a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db

Resubmissions

01-06-2023 16:18

230601-tr5x3afc45 10

01-06-2023 16:18

230601-tr1cksfc44 10

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01-06-2023 16:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe
Size

469KB
MD5

c2bc344f6dde0573ea9acdfb6698bf4c
SHA1

d6ae7dc2462c8c35c4a074b0a62f07cfef873c77
SHA256

a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db
SHA512

d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0
SSDEEP

12288:CzVXpdg/1MB94JD7RfaVT1hG98P67PNV3giFH6J1VjR3L6dpbQrQyEpInmwuRUfB:CzxjgdRpBq1hG98P67PNV3giFH6J1Vjn

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings	taskmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3388	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	3388	taskmgr.exe
Token: SeSystemProfilePrivilege	3388	taskmgr.exe
Token: SeCreateGlobalPrivilege	3388	taskmgr.exe
Token: 33	3388	taskmgr.exe
Token: SeIncBasePriorityPrivilege	3388	taskmgr.exe
Token: SeDebugPrivilege	5064	firefox.exe
Token: SeDebugPrivilege	5064	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe
3388	taskmgr.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1152	helppane.exe
1152	helppane.exe
5064	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1152 wrote to memory of 4948	1152	helppane.exe	100
PID 1152 wrote to memory of 4948	1152	helppane.exe	100
PID 4948 wrote to memory of 5112	4948	msedge.exe	101
PID 4948 wrote to memory of 5112	4948	msedge.exe	101
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 3480	4948	msedge.exe	102
PID 4948 wrote to memory of 1864	4948	msedge.exe	103
PID 4948 wrote to memory of 1864	4948	msedge.exe	103
PID 4948 wrote to memory of 4340	4948	msedge.exe	105
PID 4948 wrote to memory of 4340	4948	msedge.exe	105
PID 4948 wrote to memory of 4340	4948	msedge.exe	105
PID 4948 wrote to memory of 4340	4948	msedge.exe	105
PID 4948 wrote to memory of 4340	4948	msedge.exe	105
PID 4948 wrote to memory of 4340	4948	msedge.exe	105
PID 4948 wrote to memory of 4340	4948	msedge.exe	105
PID 4948 wrote to memory of 4340	4948	msedge.exe	105
PID 4948 wrote to memory of 4340	4948	msedge.exe	105
PID 4948 wrote to memory of 4340	4948	msedge.exe	105
PID 4948 wrote to memory of 4340	4948	msedge.exe	105
PID 4948 wrote to memory of 4340	4948	msedge.exe	105
PID 4948 wrote to memory of 4340	4948	msedge.exe	105
PID 4948 wrote to memory of 4340	4948	msedge.exe	105
PID 4948 wrote to memory of 4340	4948	msedge.exe	105
PID 4948 wrote to memory of 4340	4948	msedge.exe	105
PID 4948 wrote to memory of 4340	4948	msedge.exe	105
PID 4948 wrote to memory of 4340	4948	msedge.exe	105

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe
"C:\Users\Admin\AppData\Local\Temp\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe"
1⤵
PID:2828

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3388

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe
"C:\Users\Admin\AppData\Local\Temp\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe"
1⤵
PID:1908

C:\Users\Admin\AppData\Local\Temp\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe
"C:\Users\Admin\AppData\Local\Temp\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe"
1⤵
PID:1916

C:\Windows\servicing\TrustedInstaller.exe
"C:\Windows\servicing\TrustedInstaller.exe"
1⤵
PID:680

C:\Windows\helppane.exe
C:\Windows\helppane.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=528884
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of WriteProcessMemory
  PID:4948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa008e46f8,0x7ffa008e4708,0x7ffa008e4718
    3⤵
    PID:5112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,7120482855967813286,4124834645360217169,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
    3⤵
    PID:3480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,7120482855967813286,4124834645360217169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2460 /prefetch:3
    3⤵
    PID:1864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,7120482855967813286,4124834645360217169,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
    3⤵
    PID:4340
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7120482855967813286,4124834645360217169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
    3⤵
    PID:3940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7120482855967813286,4124834645360217169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
    3⤵
    PID:1712
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7120482855967813286,4124834645360217169,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4512 /prefetch:1
    3⤵
    PID:3612
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7120482855967813286,4124834645360217169,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
    3⤵
    PID:2872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1596

C:\Users\Admin\AppData\Local\Temp\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe
"C:\Users\Admin\AppData\Local\Temp\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe"
1⤵
PID:664

C:\Users\Admin\AppData\Local\Temp\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe
"C:\Users\Admin\AppData\Local\Temp\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe"
1⤵
PID:1580

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4348
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:5064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5064.0.1851035670\969375424" -parentBuildID 20221007134813 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {50f72b12-59ff-44ce-88d2-8c69666c2234} 5064 "\\.\pipe\gecko-crash-server-pipe.5064" 1944 23cb5816b58 gpu
    3⤵
    PID:5104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5064.1.1612272413\109634235" -parentBuildID 20221007134813 -prefsHandle 2308 -prefMapHandle 2304 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebe3d1c2-0b0f-4426-980e-dafec10f56b0} 5064 "\\.\pipe\gecko-crash-server-pipe.5064" 2316 23ca7870158 socket
    3⤵
    PID:3388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5064.2.1546431474\1867360303" -childID 1 -isForBrowser -prefsHandle 3052 -prefMapHandle 3048 -prefsLen 21009 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {284d98ea-fd9d-4455-b5cd-a02b73899edb} 5064 "\\.\pipe\gecko-crash-server-pipe.5064" 3060 23cb83f3858 tab
    3⤵
    PID:1736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5064.3.584588105\863976295" -childID 2 -isForBrowser -prefsHandle 2452 -prefMapHandle 1452 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d8299c0-73ef-49c7-8a04-d56880d885cc} 5064 "\\.\pipe\gecko-crash-server-pipe.5064" 3496 23ca7865658 tab
    3⤵
    PID:5032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5064.4.2140288564\1266682856" -childID 3 -isForBrowser -prefsHandle 4148 -prefMapHandle 4144 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f7769c9-262e-48bd-bdc3-485bd9107090} 5064 "\\.\pipe\gecko-crash-server-pipe.5064" 4160 23cb95c9e58 tab
    3⤵
    PID:3128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5064.5.1897781477\776491103" -childID 4 -isForBrowser -prefsHandle 5020 -prefMapHandle 4968 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d609aaad-ff22-412d-8631-28ac7c8abd9a} 5064 "\\.\pipe\gecko-crash-server-pipe.5064" 5028 23cbaf08a58 tab
    3⤵
    PID:640
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5064.7.472706252\46536060" -childID 6 -isForBrowser -prefsHandle 5280 -prefMapHandle 5284 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4560a23-0346-4729-984f-0b5e9e5c3914} 5064 "\\.\pipe\gecko-crash-server-pipe.5064" 5272 23cbaf09658 tab
    3⤵
    PID:2476
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5064.6.589365202\1998334282" -childID 5 -isForBrowser -prefsHandle 4976 -prefMapHandle 2748 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd0c60a4-5100-442b-84be-4d8b07718f11} 5064 "\\.\pipe\gecko-crash-server-pipe.5064" 5000 23cbaf08158 tab
    3⤵
    PID:4268
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5064.8.1335898886\2054524060" -childID 7 -isForBrowser -prefsHandle 5800 -prefMapHandle 5804 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb9e777c-eb44-4788-bc10-fc191210e76e} 5064 "\\.\pipe\gecko-crash-server-pipe.5064" 5360 23cbcc3f558 tab
    3⤵
    PID:1348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5064.10.1796930624\1691374211" -childID 9 -isForBrowser -prefsHandle 3496 -prefMapHandle 3544 -prefsLen 26770 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3dd6e7fe-14f4-4704-8a70-5a3e38b06747} 5064 "\\.\pipe\gecko-crash-server-pipe.5064" 5804 23cbc8f3558 tab
    3⤵
    PID:4748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5064.9.1037194202\1263715690" -childID 8 -isForBrowser -prefsHandle 4996 -prefMapHandle 2752 -prefsLen 26770 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {05bba0c7-86b5-4a14-a2e8-594080ae885f} 5064 "\\.\pipe\gecko-crash-server-pipe.5064" 5112 23cbc8f2f58 tab
    3⤵
    PID:5068

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
78c7656527762ed2977adf983a6f4766

SHA1
21a66d2eefcb059371f4972694057e4b1f827ce6

SHA256
e1000099751602ae1adcec6f1c74e1d65f472936817b45239dfed4b043984296

SHA512
0a8e58ae95163b3cdf8e81b5085887761e73cb7c836a1a6a972e837fb3df69b2ac70cfd6311d06d40656344ec35eb48e512f007561480f0345486ac2b329be0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
099b4ba2787e99b696fc61528100f83f

SHA1
06e1f8b7391e1d548e49a1022f6ce6e7aa61f292

SHA256
cdb1db488e260ed750edfe1c145850b57ee8ab819d75237a167e673116a33ee8

SHA512
4309375e10785564ceb03e0127ced414e366a5b833f16a60d796471d871b479e4c044db5268902d9dfd14715ca577cb26042bab8f7b0f31fe8abf33947feb9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
1230457eba709660388d08197cc1f59a

SHA1
9aa9c4f5258a315791707085538fdf08b85792f4

SHA256
a84788e735b0bc50519168a671404eafdfd8501e952f68086d68ba753d35d1d8

SHA512
f3578a1715338ac196a535cbb6ffd989a71dd8c028ee3fdbf8c7486d8a76e0371d43128f02fb6cd5b1ffda8f720e919e4755e6fac309cc999357e719ca887f9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
dd164c87dca6ba5ab7667ef00ec47570

SHA1
519597a53d94fc85b5a488d6a35ce1a435eb00e7

SHA256
63a7da7bdbc16adf3ef21a2fd11c0f3282b831220eb55ec5ccce2af087f2b2a2

SHA512
31bf38c60f858fe10059ac9d7bf5f4ab9df09f47ef09ecd7940420f843c885f0a8f7181d5e9372e738bbef283631c2f2545b4c6970000ab2136a2912b88aef39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
065f5f231589631d8012a7191fd03106

SHA1
90a91acb24f11896d14437f873033e9c6a792252

SHA256
6496ecd1d49d1e397044ba146ba8a087ad11faca428e1ac12c6111b43f442abb

SHA512
d8edf45f17c1f6d09956207649570e8b5d16eaaa279ad1f1a5f3805d595c35696e668e0c2d22745b2a9061a50ed1c89f214e4ef58a93acd687f4687b8e79881a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
317B

MD5
3c11ad4c038bb1b0352f4ace79761943

SHA1
96c99ed7591f1c1abd221ab4e4d12d3efc6e5b54

SHA256
69dd7e48375ed008021322e3eb33f368a076a27859fb5242cafbcf8aba8e5053

SHA512
31a4e2b79dfb78e19fb92c4294dc2df4b7a601a12ee105e6539a6574bc213982410dbce296899c05c0ca41746279a2aa32e7ef32cb820aba6b3255e6999988c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
e8ab44bb870e47f08bbf8d00bf5d2c50

SHA1
e1c647731ece5f57b14749b3ec9651def1673e83

SHA256
3b5fa61b8ccda3c26ee499ed0c0358c52a21224d9ac149ce6edfbf5e8473a0ff

SHA512
bdee3dd473fe3cccc94e7234c78cc79c7e1a0f0721e9e23e1e68fcf8658b65d3d004d872f2916b5d1531e8981eb7f0a74cc4668f2fe66e0ceb2af37d66725839

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
05c9608579dc447928c203e4427e737a

SHA1
537266355ec794ec6b40b24a4a8281ece0ff14e4

SHA256
62de85fa1a4b4774c33f0d33e3321005d71d35212f8c1631a56872fd36111463

SHA512
23a60a81a23b72b42866f250c5be741332c98bac9b9c0570e1ed29bd2d1d7300fcd74cd9e2d02bea95876ed27dac1c7ab14cc7bb6684c6cf2f9c724b818a6904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
02ee7addc9e8a2d07af55556ebf0ff5c

SHA1
020161bb64ecb7c6e6886ccc055908984dc651d8

SHA256
552d3ed359b7a52278ce621674d16428d8a7969f6cd5663df18e240cce66aadc

SHA512
567989543c3848a0c3276d96b96ca761f750e4b71fb74f36d809f590ffe16a72fd5ece251737a8b1ffe65f0051e211bd7ad19d2b8b0b7ca1b7ffc86dd2a52883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
b7dfc2bbf42909632a34ef2769d84193

SHA1
4e33e5053c8a8113cf84b5e57cdfe29aa7e75fe1

SHA256
c5be7dc897e0467741149afa655f9b3f0d7497110efc8c235ec8393abc58c0d9

SHA512
1e255a916e54d3279e4427aed358616a8b8377e378cc67ece884c8d4503018c43d85cbe4fcb100333b10864684fa44fcb3f71396b46368b62dc82ae55e410b00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
626b4633a36cf592bae4fa2ab88553ad

SHA1
71a550fa063beb3b142ad30b23f6502ddc578ce3

SHA256
7c90cecce055b8545432edb8080becbb8f5d859cf762c001b4a206240c3baba9

SHA512
a3b31775f84b919f663374f2166a805fff878acb03620ea8a20a09f83c356fe4d4331620333a70c4732beaff226b8b11f87d88d7d1c433d6a894388f18d1b9e5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\activity-stream.discovery_stream.json.tmp

Filesize
150KB

MD5
2c8cad75ee6a8e2f12f8c6ea42578410

SHA1
f923891d707c42fd04bb312b526bfed7652c5c71

SHA256
547fffb94153b1fe3171059aedb79e26a5e531ee410d531b6d064993be4bda47

SHA512
f61521df0d3ebf0c0c75157a81fa960e928cd68321193ee7ce6b8af0036b271aafb5a2171f20fe689a532d293674cbf0b978d7a4e9853f7314c84959a8356469

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\10044

Filesize
88KB

MD5
7f81527aa7fd7cd4a937d90d1c8d7122

SHA1
a4a2d2a92a401c69c8bf91468a19335c97f668c5

SHA256
fff12a17bcbc1fe586bb94e240fdd0915eb6402d387c8c187086c3620d96c172

SHA512
881f6e3197991cf853a01922e9b3c71f16e6f9b1866f579478b44a5a78fcdf9cfbcb9d75dc8b67fbe584f78a6c087baf5a6d75ecdbbdd9b1b34abad7f035895c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\11389

Filesize
15KB

MD5
1cd7f4959c420ed044ee63a1c907dc65

SHA1
4842e73667fbac58ba353d716e1616fb9af8e632

SHA256
57845b9394d4921df76f31b8a20fe5d078d314a3e23b5797890885f30018e64d

SHA512
b34ad8e3ef9b2206c8ee947e2c3ea6fac09bf6ac613482d8f21a6eb045415bc9a7131c4f19641079c38f08002ba0aee4b14bd04049c314691914c3266edf531e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\20737

Filesize
15KB

MD5
480173b0befe4b92b141a0f645fcb06a

SHA1
553978ec72f06ffc4c436012888d4a35bf8249b0

SHA256
130de1958add23d69d69de2892542ad48a8f37b4407cb94335e4fa89645da210

SHA512
781ed54d494c6e02763e6e3dc37984ddb40fbcd0d6251d5c12576d1b468995fdb1ec0545d8088a8ee2675a6b0bb5d7d493da0eb5c7e1faaeae06708360262816

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\25334

Filesize
88KB

MD5
1092212b4dfeb6ab0c16fd5d626baf2f

SHA1
db53d891954976aca187548003910348c42391b0

SHA256
a805e104f8c2aa63406d841b0414b80878c1a9383ce23e3aae00096d1252106b

SHA512
65fe6faa3fd67df4e534430a207c176ec81138869828a7a11910ca865c9be79e6b0592baa6cbf77a46befbb9866b95045e93aeef2ddfd499c76061df3450d49a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\26773

Filesize
15KB

MD5
02ea113f2de4e01f827becd3772fff01

SHA1
2bef7b2a5d11e47813fd4b800e92c5251f57625e

SHA256
895dddd065900a7e894f01d4681681d60c7ea87ea077b3d11f415d7876f5d0e3

SHA512
e83dcc554a43f052682aec27354820055b704aa46e43f15d7fee1d67793ea926939df385d2afcca87688f1700097cc2c376d7a170639a9bc865475bda9b70666

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\87

Filesize
15KB

MD5
a0493d256754d71dfb80dc3468d43ae4

SHA1
2a5d891ab29433dab8ac1985e331f49c589cff67

SHA256
5c4227bafdfc89c9b7829fc8f004fdfe6620850daf2975cb6b7abffbc87cf9e5

SHA512
54d162098ed7f6985c444fc054cdae57875d4263d27480261074d76ea585e635b642ad7bc4ae0f2d96454f410833e0c399e5fd6bfa06bf41c50f35b7309f8749

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\ABF8A18AC6094E0B3AB643A9375125F1422765F0

Filesize
414KB

MD5
4485740f5bd274bba75231c42f3dc83a

SHA1
9f8d1fe1aaa8ea87f7ecb5a82fb9e4d2125a198b

SHA256
5a23490f03404245dc01d9c4d5cf2b9c5350c011deed69f53ee648e904987413

SHA512
a1697c9a808c2b7561f187b81f40c63f3c09e0389ee548c6b319b68c3d095d8331eb86759019668f74052ba12351dbce2422f9996b9304cb9d40be0d32cb326b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\ED12D7B4C36F34C6081B3048A5F57601F018A306

Filesize
240KB

MD5
ffac51c8970c275454301787896a29e8

SHA1
f74f89d4221edc1461eb4b859eec0b8436ac7cdf

SHA256
28f3a9fc2f4bf8b10bb66a3726b7e6069b8b41d5a4118b54144291e7b0f25bfb

SHA512
4235dc8a0dfc0a46411d9f25342ab29f6aa4378bd437053e79454b0812d37d701c1bf16a47db93e7820bdeb9cb0f9e89cbcb911b9d10069649156e8f480872b7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk

Filesize
2KB

MD5
065f5f231589631d8012a7191fd03106

SHA1
90a91acb24f11896d14437f873033e9c6a792252

SHA256
6496ecd1d49d1e397044ba146ba8a087ad11faca428e1ac12c6111b43f442abb

SHA512
d8edf45f17c1f6d09956207649570e8b5d16eaaa279ad1f1a5f3805d595c35696e668e0c2d22745b2a9061a50ed1c89f214e4ef58a93acd687f4687b8e79881a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
6KB

MD5
edf3cde0c8f5a35400d73120487cca37

SHA1
c1e67ffd79564be14a6ff625d5ccc4c7947dcef1

SHA256
7c8e88c57b489e19a47a48bd2beb56ba91221151e3d5d6e82f4ebb0f2a71c27f

SHA512
14c7e167828825bc6d5a45d9d25ff7067ad12283c89303843a3dffe814a8a19a3331bb1b57be6505b0a4219af6a0eddab594217255b0d7690685ed7720c7f380

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
6KB

MD5
427475e166708ca3eee5838450fe2f32

SHA1
435bfb2f05a00da1d36fa77899c6c103895c3931

SHA256
6465ff3f98ab3c9c73fc925c62fea19adc709b89c3d456c926fcceadac78de44

SHA512
58b56f1946e1d9b0846c5a2127f2d6c628799c8ffa77c2e7a4c6f85507cda989557f510cdc3981abb26085380c0b59a47d20e1b968011745e3fbebf04bab8c66

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
6KB

MD5
457a5305f81ec4668a1935d47e090091

SHA1
20696764ce8719fa5664da95b56b6630d108f2f2

SHA256
d38292affe75074871c68157dfa7bd84d822e7949f1f0cea7156149f25bf0618

SHA512
02d6ae0fc52ab0c7c6fd4ae8810880751706dc08a7fcdcfa0ae70032a295f362fe6aea08380bf278ec5874ea28ea20595df6317882fcaf296e3bb22d5f2e8e32

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
7KB

MD5
3ed006c8905ab52012c65e2f01c3d876

SHA1
3fc4356ef2348347e0662a7fa979446137f483e5

SHA256
5219873b875b211a5b131e6a945c4c85aac7ec686c1d18a75da6dfae8d19a0d3

SHA512
0e0a4f8f07919a9d84a406967a2c1281d72181a91070762cdf6ebc0eb2b2bc93b4ffde8a8c9a9924cd7e3444f38cca33c70b80d664039706bfbef8b144e0eb4a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs.js

Filesize
6KB

MD5
feb8a52858c8167a58f36caa1b37f116

SHA1
7ae7f9d2721ae3c579f9e18e4fea679e8c848158

SHA256
adbc4c7b5e775c3d401ae811d5be5a69b844f5937e3d0a416d374dd5a7ec227a

SHA512
109d42ec5b9744b3561d29a9cabdcf2ffb81233935fa5c2d80c39f27b92ae55366c3c51ae3d26cc1a8936635662acbd11af89e54efac374aceaa279f13e7dc16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
686a63e4a10afebdcd77bde7483bd6f6

SHA1
031c809ee29f3f57b09c56b088fa8cd8af51b595

SHA256
e9375cf4ac57a0f631d5c9daaac5154e7c46e9a73bb6541062a34888e2ae680d

SHA512
4bc812aeb11a6a1f6367e31847e8fa934d7adb628045f46dc431ff8241eab4e36c7eef3c60ccf987604303cfa60e7664218074497bcca1b5d0f0801cb18ea1f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
9887999638cd890e4f9cfc6e23eb01cf

SHA1
38527876924e240a3bc434bc9bfc02c2361d7b1b

SHA256
7845bb4db196c909feaa9d14a26ad08a4e2aec6ab239db739f2ec53d1c4d5b13

SHA512
1be4c820e68538f13d61b2fbef9b60ca917075525d1dd5cef97e12faa576e2f734a2d68f3ed1bcec45f01febcb5cc8062cce58e64c32b2b27f69404f56f86df8

Download Submit
memory/3388-140-0x000001D0CC100000-0x000001D0CC101000-memory.dmp

Filesize
4KB

Download
memory/3388-133-0x000001D0CC100000-0x000001D0CC101000-memory.dmp

Filesize
4KB

Download
memory/3388-145-0x000001D0CC100000-0x000001D0CC101000-memory.dmp

Filesize
4KB

Download
memory/3388-135-0x000001D0CC100000-0x000001D0CC101000-memory.dmp

Filesize
4KB

Download
memory/3388-139-0x000001D0CC100000-0x000001D0CC101000-memory.dmp

Filesize
4KB

Download
memory/3388-134-0x000001D0CC100000-0x000001D0CC101000-memory.dmp

Filesize
4KB

Download
memory/3388-144-0x000001D0CC100000-0x000001D0CC101000-memory.dmp

Filesize
4KB

Download
memory/3388-143-0x000001D0CC100000-0x000001D0CC101000-memory.dmp

Filesize
4KB

Download
memory/3388-142-0x000001D0CC100000-0x000001D0CC101000-memory.dmp

Filesize
4KB

Download
memory/3388-141-0x000001D0CC100000-0x000001D0CC101000-memory.dmp

Filesize
4KB

Download