fc45559d6a3f6dda0bf13bccfcd0a287a1a51463d182f8318eb3e93a0f3a25fc

Analysis

max time kernel
146s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
04/09/2024, 23:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fc45559d6a3f6dda0bf13bccfcd0a287a1a51463d182f8318eb3e93a0f3a25fc.exe
Size

896KB
MD5

defd39769340947b16036d0ce301eacd
SHA1

4d4e3d6e99f2598237cc0560b0b7666e7d16ad43
SHA256

fc45559d6a3f6dda0bf13bccfcd0a287a1a51463d182f8318eb3e93a0f3a25fc
SHA512

a6d38bc9db6b2745c944f2867683a58b1488dd9741ffe0ebbf0f5bc5a30879e25bc2ca09348157fff5b27eba2f61794049efef952774cd7ca40516a596235841
SSDEEP

12288:7qDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgarTV:7qDEvCTbMWu7rQYlBQcBiT6rprG8avV

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fc45559d6a3f6dda0bf13bccfcd0a287a1a51463d182f8318eb3e93a0f3a25fc.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
464	fc45559d6a3f6dda0bf13bccfcd0a287a1a51463d182f8318eb3e93a0f3a25fc.exe
464	fc45559d6a3f6dda0bf13bccfcd0a287a1a51463d182f8318eb3e93a0f3a25fc.exe
3984	msedge.exe
3984	msedge.exe
3960	msedge.exe
3960	msedge.exe
5788	msedge.exe
5788	msedge.exe
6120	identity_helper.exe
6120	identity_helper.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1240	firefox.exe
Token: SeDebugPrivilege	1240	firefox.exe
Token: SeDebugPrivilege	1240	firefox.exe
Token: SeDebugPrivilege	1240	firefox.exe
Token: SeDebugPrivilege	1240	firefox.exe

Suspicious use of FindShellTrayWindow 49 IoCs

pid	Process
464	fc45559d6a3f6dda0bf13bccfcd0a287a1a51463d182f8318eb3e93a0f3a25fc.exe
464	fc45559d6a3f6dda0bf13bccfcd0a287a1a51463d182f8318eb3e93a0f3a25fc.exe
464	fc45559d6a3f6dda0bf13bccfcd0a287a1a51463d182f8318eb3e93a0f3a25fc.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
1240	firefox.exe
1240	firefox.exe
1240	firefox.exe
1240	firefox.exe
1240	firefox.exe
1240	firefox.exe
1240	firefox.exe
1240	firefox.exe
1240	firefox.exe
1240	firefox.exe
1240	firefox.exe
1240	firefox.exe
1240	firefox.exe
1240	firefox.exe
1240	firefox.exe
1240	firefox.exe
1240	firefox.exe
1240	firefox.exe
1240	firefox.exe
1240	firefox.exe
1240	firefox.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe

Suspicious use of SendNotifyMessage 15 IoCs

pid	Process
464	fc45559d6a3f6dda0bf13bccfcd0a287a1a51463d182f8318eb3e93a0f3a25fc.exe
464	fc45559d6a3f6dda0bf13bccfcd0a287a1a51463d182f8318eb3e93a0f3a25fc.exe
464	fc45559d6a3f6dda0bf13bccfcd0a287a1a51463d182f8318eb3e93a0f3a25fc.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1240	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 464 wrote to memory of 3960	464	fc45559d6a3f6dda0bf13bccfcd0a287a1a51463d182f8318eb3e93a0f3a25fc.exe	81
PID 464 wrote to memory of 3960	464	fc45559d6a3f6dda0bf13bccfcd0a287a1a51463d182f8318eb3e93a0f3a25fc.exe	81
PID 3960 wrote to memory of 3380	3960	msedge.exe	84
PID 3960 wrote to memory of 3380	3960	msedge.exe	84
PID 464 wrote to memory of 4248	464	fc45559d6a3f6dda0bf13bccfcd0a287a1a51463d182f8318eb3e93a0f3a25fc.exe	85
PID 464 wrote to memory of 4248	464	fc45559d6a3f6dda0bf13bccfcd0a287a1a51463d182f8318eb3e93a0f3a25fc.exe	85
PID 4248 wrote to memory of 1240	4248	firefox.exe	86
PID 4248 wrote to memory of 1240	4248	firefox.exe	86
PID 4248 wrote to memory of 1240	4248	firefox.exe	86
PID 4248 wrote to memory of 1240	4248	firefox.exe	86
PID 4248 wrote to memory of 1240	4248	firefox.exe	86
PID 4248 wrote to memory of 1240	4248	firefox.exe	86
PID 4248 wrote to memory of 1240	4248	firefox.exe	86
PID 4248 wrote to memory of 1240	4248	firefox.exe	86
PID 4248 wrote to memory of 1240	4248	firefox.exe	86
PID 4248 wrote to memory of 1240	4248	firefox.exe	86
PID 4248 wrote to memory of 1240	4248	firefox.exe	86
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 4912	1240	firefox.exe	87
PID 1240 wrote to memory of 1552	1240	firefox.exe	88
PID 1240 wrote to memory of 1552	1240	firefox.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\fc45559d6a3f6dda0bf13bccfcd0a287a1a51463d182f8318eb3e93a0f3a25fc.exe
"C:\Users\Admin\AppData\Local\Temp\fc45559d6a3f6dda0bf13bccfcd0a287a1a51463d182f8318eb3e93a0f3a25fc.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ffc471a3cb8,0x7ffc471a3cc8,0x7ffc471a3cd8
    3⤵
    PID:3380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,16579025670804726720,372176025263264174,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
    3⤵
    PID:2528
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,16579025670804726720,372176025263264174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,16579025670804726720,372176025263264174,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
    3⤵
    PID:760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16579025670804726720,372176025263264174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
    3⤵
    PID:744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16579025670804726720,372176025263264174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
    3⤵
    PID:4964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,16579025670804726720,372176025263264174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4504 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5788
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,16579025670804726720,372176025263264174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6120
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16579025670804726720,372176025263264174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
    3⤵
    PID:3924
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16579025670804726720,372176025263264174,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
    3⤵
    PID:3872
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16579025670804726720,372176025263264174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1
    3⤵
    PID:5128
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16579025670804726720,372176025263264174,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
    3⤵
    PID:5184
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,16579025670804726720,372176025263264174,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3700
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1240
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1948 -parentBuildID 20240401114208 -prefsHandle 1828 -prefMapHandle 1820 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eafcdaa1-8bb5-4b78-b2d1-bf23a35051ce} 1240 "\\.\pipe\gecko-crash-server-pipe.1240" gpu
      4⤵
      PID:4912
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2428 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2400 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2381b396-f428-40b9-8baf-63a2ab5b65d5} 1240 "\\.\pipe\gecko-crash-server-pipe.1240" socket
      4⤵
      PID:1552
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3356 -childID 1 -isForBrowser -prefsHandle 3348 -prefMapHandle 3344 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4904c777-6a89-4cf2-95c6-4acfccca05f6} 1240 "\\.\pipe\gecko-crash-server-pipe.1240" tab
      4⤵
      PID:3012
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3696 -childID 2 -isForBrowser -prefsHandle 1404 -prefMapHandle 3336 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e09bdbe1-eb64-4639-aa38-8a927acb1e20} 1240 "\\.\pipe\gecko-crash-server-pipe.1240" tab
      4⤵
      PID:1848
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4028 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 3532 -prefMapHandle 4000 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef67e0fd-dfba-491f-be65-5197be65639a} 1240 "\\.\pipe\gecko-crash-server-pipe.1240" utility
      4⤵
      Checks processor information in registry
      PID:112
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5352 -childID 3 -isForBrowser -prefsHandle 5368 -prefMapHandle 5364 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a602cde-1825-4313-8b43-c15dff564072} 1240 "\\.\pipe\gecko-crash-server-pipe.1240" tab
      4⤵
      PID:3540
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5588 -childID 4 -isForBrowser -prefsHandle 5508 -prefMapHandle 5512 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {04909b7a-384a-4e3c-81d7-afeaa47531ba} 1240 "\\.\pipe\gecko-crash-server-pipe.1240" tab
      4⤵
      PID:3240
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5716 -childID 5 -isForBrowser -prefsHandle 5792 -prefMapHandle 5788 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51e7703a-9b8f-484e-97f9-6f23bea9878e} 1240 "\\.\pipe\gecko-crash-server-pipe.1240" tab
      4⤵
      PID:232
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6044 -childID 6 -isForBrowser -prefsHandle 6140 -prefMapHandle 6104 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {460d5ef0-ebc0-4fd5-a60b-d6dd683ba224} 1240 "\\.\pipe\gecko-crash-server-pipe.1240" tab
      4⤵
      PID:5252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d30a5618854b9da7bcfc03aeb0a594c4

SHA1
7f37105d7e5b1ecb270726915956c2271116eab7

SHA256
3494c446aa3cb038f1d920b26910b7fe1f4286db78cb3f203ad02cb93889c1a8

SHA512
efd488fcd1729017a596ddd2950bff07d5a11140cba56ff8e0c62ef62827b35c22857bc4f5f5ea11ccc2e1394c0b3ee8651df62a25e66710f320e7a2cf4d1a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
03a56f81ee69dd9727832df26709a1c9

SHA1
ab6754cc9ebd922ef3c37b7e84ff20e250cfde3b

SHA256
65d97e83b315d9140f3922b278d08352809f955e2a714fedfaea6283a5300e53

SHA512
e9915f11e74c1bcf7f80d1bcdc8175df820af30f223a17c0fe11b6808e5a400550dcbe59b64346b7741c7c77735abefaf2c988753e11d086000522a05a0f7781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
1ec55b05e37c928c2ad6cac4e0f19834

SHA1
851fc533deb0d1daa06e78b53692c51a1a515f7a

SHA256
c7820a803fa80cf9981aa87ac8949ca749b5a6b95e8d35fb0f17f99d47c9cfd6

SHA512
8a16382d40919f182ce1389b132dfb1babcbc5dfda6807136b08cc5fddada2fdc719edf87d11deca7f686d92b733605e3ac3624c3ab10652e828e4327ee813e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
966621da341704d77d4d5092623ac91d

SHA1
e51aabb9795c266de5eb1fd29a966a97094d4177

SHA256
b559eb368f1c3c48e274ef83ac11e3e29968ecb3e38aeba81ab6c014b3d78340

SHA512
1d87ce65c2dde89a397a16fe277bcb496d3cada15fff2d66ad15e20f9f929105c3f3c7c171dc2a016090d99ccfe0ffb85e887c276d4f25f7f5e581d5d5557ef7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f0cf960d523d90ef7ae75cb5687b9071

SHA1
51b51dcdf120e81aa4ec729823b0f94706810494

SHA256
a8e04cda9e8496da787ecd865351667f3dc5bfb712e54f78fc8a8aedb8d35ddc

SHA512
1cba98ea42068730f0fb45169531fe5aeb1d84a74cb0ef3e6ce2bd40bda68dea491383bbe8ca50e8b0a4aeade45ea32e7035c00d42153edd7b26af25ea20ff0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f78d83121fbd01edb586d0fe3a5360a6

SHA1
8a44ceb92299082114d346f85d19a30aaf5fdfbf

SHA256
4b77b4e108310df12bfc29244483f01d02aeea88bf7a9ee9aa05d1662059e498

SHA512
7b1a964d1ffe9742dcd2883b88d5b925f6d42b96f0880bd221a734b616558a631770a78f6a147de03e0528a75d3d07be0a4d53515f0ef143b7eb6263f2e096bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9aeadd2600c6b2852f559ec523644b45

SHA1
bae32a72e82f7252e1cc82ce2be141cceff19ea8

SHA256
6ea4eecfda7a5ca0879258983c8afb3782d6024324ea999a79e5b33dc8508d85

SHA512
973a4c8a5c00fa6a3ef1720f47b07fe1afc31143d6ed7a862477b6d61494d45d601e2d282a4732240290b2f5f2feddc72878e233aa10916f17e24b193bf61075

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
16ca2fc2c58f41004a44808698d0f08f

SHA1
d8842d77a3a7bb08a73acb0fe4b37faa7acc58cb

SHA256
957519704c1202a897ed49507dfb67d300eadbfb7b3cda5c0571c3c0ec6e3049

SHA512
3fab013faad650a0b9ed1686cc91ae96070223c231e00fa6a473684cf13447190d5830cd7530b211756e9ee219c421106df08b73a7214f6fc5a178d203f848a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58febe.TMP

Filesize
203B

MD5
960417348e9f6aff41cc8062745576b6

SHA1
c85f7d9ed1f4a04c6a84827c02bba700021ef56e

SHA256
f58715bc722bbcb9396226b7d2299f058c622b013f5691ef60aeb52315a5d6a7

SHA512
46dc043b06e21c094fd5c562d20d79fd56db33dc4f8d6636441dc35f3e913a294c8b793b05228bbf09abd529f27acbb70d4443652a8f551e7a290a8748a5469b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d1620bf3b408fefb0e8d63ce6f7e097e

SHA1
1ad51747e18c124841e3bbf6d7b66b4fa95e7f72

SHA256
74ee0779d056f14f75a252ba3c48617caf7091f1984f56da159762d03b4c74d3

SHA512
ecdd80a13665405b4912eae1eed405e85e2e50227be3cb15a8b27ae00d171e8573133be674de9d4dbed1e8bd74aeb066cd4f01360ec75890f0c6eb44138bda71

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F

Filesize
13KB

MD5
c7796852bbf8043e9e58e2e542de43ce

SHA1
ed882dbf5e982f6c380981117af261833919ad81

SHA256
95eeb14c20a86a74058983aae78ce94d47c1a164ec189d96ef6140aaef85e254

SHA512
687831b4ddc2d0b7037400853fa87947c592e56c70c3b9c1dc1b62e5525ecfc632948450702d38a636f2dfe259ebc69c8a1841340ce7ee4a0f0ead379379f6e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\AlternateServices.bin

Filesize
6KB

MD5
234916e649a074edada7f337c0a08f29

SHA1
ce4b0288097d59cf559c8fed5dd8f5af504dfb9b

SHA256
b6a6ffec57b45a97fae80d42e729808bf826972948bba4ebb73202e9e04320b4

SHA512
1d9e35453004b2db008c64d1338379dcd2442ee878f834629ece23795c5fbb6688b67e8e1541c6d49e749625f484dce36d4c90d863de1e43cec3b7119911525e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\AlternateServices.bin

Filesize
7KB

MD5
c7aaf8ab16ec3e82db69cd19147acc43

SHA1
c1761be12a6ce53395381b7a2e4f278897702853

SHA256
9bce50f94c2f138f555843c5a70d57161f1e0fd40f061675d18325e810b805ea

SHA512
fa5390a0daceaabf600c9d9a65a239ed35c8346d9b01dfe22f8f030dd20ba3b48fddd04efc3d0add6bef49545664defcbe5fdfd3aad19f898611c7c0b5efb4f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\AlternateServices.bin

Filesize
10KB

MD5
08172370fed0044f4881655d6617dfcd

SHA1
d6819a90d9122ff18a37c8f44e280428d985dfb6

SHA256
81e4a39be0553a5b63868c160abf0e403341216d0e5ffb1dbf6de93cb0ce3102

SHA512
727c105796f605bca269c6cc91f262d7af74d3a355fe632637b8035c617878f4be1504243dba3d57066b38a0a1b01ec68695768eb8fed62aeda1cae21895908e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\AlternateServices.bin

Filesize
12KB

MD5
67a0ba48ae71c2ee10bb857638635c0d

SHA1
a72dca2689caf471f6a5a04e8e48642adbcb9e9c

SHA256
e78945b1050bb496f950d2bf8935f2c820a8f883b6491f110e674106fb314564

SHA512
e9c05b965c98532e58a611425cbfa7de0634141a6307721884032252fcc4c2126fad7a0a9b312bbbd8db0729b35b420157254b374ece69a0eb1d43ab972e9a25

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\AlternateServices.bin

Filesize
16KB

MD5
a3931aa48de16248047271a813b863be

SHA1
22b0b327b768db0ed6709a4b2578ddcb5ec07de9

SHA256
a3bbc0ee8261d4920f41932e41c3a255ea6658dc5d814bc3ebee4518fbad8d5d

SHA512
d46c59cfb48eb9e63cbff32393835a224e1a9a77718d6880f3937212c572f591f5bbfaf1202f920f3d01f52404b215fe35731ab88bec27237e36820fd85ff9bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
b67f174eace5dbf3425302c2dd8f4029

SHA1
0e0e4b4f96948e440df62c97103807015fb626d4

SHA256
f19f7e920e189d49bec34233733a1a8a32f06755235a8d120caf9007acee45c6

SHA512
a4dfba3f118f80ac4d0ededba122726612230676c7b0e7e7810bd8b183b8f962366fb4b16f61b52bcaf00599d24666188ee48bdd9048a370234d34768d8ec388

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
59271ca012c78814b5cb393e69065717

SHA1
3fb1ed6d00c0ee907f55bfd0cd4d694f562a5f9e

SHA256
096b7e2e65991ae589e41c0ac64d78871e5155f205940bdf3a8a3f021fda4431

SHA512
3cc10a6e744ccfe86812d513506fea721158cc2ae10abc814853e67400522e2b1ba2a285c375b4b0b65868a3b3b0e758ffaf58d43a071d01e711d39b52d94141

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
dfe0dc4928ba7d571c020925dad6f8ea

SHA1
2b21309b1747710a11ff83539b6b9339c1f13be8

SHA256
f511bf41ce966dd4f304aa279b64efd5e8dde7b7ab38e3878c37bf13f4e3bde2

SHA512
23380a7ab2910cde649d92a85cde818a70792e2a634172503cb3bf3da480712f7d6c5f6c5c038d079293882772528bcb2f94bc00f5034c365ef541bf7c6bc38d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\pending_pings\1ba52564-ba5b-4129-bade-35947d95a33d

Filesize
671B

MD5
8e474189bc9d8d3c8714d49070657b26

SHA1
76ae07c14435dd37c94e3767a4a933a0c725db0a

SHA256
f7f99859f070ac6771592237063a31ce67e52cd827603d1a20589bc64feb960b

SHA512
730a0a281d9bb533546bbb1fe07e044c878f01e280f153b6a6de901ccf8b43f6dc7802a455ad51f378f24419b5b3e85c2126e5feea08a3dcf3558ffc52a8ecc5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\pending_pings\463d91f6-428b-4ad3-b4fb-556fe3d06453

Filesize
26KB

MD5
d8f6cac22e6169dac9338ca8babfd386

SHA1
72acfb2c68a14599770fb1071abb36d9ac9b48bb

SHA256
13d60290803802612fa775677dfe3ccafca059e9d9509e65947cc9ef83b18a6d

SHA512
bf7fc80997616b9830f80191d6554be62ca42565dfdb0f1c477b4edac1e8b47fd8d050a06040664430f94c9dd1f8255afae6ee49212c23cccfa3220665accba3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\pending_pings\668998ee-3584-4b46-b5dc-a42a13208b92

Filesize
982B

MD5
d671b6eaf81e5897c78f177b128333a4

SHA1
b4b7e0bace1e4fe7b1ca124cbc9191d923da499c

SHA256
cba344993207273587bc6d77dae4037bc253cd26d17675a1cb07a10fdae8d916

SHA512
4406e3d62313c6c5eca4ffb17bc133783dac890eac2cba1536e2c2216175454bb935e45c48d67a7cbe2cda12a8cfe6269349e10762ecf817108e16d1657c0abb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\prefs-1.js

Filesize
12KB

MD5
3813b899a9380aecced0bd27f66b18b8

SHA1
cd753f539ea291b2162dbb69ba469abb9d02c02e

SHA256
588bab31b0b83504486e38518ced1900d072c87b6db01a3f9bcef6e93b8542fb

SHA512
6d4fc5b6f323aeeb661b01301765be629c8817eb2bd44c725173a5a037b82c630d1517080af4b8ba20f41285bfc34aea268377b101fef3817d26133478055b2a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\prefs-1.js

Filesize
16KB

MD5
7ae72e85e05a015428e9f19570abc990

SHA1
f0f2fdf60e8bd0f31d4a4696bcb859a12234c71f

SHA256
02e4cde6e224d236ccc6971a65a43c205169274a86a99ebb0e1eb55b07f3e9f9

SHA512
63b25ae58b63342f3a45d90d4fee42d115052ef544601c966c7e4757b8cfb0fc6d85f5693f7fa6fa2afbabfd1b764c4c87340882fc2feefd03661d9971f115c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
c48ebd709ec55a665fe1eaec76837efe

SHA1
54466862024a6e1fcc3afd4d3164b0da8b2dbb3c

SHA256
b3d1fd567a63d4057566a4a859c0acf8c49a98b0babd7f9475fcbf66986b8cd3

SHA512
91b6b5f17a71d734cbb80643cfb44118abcccaf4f464da724574691421af04543d83f771d3303b0d53f87c67ce8554020f9c8b49439b2a40b7c73a68f208db7a

Download Submit