31c454ebf50478d0b21aacaa5fd2711a9e233057709e2d609bd3635a2e4a8cac

Resubmissions

04-10-2024 17:53

241004-wgsabsscjd 6

04-10-2024 17:50

241004-weshbasare 6

04-10-2024 16:43

241004-t8glssvdrm 6

04-10-2024 16:38

241004-t5dqqsvcnk 4

Analysis

max time kernel
129s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04-10-2024 16:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NizzixX64-release.exe
Size

871KB
MD5

ee227c9c3ca41fb71f8bf91c2a5cc3ee
SHA1

955203ba3aeea788ab673f1fdd75604020f9ba3c
SHA256

31c454ebf50478d0b21aacaa5fd2711a9e233057709e2d609bd3635a2e4a8cac
SHA512

59f30c6fc4d224426f942f96ecab588efaf31b8cc1403a9aa393a7d3d7e04b79efa18e77d70cfb76ead9ceb2919ebf4637a10f7a7ca3a7e16bde3e458322b20e
SSDEEP

12288:LR0wxCiQeMdqFIslS4/cvK8DXuhQR32CbOfPoA7:LCijM0qF4/cyq6QnbOfPP

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
87	pastebin.com
88	pastebin.com
84	pastebin.com
86	pastebin.com

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\System32\MicrosoftDefend.dll	NizzixX64-release.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe
4632	NizzixX64-release.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4220	firefox.exe
Token: SeDebugPrivilege	4220	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4220	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4632 wrote to memory of 4616	4632	NizzixX64-release.exe	83
PID 4632 wrote to memory of 4616	4632	NizzixX64-release.exe	83
PID 4616 wrote to memory of 2552	4616	cmd.exe	84
PID 4616 wrote to memory of 2552	4616	cmd.exe	84
PID 4616 wrote to memory of 2424	4616	cmd.exe	85
PID 4616 wrote to memory of 2424	4616	cmd.exe	85
PID 4616 wrote to memory of 1032	4616	cmd.exe	86
PID 4616 wrote to memory of 1032	4616	cmd.exe	86
PID 3088 wrote to memory of 4220	3088	firefox.exe	98
PID 3088 wrote to memory of 4220	3088	firefox.exe	98
PID 3088 wrote to memory of 4220	3088	firefox.exe	98
PID 3088 wrote to memory of 4220	3088	firefox.exe	98
PID 3088 wrote to memory of 4220	3088	firefox.exe	98
PID 3088 wrote to memory of 4220	3088	firefox.exe	98
PID 3088 wrote to memory of 4220	3088	firefox.exe	98
PID 3088 wrote to memory of 4220	3088	firefox.exe	98
PID 3088 wrote to memory of 4220	3088	firefox.exe	98
PID 3088 wrote to memory of 4220	3088	firefox.exe	98
PID 3088 wrote to memory of 4220	3088	firefox.exe	98
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99
PID 4220 wrote to memory of 4244	4220	firefox.exe	99

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\NizzixX64-release.exe
"C:\Users\Admin\AppData\Local\Temp\NizzixX64-release.exe"
1⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4632
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\NizzixX64-release.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4616
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\NizzixX64-release.exe" MD5
    3⤵
    PID:2552
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:2424
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:1032
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:6520
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:6600

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3088
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4220
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1904 -parentBuildID 20240401114208 -prefsHandle 1844 -prefMapHandle 1836 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fbc5a1ac-8e47-498c-a4fa-92154628bb50} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" gpu
    3⤵
    PID:4244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2400 -parentBuildID 20240401114208 -prefsHandle 2368 -prefMapHandle 2364 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d68a732a-9104-4a52-85b8-3d54a78a258e} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" socket
    3⤵
    PID:2084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3020 -childID 1 -isForBrowser -prefsHandle 3024 -prefMapHandle 3280 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ecde644-02bc-4c63-a74b-27bad3c2e0c1} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" tab
    3⤵
    PID:3900
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3784 -childID 2 -isForBrowser -prefsHandle 3776 -prefMapHandle 3796 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9bb3b4e5-6c1a-4da3-9e87-6372fd1bb11a} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" tab
    3⤵
    PID:1664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4548 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4560 -prefMapHandle 4568 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdc95a8f-5d8d-48d1-b041-6267cf13db53} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" utility
    3⤵
    - Checks processor information in registry
    PID:2192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5160 -childID 3 -isForBrowser -prefsHandle 5152 -prefMapHandle 5148 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {309e561d-5cd4-4947-8807-aa668d7cea54} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" tab
    3⤵
    PID:3056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5404 -childID 4 -isForBrowser -prefsHandle 5328 -prefMapHandle 5396 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50f7266b-df12-4f3a-b087-76de16d9cb09} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" tab
    3⤵
    PID:1924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5520 -childID 5 -isForBrowser -prefsHandle 5524 -prefMapHandle 5528 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b1137a0-595a-448b-b1dc-88d78c7fe98c} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" tab
    3⤵
    PID:4852
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6028 -childID 6 -isForBrowser -prefsHandle 6020 -prefMapHandle 6016 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1b8dd42-30fc-4748-9dd5-31bcd0b04d06} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" tab
    3⤵
    PID:2652
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5992 -parentBuildID 20240401114208 -prefsHandle 6168 -prefMapHandle 6172 -prefsLen 29278 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e17e157-010f-492d-a4c4-f4a8f2e92475} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" rdd
    3⤵
    PID:3312
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4968 -childID 7 -isForBrowser -prefsHandle 4984 -prefMapHandle 6896 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5eb662ae-1978-466d-bbfa-3ca2497f2cc4} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" tab
    3⤵
    PID:4164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7004 -childID 8 -isForBrowser -prefsHandle 7012 -prefMapHandle 7080 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3de34c26-240e-4736-9ae9-b6963a22ac93} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" tab
    3⤵
    PID:2744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7204 -childID 9 -isForBrowser -prefsHandle 7284 -prefMapHandle 7280 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {faa61cf5-7995-49a4-b056-b404f881f1d1} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" tab
    3⤵
    PID:4628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7388 -childID 10 -isForBrowser -prefsHandle 7472 -prefMapHandle 7468 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd5028db-be2c-433f-84cd-bda7a7c20b8a} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" tab
    3⤵
    PID:1052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7464 -childID 11 -isForBrowser -prefsHandle 7616 -prefMapHandle 7612 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {873b04eb-8f55-48f7-b19e-a9d711d9aeab} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" tab
    3⤵
    PID:5392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7060 -childID 12 -isForBrowser -prefsHandle 7712 -prefMapHandle 7716 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {311d697d-5a0d-4e3f-ad12-a7fb3890df6e} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" tab
    3⤵
    PID:5404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7048 -childID 13 -isForBrowser -prefsHandle 7892 -prefMapHandle 7896 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7fa8572-8cae-4893-a34f-e11abe8baecc} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" tab
    3⤵
    PID:5424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8248 -childID 14 -isForBrowser -prefsHandle 8200 -prefMapHandle 8212 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b586abf6-79b9-49df-9638-fc492478d702} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" tab
    3⤵
    PID:6100
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8256 -childID 15 -isForBrowser -prefsHandle 8360 -prefMapHandle 8364 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {48dbffc4-882c-4305-846d-1bab6d2f3b3c} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" tab
    3⤵
    PID:6116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8600 -childID 16 -isForBrowser -prefsHandle 8676 -prefMapHandle 8672 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0865129f-46eb-43b9-84cf-6dc55a2575b5} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" tab
    3⤵
    PID:6128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8796 -childID 17 -isForBrowser -prefsHandle 7728 -prefMapHandle 8376 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb6f1300-7a78-4444-a293-f270a7cb72eb} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" tab
    3⤵
    PID:5452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9056 -childID 18 -isForBrowser -prefsHandle 8976 -prefMapHandle 8984 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6adeccfa-dcfb-4954-a686-ca0ccec12f38} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" tab
    3⤵
    PID:5468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2688 -childID 19 -isForBrowser -prefsHandle 2660 -prefMapHandle 7912 -prefsLen 27919 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {819f5834-550f-483d-b003-4bfcc8761a41} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" tab
    3⤵
    PID:6752
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5940 -childID 20 -isForBrowser -prefsHandle 4476 -prefMapHandle 4480 -prefsLen 27919 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20863023-61ed-420a-b0aa-14f9e81f4749} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" tab
    3⤵
    PID:6952
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7804 -childID 21 -isForBrowser -prefsHandle 6852 -prefMapHandle 7868 -prefsLen 27919 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9d77692-2ee7-4844-a034-a6be8062470f} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" tab
    3⤵
    PID:600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
01f4d6c01d84bd50632c4c1e98fa2036

SHA1
e5fbfbe03506e6d0d771c363f613c23b4ee101b4

SHA256
d9972364d17f0679db6529cbe00207344f25d7e6aa5660b461d881f6f4dd05f9

SHA512
18b84d79ea4d7dc8925ba677e14386de893613b2fb4cea61c0a93e6109e2d85d3e1bdaf30ea6c4bc2f95b2d9c21df0d28a42e4c77a734e1c072d26670c442d32

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\15BD52E7BF3ED80FF7DD6661B72561BE64C3306C

Filesize
68KB

MD5
ad7bb4c6cdce42485cbd482d9bd640f9

SHA1
ec508f39b8899dd4d415cdd5b9f71e5aff53c72b

SHA256
5f40a50a9d7c0aa0f2dbb08cde387171413548706b424f04f550fcc16806c715

SHA512
586088c8953d7e48cb99c714086a472b7417531a6673e31c6bf797b0134168b3c369db354627129d4d586f06f4200fee9e492675a1f4fe7fd6600365514902f1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\A4A130A5EFA8CD355269596F0C4B13795006DCC8

Filesize
11KB

MD5
f1fc3175b60912eca70be10b1a492cb9

SHA1
e17135f17ea0d83b5a782f58f3c1a5afdac92c11

SHA256
79a5a29cb95a1a251e617d1330600375e2cce0a67d34de702184f919257dfc58

SHA512
5fbcf69dabf777f5f2160ad517bef815adaed37d0db3ca5f34e382255b2df77b151931850300f1c0e969dfd98ef6cc6aebbb63c9e521eb66b8178cd0182a7e04

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\B5CC615B6249AC4BC7AB7435D36FDEB71E5FB9FA

Filesize
116KB

MD5
d8b9959ef20867987e4f16f836e97a7a

SHA1
f11c071fe5253f687c802fd50a43a3c3a50cdb7d

SHA256
39f226583fd4cbee5eb997c730df7c223a9bc746b1552ea09f65320fafed65b3

SHA512
071fcbbfa80a588606c9b0eace8df6172a7850cb2116e933fc8ca3e94eb9fb647847b13867f8d58c6c6d7a216be202ebeb3785857e6f4901b96ed3a8b6293fb3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\D16D06347C86B53D36C8906BB0C0872EFB26E011

Filesize
414KB

MD5
74a170de2d9bc6c8b27888d09a1bb0aa

SHA1
bba336556f59fa6b88d83465482925208b83c91c

SHA256
65b4afcc733fbb80dd96540ace0d5fc11c55d96806ab990e95b3d64aeb3b3352

SHA512
8b0db1789bb958c353d45317de031c1f29bc14e27326f38348bb7cb35512ffeefb3530358b143ad82352fe77acaf7d6625c225d8d2b6536bf317f1a411148a9a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\DF6E4D9B41E963ECDB57CC6E60FC5AF735EE19D9

Filesize
37KB

MD5
2ccc3e813eccde41971bd721b8595180

SHA1
2dd7225bf9fcc9717efe7ac6727a634a210ad733

SHA256
093dd7226486e961c1861e0796e55d10a1fad5058395728a94c8afd50511d06f

SHA512
a4c547784384074f8c18e495e50d9ad59c61ef0cc19542e2d6f7b279f4062c2ecee44d8c5c3fbd4176fb0517e33430222484a348f1b70a5143e8914129f92869

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\thumbnails\33f7c9faa1d292683eb9b2f4e499c383.png

Filesize
8KB

MD5
a50921e16e8ff42b331d25a1f7d67a90

SHA1
74036d45b57457286f7cf52b067b6852519c1040

SHA256
e89b6360a58aeaf6347ce90c0602396c4291ca1d66427adcb13a3f6e12ada546

SHA512
ef2fdc7ab6893e2ffa182b53a134fa6b9c178c1dc15bded6034d06de5699624df28330010b1856815caccf143db5f0c3785d9cd8182b001709058c6576c46c16

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\thumbnails\7c88e260e032a84c7161c8354b8f5fdc.png

Filesize
13KB

MD5
2b0fc2e58b0532d28a848e207a5ff61b

SHA1
07713fc33a2169bfd9ff7b9fedb5f0e098b032c4

SHA256
a40d5d7f678abd2c325f1899809864f6a0c891e853dca984b009a7d735c7efbb

SHA512
e9387b6d69ba9f81885abff791622e33bb4da5a9397e666248e8808e3ba6d91d2862ba25b6e5f3689c8468f696eb1b32f115c5aa6bbd1b1a904d42b13dd458ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\AlternateServices.bin

Filesize
6KB

MD5
6f050aa61255026b1d20981243e16245

SHA1
be9c71e6a2a178632444dfcf42456faa2d00b687

SHA256
8fdc0afc06d66078fc04240f5c6b404d36d1b865c62cd4c82c8acc31715eb5b6

SHA512
b5d16b3e2c9c6933f5e760ca8671b69292a4720928d87fb643cce59b1458b6e277e6f34bd93da0451ecf61df3b75d1d502ebe5698a87084a986ffa055e9bcff4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\AlternateServices.bin

Filesize
6KB

MD5
c29fe731744b60be39ba504dc1ef7919

SHA1
9e26b4fc5a0f1873ed768d7b6ab77e93ef4f4c4d

SHA256
a088e6429b25ff78140344bad7ae64d99d0cacb517a2557f0097b3185c5f9bc9

SHA512
80926363e81acc1e27dff0cfd1f7bd53a6c77389986b5bf81cb18dcf2ef2928a74ffebf580112d732d5d081a1b9a14bbae5903169b0bb42c4ea6e78461130147

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\AlternateServices.bin

Filesize
33KB

MD5
2f1816f5d266a39bad1e978217ce8df8

SHA1
114187443edf9cdb2a12a79dc1a710e610dfc046

SHA256
e0bc75db5d117cb24066729f35d4680fe4720459e5ce42b98ed07a7c094fb53a

SHA512
a705ebb16dd8b987835a1bd7c6fcc65ca43634dcc964e795c163686e17f493b1895272650f68e8f55a0772815be91d6e7ac1900511dacb4599a1362bb22e58f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
9b9ac53c45b5dcf6e42931bae248521b

SHA1
da03059c6ac397315c751cdc9f46a0f35599349f

SHA256
eb0ba2259edf9721320905f93d61b00729db54f144685a83aac33c51eb08f330

SHA512
5608c744c6cf9c198df2333c699b899355f0e190fc84fdeff7ea82d2359bd7c76a22a841fb64fc91302189c6279edd6a6cdbc6773aa17d4a984cc14143127430

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
17KB

MD5
7b2d686303b6db66d8b500c143acb563

SHA1
f6a0974c8f27bf953b434388fa0dac3d19abad54

SHA256
6baf0331eae7ff7cea38f794a77f89c8ac92120408e2573c6a794151b69c6187

SHA512
1b9f2f614f70359a064f40762746ef92f592bb37a926383c6a06f64e71639ed80fafde28ac61124e9dee75088314c7688984457bacccf4f82218cba3ff561fea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
75590f4952df43c952a304a0259a1a62

SHA1
c98ec822fcf95bc0b6329b91027c1e80fa97bcc1

SHA256
dc6a5074dfba2fc887a44c8d6297c1da1ecfde9fb2bece17573c451eee119753

SHA512
5175c04bbd3953a27d60ed16eaf99a09d9a6f9b62dab446c58404dc297b19b5f70d785bb1fca2fe3d2590ef99c48fe8995154a1bd5d16897905c24b7d04b637b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\3d0be4b8-b246-4288-b753-304924394f31

Filesize
982B

MD5
161323a8ab01c9d985ddb4d67843980e

SHA1
b8e7f29cbc855a2dacbac387626f31beef247353

SHA256
da2cafee99a0347219a22f4424dfd126fca543ccee3ee68785577c6c6df84e86

SHA512
1136e15151f41e2aa6e3937f3bd5bad06cab8e418533b2500c0925d4888b4494655c6a3ea14b8e3c1febb67a1a5d395680276c51672e188a0e6a885f3d83cfcf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\5d07eba7-d9d7-4616-b18c-a321590dc5b2

Filesize
25KB

MD5
119183d20fdec4e0947eb6d7deb9c926

SHA1
e764197288c1d915c00a523ee9a497e666780dbe

SHA256
d8b903fc38556560ca7b98e4d8ae8927ff6f9ea80e6ec1ee1e8cc3f550555165

SHA512
e3ae5f22bd3cb6b337abf954afd1d4bd571f35833c3cb3239d1bb22ea40bf78b27bbc8b459cd387aac8933214dad8959b884cc8da3b4e998359c373e6c79cde1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\7aa9ade0-f5a0-4817-852c-a56643ceb5c2

Filesize
671B

MD5
5576524491591a4e35d149667917d74e

SHA1
3dd6ed0558f0f4663c9a77b8de00ad5bb70968fb

SHA256
108ff291c3c129bb11b394b2538e07b5629132a9213e98f74d96136ea2314dd2

SHA512
5703a0c78067ca345b7e92b7f791f696c6fc6683579e868f81ddaa5dbe6ec6edff1534011bd62c286209a795e7a8e09a89c1165346b1e3ce4441288a3bdea057

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\prefs-1.js

Filesize
12KB

MD5
77d54f5913172b2ecdfd373e2b5f2466

SHA1
7b82d73a22576e0bea46f1de142ce0ba4bfb85b2

SHA256
9623c8587b6accc049de3c77c9d7d3585a138ab90bb4d8a3940266df2c169721

SHA512
a4a5fc8cf9413bf3060995eb3cdf12b86e6374614bd4fefe2604242144951fd3bed3cebb81c44882d2626ea8992339ca71821be1ae9237e53d58f0d00c8d9001

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\prefs.js

Filesize
11KB

MD5
b4302006333030eda0f958c0a5f3cc45

SHA1
b2f22e72f1e8800a05dba6be53a410b4acda791d

SHA256
1f1b3f466aa79200817ed242f8c2e3b778733367055c50f97a4e30bb2926fee4

SHA512
01e6eeab332f5b0a94481918d77a8236801f1e0df8f6f96a7090d63d01712cac9944036a7a925c486a4099b40b537fb1e41ce7f051afb158aba3bc4d7633916f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\prefs.js

Filesize
11KB

MD5
e090795f1703b6ba681a2fd428fe0f6c

SHA1
3d7c211210f1b70eb7b6eca81d6e81215853e42d

SHA256
c7cf99fd25f80479c65eaf4b8cf317ff936fbf8a5b58690a50816694d80769a2

SHA512
e380b48e732042fd8d9154e985f5be7a383db6bdaeb2e9c6c7047e6d2a30c7a1ed1135c01e71241794c99c9d6a59cce40a6c80fe56336a132f2418f31fb0c28d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
4375bef7668fa6e6c265b0703adb6c57

SHA1
3c09dcddddeefb95f730bfdb6132fca50ed4bf78

SHA256
b98f0591816bddf51be36d159d0b871287abb3aefbfb09b52ce2d82092526661

SHA512
31bf7ecbd50cdbf37baebb167065be63b6b84253db37ffa0b2848c65356023aa0fb81cdb0934c2f4366b2f58b397d68114e925aa82e3d790fc191386c5617311

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
8d2d07855e99f9536b61524ac74c7695

SHA1
25c949a1ed71ceebcd458fb620b2565d34ae5215

SHA256
a8f098a378e7201d92595c75f9b114824c138542cfe0985f40a009ee0aa1788f

SHA512
e8fa2332b7813e15bac8b09bafa2d6b905f4ff7bef3041729f8b8307e28fe4f73e779fd4ebf43e81c31f7c764b3df7b807c70a9a7a4cb107d9bd18c05e2f97e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
0bcacaccf4b7829f31ffdc30402b7e25

SHA1
e455fa440a13ee118038e4884df35eecb6214339

SHA256
9f112f867ed08f5fe15b6a240362f841a31d2fab07d675cfa70901ab72d0cf53

SHA512
9a57ee17b4f465b82108534c7013f8fbec774636964b5e0716d9dc38e777a7723cd9b5aa9021ead81c82d1314a61ea0d36a4ab97c66c6f2775a7a2935c313ee8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
f70a8650fbfece665dfa82707876c1a4

SHA1
d6399ee953b709c820ed4a0ccc3e86f93b0eacf9

SHA256
96e6bced33a2d967d6df11fa7b5d1c9b5d0c12d75c548c1b4c85704136900b06

SHA512
7e719ba4ba573fa552ea825a9abac6b1cae99df6d458d9711b1e53efab52cee0861e463188ead59c54f6d22d4344f3cf86842f7f7445a182116abb0a095b81ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
384KB

MD5
370b873dddcdeabeeefb103d9c174ef8

SHA1
a8cc0536b22697b46ab47cb6ec6b02370329f669

SHA256
c4245cb68366d5f340e20f61ec737a45d84346701d1741a675f67a45a731904a

SHA512
917e211dba8ec71def9eb2b69f5583296373aecd03abbc914a55f69f80fa77c04bcf754d9a20f7d7a7c669b35ca8e495037e327f4c6df2a477a2dd11aadee575

Download Submit