3c1029d521ba448c4150d58bd75fd1646f54d72d95d0f91f5dd60656f55eff9a

Analysis

max time kernel
1800s
max time network
1228s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
20-05-2023 08:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fabric-installer-0.11.2.exe
Size

399KB
MD5

0604fd84edc6059d39a631eb0ce5a546
SHA1

9ecd7d7df70a25d5ba0ff81e7ad6b59280f71bb6
SHA256

3c1029d521ba448c4150d58bd75fd1646f54d72d95d0f91f5dd60656f55eff9a
SHA512

68e727ea4515ac385e4d757a5e6cff3005ccf50b54e7b5ee1bbb100f18afc09cd814138d31b9e4237a3170bbb3e4a9554e1b4294ec866cd6f63b6e461da8db09
SSDEEP

6144:XbOTF9+lw27APRw3zeFAO8X+KAWCXgy/kJ1o2ww5OxLRfSA4syabpAq:L+z+u9ZF6uKAWCQy/c1HwnBBfL

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 20 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3888	firefox.exe
Token: SeDebugPrivilege	3888	firefox.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
3888	firefox.exe
3888	firefox.exe
3888	firefox.exe
3888	firefox.exe
4364	firefox.exe
4364	firefox.exe
4364	firefox.exe
4364	firefox.exe

Suspicious use of SendNotifyMessage 6 IoCs

pid	Process
3888	firefox.exe
3888	firefox.exe
3888	firefox.exe
4364	firefox.exe
4364	firefox.exe
4364	firefox.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
5068	javaw.exe
3888	firefox.exe
5068	javaw.exe
2764	firefox.exe
4364	firefox.exe
4840	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4628 wrote to memory of 3276	4628	fabric-installer-0.11.2.exe	82
PID 4628 wrote to memory of 3276	4628	fabric-installer-0.11.2.exe	82
PID 832 wrote to memory of 3888	832	firefox.exe	86
PID 832 wrote to memory of 3888	832	firefox.exe	86
PID 832 wrote to memory of 3888	832	firefox.exe	86
PID 832 wrote to memory of 3888	832	firefox.exe	86
PID 832 wrote to memory of 3888	832	firefox.exe	86
PID 832 wrote to memory of 3888	832	firefox.exe	86
PID 832 wrote to memory of 3888	832	firefox.exe	86
PID 832 wrote to memory of 3888	832	firefox.exe	86
PID 832 wrote to memory of 3888	832	firefox.exe	86
PID 832 wrote to memory of 3888	832	firefox.exe	86
PID 832 wrote to memory of 3888	832	firefox.exe	86
PID 4628 wrote to memory of 5068	4628	fabric-installer-0.11.2.exe	87
PID 4628 wrote to memory of 5068	4628	fabric-installer-0.11.2.exe	87
PID 3888 wrote to memory of 3544	3888	firefox.exe	88
PID 3888 wrote to memory of 3544	3888	firefox.exe	88
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89
PID 3888 wrote to memory of 1652	3888	firefox.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\fabric-installer-0.11.2.exe
"C:\Users\Admin\AppData\Local\Temp\fabric-installer-0.11.2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4628
- C:\ProgramData\Oracle\Java\javapath\javaw.exe
  "javaw.exe" "-version"
  2⤵
  PID:3276
- C:\ProgramData\Oracle\Java\javapath\javaw.exe
  "javaw.exe" "-jar" "C:\Users\Admin\AppData\Local\Temp\fabric-installer-0.11.2.exe" "-fabricInstallerBootstrap" "true"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:5068

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:832
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3888.0.176521282\147739569" -parentBuildID 20221007134813 -prefsHandle 1856 -prefMapHandle 1840 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7444ac26-f8e5-4172-b1bf-0f33655b9fba} 3888 "\\.\pipe\gecko-crash-server-pipe.3888" 1936 1c97fd19858 gpu
    3⤵
    PID:3544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3888.1.803347784\352336701" -parentBuildID 20221007134813 -prefsHandle 2316 -prefMapHandle 2312 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {11a07fb2-4e04-4509-9b51-8bcbb5b69321} 3888 "\\.\pipe\gecko-crash-server-pipe.3888" 2328 1c900256c58 socket
    3⤵
    PID:1652
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3888.2.865424305\96698131" -childID 1 -isForBrowser -prefsHandle 3388 -prefMapHandle 3384 -prefsLen 21009 -prefMapSize 232675 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4093392b-98c6-41bc-9b48-b360a1e917b0} 3888 "\\.\pipe\gecko-crash-server-pipe.3888" 3400 1c902b17058 tab
    3⤵
    PID:4988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3888.4.844792328\509706463" -childID 3 -isForBrowser -prefsHandle 3648 -prefMapHandle 2844 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d4ff6a0-2d5e-4e6c-bc27-e2ba2366f250} 3888 "\\.\pipe\gecko-crash-server-pipe.3888" 3576 1c971e62258 tab
    3⤵
    PID:3024
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3888.3.576435980\144343192" -childID 2 -isForBrowser -prefsHandle 3636 -prefMapHandle 2752 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f5e1ce5-cee9-40b3-bfba-870415567ca1} 3888 "\\.\pipe\gecko-crash-server-pipe.3888" 2956 1c902ff7258 tab
    3⤵
    PID:3828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3888.7.396963422\108879713" -childID 6 -isForBrowser -prefsHandle 5532 -prefMapHandle 5536 -prefsLen 26657 -prefMapSize 232675 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1b9d048-d510-410c-b961-5f7494fcc144} 3888 "\\.\pipe\gecko-crash-server-pipe.3888" 5524 1c9050e5258 tab
    3⤵
    PID:4588
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3888.6.1342015805\1463701334" -childID 5 -isForBrowser -prefsHandle 5312 -prefMapHandle 5316 -prefsLen 26657 -prefMapSize 232675 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7628b8d2-b682-4d1e-87ce-8f669295a664} 3888 "\\.\pipe\gecko-crash-server-pipe.3888" 5396 1c904bed858 tab
    3⤵
    PID:4104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3888.5.120626479\1673567453" -childID 4 -isForBrowser -prefsHandle 5132 -prefMapHandle 5104 -prefsLen 26657 -prefMapSize 232675 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3428d81e-09a8-4cf0-b8f5-e3a9080b0d09} 3888 "\\.\pipe\gecko-crash-server-pipe.3888" 4576 1c904becc58 tab
    3⤵
    PID:840

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\78dbe834ae6e4944925f59790db15888 /t 3848 /p 3888
1⤵
PID:5040

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4908
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of SetWindowsHookEx
  PID:2764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2764.0.1948439254\192410677" -parentBuildID 20221007134813 -prefsHandle 1668 -prefMapHandle 1660 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2211115-aab2-49e6-bab5-8def6b4286ba} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" 1760 2450c7d7158 gpu
    3⤵
    PID:1948
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2764.1.1249352387\901384831" -parentBuildID 20221007134813 -prefsHandle 1952 -prefMapHandle 1948 -prefsLen 17556 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {632e8854-6ae8-4588-a883-9dce22f26899} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" 1964 2450cc41858 socket
    3⤵
    PID:4508

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3092
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4364
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4364.0.1474887219\164405770" -parentBuildID 20221007134813 -prefsHandle 1656 -prefMapHandle 1648 -prefsLen 20890 -prefMapSize 232727 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f1b842d-c966-44b6-97dc-6e7f116a2449} 4364 "\\.\pipe\gecko-crash-server-pipe.4364" 1748 15f4a76f558 gpu
    3⤵
    PID:4588
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4364.1.491671089\1986567896" -parentBuildID 20221007134813 -prefsHandle 2180 -prefMapHandle 2176 -prefsLen 20926 -prefMapSize 232727 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {62d39c2a-0d5e-466f-bd7b-af00045de603} 4364 "\\.\pipe\gecko-crash-server-pipe.4364" 2200 15f3e26f858 socket
    3⤵
    PID:4388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4364.2.1997004200\586990425" -childID 1 -isForBrowser -prefsHandle 3032 -prefMapHandle 3028 -prefsLen 20964 -prefMapSize 232727 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a754b22-3367-4d56-b027-cf36403177f7} 4364 "\\.\pipe\gecko-crash-server-pipe.4364" 2944 15f4e0cc258 tab
    3⤵
    PID:1304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4364.3.1775511007\369553904" -childID 2 -isForBrowser -prefsHandle 2872 -prefMapHandle 2944 -prefsLen 21380 -prefMapSize 232727 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e3030c2-53e8-4552-a8d7-92371b0484b4} 4364 "\\.\pipe\gecko-crash-server-pipe.4364" 2656 15f4e3e5658 tab
    3⤵
    PID:2916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4364.4.969761482\600852754" -childID 3 -isForBrowser -prefsHandle 3056 -prefMapHandle 2944 -prefsLen 21380 -prefMapSize 232727 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c63df1a-13c2-4a3a-af6c-4a9b9421d2aa} 4364 "\\.\pipe\gecko-crash-server-pipe.4364" 3008 15f4e715058 tab
    3⤵
    PID:5052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4364.5.1556551628\1445203258" -childID 4 -isForBrowser -prefsHandle 3672 -prefMapHandle 3676 -prefsLen 21380 -prefMapSize 232727 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6286981-17fd-418a-9f50-7d85ad928a6e} 4364 "\\.\pipe\gecko-crash-server-pipe.4364" 2896 15f4f213558 tab
    3⤵
    PID:1924

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3392
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of SetWindowsHookEx
  PID:4840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4840.0.2133401178\619348999" -parentBuildID 20221007134813 -prefsHandle 1660 -prefMapHandle 1652 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a83ba0b8-b20b-4154-8f20-58f6ebb6352d} 4840 "\\.\pipe\gecko-crash-server-pipe.4840" 1752 1864b9d9258 gpu
    3⤵
    PID:1816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4840.1.816231392\2023518438" -parentBuildID 20221007134813 -prefsHandle 1980 -prefMapHandle 1976 -prefsLen 17556 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58ec30cf-c1a5-4246-8880-4a06977c27f4} 4840 "\\.\pipe\gecko-crash-server-pipe.4840" 1992 1864be4d558 socket
    3⤵
    PID:832

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp

Filesize
50B

MD5
b9fec34975d1aa4536c2d098c3a055d9

SHA1
fed6b5133f54eff6e62c91a20e9b95c0472cdeb1

SHA256
84a80e6c46635d82e512bd43d221f81848aaf69707a801f42058d3f9db1a8f1b

SHA512
581d068071fa28ac9f96e94d3bd5c57501906a28549dfa90e9c18f67f396c8196c2ca1d80d272d0e7814ad8a35e6ad1b6a1a0a5749cc63a2562510a435029095

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\activity-stream.discovery_stream.json.tmp

Filesize
151KB

MD5
220c44c2b39396d24ba56688187773f2

SHA1
14b7fc91214738e791244d27bf0e5f20a037ef9f

SHA256
8c95199e32477ffa32da95aad076bfc4f2c921ce8baf47e747c396b7a905c322

SHA512
ca28f92e5c998ac5bcce6314a5a6df6d7e60258c1299a6c353788488dc170d0824eb0973f73e171b6f9fba7ac066adc5215de54d1e6542a0ac45a4605a4d3809

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
fd8083e00db56a83e49fc99bb82c9313

SHA1
de174a550a5f284bd8b5577c2f9dc39d8eadd1b6

SHA256
5726f73e89c22f6a353ed51c06158986db9520176251b89af229bfbbcc5c37fc

SHA512
4f815e128911aee9bb6f4ea9fe1f7755450d2f9fcebfbe95a8efa6841ebf80145def8f2f46d1472c59145e622d18cb3cadb74656daf259bf69e7c24296fe513f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\38FF788A718C79DDC3D1E23EAA975517D9BA3BB0

Filesize
9KB

MD5
e954da9afb5e76d5104ce5f37f38f226

SHA1
1ed6817bd4efc1554f99fa257cb26d0af3c46205

SHA256
6084bebbfaa15d42b82978f054c614e752864bae4d11f28b832b9786e45859dc

SHA512
6cba95bb481d4840a2a9ec6398e577a29b1fd68b92f778bd33f07b7ee140b63765c730807f1e531dbfda009451ee8c1726b0ad8f6fedae70c9f2f4ad5f7c660f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
9KB

MD5
dd175baf5b69252ac8b4d87c122c7a10

SHA1
26916b18fe6ca625182812c0ebdabf36af235f5d

SHA256
e7b7a8b94f0720a530a349afa3295b841bf8e5e605bf885b7ca34c5a04e9e625

SHA512
77ee4ac2501572bad6208d1881ce508c580c2fc54ef26251fe0e023a8c525dc23ccd0a43c6ce4abfe4f87967fc59d4f69440182b8a7fec7645e7b836e099d853

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\917E41E135032D6BD66E5D6F84F0988D37234A33

Filesize
14KB

MD5
f0086945fdd6f00d6638286e0d23f297

SHA1
8108fd83c2c7f5a398f825debd5b2ca4d7ebd15a

SHA256
fb2aa2bd1962de5c69d7c4e3c540182f333de5f492b22dd0ff773140602f03fe

SHA512
870527e1c7355ca0d076c74d096f5f94469358a1359c2e5866a85daf3fa8e0816570c8eda75d49e0d8140c18fbf2d4af826603b8ad06983a016e1dd503dd348d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\917E41E135032D6BD66E5D6F84F0988D37234A33

Filesize
14KB

MD5
2760a4e0faa45dde7d9821af1244a519

SHA1
114502ab658cf808ce1ca72c414bc2a63361d692

SHA256
765852bef845d6c99febe954d78efab4aa340998a00bba5244e3a1329177a598

SHA512
cbed2c2efcea5b41323a91f7e88ebcd47d017c82d7523895ef000b87441647eb03b1d2af521080f12c8c18cddbb9b6d5f0d1136f77f2277100f675df1b602e3a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\9648808B6C63CD1AAD97A7B68F84F35C95682143

Filesize
9KB

MD5
734335324278937a876e190eafc51e0d

SHA1
06140b7c50e29ca8ce2dda1e8ebf8f454e0f106d

SHA256
a94332228d994c167116bf8aed764f95959ccec913cd13ee0009f27f4457f5dc

SHA512
becca2b03b20d30b122075f9508ccecc2d1a3d41dcd65400e03009c8c0818eee4fe7333c7596d65643d52ff5a7c789d7972e9c6b21c835502134c7c0506afee7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\E78E3F76C38A478389988CA4F4C125CDF3D80965

Filesize
45KB

MD5
c4e9badf03174fb785476d06ff40a2f7

SHA1
4550de0e271bf0c4eacce75401ac90073879d805

SHA256
6bbed3850006dce8ef558d1b87d03b9baa221d1c0db51b8978d4a084c63590b1

SHA512
74bd0b2b3bf63f7aa4797b6ce96e9150b1cd7788056c8187c0e3b86b39e9a7dfbe3eaa73cb3d4fbd7ea3852feb106ecc097884c398ef002ee6e78a4fc1cd17e8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C

Filesize
101B

MD5
84d99f835bc2ef37ca8d12bb963d94c1

SHA1
35db39b03b8437a108c997235430e304a9de7f1c

SHA256
e0028336c7c8d9d4c0f5d267965f3d71116819b161e62df653ec34ced47dc56c

SHA512
e728cd59040cacb10bc4fdafb60e58ab623485a913989fc82bcecfaab8910d3471daed4e46b6e3bfe20cfb55792cf5a5bcec5deceff3886864416c9044c92694

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\startupCache\scriptCache-child.bin

Filesize
464KB

MD5
60e9d00650df9831eff9d069fa289bd6

SHA1
eb2a4ab8c870896d5bdbfbe9a772639e0cf23e3d

SHA256
8b488a49787359a85eda28a1965baa865a72270cac1368543ae88ecbc2785fd0

SHA512
4390fe1e31df54e60f5f762534c5156285358cc3cceed50aab22335f01918ef3bd33bad76770a546ca0f60ce79f439bdf168363a250932859187b6ef5f031101

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\startupCache\scriptCache.bin

Filesize
7.8MB

MD5
0ba7a16a47f47c591bf4ff0bc094535c

SHA1
35e5a1c1680ac781c682fc77bd4ce7bd3e895cf8

SHA256
6be93f6c0782ee0959f425096b5156665044391893f6043a428f3190891f4083

SHA512
f5051a4ebeaa1061c2eeca7d3bd12accfaf7957522fcdf8d1d8cd539c682463538426c825ce6ff2e57388eaede9449cfe7ab5130676c9eb286af2fcf904d3d9f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
ed0bae139d68f538d76c8a3dd3a0936a

SHA1
15370a2779fbbe46aa35488fd9410d22000eb03c

SHA256
c271af2218e262bf86c7da16ecd3c02ab798fb8d8553f49fa626200655e1b739

SHA512
7f81189c5e888536cd2d87f04fe7e5b04d9e41630627dfbd284b66c7d975720a5ca88dfc4913fd04392b01a6f18b128763531c8e382d05489082ca5a01e6795b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\Telemetry.FailedProfileLocks.txt

Filesize
1B

MD5
c81e728d9d4c2f636f067f89cc14862c

SHA1
da4b9237bacccdf19c0760cab7aec4a8359010b0

SHA256
d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35

SHA512
40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\Telemetry.FailedProfileLocks.txt

Filesize
1B

MD5
c81e728d9d4c2f636f067f89cc14862c

SHA1
da4b9237bacccdf19c0760cab7aec4a8359010b0

SHA256
d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35

SHA512
40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
f250c684a241935c2794c30ae164ae52

SHA1
ea384bb1ba6744718b3bb8180800365d19887692

SHA256
ff08fca842608945bab874f225d809065a58d1eda82f37f80f727bff95bc00a7

SHA512
e16698db5705fb140ab0579c4ecbe51ba7fd2d494bf987c23bc5c46294e84749a3f1b43d0ef43fa75e7ce0d1b67ac3c22421717506be6fedb4dac49e2e7870ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\bookmarkbackups\bookmarks-2023-05-20_11_gT8FByf4O6cZhcYxBQ66OA==.jsonlz4

Filesize
942B

MD5
d6fe6e70c2ccbcd9059cc0ba120e1841

SHA1
b3be381101a909653bb0cc7e51a6f1ff226018df

SHA256
c6db73fff9733c50f6eebf366f66ed72b9edac2567950b8aca7dc01353aec2bf

SHA512
6a93da2fa42ccd02f812181c043a04c3f5c13fcbed24c5b1b688aea3030f17d766700fa09267a468081b02faa05a6746667314dba57f95849242ed44f9cd4693

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cert9.db

Filesize
224KB

MD5
423f96f1a27f302ba96216a211a02bc3

SHA1
cf22f305d5eb21ef103ba31fc9ec668cc59b7074

SHA256
f47b7e194a015d23b1efde36d7180ed4c76ea7a70694a74bbcf2beed34e84dc6

SHA512
502cc2b40e344c3ba0c0effec598ea10b36fde23ffc14f86f93ebc9ec85addc16f524c01a4350ce141d6c6cf2f9ed407590e63d23a8f57ebf58caf3a0a79ca66

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\extension-preferences.json

Filesize
1KB

MD5
5dd44a62ffd5f3feb9a33c20739c27c5

SHA1
c32070ac84643438f71c96d39f50a6d33ae3cc8b

SHA256
35c444b433f6f9c76aef4f194544ecdb2ccee821d375a7301ec8f71a896219af

SHA512
ad6efed6a8739f4ab25b9b6fa4e76f57af30e3b17a9eb88576318d522ec634a6d79c137621b3a4f144d342fa04ee901194076aa3f432cdefd87058cffff8eba2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\formhistory.sqlite

Filesize
256KB

MD5
c9c6846fae67d6a3f1eaf89ef2f27d92

SHA1
b21110727b67aa7ce5717614e100ef5c86f29a8f

SHA256
48ab8b4921d96dec40c4bc328ee65f5a20aee8241a04e27054aeb9634e308f8e

SHA512
458398b653d8b29f55c00767cf80e36e82c1a927f957f18f669daa6c91a90ba1f772756ff8e3c6e26aae0b4399fffb329b4907a654c199c4b0b71edc94c9afb8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
6KB

MD5
26003b1be9ff2b42efa94745bd88b9be

SHA1
34c3f235f3de7b0d6b377741c8b8dbef39707a36

SHA256
ccdcfb68e2eb0fd043770624144356bf7d06becf5dd07def1d30d0d3efd63081

SHA512
bda177352f343c0f653c791c74c338495ad365eda0389e687bfbd50ceaa782e7c84f249bd3d1d5cd7fb308fe991f7c53575ed79db9654e8dfb199f6bca6a0952

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
6KB

MD5
322aa1a6aa7f957964127806780bc38a

SHA1
af8602304c5da366917394cd250f2dbcaf725bb3

SHA256
fbdc990bf684ad67f96d8fb388715b82e7e88a6e21666920d3575c61e70a4f1a

SHA512
6739a54d43cfaf8461d240f42ae4a4dca7b6bb1b723a1be587d343c7be5dc521c9942d59cc54e4ac72c321eb7e49a5cc9b561a94e99cfbeff0c79ec0459d253c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
6KB

MD5
d5310a6091852663f7bea03a9d02bee1

SHA1
5fffc25bed5e99163a87587f6f399ad3129c4fc4

SHA256
720f4589bb433c1b44614dfe068889bd3172b36dc16481c199bf364e843f7a14

SHA512
50d51e2df43e26eee89aa5ca685b205add764db107656a113bc355d78b7c922b8e717d4a2b9d8fa577e3995f3612b885ddd6797ae78e09b5d54e5113f03180b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
6KB

MD5
26399e46c8c30a9d6fcfdb9a16e10e9c

SHA1
28bb789105e431b1f30a92c7655e716cbfc6742e

SHA256
6004e6ca74e763d243005f2ba354f76794d8d4e64f96a51add95b5f82ffc8a1d

SHA512
d5e4eb84c835aec07da8b4132d22a00b43e798cf492c44c7dbe83dd4943e65aed8d739ede3c6d8424434efecc50caeb7b18e46256d29c4c03fb2a3cee8d5dc22

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
6KB

MD5
6a43a0de8e9ca738d9259f67b0f7c51c

SHA1
793d5512291988633a42802295b10508df49a243

SHA256
d7c836e5b0f56691c12b7e1420d8d9277202d25d96cb5ba2911c2ae5bd040d70

SHA512
7d1279d1374b8120573f6430a7f019931a28860b23b6b4a79faf4394b1e5c827489458ac5122625f98fcddf05f4d326eefc17f689e27235afadb90377632af75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
6KB

MD5
cd531f675c28e0883efdfd547382260e

SHA1
5c1cd344a1006d1a0a40cb0b9af1a11986b736c8

SHA256
13b8356fe974af8afe24fbceeb0b0ff376cab228724525b85bc3d85e75d92d77

SHA512
36b8f79e5016b663882d87b215ce5fc168999af3c96da100857606ac088c93c334308d972724400f9546bb2e761e327a74f9c0b692a74496769aafdd81beff67

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
7KB

MD5
ae0ce34530cc68a4239078d46cf1545d

SHA1
6103820559575ec53178cf2db4fa8f1f4a3b9935

SHA256
0e862742dfbc17482910998a3942296149a0bdb1749c222dee3a52ce5e957b57

SHA512
d5005b7f043c17834ee9fabffa1b862d722df1335efeca628254253df72cf1c34b5eaac3c9e5297b5a0dd30f443891596e54beb41359529ca5ff053479f0ce47

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
9KB

MD5
6f8f6228bb41f5de3ff9a4c70fa0c270

SHA1
6b0a34a5526218a6ffcbe572749c4070202f4ac0

SHA256
3268e51b67d36207edbbfd49b0b0b581f80f64dd191c3319592a470b32b01fa4

SHA512
ed1ee57680f6ccb79547c933dca1699c00c219845de45dfc5694c75f49aee4a500e3bf78531d4feda1b599540151eaa439447ea66dd5c062705a40c00c4f1677

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
9KB

MD5
e997515219daf73be8bc31313813d874

SHA1
e172c95a9b9c05e6bf6c6b539264efa3ff457898

SHA256
78711d15d0533b33c573a2f75caee0266c551ba219633d272749b5e9d1cfa799

SHA512
7a17294d7fb5aef90d20bfa1c61118d86f14cd9d56622f39f8eab301bd366aa503ac2d0b2637658b4420b1dfa9e8f9df851bea6e3304e4e69e94586b30855eed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
9KB

MD5
34820af983d7da0d38787f91c9959c47

SHA1
38772fc35f14bf7152c2a62843067ba9973ebf19

SHA256
f7e8c0fcafa89dcd21823d527cc05c7b7d8c87e0828f1e8702bd5b222af26c0d

SHA512
7dc0c7a8fb8d1b34243e8c9253c99b1f89a093f2204e61871b07c2baff0489a63361286edacac318ffb4cb3cc29caf5ebbb6f8061227e9815cd177616732422a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs.js

Filesize
6KB

MD5
108b97b1ff7efbdb1aecce96d55ff2e5

SHA1
bb72b2e0c3d859fe5e821632307a32df331b55e1

SHA256
c5e19d4313b524fffc4859f4fac05ea3dcf408714a736dbd0bb7fcdf5131f80e

SHA512
e0f7678424e68957a1cb521786e9e4e54c179f9a263b04d0c6a96147cb1e242b58bda3e74e6f142dcd9b6dd313a0061c3050af334b149eab9a8040f923da84dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs.js

Filesize
6KB

MD5
108b97b1ff7efbdb1aecce96d55ff2e5

SHA1
bb72b2e0c3d859fe5e821632307a32df331b55e1

SHA256
c5e19d4313b524fffc4859f4fac05ea3dcf408714a736dbd0bb7fcdf5131f80e

SHA512
e0f7678424e68957a1cb521786e9e4e54c179f9a263b04d0c6a96147cb1e242b58bda3e74e6f142dcd9b6dd313a0061c3050af334b149eab9a8040f923da84dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\protections.sqlite

Filesize
64KB

MD5
c85d1bbdcb2505d7f5c6bd0dd2b06492

SHA1
b045492af83bf1549827343014eae43cc0a817d7

SHA256
a5cbb5daa9ea1b98935ab288b6293bd08abab25a4576a400334c68e6b781c64f

SHA512
7343830acaff4a89de4a47e71e10f9a99539d075fcfef3ca0d9e9701f6a8fbfbfb8ad342764314a01a171a1acb3b3d5eb404817d40ca5b0a2444c06e8f925f37

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\search.json.mozlz4

Filesize
296B

MD5
033eb0645837c8b618a593f7b9a72642

SHA1
cf4c2e7ccaa275ee47cdd945a7bd1f8b57c61172

SHA256
3409fd08295094b37673d748a0374cf0afaecf1671188b2ed012626cad67a582

SHA512
27dd0743306b0845c06b3be3e3ae2f515777dced4bbf91a4864bb95c5873e2d6351d99be36d4762a2ba8262130c6d139db3f4f5272afb8717e02b09c1e39c2b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
271B

MD5
540b603b21a3f76419b2dd9cd91bebfc

SHA1
d0d4248a193ecf0867eb16c3aa29e266a74da904

SHA256
22342a2e1a745724ca45735114d1202f82b477884d06e762df5d3b2d2fc5e6d8

SHA512
b9743f52494681f49908960d002b2058299b9bdded76ced27b474ee35acef2d28cc18be0bad129d4cb87259467cf6af086bf7a05dc3a8b6e8b1a65b586247f2c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
3e3590f3298fb1afde74b60a39c81dd2

SHA1
6c4bbaca96541780bb5f38e9bd545ef4ba585946

SHA256
c34b1df812e0ee4eb3c36172962e68d00a5001f91f075ff151c6363f88875bdf

SHA512
b46b56b51c92d4830449aea313b6b6796be4e037d5d69aa4b536b1a017e7944a801b3e7aaa140c834e7520fac1a8a4e638bb2ec9886e2c43ef13a1d9095f0454

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\targeting.snapshot.json

Filesize
4KB

MD5
a92f3f960f523df7147264267e0a508b

SHA1
168bafc7d5b3f85864e4be8c4204aff5dfd68eef

SHA256
6252a34950ae779e558cf51b79fcf7749ec2f00121cbaad36808a1bd13973c73

SHA512
fc4a6acac29bcf6d523e14ffe16a91dd3f29e8179ddaa9dc1cd5f4d3a89d376eb31fed6e9e2f5946001f8792f990ccc0fbecf84a742073354dfe942976ea2144

Download Submit
memory/3276-144-0x0000000000F90000-0x0000000000F91000-memory.dmp

Filesize
4KB

Download
memory/5068-156-0x0000000000A70000-0x0000000000A71000-memory.dmp

Filesize
4KB

Download
memory/5068-165-0x0000000000A70000-0x0000000000A71000-memory.dmp

Filesize
4KB

Download
memory/5068-196-0x0000000000A70000-0x0000000000A71000-memory.dmp

Filesize
4KB

Download
memory/5068-197-0x0000000000A70000-0x0000000000A71000-memory.dmp

Filesize
4KB

Download
memory/5068-334-0x0000000000A70000-0x0000000000A71000-memory.dmp

Filesize
4KB

Download
memory/5068-385-0x0000000000A70000-0x0000000000A71000-memory.dmp

Filesize
4KB

Download
memory/5068-426-0x0000000000A70000-0x0000000000A71000-memory.dmp

Filesize
4KB

Download
memory/5068-374-0x0000000000A70000-0x0000000000A71000-memory.dmp

Filesize
4KB

Download