5794bf772bf0b81fa1d6cd157f5b24393e15378dbfcc286dce608f893ed90d6a

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
25/08/2024, 05:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5794bf772bf0b81fa1d6cd157f5b24393e15378dbfcc286dce608f893ed90d6a.exe
Size

896KB
MD5

d1d30847ea6436b90160f56e5710c5dd
SHA1

cebb4d784589066cbf974954af20296b23fc1cb2
SHA256

5794bf772bf0b81fa1d6cd157f5b24393e15378dbfcc286dce608f893ed90d6a
SHA512

3761fe006be272c1e460e57a45e45a9babbf78bcb21d41363b905837d0719625d5db6c399362a6e7916d7efcf6146fcb071bbbfbfe505555f3a91174db4e2f36
SSDEEP

12288:QqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgarTx:QqDEvCTbMWu7rQYlBQcBiT6rprG8avx

Score

9^/10

credential_access discovery stealer

Malware Config

Signatures

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5794bf772bf0b81fa1d6cd157f5b24393e15378dbfcc286dce608f893ed90d6a.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
5832	5794bf772bf0b81fa1d6cd157f5b24393e15378dbfcc286dce608f893ed90d6a.exe
5832	5794bf772bf0b81fa1d6cd157f5b24393e15378dbfcc286dce608f893ed90d6a.exe
5224	msedge.exe
5224	msedge.exe
3696	msedge.exe
3696	msedge.exe
5788	identity_helper.exe
5788	identity_helper.exe
3156	msedge.exe
3156	msedge.exe
6892	msedge.exe
6892	msedge.exe
6892	msedge.exe
6892	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1084	firefox.exe
Token: SeDebugPrivilege	1084	firefox.exe
Token: SeDebugPrivilege	1084	firefox.exe
Token: SeDebugPrivilege	1084	firefox.exe
Token: SeDebugPrivilege	1084	firefox.exe

Suspicious use of FindShellTrayWindow 49 IoCs

pid	Process
5832	5794bf772bf0b81fa1d6cd157f5b24393e15378dbfcc286dce608f893ed90d6a.exe
5832	5794bf772bf0b81fa1d6cd157f5b24393e15378dbfcc286dce608f893ed90d6a.exe
5832	5794bf772bf0b81fa1d6cd157f5b24393e15378dbfcc286dce608f893ed90d6a.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
1084	firefox.exe
1084	firefox.exe
1084	firefox.exe
1084	firefox.exe
1084	firefox.exe
1084	firefox.exe
1084	firefox.exe
1084	firefox.exe
1084	firefox.exe
1084	firefox.exe
1084	firefox.exe
1084	firefox.exe
1084	firefox.exe
1084	firefox.exe
1084	firefox.exe
1084	firefox.exe
1084	firefox.exe
1084	firefox.exe
1084	firefox.exe
1084	firefox.exe
1084	firefox.exe

Suspicious use of SendNotifyMessage 15 IoCs

pid	Process
5832	5794bf772bf0b81fa1d6cd157f5b24393e15378dbfcc286dce608f893ed90d6a.exe
5832	5794bf772bf0b81fa1d6cd157f5b24393e15378dbfcc286dce608f893ed90d6a.exe
5832	5794bf772bf0b81fa1d6cd157f5b24393e15378dbfcc286dce608f893ed90d6a.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1084	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5832 wrote to memory of 3696	5832	5794bf772bf0b81fa1d6cd157f5b24393e15378dbfcc286dce608f893ed90d6a.exe	82
PID 5832 wrote to memory of 3696	5832	5794bf772bf0b81fa1d6cd157f5b24393e15378dbfcc286dce608f893ed90d6a.exe	82
PID 5832 wrote to memory of 2260	5832	5794bf772bf0b81fa1d6cd157f5b24393e15378dbfcc286dce608f893ed90d6a.exe	85
PID 5832 wrote to memory of 2260	5832	5794bf772bf0b81fa1d6cd157f5b24393e15378dbfcc286dce608f893ed90d6a.exe	85
PID 3696 wrote to memory of 2432	3696	msedge.exe	86
PID 3696 wrote to memory of 2432	3696	msedge.exe	86
PID 2260 wrote to memory of 1084	2260	firefox.exe	87
PID 2260 wrote to memory of 1084	2260	firefox.exe	87
PID 2260 wrote to memory of 1084	2260	firefox.exe	87
PID 2260 wrote to memory of 1084	2260	firefox.exe	87
PID 2260 wrote to memory of 1084	2260	firefox.exe	87
PID 2260 wrote to memory of 1084	2260	firefox.exe	87
PID 2260 wrote to memory of 1084	2260	firefox.exe	87
PID 2260 wrote to memory of 1084	2260	firefox.exe	87
PID 2260 wrote to memory of 1084	2260	firefox.exe	87
PID 2260 wrote to memory of 1084	2260	firefox.exe	87
PID 2260 wrote to memory of 1084	2260	firefox.exe	87
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 1084 wrote to memory of 2148	1084	firefox.exe	88
PID 3696 wrote to memory of 2256	3696	msedge.exe	89
PID 3696 wrote to memory of 2256	3696	msedge.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\5794bf772bf0b81fa1d6cd157f5b24393e15378dbfcc286dce608f893ed90d6a.exe
"C:\Users\Admin\AppData\Local\Temp\5794bf772bf0b81fa1d6cd157f5b24393e15378dbfcc286dce608f893ed90d6a.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd6a5a3cb8,0x7ffd6a5a3cc8,0x7ffd6a5a3cd8
    3⤵
    PID:2432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,4798684938096831851,13505171532220573996,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2020 /prefetch:2
    3⤵
    PID:2256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,4798684938096831851,13505171532220573996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,4798684938096831851,13505171532220573996,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
    3⤵
    PID:2868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,4798684938096831851,13505171532220573996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
    3⤵
    PID:2100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,4798684938096831851,13505171532220573996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
    3⤵
    PID:1768
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,4798684938096831851,13505171532220573996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
    3⤵
    PID:3016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,4798684938096831851,13505171532220573996,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
    3⤵
    PID:392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,4798684938096831851,13505171532220573996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
    3⤵
    PID:3112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,4798684938096831851,13505171532220573996,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
    3⤵
    PID:1732
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,4798684938096831851,13505171532220573996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5788
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1996,4798684938096831851,13505171532220573996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,4798684938096831851,13505171532220573996,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6892
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2260
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1084
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1956 -parentBuildID 20240401114208 -prefsHandle 1872 -prefMapHandle 1864 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e7e2804-63b3-4726-ac2c-9e838abb1205} 1084 "\\.\pipe\gecko-crash-server-pipe.1084" gpu
      4⤵
      PID:2148
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2384 -prefMapHandle 2380 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {62f720b2-87f4-4359-a02e-48b021299064} 1084 "\\.\pipe\gecko-crash-server-pipe.1084" socket
      4⤵
      PID:3388
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3216 -childID 1 -isForBrowser -prefsHandle 2588 -prefMapHandle 2812 -prefsLen 22587 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c60b5465-760b-4442-bf80-d069ced1dc50} 1084 "\\.\pipe\gecko-crash-server-pipe.1084" tab
      4⤵
      PID:3268
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3520 -childID 2 -isForBrowser -prefsHandle 3004 -prefMapHandle 3376 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f3a8607-de65-49b1-a5ff-bb98b233524c} 1084 "\\.\pipe\gecko-crash-server-pipe.1084" tab
      4⤵
      PID:5552
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4264 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4156 -prefMapHandle 4268 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {39eb6b92-0870-44db-9d8d-995f9b2a8399} 1084 "\\.\pipe\gecko-crash-server-pipe.1084" utility
      4⤵
      Checks processor information in registry
      PID:5636
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5440 -childID 3 -isForBrowser -prefsHandle 4236 -prefMapHandle 5420 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcc39e67-1e9f-4da5-a0f2-ebe955186f18} 1084 "\\.\pipe\gecko-crash-server-pipe.1084" tab
      4⤵
      PID:5264
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5604 -childID 4 -isForBrowser -prefsHandle 5568 -prefMapHandle 5608 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45ae6e9c-b8a8-4805-94d6-f608073beb8b} 1084 "\\.\pipe\gecko-crash-server-pipe.1084" tab
      4⤵
      PID:5784
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5804 -childID 5 -isForBrowser -prefsHandle 5816 -prefMapHandle 5760 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24d85db8-8826-4449-8950-d94a67a872f5} 1084 "\\.\pipe\gecko-crash-server-pipe.1084" tab
      4⤵
      PID:2204
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5828 -childID 6 -isForBrowser -prefsHandle 6184 -prefMapHandle 5448 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cfbfbac-6434-44cb-9b79-630a33d16f79} 1084 "\\.\pipe\gecko-crash-server-pipe.1084" tab
      4⤵
      PID:5880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e681bda746d695b173a54033103efa8

SHA1
ae07be487e65914bb068174b99660fb8deb11a1d

SHA256
fee5f7377e5ca213c1d8d7827b788723d0dd2538e7ce3f35581fc613fde834c2

SHA512
0f4381c769d4ae18ff3ac93fd97e8d879043b8ec825611db27f08bd44c08babc1710672c3f93435a61e40db1ccbf5b74c6363aaaf5f4a7fc95a6a7786d1aced8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f081a02d8bbd5d800828ed8c769f5d9

SHA1
978d807096b7e7a4962a001b7bba6b2e77ce419a

SHA256
a7645e1b16115e9afec86efa139d35d5fecc6c5c7c59174c9901b4213b1fae0e

SHA512
7f3045f276f5bd8d3c65a23592419c3b98f1311c214c8e54a4dfe09122a08afb08ab7967b49bd413bc748ce6363658640bc87958d5e0a78974680a8f9beadf44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
0f0204f9abbe5df18b126047237dc8f8

SHA1
329f3d5061a93c1d3294f56be209429a14bc511c

SHA256
4e53d148f7f142417a3edfeff8723e82dd9fb9746b8fdf746590bd359b05896a

SHA512
2f826c9a610df86cbb8f49faf0c36248740abde385ad21957304cf9c315925e55305d6e3e56a5539744399176d7df8939dad1f1c0352a79d566bec51b1d45116

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
33e46cfbe5caed5023f948e634fd2167

SHA1
2e4aeb3867ffbd6bba2c3af1572a1b249597a78d

SHA256
5713d958ae8a53bbd43902c85fbe9626278419d02a1bc41617701d7e7359e257

SHA512
878969c6459839ba50ca1e3959d3478aaa41193e11e7e62af2f1521964dfa5bde1310254544221e96b795f02dc7ad1cd69be1100afb4c7fdb68b8b8352e3c55f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f26c5c2507ead263618bbf76ad57645e

SHA1
48da24fe649a23beb1d340b5314c71cb584734e6

SHA256
c0b5d40692d1e44465fac964fbe19d569033a5832a0f4921f63e61498bbfb0ce

SHA512
f6454b6fba96009213d1ce402dede6ecc7570eccdc35de2bdda43b1024d9e6487bf94f357c42421306cedb652dcbe69301717ff4fba3edd61d701d16b4765edd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a742f87d6ce190138e7d13037cadc44b

SHA1
54a9558cd240caab5f055ce9a81c6da1cb54a543

SHA256
d92a83e28c410ad5cc4e7569dd292672a320480eab09ca2b7ae078cbfbd02689

SHA512
d553973bf9f49a082fe023e6e4068139cdf7eca8454f3e94f8ceb28853a771d085e53e056d98c579475f395f476038dfabc9e26cc76ed670190c50467c5960f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
24a589dda9fa6ce853376b137c0b97f3

SHA1
706ab92660af984e1002a81abc22f55299ee4e5d

SHA256
f86f9e7ff0af10831cdbdd64e71feddb5f1daa8b90ded601771ae647abf78f2b

SHA512
2b47db6dddec6dd713f14bf221f9c54238315c1f0b10693162e46238e05bb1eaf1b171d93bbfe8b7fee463bc1800d6a46fdd2fbf3034f0740187b08e46512ac6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
e707915358ad03d16c166828a7177eb4

SHA1
a7558a68b1ab9be2b74a943faeb3803d0cc028c7

SHA256
4d9dd06f9b22e8ab16a6eedf1bba489fdacf6388ef8860e475919b2e9630af54

SHA512
3cc59ae191dfd5fc9db7e7a728d21891b53bddcb014a2320918bfcd0e2514619234cf4b121f76f70852174dc4c7a7dd798b280c4b493f1b5916f681b9f007dff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59a195.TMP

Filesize
203B

MD5
65462a8a85f99f8245206e92ad922fb7

SHA1
3641907aec90efe0142941e4fec278a98a1dd292

SHA256
74dfe04702506067502c462a0406be18137d0f2932b5a972b64e3d4a145a9f7e

SHA512
85c4209b91a33886989e15a58b7511928ce942316073e3b1a7cfa076c057dee325dacae4ad971d5bc49ab03f4987977a81e0331e1e63df5e5d36c555fd09e3a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
548b4b7e1c7b6e684b9086fc7af964ca

SHA1
6579264e3203ffed74c2ddd688fcf3fc57073d8f

SHA256
c1b2bb07d6746fe9ce8b49c134304057804529fe16a90aba54c85acf898d63cf

SHA512
77bed9a13e2ff0e457f69acb2106dea92d19a189cc1e0774910d7f319f3466224109e4b74a54189481a6966a16dc0ea68bc33ad996742478e771b7143c4bf3d0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\activity-stream.discovery_stream.json

Filesize
45KB

MD5
ddeaf4b24b26bdd6cb28373eeceee693

SHA1
256a6392850914f68220bd0b95cfa9a5c177a781

SHA256
20615e5d3cec120413564b5c7ce74552e478cb1a34411dd247f3a1115538ecb6

SHA512
8f32c50b802e865d9b15f7bcdcbc7670e0a0324b3f4cdf8c2c7861129a81893d80bfa9416cc015ae110007a0f56566529f8ed88541210a10cdc855e0d140c39c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F

Filesize
13KB

MD5
f67cb7f9cbb3a5d6f7e2aa73d65fa8e5

SHA1
89eb52790b90948d1e8023d5804faec09d455962

SHA256
8daef877942d0cdb769732e3a27c89b5fd21bedcb7a5bc90e80a0c27a6d6a186

SHA512
a0e1edc1dc30639850c4d55ae498055a8fd06d081ee81d46c2e7c9d1cc9882cffca730b2e67db380433734ce3e42e415e9b248b04b87b2aaa4f3f790a8c71f4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\AlternateServices.bin

Filesize
7KB

MD5
12f7b0ff57327a9677baa5b545649c40

SHA1
a034405c23051dfbd6f611e921ad0ed60c68b5df

SHA256
2a93a51b56d532d0bdf132317248270db2af9b57af8056e12f3739620c4f27c3

SHA512
3b22db36f826bfb13ddcd73d4f4ab3be8ff0323b07e662ca5995dd93249a8fd81aa8018ef625e4465c812a5309367f5d5ab9079a845e3057fb4ba2fd54bf5610

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\AlternateServices.bin

Filesize
10KB

MD5
e2d5fc7b0a6f4b1135173503c51b1cb3

SHA1
9561a40f526a02c138b5d6d14110d2695ea39e16

SHA256
c30272517cca23a77739448905281a5501c968c72ee9eff4c221ccf75ee3117a

SHA512
c61b15e1c94e499cd53b5cc1f7c7101dfb1a6adefdf595b4f3028368303f8cbbd0686fd72bcef3e0b33b1616b10c27d1bd04e6e0f884b7bcef37e7b1fef02dc4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
d9150d05462be797567a96dcb40daa52

SHA1
9d217ae8ea6ae68ee19204971265121e00db4a40

SHA256
625a8f02f09d553f38754f10bbb5d022bbc64e0a0d85094091ff01b04e2c7bf3

SHA512
80409edd2fa5392f88140e2e61798724d130d406b4758fcd6baba1083879309dc550a2f257065e93af09fca9a99f8c15b3db2ffe72bf2b9b5d0b0bdbd9ff31b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
c894433a41d56f93c9e9038edca56933

SHA1
01cce7fb96c3f19a36e619ebde706e385892be15

SHA256
3710ea87db9a2d952270644c0c9e2d78e62560e4792ada5df1087cf76069ff5e

SHA512
0bb7d196949f9ef5ed88a3b5337f2ce2daeb2cfcaa5ec0331b3b91528fa62291f9867901b2c2f29c811fe2f3ac7cf4d07511f23e2ce7af1a4d6b94cbc000c417

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
c4a72f29c45b6f13c85b523aef56a283

SHA1
ae78118436070c6a958a0b2282fd2dba5a4c2da4

SHA256
8a3d13f6c197b332b956be8dd57948b26ee5c7af43c1de7d09dd6cb23a9fe118

SHA512
e43dedd8f398c9e01374c0f2dd852a05be8fadd5e6b1a7cc35296437d3909da776275f7c71d29b6d7b7b9435c43354785d4815f6ba31142d8ee3c1a0f23aaa49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
10f410cf4c5fafb7611aabaa447228be

SHA1
057e655fe3c543c8dc3188ca604328770f215e54

SHA256
3167a1b17b4755d1f285242cac854a05bbe349b2f90fc307b3f9aef4f9451c76

SHA512
909f7c38c8470d12b63b445eb8f88dcf67e3a925fe682fcd5046c1f825e6884c6cc6112daedfc8d06b8134e2f0cb84ef5663daeeffbe80081cd6f63f8d5c3303

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
4cd62decfecee4b0a9a87c3c61fbf770

SHA1
b0a9b8c985d569007c97ce4b40310f0f95870e55

SHA256
e5bee76a43f8b9a88bdfd9a39242e7db65e46b06d22c71e49db2c785a37e0d18

SHA512
74268cf6a15591aba879e0979030a91786f30cffe5d10a4ef1d1a11a632d9e7ab57dd34055019a01098b96081ecf7dd2fa9d4d23c4eb7a5793e5e291347d9978

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\pending_pings\319426a6-0f36-434f-8849-7cf0b6504074

Filesize
27KB

MD5
28d1dd6f6ce433bfc918a7b2b3ccfe73

SHA1
d6ff4e3ba71563e6d1b71c76b872989cfa08f5eb

SHA256
fd657d9c692ab92c5d8390443e5123bed2d31585e9dfc9dfea9d7ff2206e7ea0

SHA512
ad7accc1cd7678451b15d8a4e73e11c422402537f1c9ef4b162b0d4b9705132b9f89d14dd66fdcc9dea52c9e1fd743e7c311892b967119696603974598a5c63d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\pending_pings\a4f9c7c6-0165-414c-81f5-5888dcf9541b

Filesize
671B

MD5
3767ceae4ff586afd95fa22ee1194631

SHA1
e0d37927d60023bb4e250ac17c34f39d2b88be10

SHA256
f4eeaeba8bbfcce42a9a1cdf343e5aca75c7acb242247aa8a0ad3e8d4bd81422

SHA512
0370bba6d533723c5234caf809706e85aaf9d99fbd720ed7b0918e391a7e9118ec541ebdb0e3e60856b148ebd06b7a2697ade5c4654b01f387eac1998338bd14

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\pending_pings\d88ab65d-8af3-4330-b3fe-044b9fb6b2d6

Filesize
982B

MD5
23899cc6698cddcf5ddc1444d9edab89

SHA1
0f7b3d5bb798ae3aea03503409c6ca6fc218dee4

SHA256
4605b96bb4a82bdcb0a5c646fd8cc8cf8a64d4c6826a1899c2211dd660a4563d

SHA512
c3d547ddfe2648a1de33af233a1f9c6e11fa3140b540e5bedad801b3a8d7980110657be9705b2ddf5d7d536f9974a95dafd520c3cc74ba770fbb260892845795

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\prefs-1.js

Filesize
12KB

MD5
cb84896e54a63f8db2419c795d657971

SHA1
ae32ff0cda83d2a4bdfe9d39504927d27185e508

SHA256
c7987e1503d758d14e5fd1b4d1e5fd2cebcb0d7eb2f022943b2ae4a366a3300e

SHA512
a4641e6e572073fa092a327c08c28343dcc6171f3e20c2d4e361990692977ca1a8d5fc73e1acbeb136b96c7dbf066b228ab00e9ca8e107142f60d2065120caa1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\prefs-1.js

Filesize
16KB

MD5
a5e8ad4eab430fe4e13e7228653aae2a

SHA1
db10f38d7af4c0805900b4efa08945947d35ff22

SHA256
22d8f9528d8cacda3b379fc810410e6c8332d7d4060ee12b623365c092da945c

SHA512
71ac4a68dfacb7e3643d57628d95d2f7a32b50e9f0345e50443c1c614bbb0981eaf2dbc41a91a2fc7cac9e908d257ae130179ea13e6df106733867cfed8bb7dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\prefs.js

Filesize
10KB

MD5
51820a8d037a21f245498148ba6beb2c

SHA1
d76c668099419c96c9c8d6af5ef7b66714aaad47

SHA256
bc2c8ed2242676e85ea6feaccb8bb20df65e10d64eb187559d0ecd24e1895533

SHA512
7f7a4937d41825b7f0d6fa23c68c2db0743913e955d7155b429de524362d9baa41eb884696454760339f057cbb8fd4aff3348be2e2a97c4046665e9234216755

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.3MB

MD5
de8959f80bbd640feeb1dc6ae9c469a9

SHA1
a1f63e602c6c52daa998fea1acf698ade74fe4ce

SHA256
9d05a3b32c82a159959d331db01e58f23f40a76ed278d93cad0f8565c21f16f9

SHA512
da1549c482c691b7eff1f72ab0caa9a1a20b71f662e87c96bddcd923387d7b386290c57393ae7d3d202178f34b97148ec2570f0d5df54d2160be9d2a0e606f43

Download Submit