72d3fa8cb91ec40975ccd878638efe5dfac098a0c8ef0fd6dfc6ac18b8772caf

Analysis

max time kernel
269s
max time network
964s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
10/03/2024, 10:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

090.webp
Size

69KB
MD5

3f0d02fb2036d7528f6cae32e081fd74
SHA1

3a94aaf7dd9f606438d5ee21f823053d147b09a6
SHA256

72d3fa8cb91ec40975ccd878638efe5dfac098a0c8ef0fd6dfc6ac18b8772caf
SHA512

1ff825efbb9af95ce05e9fd988ed051cdab6c3095cbb1998fd1baa8069ca85c2511342085761c43bf940649b67cbfa34b5c55a024f6c61cf7d4344436bd31254
SSDEEP

1536:JbuhTzUMKL7YMl855hoLT8MipWtfC1csSp+eckDCdErTlf:JbQTIMKlM5XMipWtCXezDC+rTlf

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeDebugPrivilege	752	firefox.exe
Token: SeDebugPrivilege	752	firefox.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
752	firefox.exe
752	firefox.exe
752	firefox.exe
752	firefox.exe

Suspicious use of SendNotifyMessage 35 IoCs

pid	Process
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
752	firefox.exe
752	firefox.exe
752	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2572	2208	cmd.exe	29
PID 2208 wrote to memory of 2572	2208	cmd.exe	29
PID 2208 wrote to memory of 2572	2208	cmd.exe	29
PID 2572 wrote to memory of 2656	2572	chrome.exe	30
PID 2572 wrote to memory of 2656	2572	chrome.exe	30
PID 2572 wrote to memory of 2656	2572	chrome.exe	30
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2480	2572	chrome.exe	32
PID 2572 wrote to memory of 2500	2572	chrome.exe	33
PID 2572 wrote to memory of 2500	2572	chrome.exe	33
PID 2572 wrote to memory of 2500	2572	chrome.exe	33
PID 2572 wrote to memory of 2588	2572	chrome.exe	34
PID 2572 wrote to memory of 2588	2572	chrome.exe	34
PID 2572 wrote to memory of 2588	2572	chrome.exe	34
PID 2572 wrote to memory of 2588	2572	chrome.exe	34
PID 2572 wrote to memory of 2588	2572	chrome.exe	34
PID 2572 wrote to memory of 2588	2572	chrome.exe	34
PID 2572 wrote to memory of 2588	2572	chrome.exe	34
PID 2572 wrote to memory of 2588	2572	chrome.exe	34
PID 2572 wrote to memory of 2588	2572	chrome.exe	34
PID 2572 wrote to memory of 2588	2572	chrome.exe	34
PID 2572 wrote to memory of 2588	2572	chrome.exe	34
PID 2572 wrote to memory of 2588	2572	chrome.exe	34
PID 2572 wrote to memory of 2588	2572	chrome.exe	34
PID 2572 wrote to memory of 2588	2572	chrome.exe	34
PID 2572 wrote to memory of 2588	2572	chrome.exe	34
PID 2572 wrote to memory of 2588	2572	chrome.exe	34

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\090.webp
1⤵
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\090.webp
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2572
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6d49758,0x7fef6d49768,0x7fef6d49778
    3⤵
    PID:2656
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1364,i,11342938680770604224,16847203997987847626,131072 /prefetch:2
    3⤵
    PID:2480
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1364,i,11342938680770604224,16847203997987847626,131072 /prefetch:8
    3⤵
    PID:2500
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1364,i,11342938680770604224,16847203997987847626,131072 /prefetch:8
    3⤵
    PID:2588
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2280 --field-trial-handle=1364,i,11342938680770604224,16847203997987847626,131072 /prefetch:1
    3⤵
    PID:2960
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2288 --field-trial-handle=1364,i,11342938680770604224,16847203997987847626,131072 /prefetch:1
    3⤵
    PID:2940
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1488 --field-trial-handle=1364,i,11342938680770604224,16847203997987847626,131072 /prefetch:2
    3⤵
    PID:2028
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3388 --field-trial-handle=1364,i,11342938680770604224,16847203997987847626,131072 /prefetch:8
    3⤵
    PID:1664
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3696 --field-trial-handle=1364,i,11342938680770604224,16847203997987847626,131072 /prefetch:1
    3⤵
    PID:1624
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3484 --field-trial-handle=1364,i,11342938680770604224,16847203997987847626,131072 /prefetch:1
    3⤵
    PID:2060

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2348

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:560
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:752
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="752.0.251313956\235102849" -parentBuildID 20221007134813 -prefsHandle 1268 -prefMapHandle 1260 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc3af4e8-b304-4e5e-a68c-1feac0745555} 752 "\\.\pipe\gecko-crash-server-pipe.752" 1396 17407558 gpu
    3⤵
    PID:1764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="752.1.2092357679\295986328" -parentBuildID 20221007134813 -prefsHandle 1508 -prefMapHandle 1504 -prefsLen 20830 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d81fded-6d53-4716-8adb-d409dc61ec0e} 752 "\\.\pipe\gecko-crash-server-pipe.752" 1520 16435158 socket
    3⤵
    PID:2268
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="752.2.1539090843\276392209" -childID 1 -isForBrowser -prefsHandle 1836 -prefMapHandle 1832 -prefsLen 20868 -prefMapSize 233444 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d802f14-8532-45e2-854c-300c17d18743} 752 "\\.\pipe\gecko-crash-server-pipe.752" 1884 17a66258 tab
    3⤵
    PID:2560
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="752.3.1142289201\782942937" -childID 2 -isForBrowser -prefsHandle 2432 -prefMapHandle 2424 -prefsLen 26046 -prefMapSize 233444 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {84be1266-8e9b-49c8-971a-1786da6792ab} 752 "\\.\pipe\gecko-crash-server-pipe.752" 2452 1b806658 tab
    3⤵
    PID:1252
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="752.4.2077845859\2003682794" -childID 3 -isForBrowser -prefsHandle 2468 -prefMapHandle 2464 -prefsLen 26046 -prefMapSize 233444 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4042a7c4-09b6-4575-a42f-8c328f2f593d} 752 "\\.\pipe\gecko-crash-server-pipe.752" 2476 d68758 tab
    3⤵
    PID:720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="752.5.1978301580\1339508653" -childID 4 -isForBrowser -prefsHandle 3816 -prefMapHandle 3560 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e68c79c-eb9b-4f38-afd5-2be653fa2de2} 752 "\\.\pipe\gecko-crash-server-pipe.752" 3780 26008158 tab
    3⤵
    PID:3504
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="752.6.247498091\867200788" -childID 5 -isForBrowser -prefsHandle 3920 -prefMapHandle 3924 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {90626287-b775-4c15-84ca-931108fd35d8} 752 "\\.\pipe\gecko-crash-server-pipe.752" 3908 260c0958 tab
    3⤵
    PID:3512
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="752.7.666358860\478748586" -childID 6 -isForBrowser -prefsHandle 4108 -prefMapHandle 4112 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1fc19235-1720-4284-855a-99c6450ac2b4} 752 "\\.\pipe\gecko-crash-server-pipe.752" 4092 27e51a58 tab
    3⤵
    PID:3524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="752.8.1218798034\1604116120" -childID 7 -isForBrowser -prefsHandle 2860 -prefMapHandle 2856 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {539b2460-9d1d-4149-a864-4e208748f402} 752 "\\.\pipe\gecko-crash-server-pipe.752" 4108 24023258 tab
    3⤵
    PID:2916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
986B

MD5
9217ea7c6abc794a9ae50df5484ddd4f

SHA1
5c4e0a80254fdc02954116162d8d9b710caef2b2

SHA256
1c3418492cefdac29dda0403c879e5fe33193f7595bd7ea8e6d3517c6498bfb5

SHA512
5a34be90cff51cc05dd41c771758c7b1e4498118f47a613d290c0452e5d88e8a20c31b44a70e103c1d7225db376c776d21e60a599cb530700efc4c07a60db43a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e259ba9ef08f5c0949166e5a79d67f4f

SHA1
a2f7fd8bc235b3918119b0a31dfe1a870c063ebb

SHA256
7b599b6c354e063ef08850b1215c9dcec635831782ccf20d0f375858fa0ae4b6

SHA512
456da8a3c65ca93faaf0cf837cd78e0469c1f58f5981670ba4274f2c3d1eedaf7cfca208dd42a02950dcdbe0ef88c9d41168c2d6ba68ea767a7897638d174283

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3a45279bb63493539678e6a3987b31b8

SHA1
8a96ef7b99798813b33b8304db1232509726eac1

SHA256
3724ff66ca7420c5effc1593be6d5122bca596c4e77c3ef69cc242c376a510c1

SHA512
b6a39439e195b49ce2a987909805da3fe2a631c262bd9e6b2d4a8b32478a3546542cb60924ea80dca980ce6cfc017b57cf9b8d1566aeeaac51a0371f377a8714

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6a78b482eba434372f2c471982f2a3dc

SHA1
7c955e151f36f26ba41fe305db2f7fcca88a674f

SHA256
68cec280792ed3ea91be36868e4380ed146671a66c2acf413f08c58b06352ded

SHA512
ed49afca7ff346f287f630c66acf9e60961b88a63ca53aa7f726010b5105ba69b83e1b82ecdda4058c20587f162f737d86c14d58af7aedf5a65e19109f29258a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9e09e97620d5727f6c50addd8bd99b26

SHA1
57d8cef9c095cd6368a9872ea20e8376c280cd10

SHA256
14a98e2ac4cd0e78b1d4705c926259b6a36c625f7e9d1757838f3ad91e4167bc

SHA512
d42338fce599b5efc06b44273ff3103348bedb0ae7cdc3316b14aae0cf6b8c8d271e3fa03fc601cf225e8711cc794719cf8a9f0f6d8b7c2c0ccce56cb5a86431

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\7L3D3YTT6D6L4FYKMRUC.temp

Filesize
8KB

MD5
3369a63d7c5bd96c375d57354d95aef8

SHA1
dcfcc3f3ed2155667263200fabb2befa747fc4b0

SHA256
2676df43ebb7bfcf755f4ed20c5cb9be9af959142acc5edc65cf33b758bdc61f

SHA512
f4c06241ac54b7a6a81499c2c446af1e8f1fef91b366fb0ae09ab28d8ea832d7ddaca5757cf2044082e7f5938a345a17d54cdb909dc5fe91623a9018c08db4ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\bookmarkbackups\bookmarks-2024-03-10_11_mnkoSynjVnGqdC6r6kKnuw==.jsonlz4

Filesize
939B

MD5
680e60dd1632ca5aca18d0ac51c0ffdf

SHA1
6942ba42c730059f0bf86266cd0601bd174fc1c8

SHA256
2193918c9e6be24ad95b177d6bb274635a8c6b34308560b26bc2906e01a1e7f8

SHA512
1334cde9f88a3bba29cd111cbeefa8b3b3fa6ce2fd6b02edc73502edf5dd530eafbd49ef1e7716374150d1fc6c9ca75c260e10f5e9391001c7e80380c326fe68

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
bf7b2169558c0acf1d6ed84e0d4e2da1

SHA1
ced4254ba96364c8847160f72a577018d573b5d1

SHA256
79e7a1e619764b99440ce8ac54a1f4ce377f6376fed356ccc5d0a62385110d7c

SHA512
b98c7c58389d1748ec167fca2e7b20f2b30bfb5d3ba74a29a257b58f1018b03edf453f7ea1b0f7776c75645caf5a09d9394f2dc12b1fae37701fc2dd235b8e8a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\datareporting\glean\pending_pings\8c833f6f-41ca-4e9f-a3c1-83aa09c37e5d

Filesize
745B

MD5
ec70cb1d07a69f45e96f3ef8f6aa88dc

SHA1
94dd947a881cef435d492d04c065e259a39588f8

SHA256
72dbcb251c6872aa5b788edda296f891540ec67505ba7c156a62f6e1fc248542

SHA512
da764960b8637fd6cf11ce0ba762fd7b1a6d35839c545a108e3d0ef6a188bdefa37221836cc4c4df2c2e15b86441a97aff15737d1bfa349085848141d84293f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\datareporting\glean\pending_pings\c8c72a00-7d08-4e64-909b-6bfa944dcbc2

Filesize
10KB

MD5
d2e8724267e631ff3f505930a194c4b9

SHA1
c40d781b65301254964d28835c4177f6a9e35208

SHA256
01a067740f1c649caa83be32d47b51d4b4e9a2843886e8fe1d255cd7ab774399

SHA512
42f07acb50ecdb2a9082fb9a647c6a7ae858d3810985a91ab358e3ccd641a58a3f63b8d17cc224bcbf537c0b75b168a818dce6c399b1e2c0ce658f5402fecdf0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
766KB

MD5
4961dff26eae70409634549d8602ac26

SHA1
b2f62ad751d0ea908158f9533a3712bdd7d2df26

SHA256
b6e58a84bd97ab6d0e79bb9b3ec8dd1146d2ea7dd5127d72f8c12248b32763b8

SHA512
8bb151513dd70895f3a721786fbf452e99beee0222b776caf941283337401426ded3f94b78283f56dd02db12bbf2a493260a5572e09bbcffb637243a364b92dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\prefs-1.js

Filesize
6KB

MD5
405addd6fc146c5263646b4924c7a36f

SHA1
341da2a7adbe97e4a50ac9a1afbc794176dd61f2

SHA256
574f7074959fb75758e66ac2331e6c8e29190360e5cebfdb2bffe6ab4c6f3c16

SHA512
c242a518d994b3fc88fdf8d46a554974bcd2c4f419b629d1dd288dc2b4f75ccf2989e474c5c8a8e565a88b9a3d260328f1dcabbbcc9d86c9f26f173611afa465

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\prefs-1.js

Filesize
6KB

MD5
6781fc8e38520abaaa15050877487c57

SHA1
82f746bc86f0b44fc60bdc6fd6620b1c6cfab201

SHA256
1ff2462d9b1205e0dea730df00ecf019fbf57958b4fbe3894dbe8074be38490e

SHA512
5382e8820e40b3f00d4bebf78a64d1f308669b72aa134da7dcf656098efceeec85112740a9c02471333fb4d3f131933ac244f562cb1e2c651bf50f67b80e48ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\prefs.js

Filesize
7KB

MD5
7f066804456e0ed7d377e74cd283b073

SHA1
e9963da0347444857bc24f544ddc567fffcb50f5

SHA256
3746abbfb26f6a40f3e68416a4983b0799d44b828151608504d0bc4bde8a1608

SHA512
f85fe88e29365f9d381bd3ddb56c40bf42c31ca177bcfb08949b2dd7597d734acdf4bd1b58496e418840a0f1f2a7a7bcb26bec7958aeb6fb2f336e9bf4f60803

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\prefs.js

Filesize
6KB

MD5
9e1f0bd905e7066e3393b6d2428f19c1

SHA1
6cc0a65888deb6629b422edd62e4e065dd3f2094

SHA256
8bcffc5e9ba133f2332c2c7a4c9b5d6474fcbbdbd75402a0ee212c9668837353

SHA512
b8d1dea948435b387edccc799797f8144fc367200d88f69da6df2d5e6c8a3293ca5a10bab00e928d888a63b1e8f385fa7a26eb4e4fd77279d500b693ea4f8f9e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\prefs.js

Filesize
6KB

MD5
524496c613d28beb1d702a48f9f87424

SHA1
008ebe42bb296b175e0719b4df704e594da12599

SHA256
b6ace62313ce9e5beee0f682b35d744d4ef94c6679d168f3f2c3457927c49ca9

SHA512
575991ce7a65d739c105140e73b279eb0e1e29fc08f0a5734db1d53c26e4a0ad491101ff6baecf8efc1a757cfebf33d7afd23f2ca3d95cf05a7d538ab8ae6721

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
828d984156474b2c0bd8a8338276c436

SHA1
8461a8d8e2221a45167b3b41ebea9a16ff6bf590

SHA256
fa84a223ba6c8e9aa0b2fe3d160ecbeebc7b12dda29ebb0dd93b372930f0f4a4

SHA512
168ef17e5381170312866db52c020089702fca0f0b13e8533b64a5f46d4dba9dad3a7aae6df49a3d742f7f52c9a7c40cc6b911e51f526e6d1a8d3e7bbdf06ac4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
96532eb9b0290886cf2b00260899a858

SHA1
3c7ef170fcabd1a1bf66f8fa8e4f99502a90d3a7

SHA256
420aa394148e13bcd23cbdbfcee1536605190577d62588ba9884dd00ac73dda2

SHA512
fc0294f8b67c39a6ec484a2e06dd43d45d6de91367b5b5b99950ea2e194cc963ac9b91ca4743480654eb701e7fff21a079ac262af02038c3a529ad3018639abb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
04cee8f530360157db4943cd668f6b1c

SHA1
6874ef1741b1e74f0d7af7dbdcd41e459be018a1

SHA256
1ed7af0ad62d32a3f04bd54f46b1a7cc749f4ed575eb4b59a9a989c7405bb8e6

SHA512
7429317ad786eabb43f21a86cfe16015ce7ca082b5a12ca6f684a47e5eb7e3134749676f9e7c983f81b109b72893eeedd2e89744a5f7850c79243c2e610f1d89

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
070cdbdac6f1fa07f46e47a2847a4c43

SHA1
55d91e13d3ddd4899903d35e06c8698081fb7e65

SHA256
5f116a44ab48fc364c551aef1e5c2a0389292e7213c97db6a57507bbe0b7764c

SHA512
98839a0a928d317d31ee06eb8a69a750f512c4d88ac8adc59820b030f1a61f722685dd8a9c2b3f3194222862b5d17bd2fc004c224b8f8b308f0a4bfe005e00aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
38f4271fd71aea0c5460e8004f7bf244

SHA1
65faf6f4d0e28582807d09191f1855402aff1f79

SHA256
8d854b42a379a6faebd2c5a238bdf1ec30cd15688ae9d9ec04c7b0f09d51d2e7

SHA512
19472761893c97e29f3814290851c6bede9c200956cad8e9bd74056657fb4576e12cefe2b9843f9e370fef4d367e880a93e99bd42491ae7819348f64100b1b21

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
142b96e06c8d4af76ce7cc44aa9b83d0

SHA1
32093eba562bf80da3f73d25763aed3fa24e58fe

SHA256
38ce5cf70c4527316dafdd8101bca40c8d129f76a77031a726767c63f0340bb8

SHA512
62a71f2c6deba443ecdc15a800451733bb5a63c8b10071771d981703681390ab88a48d932453199c6ac9a9b1e4d85d419153764c84b0eae3652674ba67a0259d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
f951a493dcd2f1b0945abc6afd3c8505

SHA1
a9fc7b1f716bb854287f44f50ecda1375aef490d

SHA256
f68ae866de300672ccae0b17a77fb38684248624c5eddcfe62c5ded8687cd948

SHA512
04ec12d657e9c872f83a8cc86bdb4b0d258b197dd2d2b6915b1e2e3c7a5c3cd2a72d4758961277f17569b690347bece33f016c27593b6eed0b8065f690df1cec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
db493081738a40a15c5cb6f76ddf5062

SHA1
1c4cb47fe0a718c1b236797b6e90d7eb09e0a708

SHA256
6f612d6c580fd8210ff8a4d8da86def78c17407ba6b39be9eeec886e517b908f

SHA512
3c3a9c9a748d8f53b6b1d6c1f8419a34cff50c6c95bc62ebe8613e9cf6f288158935c668a7e0ba4e65e5edca02ef318349ffc9d523fbc79a7cad698b015a75af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
72d89e7a5ad3cad0b2242b82ac59cfb2

SHA1
b41a103c5fc22a9485bd89f21fe1d041e2a6b3e2

SHA256
a1438a009c3f7d4fd594cfd95da120e303ab984fe0f3380f878602a5dd322a23

SHA512
8c1888fd5d4e7da0e866b42b38e685c3776da4ae81bf5901bb99fcdbc7fd4503b6e83c1ccce763eef90b1ca6c2f2600fbc1813cac249decc6330e4863f33c8c7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\targeting.snapshot.json

Filesize
3KB

MD5
648300e2d8ad19755752986c2c4b3837

SHA1
540ad03cd6b72526ab7f047ecc38a93a8c1266d7

SHA256
91b0c4ebf4e3442f1221cd7642e5817e38041ced4d05e53fa1b47ecbb72f183e

SHA512
a3af77383e6397af30769f24e7ae992ad43eabf44e1c980b37ff7b2c37b5b68feb860291384a61d755db02a205b8d15bb992359209b1db7c60d638c4be0ffa3a

Download Submit