

SHA1
5bc9b90de42b698a040d70f2b36144f2a57dd92f

SHA256
be814a42f5b408a9c56a7d1fe6d77be5ba97eac6a733f45b857200f4ebdb9b49

SHA512
0b8db85b38ee554a07fc1d20f2851b5e5efe2655aad34f05a23546ff088bf76db81edcd2f6bf5cd9229e977e6925ceb08aa6c0f17692d97572c0326351d699f3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
ae97f8c3f27eb9c86bf7924c32800000

SHA1
6994eba395a2c82d4cf5e534f04ccc66c03f8812

SHA256
6277ff2b72012b0b459bd5b40d55579b43b2a431dffcbacbe322317b6e680bec

SHA512
e75fef9568665c3927a0e3918783a2b4b2fbf5b1b49ee32074b087a69dc16ba7d5d42c1a81e36b7cc29fd9581010c626435354c812c810d2f263bbc70f80a3c7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
384KB

MD5
5c3931caa12fd2b0692e0232e506dd97

SHA1
f4b04b1c9906dd16ce38207cda85fc4f139870a7

SHA256
5192c42da9d57d8051f72cef35f3cb277b850e1c25063609a195a7dadc5e9bb1

SHA512
3e3ccbda47c06c39778b5a09cde53612adc4ad7dfffd5c4e80d606ee7550ff9cbb0b5ac9661555f8d23d4fba1d4dec5c7e80cf9bcf400e028e3580d54a15e1ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\targeting.snapshot.json

Filesize
4KB

MD5
0c8ce2dd5bd65b1de002eb290c58d450

SHA1
377f510fb93e4bca74db53a72e3aa12f4955306c

SHA256
85007a717e4707b6793133186b4e284e4e157b235a380f25b748d331a208bac3

SHA512
a7912fe7790518848fe231f5d34080d00c616660b48c1cf116e67c9018a8143cb105a96c762754076f8e29da6f5c2c52bc70a95ad502b247a3b1ab6360e84e51

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\xulstore.json

Filesize
120B

MD5
8d689c06cb844185099c0398a280537e

SHA1
57073c7526ec37e94bb9db44fedc6d50276f7a6b

SHA256
96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d

SHA512
3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o2w7kten.default-release-1738241244194\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
c04e9e1efa8a9e37bb44c6471f9516ad

SHA1
acc3d98bae8f5fb9873ef5a80f24a0a084047fd9

SHA256
d1ce1cad420efa4d601fb99348cad76e3c78e054855857ff4474d92376260031

SHA512
ba3670d31a02fbcec76b7e1fcfebed8b5e4b22e3fc8cfce013e1238e21bf7063c034bffbb53b66b9003e2fbbb24f73278ce3d4f2b30dddb00817763fdb87c20c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o2w7kten.default-release-1738241244194\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
cd6aefe93ca644ee7874a57148712103

SHA1
6521132c16c7635a3aa026a3c60b90ddeb0b3e9f

SHA256
6a7bcc7d16256f547791ad91576cc2809712f1cd00b575ec14c69a4633b2d7e0

SHA512
ac4968bfbb5c7b12c9e4a8d5307f1524768676284c625ed50101f790455af6214bb18fac31e2f9cb69a57e45cefc4732e68f88f59751363b1d01a2b9baa7f635

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o2w7kten.default-release-1738241244194\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
b579b15e0a721b3ce9c10ee89f8de432

SHA1
52a265e42676184286686c0efdbfaf2270a42c14

SHA256
fac6f2f1f1f8b19f58a5169b60c6528d92ff821c13d901339230c8c50c22ebe3

SHA512
b5cba3c6caa2e3b3434795b017b35a9db92aa7453506eb6a713ad4157b7cc80086211cf6dda0916ed5b59884683bb0efcfa2535e61b65bcbd187dacb2dc8fd8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o2w7kten.default-release-1738241244194\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
94fb520aacb5f586df31f75f47863d09

SHA1
6869c7fc7d06cd74ceaddf98259ac2017f5823ad

SHA256
9901256ecdfe24e99bf010d51740bc9989ef8005830a0216244de82f9e9df74c

SHA512
17676074ad9281c893f75e8c6d878069978623a0ebcfef4d9479e62bade8bc88f2db84bdf44cf4781fce849e623449bf0a3123335578bcc1b951148b2f5ece4d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o2w7kten.default-release-1738241244194\datareporting\glean\pending_pings\81d960c2-396c-4973-8c20-c4168fc7746a

Filesize
566B

MD5
cae7594e188e56cb5839bfd0ec6ce18d

SHA1
be558b06ac08763fdcffec3b7c0468b7f0ce655b

SHA256
0efc1a83eb9555a2223f3a235c2461f834f746790da0aa9cbaf382a7a3a25547

SHA512
cea2457026d03ec9e6d5f79619c12fdc8b6d935b0ae9fa64a062ead4c75aaed3ea84ad441cd7b9949b7671c1beb5a46b756059285412f084cfa7aed83bcfc1d4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o2w7kten.default-release-1738241244194\extensions.json

Filesize
34KB

MD5
6cda813798409b2502f4f3e67b11f12a

SHA1
a8c3aa8133169c11469d68ff1b4eb3e11b11fdb7

SHA256
d5f3d875ddec53713ef244ed3a58b94493a2516b8a726829b2e324a72b35f181

SHA512
a5cb9404bc16b49f3805a5fbbcc7c09fc7b0a40ae72fe77f1517d99493647c9ff0cfbe7aa0fe1fdb27dcd10f3b555a0fa0e69c9faa16ebe61c67564574e9600f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o2w7kten.default-release-1738241244194\key4.db

Filesize
288KB

MD5
d63550d6d6978453ae8e105ce12258f9

SHA1
896dcaf2cb71ddd10d8e4b9d5a577f8849fc370a

SHA256
a4a6adaca56a7c7f88893521c7e1a3a8546ca6a5c0b43fd5f9ff12d3e2ef412f

SHA512
7e6717a53501072eb088e8f7d5aad0f21f41362e0883a97face5c1aad6898d5a70e009f14c32f1ee5e48dc5a5672c9a7fe335890d937e87a42b4808bb531bccd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o2w7kten.default-release-1738241244194\prefs-1.js

Filesize
9KB

MD5
4d9188d08125713cc3f89545197a73cf

SHA1
f71b2f14aa32685b31f7283df79f6c36b480d050

SHA256
1eda646a662b1ad1b8df0c5a462d1234d8b919edcb64f7bd7c01d29fa76f3682

SHA512
44f9792d6171eba33db5cf3027b3eee9716be09fc080e8eda1a50a35b16ddafb14fc6a47b92b11b7a075a75fbe7dda40b974857293cb6baf55d60f7afeb5e9ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o2w7kten.default-release-1738241244194\prefs.js

Filesize
1KB

MD5
0c6dfe701c0b77594ec66c7f087d23dc

SHA1
53355137e6893179b4ff4b5f21fd3cac467e1b2a

SHA256
027d0fe21165f04c63a3e5e3cea2444d2f93d3cf776d900ae2d9238b899455bd

SHA512
4286f02e7cf1d0d86f2e6cf9bd26bd6e9a1ecb164b1ce6a5fafd5320de5a370661bbc3f784d91f1569983ee74abb22abf60e811b342b7ca3f5a458400df9c23a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o2w7kten.default-release-1738241244194\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o2w7kten.default-release-1738241244194\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o2w7kten.default-release-1738241244194\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
152KB

MD5
56c6156242d4de601bb72ee73ce373c2

SHA1
f78e6e0d8af23fce7c436573165c62c868b71251

SHA256
6e2453666913c4cdd7e1f114872e857a640755a038dbb00e589324e1fe3fc447

SHA512
01f0829b81c433fdc8e5d999347ba598e2e35d933214d490db53f0a25703cc9a3144cb3523639324c8cbe4318156847473ad1196f65eecd24a69e3ff0357844d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o2w7kten.default-release-1738241244194\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-wal

Filesize
394KB

MD5
acd7c7b9d7a39554428582ea96ead8e3

SHA1
e7f3deaf44330a05b7380a7a50947a55015826b5

SHA256
935b84ceeb1a7dd64edf64cdc691fa56645a467d88718258f89db49b58d1b741

SHA512
a75987630aaa19e1388392694a3b1b3ab3d06277a3e346323e7c1ce7c235a3722ab73025081744dcf3bd99ee71953119f854475300669207fdf0e842fbb7b0f7

Download Submit
C:\Users\Admin\Desktop\Old Firefox Data\er3umqpr.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shm

Filesize
32KB

MD5
b7c14ec6110fa820ca6b65f5aec85911

SHA1
608eeb7488042453c9ca40f7e1398fc1a270f3f4

SHA256
fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb

SHA512
d8d75760f29b1e27ac9430bc4f4ffcec39f1590be5aef2bfb5a535850302e067c288ef59cf3b2c5751009a22a6957733f9f80fa18f2b0d33d90c068a3f08f3b0

Download Submit
C:\Users\Admin\Desktop\Old Firefox Data\er3umqpr.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite

Filesize
48KB

MD5
e8811cc6d97ce7df7d28c6e5e62b881b

SHA1
cc3c8635a0aeae02b0941e4642c4bfe624bf39fb

SHA256
68e64b591661feb6236bb52d1c085037e72be075e401b32674f5222e4145d773

SHA512
5676a50511441de2541cabf7f0171f6b6ec79f15158830db3643903334198967bc6ab05d0765af61ec74466715aeb577222a488aec38065fd31f82e92110a8a6

Download Submit