cdea3f40ff14e31e8afc0810ea6dfea48d79f5d30dbf2b66673aa89546f40cdb

Resubmissions

19/03/2024, 09:13

240319-k6zvxsgf6x 10

19/03/2024, 09:08

240319-k38cwsge7z 1

Analysis

max time kernel
234s
max time network
246s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19/03/2024, 09:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

88KB
MD5

fa1f40ef09d084500e63cec86333d59c
SHA1

cfcb60bb7ddb345bdcb6505b0eedca58f7e93518
SHA256

cdea3f40ff14e31e8afc0810ea6dfea48d79f5d30dbf2b66673aa89546f40cdb
SHA512

e23475b0d98d736ad84555c6c475d239bee6e6619ead4350b94c1ef60ad02b264d95a5cc48221519984972477ec6be984ea1f9e8f7e2571e2712a2a4620c83cc
SSDEEP

1536:ybQBKbTtHnD3A0vuhGyUfjsfzf04PAPlPkpyXIQkvukuyOct:qHnD3AeuUyUfgfzfNPAPlPkpyXINGY

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1584	msedge.exe
1584	msedge.exe
1152	msedge.exe
1152	msedge.exe
4364	identity_helper.exe
4364	identity_helper.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2320	firefox.exe
Token: SeDebugPrivilege	2320	firefox.exe
Token: SeDebugPrivilege	2320	firefox.exe
Token: SeDebugPrivilege	2320	firefox.exe
Token: SeDebugPrivilege	2320	firefox.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe
2320	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1152 wrote to memory of 212	1152	msedge.exe	86
PID 1152 wrote to memory of 212	1152	msedge.exe	86
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 2392	1152	msedge.exe	88
PID 1152 wrote to memory of 1584	1152	msedge.exe	89
PID 1152 wrote to memory of 1584	1152	msedge.exe	89
PID 1152 wrote to memory of 4104	1152	msedge.exe	90
PID 1152 wrote to memory of 4104	1152	msedge.exe	90
PID 1152 wrote to memory of 4104	1152	msedge.exe	90
PID 1152 wrote to memory of 4104	1152	msedge.exe	90
PID 1152 wrote to memory of 4104	1152	msedge.exe	90
PID 1152 wrote to memory of 4104	1152	msedge.exe	90
PID 1152 wrote to memory of 4104	1152	msedge.exe	90
PID 1152 wrote to memory of 4104	1152	msedge.exe	90
PID 1152 wrote to memory of 4104	1152	msedge.exe	90
PID 1152 wrote to memory of 4104	1152	msedge.exe	90
PID 1152 wrote to memory of 4104	1152	msedge.exe	90
PID 1152 wrote to memory of 4104	1152	msedge.exe	90
PID 1152 wrote to memory of 4104	1152	msedge.exe	90
PID 1152 wrote to memory of 4104	1152	msedge.exe	90
PID 1152 wrote to memory of 4104	1152	msedge.exe	90
PID 1152 wrote to memory of 4104	1152	msedge.exe	90
PID 1152 wrote to memory of 4104	1152	msedge.exe	90
PID 1152 wrote to memory of 4104	1152	msedge.exe	90
PID 1152 wrote to memory of 4104	1152	msedge.exe	90
PID 1152 wrote to memory of 4104	1152	msedge.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9aafa46f8,0x7ff9aafa4708,0x7ff9aafa4718
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6131339237043580883,7767877467683667070,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,6131339237043580883,7767877467683667070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,6131339237043580883,7767877467683667070,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6131339237043580883,7767877467683667070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6131339237043580883,7767877467683667070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6131339237043580883,7767877467683667070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6131339237043580883,7767877467683667070,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6131339237043580883,7767877467683667070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3324 /prefetch:8
  2⤵
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6131339237043580883,7767877467683667070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3324 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6131339237043580883,7767877467683667070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6131339237043580883,7767877467683667070,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6131339237043580883,7767877467683667070,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4976 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4140

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4340
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2320.0.293489707\247106006" -parentBuildID 20221007134813 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {372de8e7-0305-45dd-be17-9bf5514fe01d} 2320 "\\.\pipe\gecko-crash-server-pipe.2320" 1976 1f05b8d6b58 gpu
    3⤵
    PID:5192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2320.1.989475344\842865181" -parentBuildID 20221007134813 -prefsHandle 2360 -prefMapHandle 2356 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b82ba2d-edd1-4917-a93a-b678756a9d38} 2320 "\\.\pipe\gecko-crash-server-pipe.2320" 2380 1f04ed6fe58 socket
    3⤵
    PID:5260
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2320.2.1456207378\871979312" -childID 1 -isForBrowser -prefsHandle 2852 -prefMapHandle 2856 -prefsLen 20823 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eaa0b9e0-b4fa-44b8-9374-951f301dbd38} 2320 "\\.\pipe\gecko-crash-server-pipe.2320" 3160 1f05f77d158 tab
    3⤵
    PID:5584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2320.3.1095349678\1877904599" -childID 2 -isForBrowser -prefsHandle 3588 -prefMapHandle 3584 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b15f4a39-d5a5-4b59-bbc6-a27bdec9e42a} 2320 "\\.\pipe\gecko-crash-server-pipe.2320" 3600 1f04ed69358 tab
    3⤵
    PID:5700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2320.4.2098247557\211237181" -childID 3 -isForBrowser -prefsHandle 4204 -prefMapHandle 4188 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2be2ac6b-7cb0-48cc-9a19-f20d72ca43a8} 2320 "\\.\pipe\gecko-crash-server-pipe.2320" 4216 1f060888f58 tab
    3⤵
    PID:5828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2320.5.1433577964\1118672161" -childID 4 -isForBrowser -prefsHandle 4908 -prefMapHandle 4912 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {06adba5d-7646-4381-bbc1-91724736f77f} 2320 "\\.\pipe\gecko-crash-server-pipe.2320" 4924 1f04ed6ae58 tab
    3⤵
    PID:6028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2320.6.1666899470\1287734558" -childID 5 -isForBrowser -prefsHandle 5136 -prefMapHandle 5112 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6dded8dd-1082-4dac-9df4-360444af28d5} 2320 "\\.\pipe\gecko-crash-server-pipe.2320" 5152 1f0617c9858 tab
    3⤵
    PID:6104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2320.7.347549858\686436708" -childID 6 -isForBrowser -prefsHandle 5248 -prefMapHandle 5208 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf6188d9-51c9-4a80-a044-d6ee56833ef3} 2320 "\\.\pipe\gecko-crash-server-pipe.2320" 5288 1f0617c9e58 tab
    3⤵
    PID:6116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2320.8.25371701\1803140558" -childID 7 -isForBrowser -prefsHandle 5896 -prefMapHandle 5892 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e77765f3-b497-432b-9d10-42b712636b6b} 2320 "\\.\pipe\gecko-crash-server-pipe.2320" 5844 1f0630e3658 tab
    3⤵
    PID:6460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2320.9.805455689\2062127105" -childID 8 -isForBrowser -prefsHandle 4352 -prefMapHandle 4316 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7165c133-3a83-497a-ba10-9d25baf09eed} 2320 "\\.\pipe\gecko-crash-server-pipe.2320" 4448 1f05dd74c58 tab
    3⤵
    PID:6756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2320.10.265777900\808587325" -parentBuildID 20221007134813 -prefsHandle 3000 -prefMapHandle 2916 -prefsLen 26285 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7547b159-d572-4c8d-8d33-5e39e3cc6cd6} 2320 "\\.\pipe\gecko-crash-server-pipe.2320" 2932 1f062247558 rdd
    3⤵
    PID:7056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2320.11.691968530\697530742" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6256 -prefMapHandle 6252 -prefsLen 26285 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {169c0183-8bdc-4bdf-a594-0fda8ae268c6} 2320 "\\.\pipe\gecko-crash-server-pipe.2320" 6264 1f063064e58 utility
    3⤵
    PID:7092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2320.12.141743886\1963990554" -childID 9 -isForBrowser -prefsHandle 6492 -prefMapHandle 3568 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91739f64-a952-4168-b55e-d15f98d7910b} 2320 "\\.\pipe\gecko-crash-server-pipe.2320" 6500 1f05ccf6458 tab
    3⤵
    PID:1676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2320.13.1135660502\723481327" -childID 10 -isForBrowser -prefsHandle 3484 -prefMapHandle 3068 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d60549f-9b8a-4ef1-a409-31c2a08f6195} 2320 "\\.\pipe\gecko-crash-server-pipe.2320" 6480 1f04ed60758 tab
    3⤵
    PID:2692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36bb45cb1262fcfcab1e3e7960784eaa

SHA1
ab0e15841b027632c9e1b0a47d3dec42162fc637

SHA256
7c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae

SHA512
02c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1e3dc6a82a2cb341f7c9feeaf53f466f

SHA1
915decb72e1f86e14114f14ac9bfd9ba198fdfce

SHA256
a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c

SHA512
0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
505B

MD5
52738c22703468dc7fb82cb0bc6c25c9

SHA1
6bf856179b83f4228514cf17e69968acbda6c687

SHA256
8dc2bc7f3d9c2012bec14129c1e4ac2ea5998e0249e25c0cf68e5fe584bad2e4

SHA512
f533721d75c8bd593cfaafa1afe34dc2bd106699d77d239d5dbe9f60c84ca872e22232055633862e447a6c9662fb2c350a1317015dbfe6d6023bd8ddbb93066c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0934baccf32092b649861ba6a572109d

SHA1
4c099e5b3daa3671518d0c4e0edf4b9f4da43a64

SHA256
4b947918b46c2a07b0ebe24dcace5a77c7836a488194fda6e9b6bebf1e0aa1f0

SHA512
95ad732f4600fb32562e1467d0ddf0e705362541a1e1c5aa64a75b735993245065e70b65422fc06d28ef1e721d91008e4c754b6cb41058c8f64dd81e7e2a7371

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
496b9b149a8554c0469cbb64840bf34b

SHA1
40adb153b6770a6a994568ee1b5326d702deb75b

SHA256
5d74e92c494d19ebca6b8a6d0cc8992d25e44f8d1955337c05056717ea106ea6

SHA512
765a130a4687aa08567e23d7b33ae6053fe07e9187db7b69d27513b352fc1256c3a1d3fb7abe7ad19499a23ed0ab1acf5e83a749804a7b98623c06e6e3f79c26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4834f1381038605397609908373df189

SHA1
4147849122be6a274b398d30dc7167c414a482dd

SHA256
b9db3cf2c30f65946906bd0e13013f21aee52678c9140e7681ca0b99963cbcc2

SHA512
81696060d70c94a619a8fb23262b1b3f7cca056279646196b3989f64054b0742a2fc2a7040e4410daa36a0f62673b540e2294b036003b200b5245c71232e8708

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
faccabef558dd7ce9a67e23c0cfc39e4

SHA1
762607e37f777fe85a238399e71df9d35aa15169

SHA256
959765646514c49e0bdf1d98ce6f27956c3fe3bda9a0538918f9c902a38f2935

SHA512
17de7e3e446f9bbc2a3bd3fa3385ca095110c8ab31ded4dc5faad3c8249bc6b5d403a6db79446fb4562ad773156dd2c8e0c3c309b4d75b34966c8b1627849e5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
832KB

MD5
472e6cafee3a7457fbc6e21952230371

SHA1
bc0b4416f20c285e5c9f39e8056506a9c1a31972

SHA256
35a592993a88bb1be66d471e0345b220e88e26d6282c2c1b982231896c29ef5b

SHA512
4586cb20cc209fe69a86b2360393f0971a33514189dd35fcd11a328b497c5473850742843a6f9cdc04f2d02f5fa9c3062697f2cc7b9e48d452af4c483b720c8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
ed831d1662d0495d18a1d1c745a3904a

SHA1
67b0be98f61dade8475cec3af2167fd3310a73ce

SHA256
90c2a36f8e0253aa40468d85481bb2fa16c0f29f3075c542ec4114e039dbe7c2

SHA512
30529427e22c34bd21ce2924bffdcd5954b23af8e15c943cd7b23c85d68c669d3ac112da6f939623f87c46c7be5db62a493d4171fc2322aaf6a2b40f46cd7d1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\datareporting\glean\pending_pings\50df4963-fdda-4cf1-81a3-6c645065c9c2

Filesize
746B

MD5
383f4b6199f6c0afdce7a3c85dfaa21a

SHA1
f8895e40e73de7ec30f1858d489a8d24851fdace

SHA256
46fa26618bd276e8103dedac2a2100c14918f9f02aaf5be40718b6d973fc54da

SHA512
a7647b6c38416fef5171746fff47db3a138d90b30dfa0def1bccedd32a08fe9b6b5b12f89da0c2dba44f40a168213caa143de0faa8126b3964fc5537d1bbcb32

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\datareporting\glean\pending_pings\629bb932-907a-49e1-a0ee-433e191aeccc

Filesize
11KB

MD5
23e08daac49f93880f25b1c7bdf47f65

SHA1
d7f60704cf7b67416112e2e91c6593b457c7219e

SHA256
7ab23ae37d1fde45d787408d63b130c227a791928718964000a2c866410a4f1b

SHA512
22638efefc8c3fa3be2114c7b6212cffd0827ce24bb0ccc9961c239850e5310a0b46d13e67968acfb07d63649083cd685452aa2715186cab9ce15f619bc04059

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
256KB

MD5
35bdbe3c2cde3a7ee4e29abfd3f718b3

SHA1
d3d4ac3d69282816d8f72fd7880c0d062e13b289

SHA256
749d3c905b133b5f8e7a427818d6ba62a8a99dd995f790170c2c119ded3a0d71

SHA512
2c6e87c48f040ebdcf164d1571a661847222e2c8f1a39612d51a0472c6c4694ee06e4201a7960ca592dff1ff32e028cdeb2d41cc1408020e803b49986165e754

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\prefs-1.js

Filesize
6KB

MD5
080b3b83c10e241312254fea35bad66d

SHA1
e796469d154b3b47dc4823b01a79b41bb06cb674

SHA256
c64ebaea9e56bc4c250589643983058525e67ba4b337d30ceeb642d45015e230

SHA512
006ee4a32ac8dfc105c23a7c34a0c7ae4f6e1cc30ee8c9fdb2fe06d09a8a8868d6680652161ee978218bb6a81c3f8b0f79aa2020f75057173c094242d30e52ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\prefs-1.js

Filesize
6KB

MD5
e89e698485c3cb6e0000dc142185c05d

SHA1
90a6e8b50be0f2cf730956c0ecfc8066ed7837c1

SHA256
072a1afeeb450fb9f8856fd0599cb13fe398329f359adf4bd70c7d93597c49e3

SHA512
8a502d3728c48ee7d96e706ecd9543e0d3d751d28bc7c7ac569dad74047bd701efe7755b717b1c2671f9fb1ed77aa8bb46f6b64a5ad095c748d4249091dc1da8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\prefs-1.js

Filesize
6KB

MD5
0ee0a5ad580df092c61e88a9d708f296

SHA1
f637451a1914894cf196553f4c68f25f2fc21b79

SHA256
92471ee1b7dca825f856c8f6c740e0df95bf7390d9980a6951aa97c5cbbbbda5

SHA512
11bf667ffc47233860284e6837ce3ac03000be2a446dc6cdcc39a3077f57ee1d7c348a56461c4b08c837f512cf7c58d43a02caed9761f7b8fb7ccc0e8f511348

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
bd05a9ef1e2d960ee6d376f1ae2d4d16

SHA1
c121f5db3a7424da179420e5db9b0ce6c9094831

SHA256
10da89681e59abca695b95cbe772208a8cddb0684adb8ac000f40c44745984e1

SHA512
465c6c747565b0b0619b7c36396934415013c521646b8e06a1eb09758f0707bba7d9384c46cbb53986a06d44eca420bf452f0e1ae1ef6c49655d0a34873e2cd1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
ee2ecc411c78fd7a73ca888a9993993b

SHA1
401d44dc9782bc70d0c4e7cbb992693c98cd64c5

SHA256
fc862fed3d934af8354c60ed06e192977deb0f6b9c7170f73440fcb46d9b7d36

SHA512
fc7f35a1b8993ebaf7ae82133235006228628c5d212507d910119bb27e0a7789317600d7501e4b75a7d06a352f4eb7fdc697bae01dea23807a3ece0e6dcc8e87

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
7defbbbc54a635abdc285fcb95fc0b72

SHA1
51dbb56acbb765fa67c1d0b0c5803efb87ddf0c8

SHA256
938d8f27cb533e18d009cb0d9cb9d9e930b2ef85695207b87d492070ec3adcce

SHA512
19a69f9c1ee97aca52619b326790a696460ae0fa9cbbd8d276279e8e6fa2b8659288ffcbad151977dbdfca99ca82332064e98e7b86508ee361ac1e6b441b19dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
c3ce2fd24cceccad3b3ad67c15335d0f

SHA1
67e82684071ff3bc877b0822c0fea92f8415fc41

SHA256
b23b7e863266a782074af97659b3a87261f9eb9969068d18e007f529179cd034

SHA512
50a3b27e27e39373b661e6709b61257e9cb7bb78afa27163ce2a62930851b0b7d2f153063b8a602cf55a8e307cf6a697aeffd70d021f960ad10cf4c37060a046

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
5a5ecf548830759e23a6bda44fed06cc

SHA1
0d52f89ba10f3c48e763c28df8e133fe4b756dd5

SHA256
e3db0bac869dc478f0ede06b21cad7609c712713058af54ac11367bdf99bd7c1

SHA512
33ce083f7407c4bfc1cb6f95174f28344750ec5807e41f615ec9cb79fc3b741f7f3239512578912df353382dd2aea6b3fef8bcc3f1727b516e39c309ff51b439

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
6081c86abab0183faa9b0d29676d9357

SHA1
7e7c31587bf3fb544bb544e5e90fc3efb3d1ed0d

SHA256
df971b657bd0857ce31012d168deef2a8029e374afb37a894bb9195e94ca957b

SHA512
9ef42af484e6077b811f025302ae42ab747e6470113be7fe97ec892f0120f9addb8371585d054e15f6e9c6859e599dc262568574422798816342d0f25f9e9020

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
71eb5c058ce4f7fada5330df536b216d

SHA1
5bd3847ba4b8ea7f62a97556e49b52ad2ee96de5

SHA256
5dceea7483dc24ecb5c6beaab569348e3e3c4929a25bd075001506218c9b306c

SHA512
cc8f8cbea7c3b554dd830ba67b7cf385f6ec14f461bf76bde2ba810a51cc2e8677fbf6de4a09a5a1f8e51c5ddcefd0a5da76664c077d85e686d1aa88e000ff25

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
109a6835c5637a7b508b89f9f59c1a1b

SHA1
27bace43e7daa7334390754cf9c32294e499da61

SHA256
cc9ba30e986d1961e71239e09d663a647c568b90d78342b9bcae0270393d51d3

SHA512
1703b0424258158bac4f6448bdb78a884eda71fddc23809019b860fd243bbc30721550345fbe0966c1a91a6df976c32a37ac86036a442214cf4e2d220e15a488

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\storage\default\https+++www.youtube.com\cache\morgue\93\{9b5294be-561f-4dcd-84f2-7ee65f72655d}.final

Filesize
192B

MD5
2a252393b98be6348c4ba18003cc3471

SHA1
40f75302fcbe4a8ac2e33a8d9daf801abc2a9598

SHA256
04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee

SHA512
07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\storage\default\https+++www.youtube.com\idb\3170142489LCo7g%sCD7a%t4a2b8afs.sqlite

Filesize
48KB

MD5
06826cf4b6ffca5896ff76bda52fe7c7

SHA1
6179654f47af695b2aa8d88d376b8aa554c64f8e

SHA256
046e8602b9bc33d45a441752693da3227c3df1094a9941e506c2694b3c874147

SHA512
740413aeb912f70de9419f8371d4371b20fb301e35ac3fc6374d538f181cb8ac981218c8052140db68d8a2e54005f57a580e548dd837e3d4e8e6e9c18e80c85b

Download Submit