695cd368713e92a60a3a1d78055081ff74655c19a704a9303f79d4f66d41b38e

Resubmissions

05/04/2024, 03:26

240405-dzpm2sah9z 8

05/04/2024, 03:26

05/04/2024, 03:25

05/04/2024, 03:21

05/04/2024, 03:19

05/04/2024, 03:16

Analysis

max time kernel
150s
max time network
154s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
05/04/2024, 03:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eg-en.html
Size

1.3MB
MD5

ef3e67e8c87982ae2424baa272fd7fd1
SHA1

f002b425b5eee94f0a4e17ff25d31576fa478df6
SHA256

695cd368713e92a60a3a1d78055081ff74655c19a704a9303f79d4f66d41b38e
SHA512

ed6a1a726ee9827abb9b399f5376dc24ab989c23493a77c58d89ef6dd2210f63efab9bec1f2bca08cfb70abb7b4b53dd63cf32f4b154af5e254aa372b33761fb
SSDEEP

12288:PfG6L+qHfKZdUkbNPdNiojl49QtAhwFh66njWLp/53:DLPHfchFh66jM53

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-627134735-902745853-4257352768-1000\{13B9F115-69F6-4CCC-9B42-8228BD0A505E}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4544	msedge.exe
4544	msedge.exe
1888	msedge.exe
1888	msedge.exe
4592	msedge.exe
4592	msedge.exe
3332	identity_helper.exe
3332	identity_helper.exe
1772	msedge.exe
1772	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4156	firefox.exe
Token: SeDebugPrivilege	4156	firefox.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
4156	firefox.exe
4156	firefox.exe
4156	firefox.exe
4156	firefox.exe
4156	firefox.exe
4156	firefox.exe

Suspicious use of SendNotifyMessage 17 IoCs

pid	Process
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
4156	firefox.exe
4156	firefox.exe
4156	firefox.exe
4156	firefox.exe
4156	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4156	firefox.exe
4156	firefox.exe
4156	firefox.exe
4156	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1888 wrote to memory of 576	1888	msedge.exe	80
PID 1888 wrote to memory of 576	1888	msedge.exe	80
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 3420	1888	msedge.exe	81
PID 1888 wrote to memory of 4544	1888	msedge.exe	82
PID 1888 wrote to memory of 4544	1888	msedge.exe	82
PID 1888 wrote to memory of 904	1888	msedge.exe	83
PID 1888 wrote to memory of 904	1888	msedge.exe	83
PID 1888 wrote to memory of 904	1888	msedge.exe	83
PID 1888 wrote to memory of 904	1888	msedge.exe	83
PID 1888 wrote to memory of 904	1888	msedge.exe	83
PID 1888 wrote to memory of 904	1888	msedge.exe	83
PID 1888 wrote to memory of 904	1888	msedge.exe	83
PID 1888 wrote to memory of 904	1888	msedge.exe	83
PID 1888 wrote to memory of 904	1888	msedge.exe	83
PID 1888 wrote to memory of 904	1888	msedge.exe	83
PID 1888 wrote to memory of 904	1888	msedge.exe	83
PID 1888 wrote to memory of 904	1888	msedge.exe	83
PID 1888 wrote to memory of 904	1888	msedge.exe	83
PID 1888 wrote to memory of 904	1888	msedge.exe	83
PID 1888 wrote to memory of 904	1888	msedge.exe	83
PID 1888 wrote to memory of 904	1888	msedge.exe	83
PID 1888 wrote to memory of 904	1888	msedge.exe	83
PID 1888 wrote to memory of 904	1888	msedge.exe	83
PID 1888 wrote to memory of 904	1888	msedge.exe	83
PID 1888 wrote to memory of 904	1888	msedge.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eg-en.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xdc,0xe8,0x7ff8688e3cb8,0x7ff8688e3cc8,0x7ff8688e3cd8
  2⤵
  PID:576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,17237529975625740922,10264480161147019199,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,17237529975625740922,10264480161147019199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,17237529975625740922,10264480161147019199,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17237529975625740922,10264480161147019199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17237529975625740922,10264480161147019199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17237529975625740922,10264480161147019199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1980 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17237529975625740922,10264480161147019199,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17237529975625740922,10264480161147019199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17237529975625740922,10264480161147019199,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1932,17237529975625740922,10264480161147019199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3388 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,17237529975625740922,10264480161147019199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17237529975625740922,10264480161147019199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17237529975625740922,10264480161147019199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17237529975625740922,10264480161147019199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17237529975625740922,10264480161147019199,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1932,17237529975625740922,10264480161147019199,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5100 /prefetch:8
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1932,17237529975625740922,10264480161147019199,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5928 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17237529975625740922,10264480161147019199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17237529975625740922,10264480161147019199,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17237529975625740922,10264480161147019199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:5096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1992

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4380
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4156
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.0.629045970\1509617832" -parentBuildID 20221007134813 -prefsHandle 1820 -prefMapHandle 1812 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {90612f61-2e98-46d1-a399-37c9d7b5ed9f} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 1900 20bc2607758 gpu
    3⤵
    PID:124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.1.1051248095\2002250599" -parentBuildID 20221007134813 -prefsHandle 2264 -prefMapHandle 2252 -prefsLen 20783 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {732343f5-b3a8-4cf5-9eed-4fb4fdea8454} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 2276 20bc13e3558 socket
    3⤵
    PID:1320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.2.1185627236\2029760539" -childID 1 -isForBrowser -prefsHandle 3344 -prefMapHandle 3340 -prefsLen 20821 -prefMapSize 233444 -jsInitHandle 1008 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e224b02e-af9d-4f45-9389-0a426c85f57c} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 3272 20bc66a1958 tab
    3⤵
    PID:2272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.3.1218430022\1242890800" -childID 2 -isForBrowser -prefsHandle 3564 -prefMapHandle 3556 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1008 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4c09d96-cd5d-41d8-836d-d37b13e105ea} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 3580 20bc7504158 tab
    3⤵
    PID:3116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.4.1310882335\785299456" -childID 3 -isForBrowser -prefsHandle 4548 -prefMapHandle 4544 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1008 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a01de436-7e65-4235-b096-431ed0e3bd39} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 4572 20bc8510258 tab
    3⤵
    PID:4944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.5.2042171859\1157680399" -childID 4 -isForBrowser -prefsHandle 1756 -prefMapHandle 4956 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1008 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {19d59563-7dc2-4b3e-bbc4-8a4e80077cea} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 1764 20bc2606e58 tab
    3⤵
    PID:2736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.6.468679418\586575852" -childID 5 -isForBrowser -prefsHandle 5124 -prefMapHandle 5128 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1008 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f922650e-14ef-4b1b-bca6-57d8eba36770} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 5116 20bc91ea258 tab
    3⤵
    PID:3608
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.7.43655853\1347402300" -childID 6 -isForBrowser -prefsHandle 5320 -prefMapHandle 5324 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1008 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c010b1fd-5792-49f7-b60e-52db94f5fad9} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 5312 20bc91ecc58 tab
    3⤵
    PID:1944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.8.1156282354\866981660" -parentBuildID 20221007134813 -prefsHandle 5736 -prefMapHandle 5756 -prefsLen 26283 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {28d3332b-bca4-4993-8907-110c5d5f3563} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 5724 20bca819858 rdd
    3⤵
    PID:2680
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.9.1096225833\1429568455" -childID 7 -isForBrowser -prefsHandle 5852 -prefMapHandle 5848 -prefsLen 26283 -prefMapSize 233444 -jsInitHandle 1008 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95dd2022-abeb-40fe-ac9e-269b555bcbf0} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 5772 20bca889058 tab
    3⤵
    PID:5084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.10.1029465413\1521026948" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6080 -prefMapHandle 6152 -prefsLen 26283 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7dfa4881-8b14-4ffd-9be5-19c4f5721e3c} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 6136 20bca818c58 utility
    3⤵
    PID:2304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.11.638528547\23443076" -childID 8 -isForBrowser -prefsHandle 5576 -prefMapHandle 5192 -prefsLen 26458 -prefMapSize 233444 -jsInitHandle 1008 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {57b78341-856b-418e-9d4c-f53c953ba853} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 2772 20bc3c9ae58 tab
    3⤵
    PID:2496
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.12.328727492\937370627" -childID 9 -isForBrowser -prefsHandle 4716 -prefMapHandle 2744 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1008 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a6b429f-0d3f-4aee-9368-aec600e22812} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 6268 20bd029fd58 tab
    3⤵
    PID:5480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.13.503576548\857828806" -childID 10 -isForBrowser -prefsHandle 4716 -prefMapHandle 5580 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1008 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81e467a5-eaba-4d84-bfa9-0d2ed37da9a3} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 5732 20bc95edb58 tab
    3⤵
    PID:2168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.14.1671331632\1710017780" -childID 11 -isForBrowser -prefsHandle 5036 -prefMapHandle 6268 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1008 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4aa89553-0845-4785-9bcc-b559fc3652b6} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 5028 20bc95ede58 tab
    3⤵
    PID:4724
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.15.1140273049\1387608168" -childID 12 -isForBrowser -prefsHandle 6336 -prefMapHandle 5492 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1008 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d1b4e15-4732-4e52-8080-bacfecad0909} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 5272 20bc7af8158 tab
    3⤵
    PID:5660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.16.1939064607\1125162654" -childID 13 -isForBrowser -prefsHandle 5396 -prefMapHandle 5300 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1008 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f544acb9-4bde-4618-89a0-f72b7d20092c} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 5400 20bc882cc58 tab
    3⤵
    PID:5960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.17.1523329173\529013914" -childID 14 -isForBrowser -prefsHandle 4528 -prefMapHandle 6292 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1008 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c894a961-499d-4389-b874-b0f2826aadc4} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 4624 20bc8855558 tab
    3⤵
    PID:6036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.18.15486688\522326001" -childID 15 -isForBrowser -prefsHandle 4688 -prefMapHandle 4648 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1008 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b6969a1-a2f8-44ae-af60-45835c499ab1} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 5580 20bc5995c58 tab
    3⤵
    PID:5040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.19.16150105\1946132275" -childID 16 -isForBrowser -prefsHandle 4172 -prefMapHandle 6500 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1008 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a6530f1-40f8-4c7b-a40b-6075a5c37453} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 4580 20bc7af9958 tab
    3⤵
    PID:4368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.20.718603423\515261901" -childID 17 -isForBrowser -prefsHandle 6480 -prefMapHandle 6924 -prefsLen 26763 -prefMapSize 233444 -jsInitHandle 1008 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2395f482-0075-4853-a083-6bdf57200881} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 6588 20bc8960e58 tab
    3⤵
    PID:4764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.21.913743865\2129782814" -childID 18 -isForBrowser -prefsHandle 7044 -prefMapHandle 6928 -prefsLen 26763 -prefMapSize 233444 -jsInitHandle 1008 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6137e044-b2ee-408a-96bc-be00548bba93} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 7052 20bc896a558 tab
    3⤵
    PID:5272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.22.1513769580\1660987399" -childID 19 -isForBrowser -prefsHandle 6564 -prefMapHandle 7196 -prefsLen 26763 -prefMapSize 233444 -jsInitHandle 1008 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d07f8b6a-2885-4a8b-8d74-5e7134f8071b} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 4172 20bc8967b58 tab
    3⤵
    PID:5604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d4604cbec2768d84c36d8ab35dfed413

SHA1
a5b3db6d2a1fa5a8de9999966172239a9b1340c2

SHA256
4ea5e5f1ba02111bc2bc9320ae9a1ca7294d6b3afedc128717b4c6c9df70bde2

SHA512
c8004e23dc8a51948a2a582a8ce6ebe1d2546e4c1c60e40c6583f5de1e29c0df20650d5cb36e5d2db3fa6b29b958acc3afd307c66f48c168e68cbb6bcfc52855

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
577e1c0c1d7ab0053d280fcc67377478

SHA1
60032085bb950466bba9185ba965e228ec8915e5

SHA256
1d2022a0870c1a97ae10e8df444b8ba182536ed838a749ad1e972c0ded85e158

SHA512
39d3fd2d96aee014068f3fda389a40e3173c6ce5b200724c433c48ddffe864edfc6207bb0612b8a811ce41746b7771b81bce1b9cb71a28f07a251a607ce51ef5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c9fe0995ddcea292699572896560b30a

SHA1
5c81fdc6881755decc273ff264b46df668b97ec6

SHA256
6e9d2ebff549974c2f92ac563e62fbc899a65c91a236aba8c243ed5e340917a5

SHA512
7473c9414776b50870505b8bc089f1db2f64e88d675bc8d5482021c50686e8b569df1685cbf06669c62cffa4b26b034bc1cf58e685a4cd8b4d5af59f5aa94d20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
28KB

MD5
e72d7c35748d7ef2958c4cf96548e298

SHA1
fdcb1b1731c293b1fc539728b7908fc41aeed943

SHA256
3dc866b71eb08aeb661159a220eeff432929c968bc21dc8f61c9687c446fd58b

SHA512
40d88edededc07439b0ecfdacfa2aecf665902bf2847508ac5ad9eeb9e0c03388fc16b86b0fe60f15a80455285b7bb66b8ccf9c98a7e7d2cbd38deec7a289e50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
1e9b49668579f489b31514cd0a07f0bf

SHA1
50ef00771fdf72dc4f3172d011b8eed497cace22

SHA256
5f1cc28edc34631cfbd7890dfb4ed7b88d8044c2feebb47b00de46596d65291d

SHA512
9e5a69024fcbecd763b625eec9967bca6addb2968eaa1c879be64de17a0e92411bb8d5bda06a0ffe87d2e7dc734ae0cc02e030dbaa83b917351b156908d37f8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
641B

MD5
e309a235947292b9f901df4e7cdc2817

SHA1
29317993281fa010da6ca6d31a99180329dc4230

SHA256
a6d789b4b065f51c2e4ac69cbcbcd258f2a41d474d194cb973633901b28f7fc9

SHA512
0d0a9e4540bad0b5e15f3bfef225372b642486862cbbad96300cb87d2e10c32e01823e2742d840b0afc10bb4db523d63f862a7ece0f810e26aeb38ff7641eeaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
79bfba0ec0770ce6ca2c3bf1f97a3fc6

SHA1
09f19fca42b6ff409d843b84ca734d569d61f261

SHA256
1d122b9a9e7e6976167afda52d523c896f8dcde134f7e3b33c70af8add1fff97

SHA512
cef22c9774af54622e50ca8beeafe9701ffa7dfdb828e91ad8e66a6f15c35fc9aaac584e56a2e0b343f5d05bad3bbd036639a2b6bafa9012cbdb7552a5114ad8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a4a14b7176b16035e9408531d24ccd12

SHA1
f684c67838ff7bb6267ada0dc99d7631c3db9198

SHA256
5c3bedab53c3a608da0c6f7ee3e5acd0a917de9d8668f522fb0cc2d936061353

SHA512
7dcf695f53113ab5a33b891fea6b16e375ee2fd6d8dbaca048f1e609b565a8c5e6bc0b053edaeb789904545a09354bc64c238d8dd097b09a4dc9b6fc6dcf858f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
895eae98cf8de58fc1aa948ec6563b0a

SHA1
937e95054bd15f281d7bc7919023535dc4d95296

SHA256
26c2929e2e28619a6933eb9a3a7c0569657c31adcbd908b6aec302c4c9e83c83

SHA512
4f220b41fa92753e8c7a9e08474acb0415943b233c2c24ed1e8c28a5b4559b264acdd04018d915f23faaaa6998bd6c80e1135b3cd17f7f8f9ca545e224b33e17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ed5d.TMP

Filesize
1KB

MD5
b4dcad629f86a83ae47cdc8290758977

SHA1
db7040b29b72c61d0f7fa417c5996f8a8ed5065a

SHA256
a1971c0e8a9c12148991272f1d9cbc9d914ca7e8f835c2a1ca1227de309dd6f4

SHA512
c3a526f9277c7c1b7ef85b1a3460b9084a20341d19e561fd7ee7013313ef55f64aa5d8037125578387be01ccb8c49432aec80dca399aceb8ea1a658a3919a6ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c2a6cbde-5301-4422-83b0-ff000f5229a1.tmp

Filesize
6KB

MD5
13c3ff608a36c9cdd7690be8a98361ec

SHA1
d28d25b8de0fe7d22cf647ce29a6f22ecccf0f08

SHA256
0355c44e0ae4386a604103a3ff17aec8bdf17d633da3351cfcc9656cc263b5dd

SHA512
5a7ba16a1dd461e5350405cd84b7b50748067603c882a4a4d7e27dcd7fd4fd39de37eb77910ec1236a1cba71c73ee6c17a54aaee26cca42a41e7433a1a7accd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
aeaa2a9fba60c9ba330bd0527dac5232

SHA1
727a9945e5b1a3538ab20ba20206ec75bfd1969f

SHA256
e5f852938aad5304ffea1ed8f16cd390b5a15561d7f8497a1f07c741f8422028

SHA512
ca8e7d0da85c116da92f0b9956aa78560784c5456580e9ec44e99f562ed64e6287ae40f284aacd55ec477e31ad846f3eec4d25132a68914e9b55d9f91249d84e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4b84f1e9c94e6302a91ab413a5a8063e

SHA1
7c84388379fe782520246764897fa21e44c74f54

SHA256
29a5361343167526302fbefd24fbc30adc5ff82cbbea2d81751c3a8249c741bc

SHA512
d1fc53ac06f63666d1773cd7cb3685ec4cff5ce0d55c5cd9778b3213ee0125e09f8fcf3a35ac8e05ea35556e1f40580a75f7d349ea8ff6c1bd5debb1514a0785

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er0iywxg.default-release\cache2\doomed\10190

Filesize
9KB

MD5
756e1fe64924c8ad357f3c740b10a6ac

SHA1
70825aaddf6267a1f98ec294ff01f920d9bf884a

SHA256
d34e895422e6b66928fdc90bbeac38c3af7f0b4b19d7746644e5b569c32a93f7

SHA512
890a77bcadb4239f18507b6eb0267bc5e505dfd785e63dd069862091bb6539016076fa9db700165cea4f3c4800de70a21b852fd683a703e4cb82d398738c26c0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er0iywxg.default-release\cache2\doomed\10256

Filesize
10KB

MD5
8de07ba526a8fc934172d3b9a2af1288

SHA1
a844de3e99e2e45b52cb735d0e55fc2cd3e1892f

SHA256
8379df9cc0c7a63e864449120662598955c3f5d0a3f992104a1cdb58d2080093

SHA512
63d376f04389c9bc2d8ef884aa04ee39b7290e4a137da313b14a43bf71966ea70b02a0e972226a039316a74ae819efa538a24521599652c2189c838069aa31e0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er0iywxg.default-release\cache2\doomed\16861

Filesize
11KB

MD5
14e65f446f5fcaf6ce81af943dc70abf

SHA1
843b51cc8b7b62a5b026bab9a63b00d296d91738

SHA256
64496074dce337968aecc75e573b97d8589940fcee8349a98beaeaebfb28d702

SHA512
f6d785f16aa390aeff9b6f33d96cf516cbed01793deb7e0698b55d1cd3065cf69e9ea7a2605bbf561539fa2f807469ba2d7873d6f29674cd2c66df55cf4586b5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er0iywxg.default-release\cache2\doomed\7013

Filesize
9KB

MD5
eadb202296866064c240f44dd10b0b1b

SHA1
c0bd081d5ea4239a945e55ac3188df9aac041a40

SHA256
f4531284f5ca38258e2d10994a8a6538787da04fa2fd2848cf4e4a737eee0483

SHA512
6b7d9f61d347e0d79a52874c1bd1c965b14682d9c98b6a5c9c1c5aca83ad52ca7bb4fb8bb371aab4702d666bfb2e798e3969da30ccfae7e01c7fd5a04033e0da

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er0iywxg.default-release\cache2\doomed\8231

Filesize
22KB

MD5
bf627969e348307b86a59924fc69faec

SHA1
6879bd33cd722d604163b729435e67630dc4907f

SHA256
3c6b82aeac64d285f546b63209488790ff510b1bd0e93f91b5f154a9134e822d

SHA512
88f0043a1d607d8039cbb8fd418c34cb1c065b2e31abdd797a315447ba0de95cabbeb9b03fea24d09b8656a840b4c42edfbd27e12a0919e828c3dea0a6bce580

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er0iywxg.default-release\cache2\entries\631F2480F226B803A7EBF8CBF5998ED60F23C73A

Filesize
211KB

MD5
b355ec4f5b6488074b5b1e4546fc74bb

SHA1
a1204a4da6e19845d1d295cea4c7c18f56477e38

SHA256
fddfe6f2bf0b627e202984924f7209f574a27356c56835134f3dcc8ca5f8879b

SHA512
0a8bf7b8dddc3bb5ef63930d9120f815754cea5f620b314304b9d7e1b0c8413e6c7f11e3e1423d15a337a60fd54051bf99503f704b0be2afede2396618b15608

Download Submit
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-29358

Filesize
4.3MB

MD5
1de3f64b2360c8ba74071411b144e297

SHA1
bbba30ffb6dc4744074748a84a3458519fcec649

SHA256
5c375fed96dae837e93cb25ecbbc37ddcb6bbb3a54e303427a47dfe940f2bed0

SHA512
738e8ed241a17bc617a59bed83d7851d93190ca2d9c2737dc36ec82a0f96ad4cc7a467173b1e2ca3d9ada4a096894ea557791c35688ce434b2d0ec66c93d48b7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
41a91011298fda440cba377861fb77c3

SHA1
bb437075130fb07914190f847803dcf2067e32e3

SHA256
e020b0647137e2072c63f12c8c41755954f781b91930ab3fc7b390a92f46e197

SHA512
8ba1b4d9aedc2f91440ee776ce2d29975a39915ed36410f5e90d49faaefb41764848a248d487468faf9ef5be899359c4588b4a7623da1e998df7d6e2e7006b2c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\datareporting\glean\pending_pings\bf60ed53-6956-4984-9e1b-87cd48935a4a

Filesize
734B

MD5
8242f56ba5b71cc300e5339ef58813ad

SHA1
25a4cc98787bf0e7e95fd8bdc162944f19db2196

SHA256
b1dfb13d5f79a48141bd51ad9c27267efccf339818b34d4ac9f1b30a189a9fb5

SHA512
1650a81edb5039dbac8d784cf2dd21a2804a4da5b9fe7c4011fb5d33467a87c4c212d05f93dadb9b45dd9f0f91f46e4d9f6348ab7aebdb98cae349b5b75b3379

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\prefs-1.js

Filesize
6KB

MD5
f5943dc6820c2ed4ad5bc9b63e1caf2e

SHA1
a3c3e5b643eb43ccc68e11a7f1b9b8547f8251b1

SHA256
1fa3a70f5ebf854608b6b41b99733a09402be6f1f4e3b9ad8c91bfb68e5fbcb7

SHA512
474a409d8de87c84a0e060085c1928cc40900a4c424b8f844ede0e3c19c33360302fadc7b7dc7f5b76657101fa984e195538f240c2cdfa7fe1883787803b9124

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\prefs-1.js

Filesize
6KB

MD5
b23e3a62345158a3ee42b704a0a41d21

SHA1
fe35778fe25ee227c7e3ea947d5ec0dd60818b55

SHA256
c0bc2b16a15c0fa0b1312262a86d1d81d344920a1f38b90a644299493c52963d

SHA512
db70587856ae98ada9764ddba2fc9f80775ac645800669d50b12e6ddecd7f89737ab5d0269eba1a8aff36715ffa53ad66b5075226ee18df35797ee0e0227d2a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
63ecd548e40f65c619a81e8bae60c8f9

SHA1
5faaa7cb513953abdcdd997807e72d92365f4860

SHA256
11a1a5ed724a4901fbf41505c029966cf39f036d936336e2796b76e820afe56b

SHA512
09e961034fe9425c3ffcaf061dd049bc42d62ee5ea71f049bdf46cf02a5535b015e9c3e0803186c1e29e35aeb9aa934b432756370daef5f70b04db19cc9b69e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
9fe0ede4924b63ee36ed00997bb14808

SHA1
8b11d50db6871e728a82edd6b7c9d69ff8826618

SHA256
dd2185d54acb53a7cc0449a38669ec71daa919de2db56a515804172ea2d1e274

SHA512
8f0d7692c97c2735a4eeda7a85a0d26777a63ef8932dd20a033eba35dde510d0342fa6a8b1087c10adbf2d8dbc3865bff67fddebafba974dabb65173787ff559

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
34003c005869d12301d77fd8fe681063

SHA1
ab28f6c765030ae0a8f7b26b29455ae213237c8d

SHA256
62104d97d7e6718273eb0c4b1171bb986ac77ce8912ce2253315077ac2307594

SHA512
513ceabae8b07af1d0b4a7cad1d78ebf208bd9fd312d46737a6223edc196e22903fe96cf8a1fef8468174519e19dafc02041e1dd7b4877fafaf22a396c19b257

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
96e8b0b0b557b51c4e5650f57068cbb2

SHA1
8e47a829cfdcc3b714059504c247c7fa9a061d71

SHA256
f0b9d93a4567ab15a5e60f3aad9348c73970464d965c4aa583835babd6064c35

SHA512
92236f9e9be176056c3b56533aa473510604036487c3422c57c599feeb389de5a27a801da65263a9c3f3b88fd809451e9028d0fb93bdeebacf4e10acc2b0430e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
13KB

MD5
b847997ef44c9dc3d9f62dacb6974eb0

SHA1
ccd20d2e023161209e4c9490cfeb120f3c3946f8

SHA256
82009c8aeee9667c6712ecae9fbdf73fd213f6f1ec558eca1cee61846feba498

SHA512
00d28736b76d96a525a978b1e7f4953bb23b653d1df24e2bf76a199d200bf3562bda6338cb26b58f60e16aac7094648feb5005ada689cff771566f3727219b66

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
13KB

MD5
e224970df6a8d5a20bae6c33611447c7

SHA1
018ff8cad1656fc14793077419706364e0c2b07d

SHA256
9f663eb25901446276c4a8ed7782cec5b6f1ca94583dafd5ca6210602bd9d65f

SHA512
8a0c9350c7ba815ab7551d0c3ea51c1c1e08ec1d12374590579e4caafc04058c0028c0be6231c63cadc23d50ded6f48c7038258dd053f606232a66f2215f3987

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
b788ef23fe72371471300b3c696e8e7f

SHA1
29066eb9cc4cd7c846837754253b193f5f10d0a9

SHA256
7e3929adb05d1699252411128baa52040970f16973462b2e3ad406943462dacc

SHA512
26c3cd3fca56676bfc9ff213492dedc7197653dd6bb8131cf78b5972deb7cc12960613661f0a7742ec0ea5559722cd094971343c8a520c5798687e13b1dece8a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\storage\default\https+++www.wifi4games.com\idb\556220133rrae_su.sqlite

Filesize
48KB

MD5
5d23050994637d155d92b01e3eecc28c

SHA1
147972fc82a9a939f782f9c43318da5fb0e80a74

SHA256
b4b3863bf1428f1ea0a06e70c6ebd0ce854e4c3ad3698a73cf39560aac7d6bdf

SHA512
8836a17d4515138b1cfe89fa9bf5d3ef645cc00b3524d840b95734e7317be57bda576bd52000b554f132693dc93a919b9aa733133bde5424da9c4ef3942a4e5c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
418f849a1cb9eb3ca11a7fc1149bacd2

SHA1
d28133214c567d47dccd16687f90b2d54359956b

SHA256
7b54e546959e543e32f0477022c5066d1fc36c16e3dcf41e3816af2a85475c9f

SHA512
36def77003a8024a028de8b8642a5d0eebd9c2046506c9701c69bc869214d01363abcfb2beefc7a2b7c54df7f3bfe9f3bf0b6743e30e3516e7293a8b0b55b02c

Download Submit
C:\Users\Admin\Downloads\Supermarket.R1HCBGV1.Simulator[wifi4games.com].rar.part

Filesize
79KB

MD5
d5f7085eb1d76b0798b63cb873781063

SHA1
563b06f773ae732bf83a8900a53b7bfaa0a4667d

SHA256
029d59e0195754b2cf7af39e04af35b418fc668b566fd09164bc4bf084a4b192

SHA512
4972f5ba8a633e137162ccaa48429c30054828719baafdfe3d5e237a2e32410fbb6917c08203c1b5f6b1df266507535420c2dfddb51816c8b365db801ccd92fc

Download Submit