hxxp://au-atodeduct[.]cfd

Analysis

max time kernel
297s
max time network
297s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18-03-2024 21:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://au-atodeduct.cfd

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2152	msedge.exe
2152	msedge.exe
1152	msedge.exe
1152	msedge.exe
3292	identity_helper.exe
3292	identity_helper.exe
6272	msedge.exe
6272	msedge.exe
6272	msedge.exe
6272	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	3496	firefox.exe
Token: SeDebugPrivilege	3496	firefox.exe
Token: SeDebugPrivilege	3496	firefox.exe
Token: SeDebugPrivilege	3496	firefox.exe
Token: SeDebugPrivilege	3496	firefox.exe
Token: SeDebugPrivilege	3496	firefox.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
3496	firefox.exe
3496	firefox.exe
3496	firefox.exe
3496	firefox.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
3496	firefox.exe
3496	firefox.exe

Suspicious use of SendNotifyMessage 37 IoCs

pid	Process
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
3496	firefox.exe
3496	firefox.exe
3496	firefox.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
3496	firefox.exe
3496	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
3496	firefox.exe
3496	firefox.exe
3496	firefox.exe
3496	firefox.exe
3496	firefox.exe
3496	firefox.exe
3496	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2152 wrote to memory of 3488	2152	msedge.exe	87
PID 2152 wrote to memory of 3488	2152	msedge.exe	87
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 2520	2152	msedge.exe	88
PID 2152 wrote to memory of 1152	2152	msedge.exe	89
PID 2152 wrote to memory of 1152	2152	msedge.exe	89
PID 2152 wrote to memory of 1284	2152	msedge.exe	90
PID 2152 wrote to memory of 1284	2152	msedge.exe	90
PID 2152 wrote to memory of 1284	2152	msedge.exe	90
PID 2152 wrote to memory of 1284	2152	msedge.exe	90
PID 2152 wrote to memory of 1284	2152	msedge.exe	90
PID 2152 wrote to memory of 1284	2152	msedge.exe	90
PID 2152 wrote to memory of 1284	2152	msedge.exe	90
PID 2152 wrote to memory of 1284	2152	msedge.exe	90
PID 2152 wrote to memory of 1284	2152	msedge.exe	90
PID 2152 wrote to memory of 1284	2152	msedge.exe	90
PID 2152 wrote to memory of 1284	2152	msedge.exe	90
PID 2152 wrote to memory of 1284	2152	msedge.exe	90
PID 2152 wrote to memory of 1284	2152	msedge.exe	90
PID 2152 wrote to memory of 1284	2152	msedge.exe	90
PID 2152 wrote to memory of 1284	2152	msedge.exe	90
PID 2152 wrote to memory of 1284	2152	msedge.exe	90
PID 2152 wrote to memory of 1284	2152	msedge.exe	90
PID 2152 wrote to memory of 1284	2152	msedge.exe	90
PID 2152 wrote to memory of 1284	2152	msedge.exe	90
PID 2152 wrote to memory of 1284	2152	msedge.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://au-atodeduct.cfd
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffde41e46f8,0x7ffde41e4708,0x7ffde41e4718
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,13883180706108561984,11192262448303397034,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,13883180706108561984,11192262448303397034,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,13883180706108561984,11192262448303397034,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13883180706108561984,11192262448303397034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13883180706108561984,11192262448303397034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13883180706108561984,11192262448303397034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,13883180706108561984,11192262448303397034,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 /prefetch:8
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,13883180706108561984,11192262448303397034,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13883180706108561984,11192262448303397034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13883180706108561984,11192262448303397034,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13883180706108561984,11192262448303397034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13883180706108561984,11192262448303397034,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,13883180706108561984,11192262448303397034,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4524 /prefetch:8
  2⤵
  PID:7024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,13883180706108561984,11192262448303397034,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4988 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4804

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3896
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3496
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3496.0.726625497\526752640" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f62c86b7-1132-4855-a60e-3a0ad6217034} 3496 "\\.\pipe\gecko-crash-server-pipe.3496" 1992 263549d4858 gpu
    3⤵
    PID:5204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3496.1.1072186941\1169967196" -parentBuildID 20221007134813 -prefsHandle 2380 -prefMapHandle 2376 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f2e10d3-107d-4a76-821a-711cb1b154e7} 3496 "\\.\pipe\gecko-crash-server-pipe.3496" 2392 26347d6f858 socket
    3⤵
    PID:5312
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3496.2.571882014\991399868" -childID 1 -isForBrowser -prefsHandle 3088 -prefMapHandle 3084 -prefsLen 20823 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7e9a345-16d4-4e20-9285-50840cec9463} 3496 "\\.\pipe\gecko-crash-server-pipe.3496" 3100 26354962e58 tab
    3⤵
    PID:5576
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3496.3.624249404\1595319144" -childID 2 -isForBrowser -prefsHandle 3588 -prefMapHandle 3584 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8c875a2-0d91-4b61-aa4d-f5b24fef13fe} 3496 "\\.\pipe\gecko-crash-server-pipe.3496" 3596 26347d62b58 tab
    3⤵
    PID:5704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3496.4.418565692\88819920" -childID 3 -isForBrowser -prefsHandle 4600 -prefMapHandle 4596 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {343dcdd6-ba87-4747-aa02-d048efb5463c} 3496 "\\.\pipe\gecko-crash-server-pipe.3496" 4608 26359b06858 tab
    3⤵
    PID:6104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3496.5.756913954\2056887406" -childID 4 -isForBrowser -prefsHandle 5096 -prefMapHandle 5108 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ffcf2ac3-94e6-4c3a-938f-020af9011850} 3496 "\\.\pipe\gecko-crash-server-pipe.3496" 5112 2635ad31e58 tab
    3⤵
    PID:5920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3496.6.1553893252\205533134" -childID 5 -isForBrowser -prefsHandle 5260 -prefMapHandle 5264 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9f3372b-e909-4832-8a69-63ad87011a2a} 3496 "\\.\pipe\gecko-crash-server-pipe.3496" 5252 2635ad30058 tab
    3⤵
    PID:5928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3496.7.1803414621\1683921551" -childID 6 -isForBrowser -prefsHandle 5452 -prefMapHandle 5456 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0ad009d-8147-471a-8fdd-3c1789e61235} 3496 "\\.\pipe\gecko-crash-server-pipe.3496" 5444 2635ad30358 tab
    3⤵
    PID:5936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3496.8.324099697\1610718500" -childID 7 -isForBrowser -prefsHandle 5768 -prefMapHandle 1740 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8a7ae29-a61e-4ba1-8136-ddbbf3b8b45c} 3496 "\\.\pipe\gecko-crash-server-pipe.3496" 5772 2635bb20f58 tab
    3⤵
    PID:5464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
73c8d54f775a1b870efd00cb75baf547

SHA1
33024c5b7573c9079a3b2beba9d85e3ba35e6b0e

SHA256
1ce86be0476a2a9e409fcb817126285bc4ad83efd03ee06a2f86910fe18d4d94

SHA512
191344f5830cfea68499bd49073ffa7215a42265a9629d203d07849b2417c0ffdbdbf288bf2c669e91009a0d7e8bd6a6b378c92fc283049141231ca7bf4da3b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b206e54d55dcb61072236144d1f90f8

SHA1
c2600831112447369e5b557e249f86611b05287d

SHA256
87bf9a4c3564eb3d8bef70450da843ae6003271222734c4d28d9961c52782e0b

SHA512
c9e8d2452368873e0622b002a0c2f8a2714b5897a09475738a9f9740122d716a9f0d3841725230d58e039564c820d32a6f3a675a7bb04bd163bab53dcb4e22f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
f827759174677a0b110f67aa2c4e38b3

SHA1
106e30633dfcd234f39e075b0d5ff3930294df10

SHA256
55f36a17d99668436954117ccfe43de80d98058d242a0a1386e440f5e6dfa776

SHA512
4a62a03557f2fbb77c9dd850e2fe231bdcefe7078d0f9036c8a3358edc43b95f3041476cfa123db349c0c3fd19ac6ca7ebfbb110ae7973aec3781df0643b766b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
544B

MD5
e244fcd4a12f5530630e0e1132e0dd2b

SHA1
6354aca7a4d40a64bbda4b151930c83e12899043

SHA256
99e76ed294b7f35128e02d9a646cf065302eec226e24ea79eb0666f81172a4dd

SHA512
81e90c2b0c96d388ed4ea3ea028750960a104909d1d8315c1c08469dc94e9825337d682f6faa76d5d96f10131426d58dc04ec3bd64140697d9d5db1d50c75be4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
544B

MD5
aa0f7832e43b11fdac6d7cf99ea80807

SHA1
ab5cd9ac907926ff1ddf32b50ccd94126940e22b

SHA256
fdaa9f3c649070f03f50a83063d2dafc20d1b047d95f6851092fa91dc637aa9b

SHA512
9fc627cc5fed90441ae91736d94f8b25d517f8d562e09e7505598a36e117eec98d3bef4240e685ed77f33af90bf96ad4c0c5141a70a58c3f33c7c9708a67fdfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a54021f2b764733221411455021e0c20

SHA1
ec21ae77c59dcc89155d2bcea8b86ba92c28cf66

SHA256
139747950d34a537c1da812460e08ebf049441bce2e3596c34c7a3780b3e6e4b

SHA512
2d36b38c56ce363e58cdd9e9c9fab438824e37713e820c9a6479fc4069ac5eb28d1fe378031f1504b7ad15bce7580580ea831511dff94e7c5ef86344b2b3755b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c2073aa12a5b304d9b7e861e843d901e

SHA1
b2217d8cd33ccbca71cd2d2b82881ca0d75a85e4

SHA256
ff4056b0257d25634e2e1414ed4437941afbf2303768052e56c05caebf61bcf0

SHA512
59f16d7e07423dda770f7f45ebc0cce4ffae8d72cbfa0792228bf499377e3d1fd8ebe5f9b9a2809e7eabf0c0d40c253368e9c9ce59217463c664db39406ffeac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1240af68e6e01b3e8a6da6e5f35d9af6

SHA1
48df996f95f9830c4bd18e87778ff683d969a530

SHA256
659125bb2a0baab37d61c9abeaa7d29f91c62cfdadc18be071cdf18652a07c11

SHA512
e7da8614e7ee390c3b50ff13f55088cdaf5cd75c38173132bcd503caa744b96de6832fb747e93cf43c4f3854b3cfa4d7d2c7798a93c94343bb180673f1ed3315

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ea75c6eeaa4c5e0260d03b454db2ec5d

SHA1
f323fab8b95eadc69c67a30e2207f4f93c90789a

SHA256
44f598ac480ec2d42259e773a625f6b1ddd1b79c1e1d7ab7af3ace6bc4bae6f9

SHA512
22d157a0c5002ddbdc33e54a554ee9040e1fffba0480d8f707f326f8069ba48b9fca8588c1c255a2528c55cd981a017f1f5764db4f68d7dfc75fe48fbdce9a9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e4ac7d1eed2fa38030236df4b2857b47

SHA1
e44fdeb782de3db028e01579019d6f5fc3501e46

SHA256
91d12b14d2a05c0c7e33bce99a61d24ccecc2a8759dc210462daf3e1d991cfed

SHA512
7426c2fc9c6762014abe0313efb57254d31e35ff51b740cd6f60651a1c71af1044c96ac415df7e160dbc03ba407a79f4e03d75f30ce4438db4887a9266aeb05a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c5b9ad111497a38272695ad54fe3212f

SHA1
001a4304e7b4d32a0ebbbaac8c72b91d2b9b0bc4

SHA256
c46f8bae765dc05c46de599de7e32758152e4378164e517ef878a89ee9f4b206

SHA512
f9de41e74fa0eb014e7d726850c66d2e5753d06a01d7552c60d4ae7da7373ca32b3ce81df92eba18d9a0f45a7e98dd292c6a04d7af1ecbbfa3b899206fe49e7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9517d391807eec47f713037731c348b1

SHA1
599052ae3d4328510926f552334b6bcb0b1d9107

SHA256
dffba6165c4af7ba43bd595fe97dbf818162dd7c8c634d480eae22636736a7a1

SHA512
36b31a4c7600756600dfaae2a8d3e5f5c31d72d1a456d433b41cb88416eee16b23eb8620e2688f1548f33eb5ecdeebdff146503b0880db9d1277ba51a94a4a3b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tooqwtv0.default-release\cache2\entries\A72798DEF4F924983D5A0DB82D383C613B515FF2

Filesize
13KB

MD5
4d7d9b74a6b50c888000c486caee1b15

SHA1
48b8399abfe8129422ac91e24e67f69532a838ec

SHA256
80227989325831706ffe106532a65590ca5c800627ae5f3eece5aabab6f70148

SHA512
f10d22d1350cb4728ccc5c388cc93806f8b4df08f5bfad2e90e10a0d6acf80062871c30cdd58a9600e13a6479c5a4e7be9810f913dd95a1af7871474a55a62bf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tooqwtv0.default-release\cache2\entries\E66F5AA5E3C285C270CF84BD11111C74D38F245C

Filesize
13KB

MD5
eec49e94e1f6162148b1d7b1a509cf34

SHA1
3390fcf728b56edd499c621d96b71d869fbb62bc

SHA256
bd3918463294bbe6744aa856e3fb1719bef858fc3cef905c9e696faedc6f1e38

SHA512
d78656ae54395c4bd3de37d3500de00e30781f9b34c38e69dd6ec48a4b374d5b44e118755786e8466e2c6bfb74bb3ad31b9c477d8e95d3a756c9567c230f70cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
879KB

MD5
631251eac27f40fe9c8c33eb77948828

SHA1
9c8c9ea6b0aaaaf8e3610c4521f5074987591eb5

SHA256
23db6e83904d750210099680356cbfc07b06e33470d4c37acdde658a1be436fb

SHA512
97a926a176f929921acafc0984792200030cd59cdd0490bbeef68d3afa59de2e95db8e4d6082ce2979497ab2103bcce595db9777faf44e139cbd74a70ef9ccec

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
62a5ad5b9a77949435e453224ad9c293

SHA1
9dccb05c4f8f9774a13ae065e37a10549fb6acfa

SHA256
34d1251c412d8fd5e1915f05e7df1baa1d9465e5b6a6de65644e10b34df4c8ac

SHA512
5b640c300b6a4021ffa7fc4e40e9b71f2a4e0345b352512742428776f7332f70c44c1d441907587218ba12c42ed23be18dbbee83f603a5e28aa2bbc638009738

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
240ba8559eb2129c9de23ef68fb49e6d

SHA1
bc37cc5e3dbe368918d503e4304aa90006fd99d7

SHA256
b3fd0ee397e7e3214cf9076f4fc07e22ac7c89c1f15e3dbf2fdfb4f9e697b1ec

SHA512
ca97992adceb23b333c4c8fa57c28177fafe69a2472a774907a2119111c906f2b97552308c572e78abace3e1f7a61cf402f46010d8664f68b3554b2792aac7ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\broadcast-listeners.json

Filesize
216B

MD5
75511b222204290200560e83e0a666dc

SHA1
c15a1c9f3fcaaa0f9bf04ac0a4337ecf3e6ccc0d

SHA256
140b4430f6d933c4f5e59fae1bdcc590a09c6c41f7f71f3ece23cdbfc8e2f2e2

SHA512
868379b3e87b4f6600f73efbd4160e0c2c7979a6747a9b906933363a0ed5030862dc9bafdd9e1cb6ac1acd088a0289b2af64d923ba6cf81102d483a84dcc12e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
ef4bacd0ae76c1ed806ab87ea9277738

SHA1
0b961400bba54f76a1e4671bd0fff643bda018f7

SHA256
9c48aa33e06bbac215f0250f17ad52868e4c02463a8b0b5b4b45342f7e66f1fc

SHA512
840345ffbb7c7b767ae4ba6bad5bb80e042b0760eaa53adfbdafbc36190e968a5c1ed9fad2ec5dbcfcc3e09c25ce4eaf665f810d80554ca064abff5a1b68aff6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\datareporting\glean\pending_pings\95c905d8-18de-4583-898c-8ef270b6e7f7

Filesize
746B

MD5
7520bc6d3c3d4044b2da52622da7a985

SHA1
4adae9197fe97981be6176b991875a680bd80156

SHA256
b9354d93fab9b96743b61ceb632231a07f667fb57e56869f78e21751fe525b61

SHA512
d38eaf5e2135ba763317477e068da2ccb40e3a654172a04792dad718abcd3542fcfd37f3017877b06054b606c28fc709901240aa32b633e5879af92183fad534

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\datareporting\glean\pending_pings\b2d43070-814f-4837-a5fd-db083216cb63

Filesize
12KB

MD5
17dd557aed2ef4ef7e6612b810e408a8

SHA1
806a41f7f993f15f842d2691fd10fc7d54cc5374

SHA256
8c4e974dc33e54f3bd7922520385099acc85766683f96aadb355749fd0740d70

SHA512
92a1329e0e50e6c5eb0a181f169574753364894a528712c190edea8ce1df303ab1656a4fe96b4ffd83e88146b75390b23f74dd0dc506a201783982b257e88990

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\prefs-1.js

Filesize
6KB

MD5
82f05b59af1b090ea6491a04bd1c2df2

SHA1
f8b509cae1b53eefa716657ea25280f8d975822b

SHA256
f27153232f8c6080efc0f1d4cb0fe090929a7ecb0ac6a1a52f40b57f4838210e

SHA512
be33280c2b1ce31e17da2e48a9fc3cef9d02e14b18de4aea10f8947aff80cd40365ecc1723c67a5547f2cf0466a23aedbc738a9034c146e7d1bcda13368585c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\prefs-1.js

Filesize
10KB

MD5
885c6eb25a4ca68ce2db5b6f024a4007

SHA1
bc4a7da8c3079a7870539d4bc06237b9275d41ad

SHA256
a1123533f4d93d67b80076b03e0fc5f32a9279457b06bcd99723682196185e1f

SHA512
70926fab33ddbc6543c1025d3bde15a5f43b8de166b78e1d1b6fa7b3375aad71fb088edbdd033c554bc772ba3a7a489174658aee1b518e7821fbb6cba6deb62d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\prefs-1.js

Filesize
6KB

MD5
2eb1ab648654a0009984b8714d98eaa4

SHA1
b86dc99ad69eb2bfee0444534b528a17fd55960d

SHA256
a5b6d30bb7fe580273b886e5219aafd614013438b2fda8c23ac6d39e1645305c

SHA512
4218c00d63cfef65e30c33694068836c2e49f8afc5fe54a56a4f0ce219974e8753acbcf990b7cd93cace54d53ed6e87d9c95f89f5085cf36b894da160aca12f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\prefs.js

Filesize
6KB

MD5
f22072f60b30b8de59395f92de5c16a5

SHA1
2dceee32320128d3d8969634546e36cc7f6a94e3

SHA256
961c138a87840fd6834e7e062015f8854061586faf3d92985e5f46ca20cddadc

SHA512
b96b5bd20472b3f5286310ba50ea3b46e9fcae48e89f1ae8aef6eca0caab0dd2f2670db75be69816eceddaef7f5c68a35279e6154018e9462951e8ef6b727326

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\prefs.js

Filesize
7KB

MD5
550a6dafd4769347fafe7da31b0c05ee

SHA1
64f51b6e23bef58f3b2504cd88bc04c46eb148e6

SHA256
2967d078499e2822e73edcd55bb636396e37e867cd1a5070ecc7bc37edc2031d

SHA512
fb46931f37252a502ce0b8a7373c57847f60385c3d23ddce0beb01f896ff80a8d258889e2c49e7f26ddecb4101b0c5cf89560e8b91bc7023d064eb880b8147fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\prefs.js

Filesize
6KB

MD5
887b1ab4ee824f0e0ebdda607a86b71e

SHA1
a58d79d4e856b813bc4f9ec29ec8e3026b28106e

SHA256
49fca3beff0571281c8492f340294bdf752693cbbbd81426977634bb6203dd1c

SHA512
737244121237233d65f4a2a47f4981fc77e995ff8437e14a8d0dd448ad732c63a1db750cbd0743e9303872487a998d1bff70822480b01fab3bc24f24056de539

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
222a8d81dae1f3bfe87a7ff899e96614

SHA1
58776ef5adfcd625855b2a54809b7d81c951d9ba

SHA256
44cbac6764e85861b630ffc8dbff43b0abce9082135f67a0005023bd24df65af

SHA512
44573eef430087a1be26d63d55799e1ddd63c1a3587d88594173d47306ef5af716cd74bda12038e7a3634036e6b17ff0d236de6b82e2b9bcbe0a2a63ed0866e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
46f27036692ff42f485ebeb400d1f08e

SHA1
de45547fa97a879515c6c75ba08fc87f77cc93e8

SHA256
3eec6f971dbe0a2412adace3eccf6c77b3fb3940f729f1b4c0874f627f68fa51

SHA512
daeb2751e8d523eec4c7d4e1783a85056aa6526989d5dc08a33e030d73765c561c7bf0bb9cd71c3249ea3a3218a0a6eb24288ccaaddd2bbac7fadcadfd18a1f5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
1278440c5cf15099fc03426b56b5ff99

SHA1
3f4a701c6457c9f75c3c483f1dc0d14e3a1a02ac

SHA256
22b00f3e889c2f35c3287a60fb9422b80c01142a6fe23acf2c2357602934b76a

SHA512
ebf1636a664c83230fbe3743faa2e4bf3c2f09c78fb6b52ff82488c6a762c0be06b39fa0102a3a831342b5ba26e5a6ca72cf57523db00f72b3dc24665c8b61c0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\targeting.snapshot.json

Filesize
3KB

MD5
76efe932ef44a772fd624180e6ab3216

SHA1
2fe9dbc71aa5eb75c7adc3c6c69540affa7006c4

SHA256
8ff5236af229dbf2dd5cfc111e115d4ec6c2b326e6c2805b26062e5decec8957

SHA512
22d5ec8d2054803bfbd87287ee0dad784f76a3ff6094769414550b2e6affe27c83dd1fe882a7585106188eab2d4817177cee515a738d263b874624b2575dedc3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\xulstore.json

Filesize
141B

MD5
fcc0a4014782f3927e71baeddd2dfe68

SHA1
af19885e5f719a6485066c6317361c6858d70fe4

SHA256
a4e0791db84036961904babe1a29dcf3698bdcd8b92389dda01c699f2ee52ecd

SHA512
338fbd72c9c4e657feb9ae548601e1bd1da1c4e1ec9b7e475b34fec1feace6af6161404cc91a2babe8d6aa758a460975d859d92915d6297f48e866a5653acbc8

Download Submit