hxxps://solucioneswebdigital[.]com/e-hfjbsndsjdkb[.]html

Analysis

max time kernel
183s
max time network
185s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05-02-2024 22:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://solucioneswebdigital.com/e-hfjbsndsjdkb.html

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings firefox.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid process

3740 msedge.exe
3740 msedge.exe
1116 msedge.exe
1116 msedge.exe
4308 identity_helper.exe
4308 identity_helper.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings	firefox.exe

pid	process
3740	msedge.exe
3740	msedge.exe
1116	msedge.exe
1116	msedge.exe
4308	identity_helper.exe
4308	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exe

pid	process
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

firefox.exe

description	pid	process
Token: SeDebugPrivilege	1984	firefox.exe
Token: SeDebugPrivilege	1984	firefox.exe
Token: SeDebugPrivilege	1984	firefox.exe
Token: SeDebugPrivilege	1984	firefox.exe
Token: SeDebugPrivilege	1984	firefox.exe

Suspicious use of FindShellTrayWindow 29 IoCs

Processes:

msedge.exefirefox.exe

pid	process
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1984	firefox.exe
1984	firefox.exe
1984	firefox.exe
1984	firefox.exe

Suspicious use of SendNotifyMessage 27 IoCs

Processes:

msedge.exefirefox.exe

pid	process
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1984	firefox.exe
1984	firefox.exe
1984	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

firefox.exe

pid process

1984 firefox.exe
1984 firefox.exe
1984 firefox.exe
1984 firefox.exe

pid	process
1984	firefox.exe
1984	firefox.exe
1984	firefox.exe
1984	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1116 wrote to memory of 1624	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 1624	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 3740	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 3740	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2052	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2052	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2052	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2052	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2052	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2052	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2052	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2052	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2052	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2052	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2052	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2052	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2052	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2052	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2052	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2052	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2052	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2052	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2052	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 2052	1116	msedge.exe	msedge.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://solucioneswebdigital.com/e-hfjbsndsjdkb.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcbf5946f8,0x7ffcbf594708,0x7ffcbf594718
2⤵
PID:1624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1464,7379585520309980719,13171542292236034869,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1868 /prefetch:2
2⤵
PID:4372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1464,7379585520309980719,13171542292236034869,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1464,7379585520309980719,13171542292236034869,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
2⤵
PID:2052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,7379585520309980719,13171542292236034869,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
2⤵
PID:2516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,7379585520309980719,13171542292236034869,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
2⤵
PID:4540

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1464,7379585520309980719,13171542292236034869,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
2⤵
PID:2256

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1464,7379585520309980719,13171542292236034869,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,7379585520309980719,13171542292236034869,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
2⤵
PID:1560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,7379585520309980719,13171542292236034869,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
2⤵
PID:1308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,7379585520309980719,13171542292236034869,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
2⤵
PID:2520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,7379585520309980719,13171542292236034869,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
2⤵
PID:3620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1464,7379585520309980719,13171542292236034869,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6056 /prefetch:8
2⤵
PID:4616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,7379585520309980719,13171542292236034869,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
2⤵
PID:4708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,7379585520309980719,13171542292236034869,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
2⤵
PID:3656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,7379585520309980719,13171542292236034869,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1852 /prefetch:1
2⤵
PID:3548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,7379585520309980719,13171542292236034869,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1700 /prefetch:1
2⤵
PID:4312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1464,7379585520309980719,13171542292236034869,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
2⤵
PID:5556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3656

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2752

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1984

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1984.0.516538042\1796826541" -parentBuildID 20221007134813 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2cd17ba-5096-488e-9819-0d7ad987966b} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 1960 1c6ab5d7858 gpu
3⤵
PID:1752

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1984.1.1105452250\1581734670" -parentBuildID 20221007134813 -prefsHandle 2348 -prefMapHandle 2344 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {589eb5cb-8c92-46ae-bee0-3791a2605e0e} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 2360 1c6ab13f158 socket
3⤵
PID:1440

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1984.2.1742078668\459269722" -childID 1 -isForBrowser -prefsHandle 3100 -prefMapHandle 3212 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b8dc2bf-2682-4579-9ce0-fe75c8c4353f} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 3484 1c6af6db858 tab
3⤵
PID:3632

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1984.3.1505908741\1038822852" -childID 2 -isForBrowser -prefsHandle 3900 -prefMapHandle 3896 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef0dd2a8-3457-457b-be1d-4d52dc52448e} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 3744 1c697962558 tab
3⤵
PID:2020

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1984.4.2137859529\805693954" -childID 3 -isForBrowser -prefsHandle 4352 -prefMapHandle 3928 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4094b105-02d0-4c0d-9852-6a85c72c405a} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 4360 1c6b08fc258 tab
3⤵
PID:5328

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1984.6.596366580\248459428" -childID 5 -isForBrowser -prefsHandle 5168 -prefMapHandle 5172 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37b4d310-f974-4d62-bf33-a4e69266d4c1} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 5160 1c6b18d1e58 tab
3⤵
PID:5720

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1984.7.1584474681\1034382813" -childID 6 -isForBrowser -prefsHandle 5372 -prefMapHandle 5376 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {19bd1e81-c692-4923-8ff9-cad9391384fc} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 5356 1c6b18ce258 tab
3⤵
PID:5728

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1984.5.1406576392\702185358" -childID 4 -isForBrowser -prefsHandle 5044 -prefMapHandle 5072 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7aaff9b-e0cf-4a2c-a985-57998cc7e0ad} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 4536 1c6b08fbc58 tab
3⤵
PID:5712

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1984.8.1594493091\2035862621" -childID 7 -isForBrowser -prefsHandle 5792 -prefMapHandle 5796 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c8f4a72-0fb8-42a7-912e-e2c1293c1daf} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 2904 1c6b18d0f58 tab
3⤵
PID:6048

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1984.9.166179869\1090360158" -childID 8 -isForBrowser -prefsHandle 5940 -prefMapHandle 5952 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {396723be-fa42-4b64-84d1-2b12849ee5b5} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 5956 1c6b36a7658 tab
3⤵
PID:5656

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
264B

MD5
e86d667c91170068d4e1214bfaebad62

SHA1
3ed65d71920be7f81a62e475f507b45ca5c74eee

SHA256
92a34bef8f6dd38e1ccc5328e9df6f7bda9f50772f75bc17c06845e7fee07bc6

SHA512
499b7696cb496f87864b4db51abe6ed8a66a6866f7b9708677cbf257e7b913a78358d1b8e8c8407385903021985e4b1aeb8b93496773337cce0bbc4beac8f4a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
0c331b8eaffae48012b028c9d07528cb

SHA1
e3097be86c6c446dea559b8296506440a40aa6eb

SHA256
bc47339cf29341e4f07223a37d65e3b7194d8b9ff04092b1448799e4580b32bd

SHA512
f4655b1240b03eb83fa382d0b1d7a0591d35a11039de9fa645478da5a839ff627de1378eb4810b096ccb3b84c23ac04a09c4acf33649c942eaa122e6e6c9a909

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
f0a09d5c6354d79bf2d8c1ecab7ebe25

SHA1
ffca09d3c93c237436ab7ce8193b3c9a73297a16

SHA256
83bc0a8ad1f0f71e8e1d2af2945bfebb7d8de251992887d4c4517ee166e3db2d

SHA512
f57cf3a713b934f59718da07e17da0c0fa34f7810b254303b32e634d548669c7bd3b6a95c7d1206fbedda6fec0e64dc812be1464f837800dca2c72010003adf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
79fe6bafc61692a2fecb8e58e2b31ec7

SHA1
963b2b382dc65bb106ebcac7c7c6c8b1590a99ad

SHA256
bfebec56a350977b35c9832464b4cf41560feedb6c2a62f093a50a9591bbd45e

SHA512
584d9af8ab6e50c16c83cf8c5c25a9fb5bb2b1593de9ec017a4734fea65c9d46a7fd17f92491c3a9df5343686adfa8842829aab13d7cb5cb5f19224f9737cccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
cdb4b7d11138f9d1bf0e8eef6d389732

SHA1
9c131416cc1b65914ae783cc1486ccaa879d4865

SHA256
3612ffb9678ceb181ae7f29e573def3dc8f78902dbefeb2f778d50fa50c5c05c

SHA512
da8d63a1578cf54118356a4167c2d97db8aab02e8871ca63ba8f49e280a108e8bf7b1df0deeafa2225be9798cc5e75167c2917967af2e577c2fa6592adbfd45e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
244a435a16d494ca8bb332e89c28b280

SHA1
275e7ca37e694aacfdcd7b30a38ed1abcc8e193b

SHA256
4b1e621c02270c9e8f8a20770bd5a839ae76064c126598c52a2ad0ca214d75fe

SHA512
fd081cde9a1db061c44aad9367910488ee873b8c7dde3f4e62278b09c06245d2b2871eaa76b50186a11c432d5de7df100a8f68d5b6c7e27b0f86b3d3c7f53305

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
c55f5af42c33ed9eedeb60a43c344b31

SHA1
7c18ea3f58a5ec8db6cecc2826f7c41ceb05b8ca

SHA256
501fad77f4f0b545a8d061509edb9c45c6608571204a63487cef7a64f1e276d4

SHA512
b8c75fee25b3b49d5f9b8c20fcb18ae7d714819d2648d455dc543505849f9df218f5f20bc09f23fdf387c9badeacff36bbb34febb5883bfd81b8e651b8a459f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
eabf28262cd6c8efed403f375714e2df

SHA1
a9299fe09a0dc6aebfd862cffef7170fad02c682

SHA256
c9503ff7dde8271c12a1b458225980df8cb2384e343b87a647cb7767b6653d09

SHA512
387a6cfae224aec56079c2a1fcfd27581056f0069963eb211192b85af58ee385de0b9a930c51bdc8f08541ef524fdead1e3726069658782d37fe6d4eb7748e18

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\92qyi9k9.default-release\cache2\doomed\3878
Filesize
9KB

MD5
98b2f1147a30a2260b7db3e56ffcd378

SHA1
2596df7de7168fa936ffa6cc2866704dcb29ac64

SHA256
29fc8a35aef83d77cecf5963dacbd7da6a57720e6f5c96a99cceaff5315bcd2d

SHA512
f8e14bb0df431cb2c9c8a2ed7df1299a98cbfc97a4fbbe6a3105e975d13eab994b46e6109b149aad7fe7fea355cd7049446c8bceff655bea25d86fc4f967ebb7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\92qyi9k9.default-release\cache2\entries\8B4CBD0FFB1D41DA798C360F03A4A9A8FCEF05CA
Filesize
224KB

MD5
e8ff1ed9a66d11172a3e59dceba68389

SHA1
f238b3da961dfd62cdc7f9efca51a1e140726dee

SHA256
4d5be141be16ced18e4b155ab3913d279a231f98bbd511a251fde49e1268f34c

SHA512
a5584f2fac236d6b8917dc34a6901eaea7d5a7193b58b8ed5d03b2d999b2ef2d7cd93bb05cd4f800ad2ea9e51cbb218e988aa511dd3bae3e2f0644c9e0eff514

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\92qyi9k9.default-release\cache2\entries\9A32E743B84942B0D798F1332DA85786524E35A3
Filesize
31KB

MD5
eb03ffea50069670fa91936f13709cd7

SHA1
a6b5ebef091b1b35c69ce42b1d9f6dd8c2f5b1b1

SHA256
679554cf896f6ab9f7c5814edef55cfac10edc1b430b5b5893eb5cb268ccc40b

SHA512
d91719c0e723969071479c9e036eb370e74abb64b971e599b740c538c9ac2a966b562bc8ecd62b5340d7ff5d09cc0fa62637925d2a0289b1f19e7e8ca45e7899

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\92qyi9k9.default-release\cache2\entries\B9B543593F3D44F86BD229216DDFF486AD89F49F
Filesize
39KB

MD5
4392c4d3d24d49ba05ce9f6af895e055

SHA1
a2f17246f3b4e1b377d2a7f9d4726f362c5e09db

SHA256
d115a407792ef77af2e447e2739da6408e6000823ee9b75731e2ec31afe939af

SHA512
03c5500756516cd1b72da62a4b4c34e7ea95a5761785882dad5a49b141fc2084652a3f53b0c84da1622a1ade7e9e515a9bb7f7d4f4052cea65c8f484cd56f5c0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\db\data.safe.bin
Filesize
2KB

MD5
b99ecf4a08300155b038c4f6e3b50f78

SHA1
efa0a015f4a9c7f76d24f96b7456cd8138bb53c6

SHA256
2426a39419005bfa12b7ff9c7cbc988948a37d6488d6519cb59aad7639aa4898

SHA512
08ee0490bacdecb463a2142d08ffcc49f09ed4b94d64bab1a3f38dec2bceaea5692fa201b78a3c24572873a6831ba281eea5f74ff80d933462f54dcfc96963de

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\pending_pings\63e6829b-a10d-44db-9e96-3d2c0cb1d8d0
Filesize
11KB

MD5
0949bff069b051bf8c3cb6740bb6d5d5

SHA1
14d9486dfedbfde04474188ca201d1a1b8a599d7

SHA256
2f5678c6d4bb0873458f222735dfcf1b7f14381e74dc91505a1c828fb04da8d8

SHA512
e88fea30e0e6916c3ee7b663c105afa718f13c0984ae46d9d546eab342f7cb2e66f0224921bf3947b84c64d02ce67eddb761ccb7d07db902a5830e0e07be9de9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\pending_pings\c9516796-0669-4b2a-bb8c-799ce605d28b
Filesize
746B

MD5
e52ed5f2a8c0898bb53ed09781b8bb8e

SHA1
c4180ba4c422159c9401b481cc53c2c59698e39d

SHA256
d44ff5c0ca45c6894f8bdbf89867630fd9959b5e76ad0a10ea1f189f11597e9f

SHA512
2951206d320c37881473430a82ab2133580d29dbdecdc93bbd133777a82e44955019f6ff87e80f2ffa648127b0dc88cd181856687590926d17f5f169e429e2e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js
Filesize
6KB

MD5
b352635bbde73575774938608299f5e4

SHA1
6c7fba31f4095c611bd60834b9046043f3cd9797

SHA256
f0e101b8d86ca0b70889cf520ec026828e9dd9d5d0ed9c4ae03edb4917abb2a5

SHA512
220a444f05d0d38ef0b74b844ae2d1da95e79f5d2456f77c62d0f43b73b676c90161f8e8272829f33f6bccca720e43b61fc01d40c385fc20d846bd91f95cebec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js
Filesize
7KB

MD5
86ee0060e335a3123e03adefad6608a1

SHA1
2580ff6282d7b8933f511563016b94176903b89f

SHA256
6d27c5a78eb2ab1163b02c265abb943a0fba802b4ad789833eba0e2c2060af31

SHA512
8fe787f3212a08ad8a1bfc600b3eaf1a9937a6d52b6e02557d5e2bbaa35812c67e7c76a917daec3cb329cc53ae4436365592e5bf5b38399962e82b41d9b60066

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js
Filesize
6KB

MD5
ebf80a221a6b0ef65c5b7b924882658f

SHA1
e1656e4f94180ae79757f913e41dbd37d7ef9723

SHA256
06730f4dd7cabe5acec3fc9d43373b0bc146822d77415eadef10079d31eab158

SHA512
dff5862592575e4e8c88b32557b33b6785e04fa3f0202427df553d92d9b647c64521ab892c1326182db673795ff44c6237be0ec8809f765867ae3f0af6a4369a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs.js
Filesize
6KB

MD5
cdbe0343c1297ea407f1670e1ff278a7

SHA1
61cff4d314e6cc95ed98078d17f386edc4ab22bf

SHA256
badd75471ed2c3b8397a41cd857d0e7f4ccdede59bcdb54054a4497dcbedb785

SHA512
fbe4ff41239171b733679b20278ad8ce66e35f056d00125c81894b18dbe14a47c3f13588e86a05f21da9e47092ef2600aa181603f0a22258aa17f0d46a89c849

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs.js
Filesize
6KB

MD5
644c8f8a51d58bd0a16a3a23150a94b2

SHA1
77fcbe3d54a230ddb8fbb503c51ea7ec0ea02ac5

SHA256
d5958e9432168f50614ecefba9db18853479c2ca17d42ac7fa6fee0c67dfa180

SHA512
b37ef621c84a1ca0c8fe392d15275e037bcb707c95b5ca03a12e4850f2e040241ded80496187deb301752279dbe69f951d5636895a2411a1566dc3b9a3d41916

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
98a76ff5935073899282d188982dab28

SHA1
c8e763c166337269f316759cc5b893593ff0d3e9

SHA256
81333cb1a10ce7a532b70d25cddf8d52faecceb35249520a9316f298cada00e5

SHA512
5dc7085c91b2fb7f19d1b21203f888d4ed176230d3635409613aa9f845b326006593ca55c4df08c3cd6c6a34688895033ed0244c476ca83f45c460d1faba87d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
d33d9ce031cc664b70f4c25bfa45d4ba

SHA1
9f2034d5abc6fe7e45b464c158fad5302a5238dd

SHA256
a7a17de43b672f5d5112820d0d95d827c7a10899b95c50a798d0952705057d2a

SHA512
c85b92c0bf3a217cef65ebc8785d8646e322be527e5be46cab6b8f746084a8aea8b28d9e57fe0ec918eb4150a945e118ec2dfb2845661e22134f4b336841334d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
492dc3800544f3e3805c33fb45419dc6

SHA1
5a90b0f282e2f41746a58e877025db869d1b1520

SHA256
e16dfc51b3776636a56b434be583009c5160c51379df292e7cb3c5d7c35b34a5

SHA512
4f48efb9dd5f100deb761dd86e9400d3eadc83b4bc2ebf15e2d8afaf3cd90cc2ce1486b3faa5fcf95c970a944f7858deb2520d5a89ea4dcb3f5b83b74fbf9844

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
ebb306a1fe4696766df281262393ddf7

SHA1
bc97a8c893abdb8d934413b39b12a2cbe4c3ff71

SHA256
2150e78bb78dcfd90a0d958d9b70fc7c3df5311619ebe6c90244e920ccf09276

SHA512
066d3f471ebc627956450cdc661bea4ace8a6ec9f6c51224ea55dd927572ad5d6e984a9b6d2774d661a2404fb7803b2bc0324769d9538e27f16c405705ed183d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
5b3d5ac4fb8a5ee78cbb028fd3b52c88

SHA1
cb92cb3d51441f4792f12c93757703d5ecf50455

SHA256
c8d54b1af073446e892c987435f61fa7acff91764e6c3208f9484f98e325ec45

SHA512
ea3dd3152b4a384490a762b7da36337cfbb8815e2936bb994427c55e3115b5965dc9831cd28178bed0126679834aef88061009620c7e75b262523ebfa1c019c0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
6bc490597ed93c24bfcccdb2521c96b8

SHA1
2bd4f070349b506fc9e46bfbe15840fb81696fe9

SHA256
8232a8c36ccbb7597d2e4dc1f6011f006abf041836f708106f26d3e59056e142

SHA512
ba9f5c195ae7316240d23e69314d0e166837ccf900157a04c6aeafbf65e7e40f39930b4c5d41c5a893107d6d0f7c04c59b9200ce204e861cd75e4cf218577cf5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
2352030d8fd13d0dcad9f1b008b3e81a

SHA1
2e8361bcd77c32345b1bb995138a090584ed0f0e

SHA256
adcc325d7ddcf82dfe0bfb599eee39ac3b2103c5ab1e339caa1a3892d7a07b9d

SHA512
842194528b717c9d5c7c9b4797885825c965903bc39e32fd7e3782c511440691f10963c916ba4bd8484486e2a0ae41841e51d52e28b12c0403da57cf97e64863

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
0626c57f5a7bea4f965bee8271bfb40b

SHA1
4173b890cf9a6ecb9a9187a4758e2e9b625c29cb

SHA256
3a0f4d684009316c3ec2b94037090a8d33cc6a8a006c9900705281e333bc5bba

SHA512
91fa58253d1158d4e59c02e843682edbf0681b196c41ecd555d066d32abfbe98792f0dda06fbe0b6271b7055ebeccd45bd46bab0a2de220119927cfaa7dcb2de

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
184KB

MD5
feacfeaa6370d0dd460a0609e1e1435e

SHA1
1463da69f34d0efa56e61d9dd55ac1f435237b5b

SHA256
d57b87db93a487d521c52be8e0d599fcfb17e8012f6066c303f4e48e92c3f439

SHA512
61097d4419f67e7b364a5f0f3a248d801e0bbff2283ffce8cb89a5d43309145288c20ce1a6620217c81256db7da81de7d184a0c7eb769ea237902a5abbe5782b

Download Submit
\??\pipe\LOCAL\crashpad_1116_NCJUOMOQCCAIZPSH
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit