Analysis

  • max time kernel
    95s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/06/2024, 15:14

General

  • Target

    https://pornstarface.com/

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 30 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pornstarface.com/
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1788
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xe0,0xd8,0x104,0xdc,0x108,0x7ffc06ac46f8,0x7ffc06ac4708,0x7ffc06ac4718
      2⤵
        PID:3540
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,5596876755144113675,1736409313106783378,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
        2⤵
          PID:3340
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,5596876755144113675,1736409313106783378,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4384
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,5596876755144113675,1736409313106783378,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
          2⤵
            PID:1680
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5596876755144113675,1736409313106783378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
            2⤵
              PID:4372
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5596876755144113675,1736409313106783378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
              2⤵
                PID:1544
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,5596876755144113675,1736409313106783378,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 /prefetch:8
                2⤵
                  PID:1624
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,5596876755144113675,1736409313106783378,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:684
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5596876755144113675,1736409313106783378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
                  2⤵
                    PID:4772
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5596876755144113675,1736409313106783378,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
                    2⤵
                      PID:116
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5596876755144113675,1736409313106783378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
                      2⤵
                        PID:3260
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5596876755144113675,1736409313106783378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
                        2⤵
                          PID:4500
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5596876755144113675,1736409313106783378,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
                          2⤵
                            PID:1560
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5596876755144113675,1736409313106783378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1
                            2⤵
                              PID:1624
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:2508
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:3136
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe"
                                1⤵
                                  PID:5096
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe"
                                    2⤵
                                    • Checks processor information in registry
                                    • Modifies registry class
                                    • Suspicious use of AdjustPrivilegeToken
                                    • Suspicious use of FindShellTrayWindow
                                    • Suspicious use of SendNotifyMessage
                                    • Suspicious use of SetWindowsHookEx
                                    PID:4408
                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4408.0.310701182\1239445174" -parentBuildID 20230214051806 -prefsHandle 1772 -prefMapHandle 1764 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6e9d740-19b8-4356-9c85-1564f3ce7dfd} 4408 "\\.\pipe\gecko-crash-server-pipe.4408" 1852 154f4e23158 gpu
                                      3⤵
                                        PID:1428
                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4408.1.1307064212\471024716" -parentBuildID 20230214051806 -prefsHandle 2408 -prefMapHandle 2396 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bfdb6f21-5629-417c-a7ce-a9ed3aeac4e9} 4408 "\\.\pipe\gecko-crash-server-pipe.4408" 2420 154e8088d58 socket
                                        3⤵
                                          PID:4476
                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4408.2.640076685\375181703" -childID 1 -isForBrowser -prefsHandle 3040 -prefMapHandle 3036 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {686d214c-3c12-4fcc-a855-96baa378993b} 4408 "\\.\pipe\gecko-crash-server-pipe.4408" 3052 154f7c03558 tab
                                          3⤵
                                            PID:4188
                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4408.3.1485463655\2003838764" -childID 2 -isForBrowser -prefsHandle 3640 -prefMapHandle 3636 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c618ae1a-1d30-4bd7-bf46-eebdb6784500} 4408 "\\.\pipe\gecko-crash-server-pipe.4408" 3648 154f9e55a58 tab
                                            3⤵
                                              PID:4036
                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4408.4.1727066654\23622073" -childID 3 -isForBrowser -prefsHandle 4964 -prefMapHandle 4968 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cf3f361-c9e0-491e-9ea2-9d1fa8198b29} 4408 "\\.\pipe\gecko-crash-server-pipe.4408" 4952 154fbd58958 tab
                                              3⤵
                                                PID:3904
                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4408.5.207285605\723756708" -childID 4 -isForBrowser -prefsHandle 5104 -prefMapHandle 5108 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2941d27-5770-46ec-979b-0cef178156b1} 4408 "\\.\pipe\gecko-crash-server-pipe.4408" 5092 154fbd59258 tab
                                                3⤵
                                                  PID:448
                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4408.6.222975180\825878907" -childID 5 -isForBrowser -prefsHandle 5292 -prefMapHandle 5296 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1545072f-ac7d-454f-9e5d-774c0907984b} 4408 "\\.\pipe\gecko-crash-server-pipe.4408" 5280 154fbd59858 tab
                                                  3⤵
                                                    PID:4396
                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4408.7.1134171709\158602277" -childID 6 -isForBrowser -prefsHandle 5748 -prefMapHandle 5152 -prefsLen 27827 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec5ea88d-2dc1-46b3-b93f-a1fe763e57d4} 4408 "\\.\pipe\gecko-crash-server-pipe.4408" 5732 154fcdb0558 tab
                                                    3⤵
                                                      PID:3456

                                                Network

                                                MITRE ATT&CK Enterprise v15

                                                Replay Monitor

                                                Loading Replay Monitor...

                                                Downloads

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                  Filesize

                                                  152B

                                                  MD5

                                                  4b4f91fa1b362ba5341ecb2836438dea

                                                  SHA1

                                                  9561f5aabed742404d455da735259a2c6781fa07

                                                  SHA256

                                                  d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

                                                  SHA512

                                                  fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                  Filesize

                                                  152B

                                                  MD5

                                                  eaa3db555ab5bc0cb364826204aad3f0

                                                  SHA1

                                                  a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

                                                  SHA256

                                                  ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

                                                  SHA512

                                                  e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\63114b7f-6890-4b27-b08e-ff7ab00ea812.tmp

                                                  Filesize

                                                  6KB

                                                  MD5

                                                  02861652652ca51c234bdd894e3727be

                                                  SHA1

                                                  5f2a3c572e65766750a5ddeae10d9d8120e7d71e

                                                  SHA256

                                                  b969dbdff49cc6fccca5dde52b58a26130af78fb2e0709dba8097df1edf6116a

                                                  SHA512

                                                  3b87d6def40b85e71f86737b0da350f2d139410992a7b462570c721335ed27d3fe1a6e0de418f71e5ef23a0112975f27389ab1539322b2788c35f3bbc08909ba

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                  Filesize

                                                  5KB

                                                  MD5

                                                  d168733e01df5086aab98fbd40c93b17

                                                  SHA1

                                                  08cb3dd9785db8fee3204e00eb9da4b5632bfc85

                                                  SHA256

                                                  dce2cf79c8ebfac1ed5cbf94c1dcc1e46d65ffccab0b52c4ce6b7095b4222d13

                                                  SHA512

                                                  d749d862f7836d7735fc42bce721f824d2c5df79b382b63138b81fac98099e4791085515b342ea339e2b86820fa66e68ed135a4e01bc2e5e4f507b9cd62b0833

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                  Filesize

                                                  6KB

                                                  MD5

                                                  d4bd620acdd7c08c354d35f7ee5888c7

                                                  SHA1

                                                  dd0303d14a84c2c930b8b5aedc738b97c9a293d8

                                                  SHA256

                                                  57ce68c07814a8ee70c522755b24973151f0f365388289b68457e6bf04d71ab5

                                                  SHA512

                                                  821d59336edfa8c2e2bda1f0e6f303c24dee2191eedb3d1d06f7894375d681d9e12891a003a40aa4e54b8d2f8358873751cf37a0ed830f1172b72a8ecc9ff767

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                  Filesize

                                                  16B

                                                  MD5

                                                  6752a1d65b201c13b62ea44016eb221f

                                                  SHA1

                                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                  SHA256

                                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                  SHA512

                                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                  Filesize

                                                  8KB

                                                  MD5

                                                  79e33db69f4858eee65c229a7e60cccd

                                                  SHA1

                                                  6d624a9970438fd97b901be34d7628dbe4ecd6a3

                                                  SHA256

                                                  765afd9584b1bcbebb7d7b8f6c9c2ca5c78979282584bc21f8901d1629e382e6

                                                  SHA512

                                                  4d8e74db6bcf9a6ab1968359a2c29ac927167b3012198fe3599dddbe3509698ec7ac6b66f8e0c6312b6a4a7ca1640810d6e8a5b43c18fd420c1229335490db08

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                  Filesize

                                                  8KB

                                                  MD5

                                                  0b7a8f2fc1b43e9613d0f90f4f8142a1

                                                  SHA1

                                                  8f4910cbd8304c0907e4747f23278a082e579aa9

                                                  SHA256

                                                  391e00ee5eea31451b86088a93588921985c3b26b1ad0ee902a045d86f9a7818

                                                  SHA512

                                                  dcbe8393aa4f64587bdac15b94665092aaa1665f187fcd505987e1deb0f13f487d4f91b68ff9bc372550817de9d8446b7dbcbbd17f4976ab1ab57aface94121e

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

                                                  Filesize

                                                  264KB

                                                  MD5

                                                  ae45ec3da6fcfa2bba4b75440e8930c1

                                                  SHA1

                                                  b926db3f2f4af8c0be7502ab540112adbb4d76b4

                                                  SHA256

                                                  cf8d319cde177f986f525fb75c357b1c112e11bcf7cc4963e447633de2a6ee77

                                                  SHA512

                                                  e00424f8f631b4d5f2ae907b362f2a80db8a35c373ec473fc96425d1091e29bb48d64b27ffca15560c221dce4b6d6d6be388b1af17486fe5ceaa788c8f01eb46

                                                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\activity-stream.discovery_stream.json.tmp

                                                  Filesize

                                                  26KB

                                                  MD5

                                                  5d7d27a7182fa812d848ab4a2975aa47

                                                  SHA1

                                                  3c2905ee212de7ab959ec479c64dbaa197c0c39e

                                                  SHA256

                                                  8c2cd6c04d8735b05e76ea357c5b60dc8c303099985269b35077f61e2f30fc4a

                                                  SHA512

                                                  d5d5a3ef87afabf3f71299b374a92aeb519a8f541cdc74deb88aa48ef6deabb143599002ceb21fb81c2df5a4f06926a0dd725cf63150f701b2054e225a023286

                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\prefs-1.js

                                                  Filesize

                                                  8KB

                                                  MD5

                                                  99ec9887fd7ab01d145faefbccfec310

                                                  SHA1

                                                  754c3ddb67a7f20e4e5cf44014d9d5c72c75f814

                                                  SHA256

                                                  a131e917dafb9a2d734fe43e89853933da11ddc38494c035d6c06d2f5e16a5b1

                                                  SHA512

                                                  abc606342e0bb5f42299395f1e35dd05da431e65e2840a408a617c72fd06b59539fcf1f66ac20a3b6d5df9569978f56ee4e94ddd0bf22e3f06d121f147dbdc3b

                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\prefs-1.js

                                                  Filesize

                                                  7KB

                                                  MD5

                                                  45ce18c77a390b24c3115b8e60a09071

                                                  SHA1

                                                  a818687601189cc343cddb344bc92d5724664e6a

                                                  SHA256

                                                  1d2ffd60806fd2b01b7ef214bdfe607f8e640978f0bf34e9e8b281cf6dd683d9

                                                  SHA512

                                                  e79b2f06bed56d787f4c1b9e355a8264eabc40f3afdd617d45aed0b776262961501a8bc7386591d5f673fff3e661304d470becf6f36075da8e0ee4d10b7f0259

                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\prefs-1.js

                                                  Filesize

                                                  7KB

                                                  MD5

                                                  53a175aee41a437d583ff18b42fdc443

                                                  SHA1

                                                  066f42f0fe66db9d59663763dded763822ca6fcb

                                                  SHA256

                                                  7003c4c2195da14f78d8cb96c062e7abf1f106ba9b6803a69bcb1b167dc04ec6

                                                  SHA512

                                                  296fb495ac054b66ef1208fa71cac07d658c792c12aab94d8f149ae6e0aee57afab1c6319e10416279dd2e7bd1ac59e3db4c6ee100b4eff7b131d7c05c3311b1

                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\prefs-1.js

                                                  Filesize

                                                  7KB

                                                  MD5

                                                  7322217b43adc312aba5582806e187b6

                                                  SHA1

                                                  93c307f4d989a2663c88577a2a99bd7614e1c837

                                                  SHA256

                                                  ce3897198f52b1b303292942312f794a6a5b07aa4fe576b2ec3a7701a9a1e07d

                                                  SHA512

                                                  3a1529f15f9cc3f4313927b4d867c18201630f6155752e9fecadbf7718e9d6aa228858fba8066c0c16f8dd169c16d2c4d3a388de4d2efb8372489e52285860cd

                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\prefs.js

                                                  Filesize

                                                  6KB

                                                  MD5

                                                  1a8295b7ee1e0ce60488dfc8769d028c

                                                  SHA1

                                                  9240536ae266e143b1895d3e39cdf1b9abd964f0

                                                  SHA256

                                                  6ce6cf5ce5e1a40d77d5e8c422422e284a3ca1d46e075846d7f6dfa67af7cb4e

                                                  SHA512

                                                  a077f62c1e37fd6df4faa3eae7ecc318b6b3835af693435cd5859ce57531e01965ca885049a238982518a64f65a80d082ff07a7c4a108eeeda2bd8ec9645d3e7

                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\sessionstore-backups\recovery.jsonlz4

                                                  Filesize

                                                  1KB

                                                  MD5

                                                  09bdd3a29f76b375b45fe12525944d00

                                                  SHA1

                                                  c11ec2171b01421b563a4ac41dd70175825c50c9

                                                  SHA256

                                                  cd7cba58fb09db4105b2c655b3e167b9f3b911876a8cd9bb737b74614ccfae8b

                                                  SHA512

                                                  bad746e6fd902868c9d21b14655dde0fe901144b2bba1aebf6f7aff2770f0759d3e6af1988f97343c1ae97749b6f7180c25a215beba369e7dbd495f1d693b054

                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\sessionstore-backups\recovery.jsonlz4

                                                  Filesize

                                                  1KB

                                                  MD5

                                                  ef0fd5d012d0a1ba39585925ad5c0f62

                                                  SHA1

                                                  92c84d90816108777d3841c412a25e0dd3ac17e7

                                                  SHA256

                                                  8e97977b5b25747282040ba53fe150b3144fe58efcedc7e5a9a61bde820b2c15

                                                  SHA512

                                                  1d34a56925250079e4973f951323035c5259090b9b23ffa0af9134aaabb64df76dd2d0352b1811cf058d584ea5e3bac2ecb0b068ec456c0875c182dbad4be796

                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\sessionstore-backups\recovery.jsonlz4

                                                  Filesize

                                                  1KB

                                                  MD5

                                                  368ac732b36bd94a977ba8e897539447

                                                  SHA1

                                                  5863e1df6dd358c696f3747fc773b0d8eb88aafe

                                                  SHA256

                                                  f144dcbd5ed0f8624ce873d43484dc89e7ab96d31d5859676182ba92c546b654

                                                  SHA512

                                                  fa08db399057d06bdbb5edd16285341f3ba7cc03cef707fab91d928a84c21a22eeb685927bd4ed79ecf19341671d59f3ae962585fe5f471eb5563ba2020109cd