hxxps://nwhosailedbef[.]com/findPlus[.]exe

Analysis

max time kernel
473s
max time network
479s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 10:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://nwhosailedbef.com/findPlus.exe

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133579104604656445"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2532	chrome.exe
2532	chrome.exe
5168	chrome.exe
5168	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5820	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 4788	2532	chrome.exe	110
PID 2532 wrote to memory of 4788	2532	chrome.exe	110
PID 2532 wrote to memory of 1564	2532	chrome.exe	112
PID 2532 wrote to memory of 1564	2532	chrome.exe	112
PID 2532 wrote to memory of 1564	2532	chrome.exe	112
PID 2532 wrote to memory of 1564	2532	chrome.exe	112
PID 2532 wrote to memory of 1564	2532	chrome.exe	112
PID 2532 wrote to memory of 1564	2532	chrome.exe	112
PID 2532 wrote to memory of 1564	2532	chrome.exe	112
PID 2532 wrote to memory of 1564	2532	chrome.exe	112
PID 2532 wrote to memory of 1564	2532	chrome.exe	112
PID 2532 wrote to memory of 1564	2532	chrome.exe	112
PID 2532 wrote to memory of 1564	2532	chrome.exe	112
PID 2532 wrote to memory of 1564	2532	chrome.exe	112
PID 2532 wrote to memory of 1564	2532	chrome.exe	112
PID 2532 wrote to memory of 1564	2532	chrome.exe	112
PID 2532 wrote to memory of 1564	2532	chrome.exe	112
PID 2532 wrote to memory of 1564	2532	chrome.exe	112
PID 2532 wrote to memory of 1564	2532	chrome.exe	112
PID 2532 wrote to memory of 1564	2532	chrome.exe	112
PID 2532 wrote to memory of 1564	2532	chrome.exe	112
PID 2532 wrote to memory of 1564	2532	chrome.exe	112
PID 2532 wrote to memory of 1564	2532	chrome.exe	112
PID 2532 wrote to memory of 1564	2532	chrome.exe	112
PID 2532 wrote to memory of 1564	2532	chrome.exe	112
PID 2532 wrote to memory of 1564	2532	chrome.exe	112
PID 2532 wrote to memory of 1564	2532	chrome.exe	112
PID 2532 wrote to memory of 1564	2532	chrome.exe	112
PID 2532 wrote to memory of 1564	2532	chrome.exe	112
PID 2532 wrote to memory of 1564	2532	chrome.exe	112
PID 2532 wrote to memory of 1564	2532	chrome.exe	112
PID 2532 wrote to memory of 1564	2532	chrome.exe	112
PID 2532 wrote to memory of 1564	2532	chrome.exe	112
PID 2532 wrote to memory of 1564	2532	chrome.exe	112
PID 2532 wrote to memory of 1564	2532	chrome.exe	112
PID 2532 wrote to memory of 1564	2532	chrome.exe	112
PID 2532 wrote to memory of 1564	2532	chrome.exe	112
PID 2532 wrote to memory of 1564	2532	chrome.exe	112
PID 2532 wrote to memory of 1564	2532	chrome.exe	112
PID 2532 wrote to memory of 1564	2532	chrome.exe	112
PID 2532 wrote to memory of 1672	2532	chrome.exe	113
PID 2532 wrote to memory of 1672	2532	chrome.exe	113
PID 2532 wrote to memory of 4840	2532	chrome.exe	114
PID 2532 wrote to memory of 4840	2532	chrome.exe	114
PID 2532 wrote to memory of 4840	2532	chrome.exe	114
PID 2532 wrote to memory of 4840	2532	chrome.exe	114
PID 2532 wrote to memory of 4840	2532	chrome.exe	114
PID 2532 wrote to memory of 4840	2532	chrome.exe	114
PID 2532 wrote to memory of 4840	2532	chrome.exe	114
PID 2532 wrote to memory of 4840	2532	chrome.exe	114
PID 2532 wrote to memory of 4840	2532	chrome.exe	114
PID 2532 wrote to memory of 4840	2532	chrome.exe	114
PID 2532 wrote to memory of 4840	2532	chrome.exe	114
PID 2532 wrote to memory of 4840	2532	chrome.exe	114
PID 2532 wrote to memory of 4840	2532	chrome.exe	114
PID 2532 wrote to memory of 4840	2532	chrome.exe	114
PID 2532 wrote to memory of 4840	2532	chrome.exe	114
PID 2532 wrote to memory of 4840	2532	chrome.exe	114
PID 2532 wrote to memory of 4840	2532	chrome.exe	114
PID 2532 wrote to memory of 4840	2532	chrome.exe	114
PID 2532 wrote to memory of 4840	2532	chrome.exe	114
PID 2532 wrote to memory of 4840	2532	chrome.exe	114
PID 2532 wrote to memory of 4840	2532	chrome.exe	114
PID 2532 wrote to memory of 4840	2532	chrome.exe	114

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://nwhosailedbef.com/findPlus.exe
1⤵
PID:652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3648 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:1
1⤵
PID:4656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4812 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:1
1⤵
PID:1656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3588 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
1⤵
PID:2732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5744 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:1
1⤵
PID:3928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5756 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
1⤵
PID:1236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6100 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
1⤵
PID:4996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc5f149758,0x7ffc5f149768,0x7ffc5f149778
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1864,i,15386707501707222586,341496961718984342,131072 /prefetch:2
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1864,i,15386707501707222586,341496961718984342,131072 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1864,i,15386707501707222586,341496961718984342,131072 /prefetch:8
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3148 --field-trial-handle=1864,i,15386707501707222586,341496961718984342,131072 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3168 --field-trial-handle=1864,i,15386707501707222586,341496961718984342,131072 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4668 --field-trial-handle=1864,i,15386707501707222586,341496961718984342,131072 /prefetch:1
  2⤵
  PID:32
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4808 --field-trial-handle=1864,i,15386707501707222586,341496961718984342,131072 /prefetch:8
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4940 --field-trial-handle=1864,i,15386707501707222586,341496961718984342,131072 /prefetch:8
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1864,i,15386707501707222586,341496961718984342,131072 /prefetch:8
  2⤵
  PID:5304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 --field-trial-handle=1864,i,15386707501707222586,341496961718984342,131072 /prefetch:8
  2⤵
  PID:5388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5328 --field-trial-handle=1864,i,15386707501707222586,341496961718984342,131072 /prefetch:1
  2⤵
  PID:5568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1864,i,15386707501707222586,341496961718984342,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5168

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4952

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5800
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5820.0.1506956088\1281985036" -parentBuildID 20221007134813 -prefsHandle 1872 -prefMapHandle 1864 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a923b49c-b04d-48cb-af3e-ad0c872fc01e} 5820 "\\.\pipe\gecko-crash-server-pipe.5820" 1964 1fc197d5458 gpu
    3⤵
    PID:6008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5820.1.667758564\302772511" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {839e2e86-22a6-4753-b067-1aeed6ca2da2} 5820 "\\.\pipe\gecko-crash-server-pipe.5820" 2364 1fc19132058 socket
    3⤵
    PID:6088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5820.2.1457154353\1805801727" -childID 1 -isForBrowser -prefsHandle 3120 -prefMapHandle 3116 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {049f8496-f428-4e67-8fed-4652a8b8385c} 5820 "\\.\pipe\gecko-crash-server-pipe.5820" 2920 1fc1d797c58 tab
    3⤵
    PID:5352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5820.3.1369247165\1333333850" -childID 2 -isForBrowser -prefsHandle 3552 -prefMapHandle 3548 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {694c1a31-31ae-4ff9-b478-fcf76c9f62f7} 5820 "\\.\pipe\gecko-crash-server-pipe.5820" 2504 1fc0cd71c58 tab
    3⤵
    PID:4668
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5820.4.1979788675\1501717828" -childID 3 -isForBrowser -prefsHandle 3748 -prefMapHandle 3744 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {466eebdd-8340-4831-a7a0-91f4abf0b921} 5820 "\\.\pipe\gecko-crash-server-pipe.5820" 3756 1fc1bfbfa58 tab
    3⤵
    PID:2732
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5820.5.1026849803\605053495" -childID 4 -isForBrowser -prefsHandle 4972 -prefMapHandle 4968 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d772494d-4247-423d-84ec-d7300a19bfbe} 5820 "\\.\pipe\gecko-crash-server-pipe.5820" 4920 1fc1f45de58 tab
    3⤵
    PID:5208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5820.6.748410227\618128142" -childID 5 -isForBrowser -prefsHandle 5108 -prefMapHandle 5112 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3bbded30-c8ef-464c-a24e-d2627e245aeb} 5820 "\\.\pipe\gecko-crash-server-pipe.5820" 5096 1fc1f8fee58 tab
    3⤵
    PID:464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5820.7.1572754136\1744662995" -childID 6 -isForBrowser -prefsHandle 5344 -prefMapHandle 5348 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9aecc931-2bf6-47c1-ba9a-87471897c01a} 5820 "\\.\pipe\gecko-crash-server-pipe.5820" 5148 1fc1f933d58 tab
    3⤵
    PID:5040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5820.8.1171936608\1849319301" -childID 7 -isForBrowser -prefsHandle 5404 -prefMapHandle 5400 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d32edcc-afec-4665-a524-0823fc912747} 5820 "\\.\pipe\gecko-crash-server-pipe.5820" 1400 1fc0cd66e58 tab
    3⤵
    PID:5300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=6120 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
1⤵
PID:5776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
49f2b5ab62674cd0427c8b7a5188bd0c

SHA1
9d07b3f5025a08452b66605decfb032a7c1634f5

SHA256
4d7c308d7aeefa66c06f704dde1c6d8e08c695c1265d2597a167541d66d805c2

SHA512
14876fef1854ec6e42219b863b625adb60177a63375b0a8704b6716568cfae0ddd30ce859eae5671b7da2bf9e4defc12d6448bd1de8e423d43ad3e6a484a3469

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
6a23fa4e335f8ae69c4d2c4a06b644b5

SHA1
713cd8014b15d33b1b76149f78a7125b73659a6e

SHA256
7a49d7432f4b69d1f79a6ad9e6e60f8a8f4914192cebf1485313903556d628bd

SHA512
c2b79abf832681562930ab6d9a2479d1d33182819526454151b92401cb8d6aa8f39e57aedd22073a8e1ca989252649da54b31edcc65ced3ee7c237c1f23471ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
bc73d9550abf7a94ede401edcb4e5c40

SHA1
fd595f9dd044334eeacf09bd992d47fc6ea1fbea

SHA256
d4a326aa4a657f9f673472c8d10e576ba7a47c2b7451f7a99215d151cef7949e

SHA512
dea021c6ae5996fbd25c8c7cb1e14759d2ae1cbdda0e2a0fc7179d652b2fe044f639a85113fe0e7ba575a6a6218bae6eceedfb2df06dd215b553fa0ee08c73d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
09c8d04b66c9e2717e25603f5df9f60e

SHA1
88c26dcd2dc69a6701224c721169b5be63d6982c

SHA256
e25a7eed884ca2f27fcb435bface4dc54d4a90082e8cbc7efe6299e68b7d27ac

SHA512
bda962c268863eb03101483ab22f03d37c9fd1946a6cdec0e967409e1065ca28a56e9419fc3e76ddfbc9081d5a520f925b7a7a47f1fc7be572adb223fe58b795

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
5e9d2fd239ce8bd6128cfafdfac445ab

SHA1
7d42ae024b7ec6ecef4e2702ae5aa9616cc673e4

SHA256
4fefe9c5acda22718bba1d3312a3a282a3ae499fea67767c40df8219d42d6653

SHA512
7e896e55747786acf2904d8be4274e3356f4fca7dca7564dcc10550bba32b6017feca1331b5fdcd8dea84789abe3b9ccbfd9d7de4491ce416ce44ce0cbe5c5ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b2c1fe6742f361169fc0beec7504b89a

SHA1
5376fe793832949e84588403c1938d202f617515

SHA256
581eec7fa821ae200cf27f3d4729272b9a6458683f43dc19a0c38e20d6137ca6

SHA512
a27caae2953c164dace1cdc5535766380c2a92e215aff2a5355a7bdd4d07782491b5468620ef754085e07f5d1e573be0fe52761b815e43b74fa858608719a77b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
18c300618f3ef01c71c90953de7826cd

SHA1
6b8a195777208828fa36b5ef076290c7ac907aa5

SHA256
cc26b0b3e92bf9694c4c10ac76a33da277e53312bc2cc9a2e38d9ed415b7fd97

SHA512
ffc5a0cd5dc34c624cc8211227ee0f714e593f2805419ac8d785343f96c2535e58b922f0d0781c578cedd0fb73bdbdeffdd363655458d637a6bc132face95390

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ac6185dc9be1a84d1ebe56a4852ab419

SHA1
cc9b2c424bf9bd54e5ddc2e1efd9b37c9eb5d383

SHA256
121a3384b8c7810bc86ec38c040135d1fe7ebf46573c4cb373903f4843af8b2c

SHA512
3a74ccdb4b970f4b383d0405c35c88408699bf23ef1690cd3b914b56a8c9252f2d757a7eba0f37ddb59ec97efb8e42106046e8d624efcd8492c3cae85e7e8b3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
263KB

MD5
72afd241f9892ef293d909a6aa758451

SHA1
a297a92a062a686731eeb33840eb5bd7e2c1966b

SHA256
1ec20287da87bd1332849da180d72f3cb0bb2907f9de29357d5105f51574c457

SHA512
0e6ee4766cd8c6b090bfa24f763aeea773d5209ec562e63573a622a0249f3000c399c4e839dc17f476fd203fd62b4aeda89c8bbee4a60a236f4823fa9d25b0df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C

Filesize
13KB

MD5
2e9c830e9b672a00fb8374ff58baf54d

SHA1
1cf2591e89c9510d2e3602178f0f7a9699e2ebfc

SHA256
7b16fc157c740d625898d22fae905f0af24a134a172ac55637739ea5b62b6583

SHA512
1dd339ab1e32c52746e168b123cd322020e0a51b57875b42c77b3b839b797625c996f2df57e7cf6a0acdb24ab0a548df9dd535f9d6cfaf6fe2e20606603add20

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
5187320d4875d50c453ec7db0afc55f4

SHA1
b0b6d8f9eebbf0b3f68732e46d4a626df88c80de

SHA256
c78107d41f26d0d4e1c7e6bcd3b4d4ef83acb47e92b65fb874ca4caa0fe5a368

SHA512
0c27fe34e32e2906edc88534545531a154ef78e40348b5b18bc9d4cb622f3ae50dc255eb91b36998df2ce5c570a8b91cdbc0a4befd785356bb62df53ba489b30

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
7a30bac25f48e8b48b91dc7a7cb0351b

SHA1
ee50c1a9454065b5322591c2f1c42b4d7024a236

SHA256
108c2c79f94506b8834035fac28fa5fbb9a80e89400cf1c60b625edc7ba49ae5

SHA512
c410c978380d0bc84913ae4de34584110bfb8d2ee46aa1af194879895782b2186258b735fd81d7486da40e3993ff47a0c86a1bf7a25e44e82df55c9de4fa1c79

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\a355319b-ee5a-40f2-babd-a0f24ad57688

Filesize
746B

MD5
2c72a3edff3452bfa7c38846b6d4335b

SHA1
184ceab00b20626890b7356763da6bfbc30b52d5

SHA256
b6a197993d4adb9063d1fc163d18d9fd94bf6af96572c2efa95d28624aa4ab62

SHA512
cda6e7d95526b75ac59a1e2799e7b0f21dbb6f35d9b4c575d374dd0e78f0b99b0697ae37787cf800c008cf5a06750ecac43da1aed4324a84159e8f630f1fa80d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\c13ca7a5-69ca-44da-9289-d3c6a3520be8

Filesize
10KB

MD5
e6d0b60f33b30e7e04af0a00ea61ce0c

SHA1
1f15c2323206eef2fb64b9c2659cc687128c72f2

SHA256
9bc203b25e06e61d166d4892cf15f3d5f35b9fc01d95ea3fb26dac99408c77b8

SHA512
d3ab9fa0f5412aea154ae09cd34d7a44aeb621407e2e726e99fbf5793cb214bc02f497c1df5f9d97e0eef746d4b2ee0d494891d1b247a3a4fe8711c756946566

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
fab28bd450ef9f971cbdc2fc7b2a9227

SHA1
481dc349dc83684f63d4ba39f66c2eb3d79f7e80

SHA256
06d6ff76588d6136f3cfff6bec90a33e83ec4e3f51f9616d56cf0c71aee29237

SHA512
2ec4841ee09da05e884ad30ec6698537319d6f23d0b6ef82c8c1f59e0ac3b0c8711583dfc55087ce696a7c5198e6804e89d13259125e2b9e573195e8bcc2b4a2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
7KB

MD5
b41bbe270357053e90f438e3e7083cab

SHA1
d66217102b27802bd6bb640956ed840fced6f82e

SHA256
2f104ec72dd38c9a7cfbdd9c1e2bdce2598f9831d362c3d3ce619aad0709e974

SHA512
2cf77da6bed0c5554686dd6b0c0c01a9e610bee148f4824f17ceb61859dc5d91b4d0c203dfe2524942f26b1602fc5322949f2def34eb68e0162179b155e4d982

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

Filesize
6KB

MD5
39a0fcb0560caf8bd5acabf4936d3c67

SHA1
dccdc18fac721cebf250e45253fa9a705e8dcf74

SHA256
fa0f9c22284e86d0502fe34143492d70dcf5e3b83e80ece658c9ee5005b722e0

SHA512
8d4acf4897913cd799533a8304fe9389f722f6390ade5da654b30229f494f3cbf9a4d0cc12c4058ed07f07065ebff45960b2dfe9d2b9074254b1a7572f32d6df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

Filesize
6KB

MD5
0ead7ed2de6bf09a8e83082cff1e01c5

SHA1
652c8df3637f187ecacd70c0e2857e2b0d64e864

SHA256
c072aefa822cea9ea5e654aad6e648d29b1dadd86fcf4bd3d75819829ddb898b

SHA512
cd2f7b0b770c38552b7830fafff65aa843f15ab1c9a0a32027d42a71392a1bccab28b07086802f2b2228a8ef2999462c93c2a650fa3f8bd576dc15ce285c5be0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

Filesize
6KB

MD5
8c4e55f58e50106ce101d43242d2ffde

SHA1
5728c95add8261a9096ecb88a081cd6cf8cc5c65

SHA256
552e40f89014b2f05019702af80f822564a83732526ba1f26553d22caa42450a

SHA512
e5f9be124e1551c06c42b6c29584f135fe71b85f4105036de5816e26df8898c0305cb0fe8ff6ac62c088a1cf55848b8792817bb5a69101c0d254ed3db28a44d4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
a60ed36914d31f2c1c0d0e321e05c3ab

SHA1
05beed624f268ba782d66b73ff9f5a0066e73f75

SHA256
3640803cd3ec6e24c910ef5506c0565880f5b466bbbc6e5022812f866fbb1a3a

SHA512
2a380f19b336ca223f0a3a360a333f969d94d7d8aaab0827642c880d73fadd331146f42837179812fee4a8545fc7f216a7ab6e93cc5bf731df7081d8333c122c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
64c71d7ebe27250c9d28f13d5fcbf283

SHA1
b2d5933bf75abe51a58510fe47562beaac86e910

SHA256
627859fa2bdf26d237749c6d5cbd8341ad849c32c9d95839eafcf71eddc1897c

SHA512
cc8f1ed284a00bcbad9ef5a20cca7e7b3b612aa11d2420115553186919fb7eb7b6a97962c091959be410e5271c6f51f8596d0cbbc12fb5dd0540067b8bc86ad3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
4ba24eefb747e2a1f59a796507fea97c

SHA1
d026b88d63592abd6296299bba009fdcc4920619

SHA256
9243d871c3f7e887ad30db8b743e74b8767d7aa6297885421f9846dee0244b42

SHA512
df485bff38e6a109502f108a69d84b6e9f49dfab0e7b556f5e48741988569a679cee776125a556fba31f3144ed314133857e9842142074a03e905eb9ecc6fc8f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
b01efd0877d8bb4a5d754d6d5a5922cf

SHA1
6dfaecd4219afbb206185171c64c777e9c73ae21

SHA256
ef1ebedd446ce18b79317f09953ff8a6069f92749188b45945567c315388aa90

SHA512
6f5fce89b6dc7e6979fdb01493c0811bcd55cb945d7665cd9a23e93419a5aa28207b3f614461103f04b0406741e8020c35252fda5529e41e3e918e42fd89c086

Download Submit