6132a1db15215012276962d1ff4686a374ea79601f43669a2a371b405cc79741

Analysis

max time kernel
147s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
24/08/2024, 18:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6132a1db15215012276962d1ff4686a374ea79601f43669a2a371b405cc79741.exe
Size

896KB
MD5

139774364e144d5dd749464d5ca7b793
SHA1

a1625e8b41d10c2613f4915fbdec79c882715a2b
SHA256

6132a1db15215012276962d1ff4686a374ea79601f43669a2a371b405cc79741
SHA512

043b31a7513e625c26237049548dfcfe95eae6fe499edd4c1dcc46e2142392da794c1a1a553f6c9b4d72720247df50852a280c3daf8e9c1e7e91b82655fb2dd4
SSDEEP

12288:9qDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgarTT:9qDEvCTbMWu7rQYlBQcBiT6rprG8avT

Score

9^/10

credential_access discovery stealer

Malware Config

Signatures

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6132a1db15215012276962d1ff4686a374ea79601f43669a2a371b405cc79741.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4876	6132a1db15215012276962d1ff4686a374ea79601f43669a2a371b405cc79741.exe
4876	6132a1db15215012276962d1ff4686a374ea79601f43669a2a371b405cc79741.exe
2656	msedge.exe
2656	msedge.exe
2860	msedge.exe
2860	msedge.exe
6080	identity_helper.exe
6080	identity_helper.exe
5108	msedge.exe
5108	msedge.exe
5432	msedge.exe
5432	msedge.exe
5432	msedge.exe
5432	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4784	firefox.exe
Token: SeDebugPrivilege	4784	firefox.exe
Token: SeDebugPrivilege	4784	firefox.exe
Token: SeDebugPrivilege	4784	firefox.exe
Token: SeDebugPrivilege	4784	firefox.exe

Suspicious use of FindShellTrayWindow 49 IoCs

pid	Process
4876	6132a1db15215012276962d1ff4686a374ea79601f43669a2a371b405cc79741.exe
4876	6132a1db15215012276962d1ff4686a374ea79601f43669a2a371b405cc79741.exe
4876	6132a1db15215012276962d1ff4686a374ea79601f43669a2a371b405cc79741.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe

Suspicious use of SendNotifyMessage 15 IoCs

pid	Process
4876	6132a1db15215012276962d1ff4686a374ea79601f43669a2a371b405cc79741.exe
4876	6132a1db15215012276962d1ff4686a374ea79601f43669a2a371b405cc79741.exe
4876	6132a1db15215012276962d1ff4686a374ea79601f43669a2a371b405cc79741.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4876 wrote to memory of 2860	4876	6132a1db15215012276962d1ff4686a374ea79601f43669a2a371b405cc79741.exe	78
PID 4876 wrote to memory of 2860	4876	6132a1db15215012276962d1ff4686a374ea79601f43669a2a371b405cc79741.exe	78
PID 4876 wrote to memory of 3288	4876	6132a1db15215012276962d1ff4686a374ea79601f43669a2a371b405cc79741.exe	81
PID 4876 wrote to memory of 3288	4876	6132a1db15215012276962d1ff4686a374ea79601f43669a2a371b405cc79741.exe	81
PID 2860 wrote to memory of 2032	2860	msedge.exe	82
PID 2860 wrote to memory of 2032	2860	msedge.exe	82
PID 3288 wrote to memory of 4784	3288	firefox.exe	83
PID 3288 wrote to memory of 4784	3288	firefox.exe	83
PID 3288 wrote to memory of 4784	3288	firefox.exe	83
PID 3288 wrote to memory of 4784	3288	firefox.exe	83
PID 3288 wrote to memory of 4784	3288	firefox.exe	83
PID 3288 wrote to memory of 4784	3288	firefox.exe	83
PID 3288 wrote to memory of 4784	3288	firefox.exe	83
PID 3288 wrote to memory of 4784	3288	firefox.exe	83
PID 3288 wrote to memory of 4784	3288	firefox.exe	83
PID 3288 wrote to memory of 4784	3288	firefox.exe	83
PID 3288 wrote to memory of 4784	3288	firefox.exe	83
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 4784 wrote to memory of 4456	4784	firefox.exe	84
PID 2860 wrote to memory of 4280	2860	msedge.exe	85
PID 2860 wrote to memory of 4280	2860	msedge.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\6132a1db15215012276962d1ff4686a374ea79601f43669a2a371b405cc79741.exe
"C:\Users\Admin\AppData\Local\Temp\6132a1db15215012276962d1ff4686a374ea79601f43669a2a371b405cc79741.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2860
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd5b743cb8,0x7ffd5b743cc8,0x7ffd5b743cd8
    3⤵
    PID:2032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,14687372027454918510,5339007478991981663,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:2
    3⤵
    PID:4280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,14687372027454918510,5339007478991981663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,14687372027454918510,5339007478991981663,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
    3⤵
    PID:1032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,14687372027454918510,5339007478991981663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
    3⤵
    PID:4044
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,14687372027454918510,5339007478991981663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
    3⤵
    PID:1064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,14687372027454918510,5339007478991981663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
    3⤵
    PID:3668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,14687372027454918510,5339007478991981663,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
    3⤵
    PID:2796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,14687372027454918510,5339007478991981663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
    3⤵
    PID:2100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,14687372027454918510,5339007478991981663,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
    3⤵
    PID:2052
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,14687372027454918510,5339007478991981663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,14687372027454918510,5339007478991981663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,14687372027454918510,5339007478991981663,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3644 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5432
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3288
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4784
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1944 -parentBuildID 20240401114208 -prefsHandle 1860 -prefMapHandle 1852 -prefsLen 23600 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eef1b8f3-ad89-442c-88bf-7dda2d303c28} 4784 "\\.\pipe\gecko-crash-server-pipe.4784" gpu
      4⤵
      PID:4456
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2400 -parentBuildID 20240401114208 -prefsHandle 2368 -prefMapHandle 2324 -prefsLen 24520 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe25f106-ae2d-4ec2-8cc8-1962fafc2465} 4784 "\\.\pipe\gecko-crash-server-pipe.4784" socket
      4⤵
      PID:5064
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3312 -childID 1 -isForBrowser -prefsHandle 3304 -prefMapHandle 3120 -prefsLen 22590 -prefMapSize 244628 -jsInitHandle 940 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {164d8c36-c6ac-4518-9b33-4172ef005138} 4784 "\\.\pipe\gecko-crash-server-pipe.4784" tab
      4⤵
      PID:4964
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3060 -childID 2 -isForBrowser -prefsHandle 3232 -prefMapHandle 3112 -prefsLen 29010 -prefMapSize 244628 -jsInitHandle 940 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6318443c-f3fc-45ea-a272-dd721774784a} 4784 "\\.\pipe\gecko-crash-server-pipe.4784" tab
      4⤵
      PID:1992
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4312 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 2760 -prefMapHandle 4304 -prefsLen 29010 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dbf49265-e319-43d9-ad18-582904ce18cc} 4784 "\\.\pipe\gecko-crash-server-pipe.4784" utility
      4⤵
      Checks processor information in registry
      PID:4552
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5252 -childID 3 -isForBrowser -prefsHandle 5272 -prefMapHandle 5256 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 940 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2784943-579b-47c1-bc90-c7ddeabc63bf} 4784 "\\.\pipe\gecko-crash-server-pipe.4784" tab
      4⤵
      PID:5792
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5268 -childID 4 -isForBrowser -prefsHandle 5428 -prefMapHandle 5432 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 940 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {98263dc2-376b-43b6-9fa6-bf694acfc659} 4784 "\\.\pipe\gecko-crash-server-pipe.4784" tab
      4⤵
      PID:5804
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5672 -childID 5 -isForBrowser -prefsHandle 5680 -prefMapHandle 5624 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 940 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d39bb06f-357c-4de7-b3c0-c2ca3728ecda} 4784 "\\.\pipe\gecko-crash-server-pipe.4784" tab
      4⤵
      PID:5832
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6284 -childID 6 -isForBrowser -prefsHandle 6272 -prefMapHandle 6276 -prefsLen 27039 -prefMapSize 244628 -jsInitHandle 940 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {19516821-0cd7-45c8-a99a-543d63f43485} 4784 "\\.\pipe\gecko-crash-server-pipe.4784" tab
      4⤵
      PID:2960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e61a11153a13448837bc343c1fe39dd0

SHA1
7d2868000fbcd08fd673ebaeb4b5699dcae43956

SHA256
231eba7dce28088414e4a6b52d2cb4802756b2e09f6226a50226d42de710db33

SHA512
32cded5de2b81dde53bb3caf402ead0f4566b53b2f6d9ae492395e460cb1c5dc636f912f10db6dcbcb7f398e187df9873ddd9ba945e37c23bbef138f100c5fab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
641b075e84224debebae68904cd9a48d

SHA1
1464b1a57ea1bcb3f2c729e42c3c598a76d25496

SHA256
1f6ab1d39073f88247e1dc89e70590d603b2e29a19583e4ca9e01c3a8c6f009c

SHA512
17d0d29c0721e561281cff75cafa06e46bd0e95ebb44d408cd1526139d91fcd725705f3f58817b82fe0f0e3bb3775920a0e858b1ba44df745b3c700670c21e34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
3de47337b04a9cc7dbb36c35ed49bf0c

SHA1
3275f2842df327c83d864d781d7d0c0165c21a7d

SHA256
2f23105e49c8d2bf86cf7817471996037132c7f8f549422a5a5065dbbcf5db17

SHA512
4c61a536d6dbc9537edb5839d82833892f8dc2a980eb1a61d7f5d5fda9425c3fd7801a7fbc2e95787f84cab0c08488c4720003ab3ec28ed6d7cb3103dbdf8521

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b372db22f8e9da6336037b460f0c3e37

SHA1
39de7921292e4881a2f761c848d7a0294b0033d1

SHA256
f5881961778e2c138aa24f87a0405019a93899b17e7596743b74f1639a28fae7

SHA512
4ed3a1e5f481834fb421c993f77bc5da487fbde43c875758af97e10349b2c29dfd18ac916066a06b5f967cf75243ac873bdfa79d156243976b444fc17f48ec10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d0deef433fbf00abd4007ae90e086c10

SHA1
6fe0945e5f987ef401384164d1d9e035e98a04b6

SHA256
5e39ca8b6618ea3ab34d44d2e5f1f0a3e1522a097775294b78e15b0ece8f968a

SHA512
cb2c69cbbd5833e675d87eb09c93f2e572406f070b6cb121a1f35e861181ddab7656cb2f6fea47da8a222e1b4003ca57fa78d442ee193a26509ffa2ab4313605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6fc1296dfa5431d568d7bf0499c6a8a8

SHA1
a354278c89b2d95f635962952c74ae9564ef6602

SHA256
bc8e1f02942dde1769fd9a07975033cc1a23ff4b5015437e45a0c68786391d38

SHA512
2850452fb80f95490c04e0cae74282e382acec4d8d576fe4acfe15038f907bbb1c98b78f5b3de6b4a0c27c4f82c5b24176aeae95e40de33ecf6a5a5fc390d785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fe5b74e098e14b87e5206885baa0bf3e

SHA1
c535f582d37cbdb87c12ca69e3a34ff520cb13fd

SHA256
0922c154093443e52d084187d4c998b1b612c94a1a7dcca28bfeadde36082578

SHA512
484c41598777aefe1e76ebd68a9d1d17552ae54abaaa3ce669cdde8231b6f5e363800f500df994c42748791edb32f7c7dcd0273cba01c1a6b5a33f0382904252

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
c02f86f1d1ab1a8764080e1c74afd3de

SHA1
56d1f3b09fcf47b2340b206dc048bbe48b897d37

SHA256
a97ff003f2ef85fab106176090f83c6ee305d0d290c903786c12c3b16e80aa4a

SHA512
cf2179a93a3b3253a0f6e23a612790eeb82c1a5613998e97644653f6681b812eceff68adb88cc00cefd74d91d82a974346189e49b22fa7bf57450d877099014b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1659bc48210970cb6828c8ce3a6b781f

SHA1
9360f20498d99e504b9e04ba4867a69e3758aae0

SHA256
cc843764d4483b7cd067fb2e098a547605d5349f12a2ebd091542edeaf51ab55

SHA512
79a537c53bece35a86d512842efabcaa6cfcccd6d3520766e5b7c2a8939e7d58530df4ba61a537fd3a6769ccbfe1403f8e9a6300470fad89acd5cd660a914023

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ad6ea42d466ab78a1ece3104bcfaf04a

SHA1
a9bbbf4b65b29f5e6196a428e80a7c21ba5c4899

SHA256
d36142d38821ddd55fb04097346ee46431b63b3a0cc5a096efc8801eec3ec0b8

SHA512
72ad437e674674d45dac96361c43693da7d2b2fd82e7830124b6e1610388c7a3296bae96ef508c0e6504a3bb3ef723adb68ffa3cf205c46cf95fc3fcc9d84ae0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\activity-stream.discovery_stream.json

Filesize
41KB

MD5
46cbd951d44c8ea47649a4fbc377e62c

SHA1
0ef910d8349fe1b5ecf14cf0f0d18d91da693cf1

SHA256
a2460849c629561fdc4cbf08d6ff8695d59049f21fd0f103056adbae60c3eeb3

SHA512
647d13eb56069e08f1e9cf3ff712bd707827ac4c439f2b9d3500e6b2732216f6585006fabc074215ff52e995acf6962dead8decb08394c82c5322ff9782ef83a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F

Filesize
13KB

MD5
743d72ec5ae84399056e730436dd9fa5

SHA1
2b8db7b096a3ba751a7d47a1280f2c00c89343f5

SHA256
cf5b2a722c1929ea4bd6613161e8bffe7921d013a5042e09a8d11b2b0fb3571e

SHA512
c9f49c766be37d8c68f9a2883da6aef167d218d22ee45d9f3760e15d5f5dbea5990bad787527466bbe8909c77da3f0d7730367dc78beca67991402d55eaa6003

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\AlternateServices.bin

Filesize
10KB

MD5
1bc308d742c73072a60555d597b6b36e

SHA1
529abd195bd0431c163998629a828bca82d36342

SHA256
483a5cbce81b18d6dd0795bc52790346c0fafddb6c11fce18574eadd21f7abc6

SHA512
1cb76d19aeebd81f57e52b919b49cfd292b6aef018b922c23912ac5dad7fb53ff730dd039bcb53d7a7713bd25451302df42c85400d2ed03bb7e5b55d8c6ce91c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\AlternateServices.bin

Filesize
10KB

MD5
22f970cd4f31e82ab5bd5edec164064d

SHA1
3e02a854dbfb6c09e96e9eef5dddbcf32bc28903

SHA256
64403c8ab4980ac6384fdfded3ca2405b6014a9c8e36ae8d75a8c6f6fa834dfc

SHA512
1e4f34603bc5f861b3da27c7066804cf32648ac0465b572d44f5fa8b41cc61a11869125b1b62cd405fd6bd047f19e721f4e2c41a2c9c03d996d6fd22c64d5cb1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
cd2a4e15b2d47c29e0b762deef9fb3c6

SHA1
d362725dd83a2419c9fbf8a16803698b2cc56a1c

SHA256
98633cdbfadeb1235d9d19570323711cbb6ee4d9d1b6be3773833f2294aba9c5

SHA512
ac5337bc1028d83b64f262b929c882af3fd76d583a39eaff7f89ebb0cbcd319ef7fb9880063fda8112669255817f136313abc823a8b30a1a2a7f92b84d84bc33

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
8d8ebde597c089840ae954647ebc1491

SHA1
a9eae389ea8160d813202601fb39579c4aba01aa

SHA256
99f0b135c5769f41e3ca09853c7815d4c60d100764fd21c69f2248ebdf19d0bf

SHA512
3a3a8f7168e8d2745fe898fe7a6ccf6874c5b0fa796302e040be7055cdccb81fea3d6d05b78ab79ad3c11aeb927c3f8a3d3216dbf7f0d20acfbd92177c77b8b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
3d8719c7745ae3c7f9b6dc31b18cb4bb

SHA1
10038938138e76b843ce107ddcb431c631c3596c

SHA256
d98a462b78086636ec201e68ee345632498dba06fcea8ebccb602a94968da316

SHA512
b5c8ec22ff31c73068c259714441019ebd8c9d472171a22e67c43814887bb1f83a09b6e0ef61604e6e0b3e21dfeff479f2022fac6f6236a12a6069c153ca759a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\pending_pings\4a2af914-8498-4803-858d-1f2bd7b6bbb1

Filesize
26KB

MD5
d0731db19f0da1b92fa83149299365ca

SHA1
754b5c501b73db73896732a8a5b371200f51bf3e

SHA256
24c51303f63c6676c21a5752d7161dcf1e2685171001bbbbe9cac6a0d427c7e7

SHA512
45d1626ebbe000ccab76ee567dadfaaa6eb4130e1063c4cbfc6b960192cc8e2ae466d035e594e302c95404ede863fd32c945c796fc4d07d08f4207059d1cff64

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\pending_pings\bbc56c97-df25-4f6a-8fd0-f4f5869410a9

Filesize
982B

MD5
9440320acdcc799c7a89dd6ffa5be500

SHA1
fa41a8be792a287065cb435175b062688be252dc

SHA256
d4740a7ba6ca5f7e22a4c4390787c6e43455f0528138badf3251b702687d7b43

SHA512
38e0babf84be179858794cd14e0fbff25cf1209bd5b6a935c31e4a71da1ed9356e5e36b7099c4533d19c83cf888691704267ad08d4d51a48b2dca2fcbd5c5ac8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\pending_pings\c6393686-3996-489f-90c1-ba0cde97cfb1

Filesize
671B

MD5
649155c7eb75e7159bf8cd6d5769a1c3

SHA1
91d0e751ef1d94d149a2eaccf2d993790fc77322

SHA256
d7cc00c62bdc62e4b20cf78d87bb37a4b8c09d9d1570bebd5552c4e60d502f4a

SHA512
4e923147bbd1e14db303095527381ef3294fb7a9cd1390653d492fb9f6498bf65e9b9d94068088413d59479bc578f7f464ced59e994bdc5eb76f871fcd670f6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\prefs-1.js

Filesize
11KB

MD5
6787d7b461298ab428f20d25adc9f419

SHA1
d7792813e95463f4603cb9a025111998f9c30136

SHA256
a6de0ef84110b9565d18e7de6d8841797e10f7a2d2e22e6c4562f36cb67841d8

SHA512
41144d7bcf832096ccb21ccc3931e82336d8e9bc76c05af729599b024d6f8effdb09117565f6e8f95821ed72064f2fbf347000634947d2fec0594d56b7234d02

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\prefs-1.js

Filesize
12KB

MD5
d9599594575f176bf23c8472afc4046a

SHA1
5c21143d35cdeb20e6fec37f8248c36ac92f27c4

SHA256
9b86a3d58f4a0dc4bdfa28b3759d1f2e6f0928874791c0ac693fe456b9f21f8d

SHA512
bb2242ef09ab3a6d82e70b430059639771f26742513e8f0d3b388741b41c9cdc576fee28c87c8783721601f9a21ab61ed309980fac9bc436909791e071ae43d5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\prefs-1.js

Filesize
16KB

MD5
3a6158e1b5ce69bd518aea43cdac3c03

SHA1
7589ba506828ba7db398346e5ae4abb6005bd427

SHA256
ac261cb2b72a82a16c2af47d21dde9344a9c0066b4ed2a6e601a60bd6ac4bfd3

SHA512
88ee81d15b941e8f4f74331f2dbf32112603db4b1d1209d44a2658ff79a6959bb969b271086b86a2b25f61d2c5f399c8137485f88c16a367818fe4d9ccd426dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\prefs.js

Filesize
10KB

MD5
92eb72c42081f4dadce8f390e9bd8467

SHA1
3a2447ad17b83d41b83e5132d039bf4888a6b558

SHA256
fdc389a5b5a42553fe3bef0a376008213164ffc0ce4c88ec3143d8d17d4c4f3a

SHA512
8d468a6498c7c969f233604ad6245a318c3ec7bf9e0691cd7165f46c1c9b4e42a53b1606f0fc9c1bcb1f7bf20777280484a57a32a0a64aaf32fdeca9c8179c4a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
9c5a7ed35027e24ec6702a3099a1ea6a

SHA1
7f1dc96f1c5c19a678d7800934cdf2f8bea274cb

SHA256
19710faa0f6a3f4dfacc37db5f3fed32975bc2cd9efd0a3d99d43a44d755cc9f

SHA512
5b411ad31a4b8262a34ce2467831e4690c575e5c86d340ace9e1dab8a4f413deeeca3e2ee802f59c0e1f2b1ac8c7078da0d93ea8a19766b0c34c809c46723b83

Download Submit