bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa

Analysis

max time kernel
220s
max time network
222s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
19-02-2024 08:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

lib e.zip
Size

34KB
MD5

0a76bd3e26768bba68aca3d210997069
SHA1

753690994a18cf58ed0fe3749d16448b763047b8
SHA256

9056b87f079861d1b0f041317d6415927d9ffb6498ce2530ff90fda69fa64e78
SHA512

14408ea7f44bc365a58d7480fff9ea3b10fa21bfbd3363c6e30b74a4d4121677e20ce1108cce12c203f0760768aee1c1aa69b130e090c409f9a516ea02d70c49
SSDEEP

768:ea3asamaSazaYapa+aPanaca9aCajaIal:ea3asamaSazaYapa+aPanaca9aCajaIS

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 4 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
1	ipinfo.io
3	ipinfo.io
4	ipinfo.io
7	ipinfo.io

Checks processor information in registry 2 TTPs 13 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3513082673-3003704585-445662156-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3513082673-3003704585-445662156-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\42.zip:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1956	msedge.exe
1956	msedge.exe
2796	msedge.exe
2796	msedge.exe
5476	msedge.exe
5476	msedge.exe
5680	identity_helper.exe
5680	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2796	msedge.exe
2796	msedge.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	2032	firefox.exe
Token: SeDebugPrivilege	2032	firefox.exe
Token: SeDebugPrivilege	224	firefox.exe
Token: SeDebugPrivilege	224	firefox.exe
Token: SeDebugPrivilege	224	firefox.exe
Token: SeDebugPrivilege	224	firefox.exe
Token: SeDebugPrivilege	224	firefox.exe
Token: SeDebugPrivilege	224	firefox.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2032	firefox.exe
2032	firefox.exe
2032	firefox.exe
2032	firefox.exe
224	firefox.exe
224	firefox.exe
224	firefox.exe
224	firefox.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe

Suspicious use of SendNotifyMessage 18 IoCs

pid	Process
2032	firefox.exe
2032	firefox.exe
2032	firefox.exe
224	firefox.exe
224	firefox.exe
224	firefox.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2032	firefox.exe
224	firefox.exe
224	firefox.exe
224	firefox.exe
224	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4656 wrote to memory of 2032	4656	firefox.exe	80
PID 4656 wrote to memory of 2032	4656	firefox.exe	80
PID 4656 wrote to memory of 2032	4656	firefox.exe	80
PID 4656 wrote to memory of 2032	4656	firefox.exe	80
PID 4656 wrote to memory of 2032	4656	firefox.exe	80
PID 4656 wrote to memory of 2032	4656	firefox.exe	80
PID 4656 wrote to memory of 2032	4656	firefox.exe	80
PID 4656 wrote to memory of 2032	4656	firefox.exe	80
PID 4656 wrote to memory of 2032	4656	firefox.exe	80
PID 4656 wrote to memory of 2032	4656	firefox.exe	80
PID 4656 wrote to memory of 2032	4656	firefox.exe	80
PID 2032 wrote to memory of 3924	2032	firefox.exe	81
PID 2032 wrote to memory of 3924	2032	firefox.exe	81
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 408	2032	firefox.exe	82
PID 2032 wrote to memory of 2012	2032	firefox.exe	83
PID 2032 wrote to memory of 2012	2032	firefox.exe	83
PID 2032 wrote to memory of 2012	2032	firefox.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\lib e.zip"
1⤵
PID:4544

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4656
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2032.0.778000929\742776346" -parentBuildID 20221007134813 -prefsHandle 1760 -prefMapHandle 1756 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4fe82f27-7b64-45a4-8e07-9a22e6c29437} 2032 "\\.\pipe\gecko-crash-server-pipe.2032" 1852 26ab97fdb58 gpu
    3⤵
    PID:3924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2032.1.747053600\914629382" -parentBuildID 20221007134813 -prefsHandle 2208 -prefMapHandle 2204 -prefsLen 20783 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca361f42-6da0-431e-8431-5ce11737e6b6} 2032 "\\.\pipe\gecko-crash-server-pipe.2032" 2228 26ab9432358 socket
    3⤵
    - Checks processor information in registry
    PID:408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2032.2.497294746\586388706" -childID 1 -isForBrowser -prefsHandle 2884 -prefMapHandle 2880 -prefsLen 20886 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9eb1bd5c-c809-4462-b25b-712a7a40522a} 2032 "\\.\pipe\gecko-crash-server-pipe.2032" 2856 26abecb9d58 tab
    3⤵
    PID:2012
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2032.3.1852690962\543362108" -childID 2 -isForBrowser -prefsHandle 3476 -prefMapHandle 3472 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1d14f69-3ee4-4e21-8dc5-d7b0f5846bf1} 2032 "\\.\pipe\gecko-crash-server-pipe.2032" 3488 26aad962e58 tab
    3⤵
    PID:4484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2032.4.1533321151\2126493985" -childID 3 -isForBrowser -prefsHandle 4228 -prefMapHandle 4224 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ebc2ba3-a053-41c9-b51e-751f01bcee21} 2032 "\\.\pipe\gecko-crash-server-pipe.2032" 4236 26ac0709258 tab
    3⤵
    PID:2128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2032.5.797772766\903847274" -childID 4 -isForBrowser -prefsHandle 4972 -prefMapHandle 4988 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe9d95bb-6718-4bb7-854b-4d9c82ac6c78} 2032 "\\.\pipe\gecko-crash-server-pipe.2032" 4968 26ac0f99358 tab
    3⤵
    PID:1428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2032.7.1817819203\1389294690" -childID 6 -isForBrowser -prefsHandle 5436 -prefMapHandle 5440 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {be4c9b76-67e8-4a5c-8997-53598f96d8fb} 2032 "\\.\pipe\gecko-crash-server-pipe.2032" 5428 26ac1016658 tab
    3⤵
    PID:1452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2032.6.739271010\915086940" -childID 5 -isForBrowser -prefsHandle 5292 -prefMapHandle 5288 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3f603bc-9d60-4d84-a28f-b8a00d76634b} 2032 "\\.\pipe\gecko-crash-server-pipe.2032" 5300 26ac1017e58 tab
    3⤵
    PID:2460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2032.8.1583248047\931546104" -childID 7 -isForBrowser -prefsHandle 5744 -prefMapHandle 5740 -prefsLen 26379 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {05e3f28f-61bf-4be9-8bda-7a333d3a0c62} 2032 "\\.\pipe\gecko-crash-server-pipe.2032" 5752 26ac33f9c58 tab
    3⤵
    PID:4556

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:560
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.0.727603084\1246208637" -parentBuildID 20221007134813 -prefsHandle 1808 -prefMapHandle 1800 -prefsLen 20871 -prefMapSize 233543 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1b80709-b51f-463b-8a40-e407ab394f0b} 224 "\\.\pipe\gecko-crash-server-pipe.224" 1788 2543c0f5158 gpu
    3⤵
    PID:3572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.1.1675228355\50648232" -parentBuildID 20221007134813 -prefsHandle 2244 -prefMapHandle 2240 -prefsLen 20907 -prefMapSize 233543 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad190f66-a4e3-4827-abb8-d32fb206f946} 224 "\\.\pipe\gecko-crash-server-pipe.224" 2264 2542ff71358 socket
    3⤵
    PID:1524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.2.56939554\1853511270" -childID 1 -isForBrowser -prefsHandle 3220 -prefMapHandle 3216 -prefsLen 21010 -prefMapSize 233543 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {627ed262-28af-41ad-9947-affc1adc7d0b} 224 "\\.\pipe\gecko-crash-server-pipe.224" 3228 2543c05a458 tab
    3⤵
    PID:2236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.3.1300154419\1583614357" -childID 2 -isForBrowser -prefsHandle 3696 -prefMapHandle 3692 -prefsLen 26188 -prefMapSize 233543 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b1077e4-fd43-4d64-96e8-5555609f5392} 224 "\\.\pipe\gecko-crash-server-pipe.224" 3704 2542ff62b58 tab
    3⤵
    PID:4000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.4.293367666\1863199708" -childID 3 -isForBrowser -prefsHandle 4116 -prefMapHandle 4112 -prefsLen 26247 -prefMapSize 233543 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a7aa88d-088c-4ab4-8bd7-d9d7c1b1a0f1} 224 "\\.\pipe\gecko-crash-server-pipe.224" 4128 25442739a58 tab
    3⤵
    PID:4812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.5.555533995\1991033341" -childID 4 -isForBrowser -prefsHandle 5008 -prefMapHandle 5012 -prefsLen 26247 -prefMapSize 233543 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e196ddb-a80d-422c-9225-80a123690e1e} 224 "\\.\pipe\gecko-crash-server-pipe.224" 5004 254438ce458 tab
    3⤵
    PID:3240
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.8.516869610\2055699386" -childID 7 -isForBrowser -prefsHandle 5704 -prefMapHandle 5708 -prefsLen 26247 -prefMapSize 233543 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37ff4946-efdd-4247-84fa-62d82c012d30} 224 "\\.\pipe\gecko-crash-server-pipe.224" 5696 25444726758 tab
    3⤵
    PID:1076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.7.932333062\404463082" -childID 6 -isForBrowser -prefsHandle 5516 -prefMapHandle 5520 -prefsLen 26247 -prefMapSize 233543 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {acfe4ada-6f9d-40d2-bbaa-b1122484957e} 224 "\\.\pipe\gecko-crash-server-pipe.224" 5508 25444726458 tab
    3⤵
    PID:3924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.6.2068641366\235721956" -childID 5 -isForBrowser -prefsHandle 5264 -prefMapHandle 5268 -prefsLen 26247 -prefMapSize 233543 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2cf58f30-fcff-45ec-adbb-d2555928737a} 224 "\\.\pipe\gecko-crash-server-pipe.224" 5008 254438cff58 tab
    3⤵
    PID:3868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.9.222472803\1758123108" -childID 8 -isForBrowser -prefsHandle 3408 -prefMapHandle 1716 -prefsLen 26247 -prefMapSize 233543 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9f0233e-d208-4de0-b4d4-5a647b143d94} 224 "\\.\pipe\gecko-crash-server-pipe.224" 5916 25443842758 tab
    3⤵
    PID:1156
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.10.176535856\893497416" -parentBuildID 20221007134813 -prefsHandle 5568 -prefMapHandle 5516 -prefsLen 26247 -prefMapSize 233543 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe3ce538-fcb1-4cbf-a7a7-4eccceb0a2c6} 224 "\\.\pipe\gecko-crash-server-pipe.224" 5560 254460b5058 rdd
    3⤵
    PID:1052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.11.706229996\2103370436" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6460 -prefMapHandle 6400 -prefsLen 26552 -prefMapSize 233543 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22ecc7bb-835f-460d-98ae-32ab4fbdffe2} 224 "\\.\pipe\gecko-crash-server-pipe.224" 6544 25445e93158 utility
    3⤵
    PID:4828

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\TestRestart.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb9ecf3cb8,0x7ffb9ecf3cc8,0x7ffb9ecf3cd8
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,8585722043224251052,14735959927923913694,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,8585722043224251052,14735959927923913694,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,8585722043224251052,14735959927923913694,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8585722043224251052,14735959927923913694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,8585722043224251052,14735959927923913694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,8585722043224251052,14735959927923913694,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4008 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,8585722043224251052,14735959927923913694,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53b9b1800c90e0f055e0daabb68cc97e

SHA1
beb76399e32e4ca5c634228e2d4001e197249cf0

SHA256
edac0665854b4e7aa3f2b866e6172c71b2e1c6a169a2a04cf1e74102ee9c0e5e

SHA512
87d516b7ae594902b2544e13c6224760e1ec40d676a2f699da3242b5d3a9eb962dc7b3ca7e2a3eed1dac5375cc6fd8379dfe47d127fd3c18a653a05a8f67c31b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1bd7e57f-2cce-453a-bc1c-c9f677d25a65.tmp

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\427d23e1-8091-4c1e-9828-9b5c998dae22.tmp

Filesize
5KB

MD5
ef66dbf86c742787f928e95c4e64adeb

SHA1
b73390fb9b8538d7eb68a3d9823e908e94dde36a

SHA256
bb1668f2b8b8948496e703b587685994feeda8f853b97107adebe757efec8960

SHA512
84f1bb66172d630a99551abf9c455ea1986921dd1150880544c47773d5f03d755e72acb60096aae4060c4d19f5c22ec1543d14aabc06784fc18707321fa4e0b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9919ed818c60563704c5708c8edd910d

SHA1
a4712a27da1089a4f3533ac0b9d0e1cc5b879b7c

SHA256
acbfa428f6f576de85ca79fe52ee094690e2a1a9e046c14a0ec9f09de6346347

SHA512
defa23a8053daf566cc57a1f56f23d76f84948f424f1aa84b755d844d05abc5b2806807f2788f0a994d81ad7c9eeb7f8c7dad71e59374204956fc1c839a3c7d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
f0f96f3da922996ca9a13963c1e4f75a

SHA1
0a598483f5739cc812aac95ef343a56e38cb25fa

SHA256
6b81e08de44787bae066f57ee5ba60bcbb69049440218d0d1f10090314febd0e

SHA512
0a0343ebe0786b710c78db2aa4c0d3b51186e30447f4ed188d6d8823a5c3e373f29919d56b96d09b386fd18fa4c243bb54e039819ed3b502ac15499283128d57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0e4a1387f8419e3f2c760fcc0d31f830

SHA1
de1992a0dcc7461c855ef28faa7690200be3d670

SHA256
1593bfca5503482656925d82703a00b06798c80462db82b97d46a58c7bf87f99

SHA512
f3f39a12235c4a7ae2560b1468e25f3eb090eade25d164285ab0351c7db17bc4ca13245fed3369c6e7924b6cb0392bddb8e6372f18ab05fb1eb39f6a775401e0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xu6qjf86.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
e846255426c40b8339fbcd7a98617ee9

SHA1
aac6ffaf594e91bccd5b4de4c01f08954b636ef5

SHA256
0144a505c1683b8eee2d6c475be4dc67e0fcced395e64f1c460cbf14e07e1d9e

SHA512
ea15334555847ffafe217aeff55e5ae6e361eb765382249d2a4e218853904ca752fa7ed5f62cd1b3bc9fc10f4233c84ba198d156bde08e861328322da5f23d2b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xu6qjf86.default-release\cache2\entries\4832D199584363B876D3E7D57CA02A9B0F4D91CD

Filesize
13KB

MD5
575da7574987b36cb3d94ebde049dd93

SHA1
f93d66f64b3484eca84bf863e60d1eb039cd2991

SHA256
ee26193a070ed016052e052f17c347317022c021015c2fe8616e27ae5fd10129

SHA512
d5b90f818905a3476f4ead18b2aacc5b6c8e08ab371d4ae062a6fd9150009b8067f87a74b5ac096b1b37bdab4579208bfe500fc24be8980f73c33aa572a66f77

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xu6qjf86.default-release\cache2\entries\600C29E60EE21845DCDB8FFCEAC719F990ADB2AE

Filesize
1KB

MD5
95d9af449e7f83409a3047637fb4984a

SHA1
16a08a0a3fa0c7d826acd822b915869e4d182e44

SHA256
23498aee20306afbbe563a730c3cae043984a17aa2ae73ac0c7b026206cb45a4

SHA512
bd176673cedd10a8fc9524faed34b6bc561936652f862655805e421984466601bf2f1452e5e9668d317d31ca8f566e80bff6f661860f0f6334cd7f626b493776

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xu6qjf86.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
9KB

MD5
748e1fb0e1d3d31d78b0142c61e251af

SHA1
6aa42d7d9542551abba5839d01bcfa424ea874ec

SHA256
bfc34c489f5d9d233e5da9d842cbd49bee0f5ed1940e72e114045af8d0983da2

SHA512
3a6f7aa94c35e1e54a67c1c328e8018be2c5a3596b3ace0872edd7b819a290a2b70e9e40b67391347c01fa874924079de312a20d1e3f3f2427e5ca81fc4a0fab

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xu6qjf86.default-release\cache2\entries\926927E2DA36869DBC212A33328F2F4FE29F3C01

Filesize
95B

MD5
c652d5a632d80e3eded3bef8cad8d19c

SHA1
e3ad9da49305e5834d8a4a9f118d84abe67dd45b

SHA256
96103300120e417936265072eed892d4c08774350c0ffd749f286de6f46d6974

SHA512
b922e1b3e86251ff0c91c149a09f67cf762eeb1a242ba6f7a463be888af3de18d9e3d1a61287eafcd8fb12a3721cfadbd6d327d6783c897122f2b6b4b7d087b9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xu6qjf86.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
9e1450abb5659381ebb8cbe355b2b70f

SHA1
1c7087b8ae69ffddff52c0f3898de9e7d5241d72

SHA256
7efebe6372098f4daf48a91ef1ce362883961e60019b288161b97739bf9e0880

SHA512
985b7ebb191dfdcfc0b3af22927099fcd29153e5b0ccd6a2445f4e1100585f2de71f57786f8375cbf634c39354f05b33b3902461f61c912b78003d1851174770

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xu6qjf86.default-release\thumbnails\f9f38e32dfac58fd3dd848f963eabcab.png

Filesize
4KB

MD5
a5a5a2473810dfec97417fe6d2915e26

SHA1
fe9f300af4780ffc1f31ee18dcf1dfeddeac97d4

SHA256
e5e731e9d389bdfd37ec2a21e4bc54ca511389fb40bfdef80efdde01e84c0294

SHA512
2bda8684b040bf15d6d2bd6f9de94903ca7e3283322e24968da4d1697c0346bdf6f70f4ffaa82ee222be8ae2cd61580115bf7a8a9c577e240fe951901c6446e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xu6qjf86.default-release\SiteSecurityServiceState.txt

Filesize
324B

MD5
c1e99d01907185a5e643ec97946df12f

SHA1
284b3cc80a57df39ebab3f584a67f95ec7be0820

SHA256
39603a971c2aa6c5d3bf822eeb69e34562af9d81475c6018619c3d0fee4c7987

SHA512
d8cc72027cb8f5b6f8464aad247c0afa2ed76a56171ccaa5bd3e01654b00c41295724e6b9ba1e90d17f973a16c2777761d7f2676d1c4e4b32f5bf10a2f8a076a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xu6qjf86.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
f7a5cd664da1a77eb4d012d5556a4613

SHA1
8fe95b4a6863d9c962d198aea2b5380f11889e37

SHA256
b3c8af842aba0b72d58ceb1498b6877f5f10265768c5f11edd36a7a5d8b0424f

SHA512
3120f40e7908b7ac1036a1037b0bbbdd10edb5a8b71cdf0cf52678d3b6168db9e5e4f8dd4a0abe83aa0a9fa3a3e98b34ed9106c5a1ebe735a844642178326da0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xu6qjf86.default-release\datareporting\glean\db\data.safe.bin

Filesize
4KB

MD5
8a07d12bc07343198ab7f9b4af6c1fa5

SHA1
39bd8c3b950f71f325df02dd48a9216fce5b0bd5

SHA256
999b7a6bab834cecf008e44cb1f57ab6bce6079e8036ad0614c525c84110f918

SHA512
5517e99ed0ba6095061ce7111f62bc2d4b9ce0a01d3732bcc1265edf771d26be0e3e3f87e7a2e9786fd9aa11504c442b1a478c2c2ad2e7a012b1191c0cd30109

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xu6qjf86.default-release\datareporting\glean\events\events

Filesize
158B

MD5
17eb2a7fa6ffecd4892410ad0fd74510

SHA1
b7fac9efc6ff0cae8a5c564e951d30e7e3c9a5b8

SHA256
1f2d26455d47c61d714fea5d01b27ffeac193c72521307cea6e1300ca6266044

SHA512
3d9ba738f1c323aede50c7a79c70df5b9e4f57802659ae547bd4d97952694da28a39e41e93a29950e286f1f8b9a17ad357ff0c2013508b8ad0456444a5a4e06c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xu6qjf86.default-release\datareporting\glean\pending_pings\180859c5-15c1-40e3-afb2-68bad2389d2f

Filesize
746B

MD5
7b282305dacd1edc5d3f1b72adc108d0

SHA1
868c756fc5fb8fe5dd91f2ef07530a2d15399967

SHA256
ba6ec211c28053385d0742d8bf0fdd8d36ed0361e31c7146b2a1e4f86d80fc20

SHA512
5b189f691d7f8351a83958ac64e1a3f176b13c0d09646532b765eb74b933d0dfa29f3df56af0372909ef8a58dd2b6ac64eb565f7836893ef27edf4f63228f79b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xu6qjf86.default-release\datareporting\glean\pending_pings\399bfb60-7434-481f-a493-83ee80f86e6e

Filesize
713B

MD5
6a6c73d1a99bfbdd7b05ae9394ec8567

SHA1
89229338347a80c4bb2aa87b8b95d248e2f35fee

SHA256
70c43b642d3cb1dfea4ba5f322d4d237a21807955030762b5e85f4f0d83f9786

SHA512
cc57b6c5bdeadada021f1610638db2c8f68e4891d37bb07936517cc98c496eb443b34968e6c2f3c16e91fdb87b0ec9fa3698e05e19943276852cdeddfa92c9fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xu6qjf86.default-release\datareporting\glean\pending_pings\9e7825c5-ec95-4e04-a4e5-6817cb76a3b1

Filesize
763B

MD5
5b63d53c513009be0c4b494eea401f19

SHA1
b64890364973074fc1f07437075a10bfbcd8e099

SHA256
5a36a4c61bab42b3414df7b8fe64ba40400098eb02111b82f172c6cfea249c87

SHA512
de7495aa91974f29259c9fd26ddfd23f642b6d9af84c83ab9b3482b17285324ab1144969382e03064bb2e081809bf9795aea95026cff8c218a6631d7907b64d8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xu6qjf86.default-release\datareporting\glean\pending_pings\bdae43d8-4955-43a3-bcd4-45cd53cde315

Filesize
11KB

MD5
052a6b9da0679671fe22c444771ac960

SHA1
48672dc7c510a510865dbb4602954acb2f06b6e3

SHA256
2a26418280bc15ea08e45f31eaec9852619cdba6f48c30ab95df73c4c7c0f785

SHA512
fc8052f1d041e220afcee0aa7079f5c68e76364f9087d1071b00beb4c7129792dc90c20aac558d6f4e72e31c3c8808209d29929dd8af4ef44cec00e1927394d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xu6qjf86.default-release\places.sqlite

Filesize
5.0MB

MD5
69a33398eb2cf348045aefd4fce231fe

SHA1
46b465bbb3b837bb3e22c80c64134b350bbb66ad

SHA256
6509587b25ee6df98c69dc690bf137d882ff1a30faed77c3e17c47e51659e0a2

SHA512
707f6baebfcc61e8ca9731aee3f26e222f23d209c21106f072db14db583f966f1c6bd1aaa1ba2d44b6bc77dd95b2425efb44a74d58e5002eace1c89c8dc3db7e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xu6qjf86.default-release\prefs-1.js

Filesize
6KB

MD5
212f43f1d9519ec725eda4f078fbf993

SHA1
87fc4bad2cb65a28fed4f29a12ed3020a26b3b9d

SHA256
2e5a558cd95f0f3205e9654c5460331aaea26ebc62c1acdb5c7cf203e6d4e055

SHA512
696d1acf8fd7b3d929ee9ee48d2a520b2f955f5e258627c02f4dc2dc68a0deb606b56483995cf4883db02c73d57d38b7190e3a3721458d6c3ba905bb9d30ef0c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xu6qjf86.default-release\prefs.js

Filesize
6KB

MD5
2ed318239ee017664737b8fffa5ab5a9

SHA1
4323b2c1e3b3273397ca3b4d831d571d0812871c

SHA256
ddf0c13392febc69aba1a80a578390d04fb802bacf2f82f3d19af286147d7765

SHA512
316330ee148eb5bbddd8da0392c7472b90734be9d7df032e05a5fcbc72de24aa628f49b75eb0d0af48724abb3a171197d931829664cc9b68e8ba04a33958f99a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xu6qjf86.default-release\protections.sqlite

Filesize
64KB

MD5
49397db0486dc59d607907a086f40c9b

SHA1
08742ce9db9569062def08e99eea8470702feb7d

SHA256
890033ea279f13478e655150a823a5f84176d2f8f2ec3724dc61dfec775707c4

SHA512
fc8dad1ae2215cd96c41bb3e683670bb9138467677da46c19d1e58972775842a995b70123c22ea1efb659d043f5116d0c9dca422035a6646b35f81033c9f5f53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xu6qjf86.default-release\sessionCheckpoints.json

Filesize
288B

MD5
362985746d24dbb2b166089f30cd1bb7

SHA1
6520fc33381879a120165ede6a0f8aadf9013d3b

SHA256
b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e

SHA512
0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xu6qjf86.default-release\sessionCheckpoints.json.tmp

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xu6qjf86.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
c8dc58eff0c029d381a67f5dca34a913

SHA1
3576807e793473bcbd3cf7d664b83948e3ec8f2d

SHA256
4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17

SHA512
b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xu6qjf86.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xu6qjf86.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
fa72a079758d11ccc59b3cfad61b9c8a

SHA1
f8c460b9c10dd01360a139f72761a4dd1bc4a287

SHA256
03ba1718523b0b32569a7dd8e2e3662769f7f5ab434896263b5d1035531e243c

SHA512
2457eb824e14ac370979d05a30598d028ed10eca09da5c1b730cae38564162ac62491f4419ffacb5d6c7f518ca0ab2729d14c2cc916df1df89c442d9dbb6f18d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xu6qjf86.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
21a1f56b0937f0d2dd15f4fea465454a

SHA1
3599a15b056bd24f70056067811fde4ce05e9fe0

SHA256
6c517037b7536c661da0ddd66c0028e4a24c29181e75eeef74420a9661cfa6b7

SHA512
16dc70c8d7b3ae403ac1781a0806dea2c6e6f41fffb865c309d82009202201e1be31815021270c7d23ba23c531c380c86a8c35e2b80fe3f4479eb404a29c8519

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xu6qjf86.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
9528dac122a78e272f8dcd16aeb7e543

SHA1
141dbf846655c1d099d0a449ba59f82c1d7ca781

SHA256
015e318751c4cbdfb87d7e734229d52c93602ae4dd26da9020f30f134397c6aa

SHA512
89f5137a2403f8bc23a1a61b31e37dd7a2e27554e3cb0c3f003a8c4f8445872f8c7ff1cea65bda6254d47a7401c34ee6c917e7b86b2d1133a0ebac24c1cea912

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xu6qjf86.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
8278d73ef09bbf04642f0986455bc8d4

SHA1
46f45124c61d041613212eee4be68c1abf2c2a50

SHA256
562df423484243a9b787fcdfaeefe664d60c24d4a497f929c6218bdac051e22b

SHA512
807e12330e1c88d4ba461918dc03f3ea919082701b0c6366d9d9ec75a844ea8f5e0874804c8be35e58888e4cb5ae3ff55560d143149910c8f9ba616b91f279f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xu6qjf86.default-release\sessionstore.jsonlz4

Filesize
867B

MD5
87bd683782a29195e5ba431c34ab50ea

SHA1
474860413ada582f742dfb4f4c93c993a97edf54

SHA256
df5da716e951d40e2882f2c52ecb2c504dc7a85daa1b95bb2bb14e98353ed6b4

SHA512
9e4c4a6f0219e9f6ac135ac66fa0282b8c7b8581935d1acb41770d9807ca94987150bef4811b4700c122a6b7cd73f1e49140f2a04e16362f7f4316e2d943c1e7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xu6qjf86.default-release\storage.sqlite

Filesize
4KB

MD5
211bfb719c89ce3c50462d94b41df70a

SHA1
8e6977982358d7835141bd159035dc418457a7bd

SHA256
4b1bf413d3ccd5063ef460424a9a84f7e7cf01d624be5e2c29496330e556d1ab

SHA512
7b99d60f7b38bdf8bcb6b2a98541e0fcf0d2e45e1aa0941244cf2e8ef7106a392fee3b7ba01eb0c26303c85d3f21d75bafb09234d59cafe80b8ee73a95694cb4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xu6qjf86.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
970fe8955d3f105df26aae13b0901712

SHA1
f2006119d07c8dce1dca7ff103cd949f5fc69c3c

SHA256
6feef316049eb60d1e8aea7396c5d9e98097e6adf9cda60a7a72c9f5544fc047

SHA512
7473f8b04ce7606fc447639c64206769a439746b740c1da64b1bc207d856b9b99477a6d0662e771ce6165f9a09a01125bc3766eedc6e8a8c91641f7a38a83ccb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xu6qjf86.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
3d5c01701eec0840632d7546349e1035

SHA1
18c5ffe8fdebfd946563d7aefc44d21ca1e30678

SHA256
ab6f21acd83e45d68e530c7d906de01817916c12fa184f4154032ea0875f62a5

SHA512
4a433de5e1a273726b3f1807170be3b01361fec992c86a422dce5ce4230c78dfcfe62c131800d04e5b69182fcda0b76a6bc38a34c9d2d531ad872f9eb17a45a0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xu6qjf86.default-release\xulstore.json

Filesize
120B

MD5
05e1ddb4298be4c948c3ae839859c3e9

SHA1
ea9195602eeed8d06644026809e07b3ad29335e5

SHA256
1c2c5d5211674c3c8473e0589085499471399e53e9a85d7dd3b075fef6cbb6be

SHA512
3177b48cd0c877821419d7e5eb247a4c899bc37258994f22257ceaafefb316e6f5959faae02e380e432d7752f0218d45d56d6878c1e751d201d9fdb3ff98612e

Download Submit
C:\Users\Admin\Downloads\42.OXYJ2_Gd.zip.part

Filesize
15KB

MD5
312c120a0938f03066ce7ef822575640

SHA1
c34e1d4fe2add15f407f55d3dac8d726ecf61d5c

SHA256
f87105a47d487c134f380a8494bf071dd7503597a0a621214bb9af3a996e74b7

SHA512
10caee889cbc5948e24acd49d20715aeab1e363a0d2f016cc5595a23be323f6a1213c7988528e22a99fdb54f78d3acce6aebbd2afc4f61d27086ce01dac83f13

Download Submit