60f3ad307b8df7225dcd25182dbdb6f5b72e6892b8cf0d75ab4a257f93020779

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/09/2024, 10:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

60f3ad307b8df7225dcd25182dbdb6f5b72e6892b8cf0d75ab4a257f93020779.exe
Size

896KB
MD5

72ed55d2571582a907985c027302a559
SHA1

c2b160d36eb714c0642689a9721e0276213307a4
SHA256

60f3ad307b8df7225dcd25182dbdb6f5b72e6892b8cf0d75ab4a257f93020779
SHA512

78f4967b8ff741275d6eabb265a87310cf3b708f467624ed8ea2a046a4197256e4e3d28450f4ac26dce396c9961f7ab466bd959470df7037e4a350203ce5d263
SSDEEP

12288:iqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgarTH:iqDEvCTbMWu7rQYlBQcBiT6rprG8avH

Score

9^/10

credential_access discovery stealer

Malware Config

Signatures

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	60f3ad307b8df7225dcd25182dbdb6f5b72e6892b8cf0d75ab4a257f93020779.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	60f3ad307b8df7225dcd25182dbdb6f5b72e6892b8cf0d75ab4a257f93020779.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
976	60f3ad307b8df7225dcd25182dbdb6f5b72e6892b8cf0d75ab4a257f93020779.exe
976	60f3ad307b8df7225dcd25182dbdb6f5b72e6892b8cf0d75ab4a257f93020779.exe
3128	msedge.exe
3128	msedge.exe
2300	msedge.exe
2300	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2300	msedge.exe
2300	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1904	firefox.exe
Token: SeDebugPrivilege	1904	firefox.exe
Token: SeDebugPrivilege	1904	firefox.exe
Token: SeDebugPrivilege	1904	firefox.exe
Token: SeDebugPrivilege	1904	firefox.exe

Suspicious use of FindShellTrayWindow 49 IoCs

pid	Process
976	60f3ad307b8df7225dcd25182dbdb6f5b72e6892b8cf0d75ab4a257f93020779.exe
976	60f3ad307b8df7225dcd25182dbdb6f5b72e6892b8cf0d75ab4a257f93020779.exe
976	60f3ad307b8df7225dcd25182dbdb6f5b72e6892b8cf0d75ab4a257f93020779.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe

Suspicious use of SendNotifyMessage 47 IoCs

pid	Process
976	60f3ad307b8df7225dcd25182dbdb6f5b72e6892b8cf0d75ab4a257f93020779.exe
976	60f3ad307b8df7225dcd25182dbdb6f5b72e6892b8cf0d75ab4a257f93020779.exe
976	60f3ad307b8df7225dcd25182dbdb6f5b72e6892b8cf0d75ab4a257f93020779.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 976 wrote to memory of 2300	976	60f3ad307b8df7225dcd25182dbdb6f5b72e6892b8cf0d75ab4a257f93020779.exe	83
PID 976 wrote to memory of 2300	976	60f3ad307b8df7225dcd25182dbdb6f5b72e6892b8cf0d75ab4a257f93020779.exe	83
PID 2300 wrote to memory of 3244	2300	msedge.exe	85
PID 2300 wrote to memory of 3244	2300	msedge.exe	85
PID 976 wrote to memory of 4244	976	60f3ad307b8df7225dcd25182dbdb6f5b72e6892b8cf0d75ab4a257f93020779.exe	86
PID 976 wrote to memory of 4244	976	60f3ad307b8df7225dcd25182dbdb6f5b72e6892b8cf0d75ab4a257f93020779.exe	86
PID 4244 wrote to memory of 1904	4244	firefox.exe	87
PID 4244 wrote to memory of 1904	4244	firefox.exe	87
PID 4244 wrote to memory of 1904	4244	firefox.exe	87
PID 4244 wrote to memory of 1904	4244	firefox.exe	87
PID 4244 wrote to memory of 1904	4244	firefox.exe	87
PID 4244 wrote to memory of 1904	4244	firefox.exe	87
PID 4244 wrote to memory of 1904	4244	firefox.exe	87
PID 4244 wrote to memory of 1904	4244	firefox.exe	87
PID 4244 wrote to memory of 1904	4244	firefox.exe	87
PID 4244 wrote to memory of 1904	4244	firefox.exe	87
PID 4244 wrote to memory of 1904	4244	firefox.exe	87
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 1904 wrote to memory of 224	1904	firefox.exe	88
PID 2300 wrote to memory of 2040	2300	msedge.exe	89
PID 2300 wrote to memory of 2040	2300	msedge.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\60f3ad307b8df7225dcd25182dbdb6f5b72e6892b8cf0d75ab4a257f93020779.exe
"C:\Users\Admin\AppData\Local\Temp\60f3ad307b8df7225dcd25182dbdb6f5b72e6892b8cf0d75ab4a257f93020779.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2300
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc6f846f8,0x7ffbc6f84708,0x7ffbc6f84718
    3⤵
    PID:3244
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,8696124456116105410,8679676637831948927,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
    3⤵
    PID:2040
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,8696124456116105410,8679676637831948927,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3128
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,8696124456116105410,8679676637831948927,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
    3⤵
    PID:3372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8696124456116105410,8679676637831948927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
    3⤵
    PID:2860
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8696124456116105410,8679676637831948927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
    3⤵
    PID:3652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,8696124456116105410,8679676637831948927,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4796 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4916
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1904
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6d4cc45-9392-4f84-972e-99fdd9a1a660} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" gpu
      4⤵
      PID:224
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2436 -prefMapHandle 2432 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {272430b9-0d38-4663-a3fd-547dd5893c2b} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" socket
      4⤵
      PID:4972
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2892 -childID 1 -isForBrowser -prefsHandle 3152 -prefMapHandle 2900 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d158d15-b166-430a-a47c-91e0723b0338} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" tab
      4⤵
      PID:1156
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3668 -childID 2 -isForBrowser -prefsHandle 3692 -prefMapHandle 3688 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a9e18f1-4e8e-4550-97a0-28b412faba6f} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" tab
      4⤵
      PID:3080
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4360 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4296 -prefMapHandle 4352 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b97660d-921a-41a2-8a60-cf313aa45930} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" utility
      4⤵
      Checks processor information in registry
      PID:5400
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5460 -childID 3 -isForBrowser -prefsHandle 5372 -prefMapHandle 5464 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {811537b8-903a-42d7-960d-3de0f3768b25} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" tab
      4⤵
      PID:2548
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5440 -childID 4 -isForBrowser -prefsHandle 5552 -prefMapHandle 5560 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af3ce266-21bd-4f95-853f-c3f7e1d47eaf} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" tab
      4⤵
      PID:4172
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5796 -childID 5 -isForBrowser -prefsHandle 5716 -prefMapHandle 5720 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b58d79dd-b029-43f0-9a90-cb09ae4534e4} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" tab
      4⤵
      PID:2496
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6216 -childID 6 -isForBrowser -prefsHandle 6236 -prefMapHandle 6232 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3833980e-4c5e-4b3d-8be4-8d8ff69716a5} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" tab
      4⤵
      PID:728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
9b03f6add7a3afe5cd32993625000064

SHA1
e1324cef5678141b27c0ec902b6476e00f59d12d

SHA256
2592c53b817fa1ce046f688ff02befa8da87c9c4ef83b58eb982ab41d185e0df

SHA512
9eb5f9ab500362e3508d638c39ee41547a6453b5f2734f0a8a8b46a181132eebf60d6d14f662f5dc01702c3c7867707e389cc2961a8496fc31b305bf2c8a5c61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7a1c9d867ef0a1202d8861a7934186fe

SHA1
628ffc6fbbd74e89791149589509ac80904edef6

SHA256
b7f9a2a630022531bb56133f94c7ae8840f230021aadfb53efaedd737314fec2

SHA512
9a36fa8ab3a3f6df7c4eaf484061d72da6c5b880ac1984678aa687f6274e10bbb2da4764fec67895b17576f1ab0c4252a50e2ceb6cbec0625f921ae21892df6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
860ffd13df24635b6ea9c3f51bfe68de

SHA1
e4afff64d270b4fdc44519e91e36d6dcc87e0d5d

SHA256
6ba949be1fa93ba8b6ba0098d89ef456d907871b28bdcc2760a3b9154f52779f

SHA512
829a88e0ef8669ca8c1ebcffc202b662c09fa15265b7da14604bb14112c0d9298dc6a1bb546bc1ec2bee3801b6e98ea925efa72f1b2a59ec61516df939d8b525

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
abd89c148ee139c06e3ce469a1eae951

SHA1
8776ae830dc72068f58fe554673b801c5cd8807a

SHA256
51437afd1a5436636a19f7c60136b0b0fcf654562840cf75cea0c0543e8ee7e5

SHA512
882c48cdc1fdb7c1e40aa0d8d02e9034d350e9854cd4ccc64fa3b88817e3c1ae9ad8fc07f648beebf5386269b78e698e87d708a9d07f33233dc953fe3fa65a34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
527bc1802677746320d19e86e8f0fc24

SHA1
d66bc709de5327d5409cac477be7e58458eb8cce

SHA256
8c774620c69d50acf777388a5faed4683cd5297d79807823bbb53a8e9072796f

SHA512
74bf53ef60327e56f1cfb0eabb1b9ff82a8c35b0e1f4ff30aa32e5fefd93816cd429c30e558528c15f9052393176a7f063794ee85a0373db4f727ce76400e7be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a5c025646772b00c73f2d0e636a9db36

SHA1
3598070c0e643147405e618f2d27cd4271868ad6

SHA256
8a1f8c1c4320e6c31d62e10b9f0f5243c09d423a9e452ffcafc8cd13dcd253a4

SHA512
1afb83329d2ba8b08b0e7b8acbf8b525512a65816e5b1dc9fb500a0806f176b30bdf1243012103488ae227a904425d361a92a4cb04dc6a023adf62594958ca57

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\activity-stream.discovery_stream.json

Filesize
36KB

MD5
e554cf4e5d3fbc0c44cd5627cd5246e2

SHA1
29cb3103af3e9973804987518b1783ac6e87e96f

SHA256
92750b45243dbbd34429accd86368e69c40aff28b60c3957251bb6cb87821d0f

SHA512
4e269044be7fbd5a65f346287a7513ad6f65cbf0643020437ca874c9b3e9199e1119a7a4d2f37883bee96119123751935c096d9541ef74a115479521ffcea5a8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F

Filesize
13KB

MD5
948e50d62e0e889454f8aa06d285deb8

SHA1
29dc91625b65648438f93a437fd27ddd11080ee4

SHA256
77e75ccc76ab395f9bdac0bd9a7c0a741f6fec6880da71621b78accb3623c0dc

SHA512
0e124bf832ff1fbaa4dbbc3cf90a5ae7d2281cb65ca4cddda7f54fad67e00fbfe40b4f316f0f19abd547315c80a99a0c921f635037ceccc84a741ae35022f418

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-2

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\AlternateServices.bin

Filesize
6KB

MD5
46259d6e02b381b22e080b64d5dd0fa2

SHA1
62ade532aa1b3a6355512828ea79a96022381db4

SHA256
c150c2b4a3f783883eff0d2ad3b91561d7cad8f2411253b67f25bd1d44a28166

SHA512
899ce75066971f0690339375445ba0a269ad49decf9034046c11e04f115874b6d75d5a93c9a8d856b89802274ca36f8904a91bb1d00419e9dca101adefc0a1b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\AlternateServices.bin

Filesize
10KB

MD5
a8e0948c6e96af0c5474af6389b717c8

SHA1
9401c9a79e7e94c68e039584e0efcf700596ac54

SHA256
89f4c6d328392ae8b78dd2d75dc675e6bcfd954e4e1cca203bbc0d1334187e30

SHA512
435a627f79cc5e46d79ef1a2fc1b7bf633f0fbb2080dc1c10e1b1e1f03b3f16ee9ae84987464dca30b2aa194ee1257989ab1355d9eab068e29594025c8d3c4c4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\AlternateServices.bin

Filesize
12KB

MD5
c1e078992942025e5bae91cdc4ec2fe7

SHA1
e77ab3c9a2a4e608f22089d898e96235deb26240

SHA256
f61bdf193e793c692acd90f7af05f4e562d9bef6df372c2ad2bb5b62ee3021be

SHA512
2c6904af012e04ccfa6bc64372d46fcd7ed580618cbc5ca6f27befbd115dbd27b7ed6bae82dc3400f4634964490e875492f7f37e41ec2583b829229b711cc5f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\AlternateServices.bin

Filesize
16KB

MD5
afcc66d980c5a7c811c5db2ecbc1c915

SHA1
a6a2e7fbed142ea9549abb836b125703d58a345f

SHA256
258aa7a3350f7b2442e996f6ae72b1e547df7aea82fee64c8bee21ec526d1228

SHA512
b7d2ece6b6e9b93d8488b17af33bd30298e3d751e28d0fcb0c669f16a5b4ec4c77010c3e42eceb0a6dc1539d852cb5de94276d50fb776eda0f241e7f5ccbd088

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
12348e6f24ae5821ad6edc1add320102

SHA1
ef879b213c6532c1156b7ca232e99f2511a72cdf

SHA256
74074840242945b1a467d606763ce7fef5fe7a6d7ca1f625e0678e346eec8780

SHA512
ddee6f39047315be9b6878b579c3fab5e2cb59aa9449bde2cf0ae025f911769c95f47a5c11e6312b1434f1c56864ef81146503d81a563230c8b1cfc48e96de9f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
755b6f7dc44e0693233ecc0b390b197d

SHA1
e1b02c8ab2f07befb1eab8d1d66f1b2a9536ce26

SHA256
855c0c93c6002b72816498695ed69bdb825cc95a5edd211ad450d41215175257

SHA512
4ebae212a367327f35fc6f9029fa860fbc7b2f8d772c5a314d02653698681a809c5da398bf377e331a7018b179393bab5c2ad4302917d0c3c52fa7b2f48e7f57

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
f3822319c3bc7009e028198d4cb1f36c

SHA1
db1dffb22e56a512530e6be4ca5d4e1228b12a5f

SHA256
3c230f9d788a23f223a11d9ad4c116e2bb02c9d7f813f0c9676c0fbe9527fafb

SHA512
2f30cee97af13c4e6c1f8fff9d739ff1a8cdc04bbba29ae249b8ba25a17eb2bf178ad7955ead2e15babbca9e65fd412914b780753f199ad390cd6b0c944c19ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
50e296b126eda3e27e49ed73026755aa

SHA1
27ae75925d38eb46efc1a33acdb5499bee836336

SHA256
bf9e2d542ab64d7441419feb422bfce7fceaad87f5031dc719890f1618c9f094

SHA512
91dbe6510bc08bb3e32e0e4bef9e40df5abedd7d6eb05e713fe85061169ef45de87748f7ac8946fc9d4b67b1ae66ff409f9b191904166a2531b6f1bd32228e7d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
7779bd18096213b207ac8b6ee9b02ae1

SHA1
1eb562449a2566f12ade4f4d8da1df1626769a63

SHA256
9387a06ca009d7bf42d80517ac12b5e7e2c2198a5347888287e95201d0f55225

SHA512
9aed9f6f34a74151b545a1558a805eb102a0c7801ea3b8a73d3b82713b2436b6b4052a59cb56b8dbc55980ee1b5d7db42022bc1629acec05ff2ffecd0849bd13

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\pending_pings\0e33f5ca-420b-46b3-90fe-5a147e3ccecb

Filesize
982B

MD5
233ade746fd8e9daf801843a03f8b6ff

SHA1
49091577ee56cb26913e1a93c412680ca0a35ce5

SHA256
391201b66567f610e576662947929905bf76aeac40296185b51cbcff12832400

SHA512
4cb1c3364e8933b8ff299992430ac44e462dfe316c197fae9570fe2c25da13b4e7abf09d06b76e9298b9ed14ec46461a33f9da821108d1989d972e1c9ddf5c36

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\pending_pings\3b50c864-0e25-44ff-a332-fc29ed5d7a73

Filesize
671B

MD5
cf4053c4d9cb657374395781696d8586

SHA1
db11200c588e72a2872427f82ec9c03afd8c5109

SHA256
c36b2e4fce9bf7e20c453428bfa89a3f6eae50be086b95d418b31a5b5de17ace

SHA512
b6994a1bf9cd5a5677c3be403edd76ad318ca8d7047151273a3541dc69fe8e9e3d5f026db9f8257246e50a5ca9e2ae27a8075c2b70dc302fe737a59d2314aa25

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\pending_pings\4423e19d-e496-498b-834d-5ab078e13274

Filesize
27KB

MD5
4f2ac75077f285ea184c647147a5db93

SHA1
def9db9c04da354507b6211f56f50e9e8d7940da

SHA256
915b027d092c87b187363a868b0b7461958af3a3bd5fa02bcef7c71a217dabbb

SHA512
d302e01f8335769f00c578d42ae8ffe395375c01ae9473db837db6491271dee7b67a5c1b74e3ec71760f005962c3ddbe3f0e49257481d66f88525472e04396a2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\gmp-widevinecdm\4.10.2710.0\LICENSE.txt.tmp

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.lib.tmp

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.sig.tmp

Filesize
1KB

MD5
36e5ee071a6f2f03c5d3889de80b0f0d

SHA1
cf6e8ddb87660ef1ef84ae36f97548a2351ac604

SHA256
6be809d16e0944386e45cf605eae0cd2cf46f111d1a6fe999fec813d2c378683

SHA512
99b61896659e558a79f0e9be95286ebf01d31d13b71df6db4923406e88b3ba72584ef2b62e073b2f5e06901af2c7d1b92d3d12187fe5b4b29c9dd2678444f34e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\prefs-1.js

Filesize
11KB

MD5
52c6ab3f734d2269dbc04c05c3f14cd1

SHA1
f2c2657b3580a3878fb3ec54b26a02e38478a4d3

SHA256
f16577299279da340d07f193924a3921160a21dab137b66308000e508cd3e541

SHA512
067578c0e061e3f9a1e101fe3137665ac9ba9f80392ef87a90d480eb100e6683db411797945baf540c84bdfc02cd27e79429e451d1c3cd6aaf1a7d386ff19b3b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\prefs-1.js

Filesize
11KB

MD5
13b3064542255cc7e26bbd1dcb803f4f

SHA1
73840d9863e6b7c102d1d85594f04364d9e69ccd

SHA256
d36730798b1d244f0b46e701c9906d4478887a39017acc5c0b3ccf0f6593b268

SHA512
2448cae7f855a2e8e61d88aac06e7787f2354fb3432f93f97b73a153e65d769a8d3fb811ff73b83f4011fa1babf4628328023d50f8579db1f21c36d2ad2bc9cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\prefs-1.js

Filesize
14KB

MD5
a700fd62df66a173e4396c7872f8cd2a

SHA1
3225bc54211c2e8165f4e1795fea59dcb1b0bf27

SHA256
8ad53a472bea69b25ca719dc6a35d733fc3555dc717764dc979e2412dc77da3f

SHA512
3af3ad054ba14092e83e8634a10cf6bb029ee2458ad7fee15a20ba1cc70e5abc68debf4c3aa8887ae0fdb318e9f4a50049b70fae11184e2cd9c4f8db73f041b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\prefs.js

Filesize
11KB

MD5
9dc92cebde3caa51d8efa0beb43b0456

SHA1
97b1b7d5be7a9e6152dc89950cee984ecc5f5f72

SHA256
a85fe4fd5fcb3dfae52bbae478329001327faf508d1d02b13fd2ba7f3fa674ba

SHA512
169661b9e53fd20842c380065f5675eb194eeffd932fc548628b0096c27275153b64c4d2eea189441cd6a3e1bb173b3d070813730717b7c64312dd94ac28e96d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
52bdb4f4dc51cc711234299be6435805

SHA1
fb102d75fe1361669ec999454a86771eb6d216b0

SHA256
5034c892e6c98ea87e357b6ef94bb7119ab8b78c73db99c6e456b0b4d04070e5

SHA512
3846d45c5249e6c74ec0a6ef436e006fc652a1bd91b1451e4182389b94f8be884b8c826c56e3a099ddcd6ebd78eac29212131ff40d96365ff1f77923b2ac8a83

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.0MB

MD5
8e0e29bf9a09f823804677422a6c5b52

SHA1
c90aa429694c184c6a211f7f357cc36a388c3e3f

SHA256
1a85a6e85e8335038dda24ce06bb3193d3d06a3e40129de75189a6b3fcb62785

SHA512
b3c6bd4ee67e2229db2f1cc9e0e15eb7751305d89ccc9d9dd9bcfa2c56978c70eac02aec1be062ffb4878cca421f406a8fbd6efa19e35a64f9a1ffed33e75637

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.6MB

MD5
6a984bdb63af54cadc8ebce34d42d2c3

SHA1
dc4d56d5c4538f5ee4cafa3088917108b1b1c557

SHA256
027f2907e1cfdf3f92e44defebdb8e323397304e98458c8bc117ed9f90e67256

SHA512
d00fc2fe38035d33a80798bb10f124c487b1bb7a9a719ef0ff0e40047e80b32ce29b558960a494ad107f9fd66864bfd070832e8f644c5d3ce13480f641a651d5

Download Submit