hxxps://share-point-from-jana-view[.]web[.]app/outlook[.]office365[.]com

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2023, 06:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://share-point-from-jana-view.web.app/outlook.office365.com

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "25"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\web.app\Total = "112"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "64"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31027664"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\share-point-from-jana-view.web.app\ = "112"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2510279798"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31027664"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{C11FA6AD-DDC3-11ED-9F77-62EB0CDC8974} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "280"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\DOMStorage\share-point-from-jana-view.web.app	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\web.app\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2510279798"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000038a9e23718fe574b84afdc36f043bb4c0000000002000000000010660000000100002000000009526204fcaf073d44abd57833e46385ad05fe81926d23f8ebb6cfb13fa03607000000000e8000000002000020000000a3dc78f2d685c08de665878fa5d473c0294d9b60b08bee9afad3212796acb2df2000000044f4af76595817e91092300c1388593bb5a8a505f9cfa5960ea9e5b9bc8c9145400000008ed56e760598f99eb7f86fecb3d9daadcb5c83303bc771a04e45f2fa4fe428dd6d08b431d07416244978ecb94acf932ac816bf126084c2eca010d12df77f10bc	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000038a9e23718fe574b84afdc36f043bb4c00000000020000000000106600000001000020000000a345be8676d8d1be8fad29165c05bec8f4a1c30143bb62db972d820197de2136000000000e80000000020000200000004ffefbf8838c1018f7d3218c9e8ab5153fe17f058751a896be77744ce439de9a20000000e0cf58f2b6f82e88fa971783b2f9acadea60fb20c5777ae9640af2ccdf63146f400000007ee038d43bf498313bbec3866314ce641ea894f86cff9f18cd1ebda6d5e43590279853392119712a26f1a5791a777a5eeeefdd54bf5162ae8c65e4ba048c2ee6	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "280"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000038a9e23718fe574b84afdc36f043bb4c00000000020000000000106600000001000020000000ed4a75ab6467790e6722c7b1f419dbb93a0c48f0cb5f5417df10f10ab505f793000000000e80000000020000200000002ba8070cd1364e6fe4d6adfc9c93c1e30d186a2c579bfbf88634ba710babd95020000000c4ac1a9a4d589c9074d289e23c8bc64d270811772e48b23f8d74cdd91459421940000000c82a1d6ad55a3e08adb7474affb8d62789e37e941079056eddeed4ac49040a6a10ef2bd7aebd961272e92c2c0b239bc673ce30f07272e0f9139b6181edc25846	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0b568acd071d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\DOMStorage\web.app	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000038a9e23718fe574b84afdc36f043bb4c000000000200000000001066000000010000200000004badb5a28c2d3e9b1dcf2b20133f54b7e25b01facac834c856039d31ecc722d4000000000e8000000002000020000000bdd73f4a22e90c2c9a67360bbf0703f71d34605129be6db1a7ffd3a75bca762a2000000072cf716828f49215bbb79a5498521d0dab0442fda26a940fbfc7791c0729c51f40000000821f26787bff52c258fb822ece1cc76550f9cf87fddc924861e42dc54b857e8413c02f7a1a471e7e234acca1e2f636af5c2a4681b283f4e286551007bc944848	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "64"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "25"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "388571811"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2534811041"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "137"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 0047c198d071d901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0b8c5aed071d901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "280"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "25"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "64"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31027664"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\google.com	IEXPLORE.EXE

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1528	IEXPLORE.EXE

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1488	firefox.exe
Token: SeDebugPrivilege	1488	firefox.exe

Suspicious use of FindShellTrayWindow 9 IoCs

pid	Process
2284	iexplore.exe
1528	IEXPLORE.EXE
1528	IEXPLORE.EXE
1528	IEXPLORE.EXE
1528	IEXPLORE.EXE
1488	firefox.exe
1488	firefox.exe
1488	firefox.exe
1488	firefox.exe

Suspicious use of SendNotifyMessage 7 IoCs

pid	Process
1528	IEXPLORE.EXE
1528	IEXPLORE.EXE
1528	IEXPLORE.EXE
1528	IEXPLORE.EXE
1488	firefox.exe
1488	firefox.exe
1488	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2284	iexplore.exe
2284	iexplore.exe
1528	IEXPLORE.EXE
1528	IEXPLORE.EXE
1528	IEXPLORE.EXE
1528	IEXPLORE.EXE
1488	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2284 wrote to memory of 1528	2284	iexplore.exe	85
PID 2284 wrote to memory of 1528	2284	iexplore.exe	85
PID 2284 wrote to memory of 1528	2284	iexplore.exe	85
PID 3144 wrote to memory of 1488	3144	firefox.exe	96
PID 3144 wrote to memory of 1488	3144	firefox.exe	96
PID 3144 wrote to memory of 1488	3144	firefox.exe	96
PID 3144 wrote to memory of 1488	3144	firefox.exe	96
PID 3144 wrote to memory of 1488	3144	firefox.exe	96
PID 3144 wrote to memory of 1488	3144	firefox.exe	96
PID 3144 wrote to memory of 1488	3144	firefox.exe	96
PID 3144 wrote to memory of 1488	3144	firefox.exe	96
PID 3144 wrote to memory of 1488	3144	firefox.exe	96
PID 3144 wrote to memory of 1488	3144	firefox.exe	96
PID 3144 wrote to memory of 1488	3144	firefox.exe	96
PID 1488 wrote to memory of 852	1488	firefox.exe	97
PID 1488 wrote to memory of 852	1488	firefox.exe	97
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98
PID 1488 wrote to memory of 1056	1488	firefox.exe	98

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://share-point-from-jana-view.web.app/outlook.office365.com
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2284
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2284 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1528

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3144
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1488.0.811592174\1084903905" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {194db406-b117-49ab-93d9-9ede2127705d} 1488 "\\.\pipe\gecko-crash-server-pipe.1488" 1916 23032df9858 gpu
    3⤵
    PID:852
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1488.1.432794030\1879798380" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b1eee47-9730-4ca3-82fb-9959042656ff} 1488 "\\.\pipe\gecko-crash-server-pipe.1488" 2316 23025d72b58 socket
    3⤵
    PID:1056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1488.2.101879016\1380881297" -childID 1 -isForBrowser -prefsHandle 3076 -prefMapHandle 3068 -prefsLen 21009 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {882b4249-0412-423d-ac00-4efbb272db36} 1488 "\\.\pipe\gecko-crash-server-pipe.1488" 3088 23032d79c58 tab
    3⤵
    PID:2316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1488.3.379930266\295765249" -childID 2 -isForBrowser -prefsHandle 3488 -prefMapHandle 3516 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af9e3584-465e-4fa6-ac27-3c6a84a6c652} 1488 "\\.\pipe\gecko-crash-server-pipe.1488" 3388 23025d71958 tab
    3⤵
    PID:2328
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1488.4.1680914998\1077256512" -childID 3 -isForBrowser -prefsHandle 4056 -prefMapHandle 4052 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37bfc842-b9a4-4146-a756-47a2900b4ef1} 1488 "\\.\pipe\gecko-crash-server-pipe.1488" 4068 23035670c58 tab
    3⤵
    PID:2240
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1488.5.1716245347\1777560529" -childID 4 -isForBrowser -prefsHandle 2940 -prefMapHandle 2804 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fe03a2b-27d5-4a2e-9418-5aa9a60e8e68} 1488 "\\.\pipe\gecko-crash-server-pipe.1488" 4932 23025d2ea58 tab
    3⤵
    PID:2572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1488.7.2075997930\346398580" -childID 6 -isForBrowser -prefsHandle 5356 -prefMapHandle 5360 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c208f45b-352c-4e22-ab6b-2fafbd215a09} 1488 "\\.\pipe\gecko-crash-server-pipe.1488" 5348 230398dd158 tab
    3⤵
    PID:984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1488.6.1370125722\750335905" -childID 5 -isForBrowser -prefsHandle 5168 -prefMapHandle 5172 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {445527ce-f400-44ed-b300-9ca41785c667} 1488 "\\.\pipe\gecko-crash-server-pipe.1488" 5160 23039394f58 tab
    3⤵
    PID:1628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1488.8.1051773210\1915424717" -childID 7 -isForBrowser -prefsHandle 5356 -prefMapHandle 5576 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81b9f9ce-ae30-4791-88ee-d5d07f76feac} 1488 "\\.\pipe\gecko-crash-server-pipe.1488" 5748 23038be6158 tab
    3⤵
    PID:436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1488.9.757943249\470246274" -childID 8 -isForBrowser -prefsHandle 6044 -prefMapHandle 6068 -prefsLen 26851 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {74ac58ec-93df-4273-88f7-110875fc94ba} 1488 "\\.\pipe\gecko-crash-server-pipe.1488" 6084 2303b022658 tab
    3⤵
    PID:3836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1488.10.1185052384\1397304383" -childID 9 -isForBrowser -prefsHandle 5144 -prefMapHandle 5160 -prefsLen 26851 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc37c37d-d6ea-4a8e-98a3-1ebf3bbd3416} 1488 "\\.\pipe\gecko-crash-server-pipe.1488" 5640 2303b022058 tab
    3⤵
    PID:4604

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
c5eac463d1d45a752223572efb1ed5b1

SHA1
649fd8bcc3705d81012acfa09c56b92280220168

SHA256
93ec76a088937fb866ca3347ae719da9cf3d6a12d47711d6f548c7be9d827150

SHA512
88dbbad2ae7d60f1166dbc26fd7ea7cd958e30744b6fe0f2ee158bf28025dc753544b28c06b2e1e492d9ef725ad8926fee0c37569b0e902d549864496e1d843a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
434B

MD5
d536d999536cdbf1ee8fbe2785a2d2ee

SHA1
9f21eb405c85ad9acd649d2d9ccf857900e4c30a

SHA256
2502f18084eac9b71610b59bdd708c23d16d1cb8cc3ed1513cc75a83e231d9d9

SHA512
6eff357bd368c28a3dd226a8955a7673695d3910caa61793f0f531715541137360c93554828e10038ded6bb22833cc6a8b01d0ca8aaa5fa3dd2f1fa1ce93a29a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\80ZVKUQ9\www.google[1].xml

Filesize
476B

MD5
02eacf874d8490f554136fe8db5dae2e

SHA1
c368180bc18e0ec4db0d9c17f505cc2522ab7c3d

SHA256
d117c077fae581972c488b41d733abfa16e7619f899ce91cedc31d2c0407184e

SHA512
591ab0fcd3f58bd45f3c9c74a187adf2102fa86a161e5f2d5eb43e08a772c3b3ee6ad6d270b5926f9f21496ac93c957c9905af00eda134ebd855cf5ba70333a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\80ZVKUQ9\www.google[1].xml

Filesize
136B

MD5
bf43e2219e8beaf90adc4b742ed4dcbd

SHA1
0622afe53d10c4d37c404fc8a6b550d5b0b84a1f

SHA256
d150ff94e0f299939a7f15c0cae60563dba5611890abb9ed39a826aad8d761d5

SHA512
5608622ee2f6b43d5b04da12c8d34795fc387dadd09667a965e5c5f9cc3764ed67106a072375ef900e6881a6fa54c9a93da7529a4869d8e7e7af598230d563b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\80ZVKUQ9\www.google[1].xml

Filesize
99B

MD5
ce653891843cc1afe5e1b1327880c9a2

SHA1
75cd2a1f143fb3e6c471bc296ed82db557738e1e

SHA256
6b13d85591a3244183f3e3c0e7bf0a45960feeb87468adb81300048a56249a73

SHA512
2b74c087d6d64ca60a24371d36b13fbc1a694b8f9918bc7b60eee711979900ddb46b9f368b319816c06abcbea5649f72af704ded35ec2eb865ae6e603608611a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1IYUAPIF\styles__ltr[1].css

Filesize
55KB

MD5
83f90c5a4c20afb44429fa346fbadc10

SHA1
7c278ec721d3880fbafaadeba9ee80bdf294b014

SHA256
952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8

SHA512
4f0d19678a6758e67cb82652d49ee92a3646c3b4b68b93253c3e468e88506bb8ad78942d7be244b390bdd29a0d00026ad561c040c1b557067edc7887fe7119ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S1Q31HZS\challenges[1].css

Filesize
6KB

MD5
2c78b7f8fa496092bf41d5edd51611e7

SHA1
8b0b1b276e8194b0a5497db478ec2ea9b4f83c42

SHA256
2b0bd09c1cc7119d27e45353a59bf6c2721563e1689853ff704057a7439508d2

SHA512
53a7750ea46082968c2ec557857ad3975cddb0b45595259f0f3e9fc16360b87c5f257e058489ecaf80e61a97f92f1c5e34fa2f6fcfe922f4ae22392ffd75b4da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S1Q31HZS\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YYL8D8JJ\recaptcha__en[1].js

Filesize
405KB

MD5
8e6fb0dd4bab58257748f4f760d4c03b

SHA1
2237e528890d4749e7c55a1440a6e1497fefda4f

SHA256
3bd34a08f83fed3ced5508056737f9594d36e0e98f0cefdde2b92fbd8ead1bd1

SHA512
05c3faacd101dc0ce00abcb775be983e0fb965ef90705bc7a42f9f6320991523de9f42254df296fe27003fd27913e0e459a31a31346d5115bd570becf3884b3d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\activity-stream.discovery_stream.json.tmp

Filesize
149KB

MD5
2c5ba56744927baa368b95fb688db0c9

SHA1
e61b65e356890a635b8eed3958ad13d72e453bf0

SHA256
36fea187d9e05ea088a32d9921fb4fec741d50429b824746f15ba3f343419d37

SHA512
c005135bca03d1d88e54189e43026bc9c44597ee42563f4571eadbbc032bf99efafaba7cdace35634403055a4b66f6c5c8159d66512a6254d661173aa05fb2c0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\A4BC0C99327D7691FF360F07D11373B5791EB30C

Filesize
14KB

MD5
d3df65f8598f5169bc62f56bcc005b00

SHA1
382696d3425644b50858fa0a8b872c8add7ac8a8

SHA256
434206e31f15b67495d0cfa5d22242278429858c12d772923105c7cb9fc4526d

SHA512
bae8c59beffa9927a08ff17aea59c3119630ba17a27ba1b3001888ee073f2dde739f180155dc3e9b121e139d5effec881f01e5c67b073aebdd8f150ea88be214

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js

Filesize
6KB

MD5
316f644bc7af7a8b74139adcbda59189

SHA1
c0702d94a92d3cc76e9a55c634560df713b1629d

SHA256
34ad7c1f6e5df5652f693cad63d58f4cfb875b923f5fd5741999a8b61651cef7

SHA512
1c090bcef2bf136ec7020dac38b81080c774b789de2cdedf171e134fc18ce8e442d1479193c1db97e6a8d9d7d1dfbef9a2df816a9335f22d45dbd5cdd9fe8a91

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js

Filesize
6KB

MD5
59f2073024e23c0ffa08e49e5edd743c

SHA1
079ff941e99233be79efedbfd59437a84974a5c9

SHA256
1f74d7b57e92f8e792208f0fd0785c98d4d2c687ee2e1e127d59b35527721e2b

SHA512
4cffd99982dc2d9e51062cd6e6b601dc7bbb39ae31afad4ed3fad27b1d4edabc23fd8c0bfeb61611f85f237ad7926cd5288d1a0af1bbb19d62fe80ca321e1657

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js

Filesize
7KB

MD5
8cf603d162e5a4b72a55def42cb448ec

SHA1
4641298272bec6159c1b82bf176e435c6c4faafc

SHA256
7a52fd9334c2c24c2319a6cec8df1aaf8a9bf99c85e9a5859462bb32d02a939c

SHA512
b88d4ce2c8d65f1df27e09f853db4328cbd979460979724a04b9382ff585b5574c30c044192adb889e4c75e95b7b21ee029df1c06b2b215ca046138c5f51b965

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js

Filesize
7KB

MD5
1871ed360c0218a66a839c900582c3ff

SHA1
283ce3a13195c998f47b467dbc67ac15b433f5d8

SHA256
138a9e63385c1c5ebf323aaa49f5b58df29e1bbf67bbd32f7bbb5c9b9fc30499

SHA512
77dd75a4754495e1f7c1f3f4f881bcb0b30a71151e73f53cb94c5d861bb6ca7a4269b63bc527b1235ba61fb03b02949f3573d922993fb9e9c9d0601ae2ed8315

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs.js

Filesize
6KB

MD5
1984b45f201f1fd79d2154406648433b

SHA1
42f082dc6d4d43333688690bf4dfa7c7f8b618ab

SHA256
000a408519010d12b94281710f9a987f822093a1efb5293bbb50ca2e4a6a9df9

SHA512
e73a00cc8994d4023168e93ff5f5b6e6b13ffeb740872b64f565787cbb57e49e64eb03e4de1d8068a6f303f0615749fb27cb47bdbc4cef3fef1290bd3a3a17cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
d785f4e13bffae8606e91a1d4af62e59

SHA1
7aaaaf90142f0389692d69a5cd8952d064672885

SHA256
ec64bdc53507c1d660840d4354a87cfabe32bd73a4cbc9d403ace1f6d7a6e52a

SHA512
49b7b1c7f2f0a4db6249752b1c5250cb460810e65c1159bdf77e84155fa924c909b8a9698d418903588c640516a0292e5b142cea60b67fd4a12a1f32f4492019

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
6b7d92bf2b4247edeb82831e2dd78e57

SHA1
1608166ad5de701317650ae606c0b5710f3164a3

SHA256
97e920023adfd67648b189b788e56ada13c1641935b0deb18d5178a3c10e25b2

SHA512
15f6d8e09dc6a7ef4495efafc7f434078d0ed6f50885d4f03ac2c81c8592f43ca9b1428358836093b2497b9660c5c3f39c52749eed92780baf0513a67eaacd3a

Download Submit