812f5f06502d4d640dfd80a72aab1afac5d813ab8165aa33d7115012fcd2e986

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/09/2024, 10:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

812f5f06502d4d640dfd80a72aab1afac5d813ab8165aa33d7115012fcd2e986.exe
Size

896KB
MD5

067cd464a3b3fd735086e5cf38135190
SHA1

4e686f7b6d5c58bb865446b413ec52cac18e3e92
SHA256

812f5f06502d4d640dfd80a72aab1afac5d813ab8165aa33d7115012fcd2e986
SHA512

84bec7837d95dcb62a71c3fb004a1b07a99690bf97c361c0a2b93834c6e58cfd4117bb7d178a6d203498e30a64fb48eec6cb6e733ca4f5bb5ef323c8fddeef6f
SSDEEP

12288:1qDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgarT9:1qDEvCTbMWu7rQYlBQcBiT6rprG8av9

Score

9^/10

credential_access discovery stealer

Malware Config

Signatures

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	812f5f06502d4d640dfd80a72aab1afac5d813ab8165aa33d7115012fcd2e986.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	812f5f06502d4d640dfd80a72aab1afac5d813ab8165aa33d7115012fcd2e986.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3208	812f5f06502d4d640dfd80a72aab1afac5d813ab8165aa33d7115012fcd2e986.exe
3208	812f5f06502d4d640dfd80a72aab1afac5d813ab8165aa33d7115012fcd2e986.exe
2472	msedge.exe
2472	msedge.exe
3036	msedge.exe
3036	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3036	msedge.exe
3036	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4908	firefox.exe
Token: SeDebugPrivilege	4908	firefox.exe
Token: SeDebugPrivilege	4908	firefox.exe
Token: SeDebugPrivilege	4908	firefox.exe
Token: SeDebugPrivilege	4908	firefox.exe

Suspicious use of FindShellTrayWindow 49 IoCs

pid	Process
3208	812f5f06502d4d640dfd80a72aab1afac5d813ab8165aa33d7115012fcd2e986.exe
3208	812f5f06502d4d640dfd80a72aab1afac5d813ab8165aa33d7115012fcd2e986.exe
3208	812f5f06502d4d640dfd80a72aab1afac5d813ab8165aa33d7115012fcd2e986.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe

Suspicious use of SendNotifyMessage 47 IoCs

pid	Process
3208	812f5f06502d4d640dfd80a72aab1afac5d813ab8165aa33d7115012fcd2e986.exe
3208	812f5f06502d4d640dfd80a72aab1afac5d813ab8165aa33d7115012fcd2e986.exe
3208	812f5f06502d4d640dfd80a72aab1afac5d813ab8165aa33d7115012fcd2e986.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3208 wrote to memory of 3036	3208	812f5f06502d4d640dfd80a72aab1afac5d813ab8165aa33d7115012fcd2e986.exe	84
PID 3208 wrote to memory of 3036	3208	812f5f06502d4d640dfd80a72aab1afac5d813ab8165aa33d7115012fcd2e986.exe	84
PID 3208 wrote to memory of 1436	3208	812f5f06502d4d640dfd80a72aab1afac5d813ab8165aa33d7115012fcd2e986.exe	86
PID 3208 wrote to memory of 1436	3208	812f5f06502d4d640dfd80a72aab1afac5d813ab8165aa33d7115012fcd2e986.exe	86
PID 3036 wrote to memory of 1820	3036	msedge.exe	88
PID 3036 wrote to memory of 1820	3036	msedge.exe	88
PID 1436 wrote to memory of 4908	1436	firefox.exe	89
PID 1436 wrote to memory of 4908	1436	firefox.exe	89
PID 1436 wrote to memory of 4908	1436	firefox.exe	89
PID 1436 wrote to memory of 4908	1436	firefox.exe	89
PID 1436 wrote to memory of 4908	1436	firefox.exe	89
PID 1436 wrote to memory of 4908	1436	firefox.exe	89
PID 1436 wrote to memory of 4908	1436	firefox.exe	89
PID 1436 wrote to memory of 4908	1436	firefox.exe	89
PID 1436 wrote to memory of 4908	1436	firefox.exe	89
PID 1436 wrote to memory of 4908	1436	firefox.exe	89
PID 1436 wrote to memory of 4908	1436	firefox.exe	89
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 4908 wrote to memory of 4364	4908	firefox.exe	90
PID 3036 wrote to memory of 2764	3036	msedge.exe	91
PID 3036 wrote to memory of 2764	3036	msedge.exe	91

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\812f5f06502d4d640dfd80a72aab1afac5d813ab8165aa33d7115012fcd2e986.exe
"C:\Users\Admin\AppData\Local\Temp\812f5f06502d4d640dfd80a72aab1afac5d813ab8165aa33d7115012fcd2e986.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffee21a46f8,0x7ffee21a4708,0x7ffee21a4718
    3⤵
    PID:1820
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,2432903554850941540,15019810700240092034,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
    3⤵
    PID:2764
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,2432903554850941540,15019810700240092034,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,2432903554850941540,15019810700240092034,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
    3⤵
    PID:1908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2432903554850941540,15019810700240092034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
    3⤵
    PID:2548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2432903554850941540,15019810700240092034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
    3⤵
    PID:3176
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,2432903554850941540,15019810700240092034,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6100
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4908
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1980 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e3458cd-6236-4591-a66c-a800f50e02c8} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" gpu
      4⤵
      PID:4364
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2436 -prefMapHandle 2432 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1b27caa-8ad2-4eb5-b1b4-02609ae78bb6} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" socket
      4⤵
      PID:4076
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3276 -childID 1 -isForBrowser -prefsHandle 3300 -prefMapHandle 3352 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1006065-8eaa-417c-9eb1-529174a69d29} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" tab
      4⤵
      PID:896
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3708 -childID 2 -isForBrowser -prefsHandle 3700 -prefMapHandle 3696 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {941e8a66-7f63-47bc-9496-ace55cdeeac4} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" tab
      4⤵
      PID:4808
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4752 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4736 -prefMapHandle 4592 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70131e4c-5c9f-4a3d-b856-8e4989e8b4ba} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" utility
      4⤵
      Checks processor information in registry
      PID:5488
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5428 -childID 3 -isForBrowser -prefsHandle 5480 -prefMapHandle 5408 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24cf149f-8a90-4e6a-9189-13f19e7f46d8} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" tab
      4⤵
      PID:3168
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5708 -childID 4 -isForBrowser -prefsHandle 5628 -prefMapHandle 5632 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d42653b-cc9c-4693-9ca3-c0f686f36aea} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" tab
      4⤵
      PID:5256
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5616 -childID 5 -isForBrowser -prefsHandle 5876 -prefMapHandle 5872 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51553b0e-93fa-4b7e-910b-40b795518cd2} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" tab
      4⤵
      PID:5268
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6292 -childID 6 -isForBrowser -prefsHandle 6220 -prefMapHandle 6276 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd1389dc-fe0f-4378-a2d8-eb68c879aa67} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" tab
      4⤵
      PID:5196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
00ae3dddab044a2e7203aa6e1e139ebd

SHA1
0e135b1f4ad4225f477abe5e613e03a90956d5d1

SHA256
102b78a744edf88c2d7f9a9f32bd88bf31c80d0d635cd7a1ba33643cf38dd029

SHA512
77c02934bdb73b861ec33632dd72e256f2912b04f908f9170bd2810a9f9ef85656c35e00eb865b32a55d7f9dd7d4414717d2365f1ad6faa21e1c5155bf5291f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
98d133cc4b2671c1d5c15a6ed38d8bc0

SHA1
5326d90a26e47a266b37dcb8ff9a93d3eacbdc14

SHA256
f4cf2d4dcce391c78a8188f9059d7a95ddf3932110af03fb766aef7ad4b53444

SHA512
d4389f5f42d78ca2950feca7c190335864aa41cb98427cf047b48c1389050de92c3fb9d543ac71aec968343d7f4da3a2dac94f162b8d3b13ab03ed9a0200d343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
272b12d138b4d413fded409f24a72ff7

SHA1
72bcd53351ebc54ea4b33ecaa094a52ad9059c9e

SHA256
0f8363959cfb15bfa5d0e1f69a8c20889194d600ce8aa9f418f337d01fc93c89

SHA512
4a5d53b2529ad7d977da3c0869c7925a574d86456e9ac1f97d9ea9af81f8b521a46738263386cfcf0d2f53b701ef9301a1b7143ae9397fd92e0ba9495930de70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
47890f716b96753a4ac15c442432840c

SHA1
a2fe486e2159757f74c8d7a0153029bd847df745

SHA256
ec87d83c3eba6ce43359b349d5921c5a252b49e3e6864f350b3b8dd005a32c34

SHA512
7f402148a95fbf44bf171fb196ea5d8b9ec619ad7a2497d52e87fcc199a6f2fc70dde48fa93ef04f516cf0ba1742a724cecd875c995f6063507405f6b479f549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2b600ba4a7a62d6e640cbd5398594f7d

SHA1
aabde943c04bb5ede14f7fc0070afe0e88f54070

SHA256
769c812c5e369835a03d7874068bf8ff8ab84414eaaa115f2e5fc1d3190e54ea

SHA512
5fe36380156ff0c6f0b6afd16d3a7b93c806d3b2d369dfb2e16e681648c703caf4dd0e1e977cdc82fb460849b53570ed29c458bfc9bfc4c44db139798fd2be5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
e750c0cb409f79b0f19f115889fa4879

SHA1
e5af9520e4934597ca4b9cd25d3301ef09e19f14

SHA256
21dd0dfc009fdf9beaacb9b5f81db82aafb80d07ea2c3fdfd4249a1c0a3e33ea

SHA512
05669dd4ce7062f151d42028ffc73faf1172b2618dda8187714bf140a2c4c7d02a507f45d3c79ad9ce8159e96c89e0ea8e0402aeeb21152830a90a280733947f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
90aab8fa611540420ee65c12d310ddf0

SHA1
29f9833210b4dadc9495822bdfabe7a0da91e9c9

SHA256
321820ddfcb2bb9e7cefa190eb84de04dcee0e9f7c454236ad246281343f3416

SHA512
176f461602d3aed7e598b51f86220fc597dbc7f142b3403846b432c77b49c74513a0eb12611f75114c64e217a12d86cb217d07f52ac6413585250af6b0fd029b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58b755.TMP

Filesize
201B

MD5
2d7872864151b84164263cbd7b0a3495

SHA1
3aa24efb0dcfac36d0864fb316ec7a8d23218160

SHA256
6787e648885a40a8124f1d275b9be99ee2433c648798c0b4239b5382fa1d1e8c

SHA512
de445685e6da0889505dd7a80325c78f105270f3bb544e12e19652591eac307a6c1a692f1a9e51d62e35e9982b1f190ea76c806787c0030982518ba98e19458e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
651bda2e9aa59043ae47c4a96d383238

SHA1
9a85eb62f45d357051ef360c27c487d427aa556a

SHA256
75eee3b6b0493606ab8ac91719e08c5d02c6baef373c763226625ec0027a2f74

SHA512
1ad926ed543fbbfff73d3d10660b1928a0294b886e7d3b7d041d2c2daf66b308449971708e5ddee91d8797e50176a128d0690c6bcc78f4f2642a1bb1a9eed1e9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5utpapi8.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F

Filesize
13KB

MD5
eef2c5a4d12660d639374fe5e07bd770

SHA1
f885113a869307ac2b5688961684688fafec000a

SHA256
7709349831ec40033aa8fdf1e69ce97db3a68147349383f268c9e2d566c60e86

SHA512
48a3b5fdedd861bd8112900b15c341335068890e51a06176b015fd88e4ac5dcd83b55340e373abc464d1ccf479a14e6f0f0393a863a1148e31ff55e9872a0c67

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\AlternateServices.bin

Filesize
6KB

MD5
31f393925a1cb089db12b063101dd04d

SHA1
3db2c7c21cd46c977d40965400f39c6f0743c358

SHA256
99a6b4c8c215aa9bd2338cc03c984b5605cc5c8cd74d3a72bd594b22f2ba6f47

SHA512
3c9bf1d0ac877e487a6bb12d15f8615ed8088ae1201ee8dc1c9fcd4e420099cdc919c6319eaa02fdaca8b86d3f293a15c76c0fd3b6369636936b58544abb8c86

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\AlternateServices.bin

Filesize
10KB

MD5
5cf31c63e7c9d10f9ca829e0f955dde5

SHA1
8bad49d38c55060ba0aa1052c1fd99b4a978dd3e

SHA256
b4282f1f3c18d05a3f857ea76a1626c33c572018d5a65598c85803432a480c0b

SHA512
bcbfc22ff57ce1ccc960b4853a0db040157c3d0778f5cbc676934b5a0dc67fc8fb018d61e21bc6169122926773e22c26ae682ee5d0063bf8095951b06a54a96c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\AlternateServices.bin

Filesize
12KB

MD5
5930afb757eab9d35c8f51a98e2c66d2

SHA1
85608a5e84c1ed1c7c6e8fff01d1c2f89d83606d

SHA256
eb98cfbdccdaefbcf465a98443e3a2d81e366be630042af20df323c414ed762e

SHA512
25cdde42d6abb12108209cd35e6cab7d344d9a005f058cd0a038af7a0f6b51ebd88e5f2c2b4d99dd906866399c5d612d1e7c8d09dd2d77102c93bdb4eb54a707

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\AlternateServices.bin

Filesize
16KB

MD5
fbfc972d41463db26bed2d7c03206542

SHA1
dc2c904fb9aef1faa592546c161d046cefc0519c

SHA256
16951e802f213d5aecb3823be340fffde1748cc17154ddc39fb850c26d25f079

SHA512
b79822d3223884d8665e08a8bed663f9820a154884bcab5662a0f444c3d4150ca72773c143be4ae2e072f253231f20b68951ee4db7d1f2d8bea44b99a9b79cf3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
d405640cc6982e1f275b00ee7b4e39f0

SHA1
9db3f88d6a5aaf6cd2cdc67bafe4e71e35f55949

SHA256
03a497435d1a7af8eda45fe720e8b6f445c30f93b2ff1328dbd65fb931708f0d

SHA512
bd0474f6aced9dde8674d1a7b2f76080f8995f4f38604af26b4d33311b9391548c88e9823d37c2ad3c36a1db735cd29c7e7fe93776b35e1a368875411dcea73e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
786980b650e28230666764f5f73af496

SHA1
99bce782acd55e85a65b4220b380e1b5e003e7c6

SHA256
06b463e8a8d21592c01a2ea6d7fc093214df25dad511ffb16bff5032de609e6d

SHA512
e1028d5ba8c86936ebf2fb0af76562334b85bff548777b27e32e072bdd9d58530dc4debfa6959f8c25fb0f47a624a83ebdf9d36f86a19fb13148c9d2ad0e5876

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
cc5d4c30a0381fc52210f619e41fecdc

SHA1
2fa5ba2026645256f7e60894ccfc76b1e08fc285

SHA256
a6bae9267ff6efc5d822d94c1bd50de3cb2a6b35124c878c349d4773591b02a3

SHA512
6e44a7e19d2078cf6240e7a757c9003251608684dd5f6872e83f9744e718f9b4d5d1add3b79279f338350d4904c28990ff97be0248f753b1bf49b9edf41fc3a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
4acfe0d813233a06790e179f75cef24b

SHA1
23b63ed4bff669debfc195583412bac3fd52f5d9

SHA256
f39c1d84d0a1e456397126b28829287f10c4a561dc911e369cc9c51d9d05bf6a

SHA512
1569b583b69a38292fe41b10545ceb92d495deee8429eebaadceb55540f3590452dc835bb853fd194dd48d82c29dc22ab8b18e3f1036a7abeec922b9995bb733

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
1be7042fc0ab83aeaba46223636145c0

SHA1
11d0964651cbb5f44c6fc07cf401118e31ba8580

SHA256
d92d33cd87561f24b07464794174199a7db1628833a1ea7e1acfa66050a6a13e

SHA512
510f42800bc061d3d5f4bffea9f1080a7bd9dbaed56136b1e3c5c456e1013ac12c92364323a59ab2bf99c253472cc9466ff88620ceefb3442a21dae973d9e4c1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\pending_pings\14888035-8c7e-46b7-a97a-eabfb4427d1b

Filesize
671B

MD5
8333e0a393e39474e6619d48d245a0ad

SHA1
e45e3f8dc277fb4c8c0d625c4e322036d2bf3f30

SHA256
b3ffeb5643121fa6bde4caa8001ed8e2d45d72e3dab399a440ed68dbafc796bf

SHA512
6d72868e6bf7b803a26c32b313d2e94ad76b347922d7aefbaea2b7755f783c2bb797fef7624ffe99136d0059422206780794ed403516d0443b85be97986e8a5e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\pending_pings\5e32ca1e-b53e-4b36-89ec-0d538effe2fb

Filesize
26KB

MD5
3c2456fbbd2b916639cf065fd48583c4

SHA1
245600c2c48d9f45958dcf938f8238323848814e

SHA256
7c6d544c5a59741a6b788acbd2dbe34d608959231d5e448decdc1766700be4bf

SHA512
63c03cdd70a689b845dee136bffa6e1c1ba3bc5ca0a641b86bc6b986126b8900b3cfbdf8b3f6a4c462e724d19bdb8a55f0dd3ec37ecfc54774ec1b7c00f37d50

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\pending_pings\86a0328c-3c32-4659-a9e2-46d954edab26

Filesize
982B

MD5
84849e9bcaba1fe811e4e903ce271a88

SHA1
f83734ff0860a708d0fb816803a18dbd49dd76f7

SHA256
7f345595178a490ae3c6f6f95ed7de0cc64b4a742565140cf18235885964f17b

SHA512
9ce6c2a339949335aed5ff1dd23467ecb4b35caad4c95e23ecd6caf105011e1a66b51dcd640381e80941254e2751fadcf47d63197e9542b967f97d0a3060a421

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs-1.js

Filesize
11KB

MD5
c52caf67ae590b20c513a14d3c16a643

SHA1
28648c49fe1efc8621401f4892cd31ff00f2f1d7

SHA256
b0afa519e1e4dd7a4ad2e48de30ce7fda84679f4db689cf55108d5afc7328f72

SHA512
6b189300b9860ec909a39acb5287f0a456bf5027eb342b1eef15466fcfef8ffcc10c8a248016bd7513490c0c9da13454c15ecf7db07c0d7e63e9ec085698771a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs-1.js

Filesize
16KB

MD5
09b998c76a5f39f22aacbc9e57f93161

SHA1
cd84936b41bbba35ff28a6933fdb924473c8c31d

SHA256
3498c6fb61cb32af4c4784680389013b81c410202b512e21e74bd63fb2045009

SHA512
2f2cc3f471c43aae302e9d2f0bb87319b6896ef4f7cfaf79ffada89e21962cd1aef9dff6d50dded01c7ec50a1ea43d0134717ef658e4861b1a728cdb578f0ec6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs.js

Filesize
11KB

MD5
90356545e9fca199dd96ba6208538366

SHA1
f425f11d8ee80df3b6636ecbae6fd36a589b5567

SHA256
883c0c30d07d981c1742a6a0a903f26f2289e40b28b7f5cc47987db917afbd83

SHA512
79371f0a3fe68429e712c17eaa61fd453e2fc7417133ad8777a21b596e36fec7ccaccffba99860dcbc773fa52703c73786931b4f553d4bc4dd83a234a5b8e98e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs.js

Filesize
11KB

MD5
e22cbc4c3df06b6095f9780cf9490892

SHA1
7495ad8c14b30ec0038e57bf018693aaf85891b0

SHA256
bfa5dafb29a3d70633070235a435e19ff109be80930baf9a988894b3d0fb585f

SHA512
dafe094df7439d284e86094ed4bb79c790c3d90db81ec8b2d0112fb3702943e7551658bef7c4545695e4daefef69bb6af677a46a4ab4613130db9a52d65423b2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
26d3389fec9818ae8bb1a1cd255dcc41

SHA1
84ac3ef5395faca32812218612d0d956f41c18a6

SHA256
e240f92bb0065ad29e1d5a0a8f4e2f45483d36d9b94f483533e96ff04f792a01

SHA512
a55f0293681ce0918ad26c63954792d97ccb0586e6b232e402440a498c8a7b60f74a40cca02de55e9cb9f3bc97c0ae66f956bb7cced803ac89cb6f31259e4ff3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.0MB

MD5
c15168314710fb92c61d31cbe5f14bbc

SHA1
465c2efc361bf8226f7316be794cd7ae72b273db

SHA256
fbedca685b60f15a15158fbef86775c355a785420934c51b0938122de2029378

SHA512
eca1de88bae3d3a71cd3546668da5f47b25b58b8158bc6767e2d76064145e79085debd5adf0109730bd5e6896883945059e6c2199faa5f261f14974c099a0e03

Download Submit