4952e0e0a0997e523412cacda9ca414178f43ef1a9153a9331aff855a8e95472

Analysis

max time kernel
30s
max time network
153s
platform
windows7_x64
resource
win7-20230703-es
resource tags

arch:x64arch:x86image:win7-20230703-eslocale:es-esos:windows7-x64systemwindows
submitted
09/07/2023, 04:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TLauncher.exe
Size

7.5MB
MD5

ed4886490b7ccce92d4da63c8be1df3c
SHA1

e3a1d1bd6d7e2e42617feaa9eb0dbf517c743d19
SHA256

4952e0e0a0997e523412cacda9ca414178f43ef1a9153a9331aff855a8e95472
SHA512

34751d012560454569532fb3a779184cc832deb5720b99ade514ff9ebcc1e63b363731b52a66f7ce9fc86e128137e1988596ac4ca0435fe26d51f89167853e29
SSDEEP

196608:BxVqFiPuZdWZuETKZffUFGregmN7C0zFqGpp1yFSf2veV:BxgFiBEFrCN7CPGppr1

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F7765473-1E0F-11EE-85F7-EE3A44FBFE1F}.dat = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F7765471-1E0F-11EE-85F7-EE3A44FBFE1F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2912	chrome.exe
2912	chrome.exe

Suspicious use of AdjustPrivilegeToken 18 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2328	iexplore.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2328	iexplore.exe
2328	iexplore.exe
2900	IEXPLORE.EXE
2900	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 336 wrote to memory of 2328	336	TLauncher.exe	29
PID 336 wrote to memory of 2328	336	TLauncher.exe	29
PID 336 wrote to memory of 2328	336	TLauncher.exe	29
PID 336 wrote to memory of 2328	336	TLauncher.exe	29
PID 2328 wrote to memory of 2900	2328	iexplore.exe	30
PID 2328 wrote to memory of 2900	2328	iexplore.exe	30
PID 2328 wrote to memory of 2900	2328	iexplore.exe	30
PID 2328 wrote to memory of 2900	2328	iexplore.exe	30
PID 2328 wrote to memory of 2900	2328	iexplore.exe	30
PID 2328 wrote to memory of 2900	2328	iexplore.exe	30
PID 2328 wrote to memory of 2900	2328	iexplore.exe	30
PID 2912 wrote to memory of 2932	2912	chrome.exe	32
PID 2912 wrote to memory of 2932	2912	chrome.exe	32
PID 2912 wrote to memory of 2932	2912	chrome.exe	32
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 2792	2912	chrome.exe	34
PID 2912 wrote to memory of 572	2912	chrome.exe	35
PID 2912 wrote to memory of 572	2912	chrome.exe	35
PID 2912 wrote to memory of 572	2912	chrome.exe	35
PID 2912 wrote to memory of 2644	2912	chrome.exe	36
PID 2912 wrote to memory of 2644	2912	chrome.exe	36
PID 2912 wrote to memory of 2644	2912	chrome.exe	36
PID 2912 wrote to memory of 2644	2912	chrome.exe	36
PID 2912 wrote to memory of 2644	2912	chrome.exe	36
PID 2912 wrote to memory of 2644	2912	chrome.exe	36
PID 2912 wrote to memory of 2644	2912	chrome.exe	36
PID 2912 wrote to memory of 2644	2912	chrome.exe	36

C:\Users\Admin\AppData\Local\Temp\TLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\TLauncher.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:336
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://java-for-minecraft.com/
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2328
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2328 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef79f9758,0x7fef79f9768,0x7fef79f9778
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1344,i,13624863953717661400,4107815839393044048,131072 /prefetch:2
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1476 --field-trial-handle=1344,i,13624863953717661400,4107815839393044048,131072 /prefetch:8
  2⤵
  PID:572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1568 --field-trial-handle=1344,i,13624863953717661400,4107815839393044048,131072 /prefetch:8
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2204 --field-trial-handle=1344,i,13624863953717661400,4107815839393044048,131072 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2220 --field-trial-handle=1344,i,13624863953717661400,4107815839393044048,131072 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3336 --field-trial-handle=1344,i,13624863953717661400,4107815839393044048,131072 /prefetch:2
  2⤵
  PID:684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1152 --field-trial-handle=1344,i,13624863953717661400,4107815839393044048,131072 /prefetch:2
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3512 --field-trial-handle=1344,i,13624863953717661400,4107815839393044048,131072 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3520 --field-trial-handle=1344,i,13624863953717661400,4107815839393044048,131072 /prefetch:8
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3748 --field-trial-handle=1344,i,13624863953717661400,4107815839393044048,131072 /prefetch:8
  2⤵
  PID:2304

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1276

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2304
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  PID:2300
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2300.0.586877362\1940607641" -parentBuildID 20221007134813 -prefsHandle 1240 -prefMapHandle 1100 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0780048c-aedf-49fb-9146-b49488d4f2b7} 2300 "\\.\pipe\gecko-crash-server-pipe.2300" 1312 fe04458 gpu
    3⤵
    PID:884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2300.1.184950510\705242714" -parentBuildID 20221007134813 -prefsHandle 1488 -prefMapHandle 1484 -prefsLen 21019 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {25c37541-8b1b-4d7b-bee0-faea05bc3c60} 2300 "\\.\pipe\gecko-crash-server-pipe.2300" 1516 f645e58 socket
    3⤵
    PID:2416
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2300.2.569296321\1088314274" -childID 1 -isForBrowser -prefsHandle 2044 -prefMapHandle 2076 -prefsLen 21057 -prefMapSize 232675 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c86bd7cf-92ea-45c1-8553-08798332a4f5} 2300 "\\.\pipe\gecko-crash-server-pipe.2300" 2064 1045fc58 tab
    3⤵
    PID:1536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2300.3.2107177783\1668266258" -childID 2 -isForBrowser -prefsHandle 2384 -prefMapHandle 2364 -prefsLen 26482 -prefMapSize 232675 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {118335f2-0e51-4930-b9fc-2d56732c4d91} 2300 "\\.\pipe\gecko-crash-server-pipe.2300" 2412 18fe1558 tab
    3⤵
    PID:3016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2300.4.1444630286\1566533074" -childID 3 -isForBrowser -prefsHandle 2956 -prefMapHandle 2952 -prefsLen 26482 -prefMapSize 232675 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {92625db1-267e-4ee5-a534-86428a2d78d1} 2300 "\\.\pipe\gecko-crash-server-pipe.2300" 2968 1bc8bb58 tab
    3⤵
    PID:2012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1444
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:1480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.0.316463107\143169103" -parentBuildID 20221007134813 -prefsHandle 1228 -prefMapHandle 1224 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {21fafca6-0f8a-449c-9299-9c1bf11436fd} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 1304 175cbe58 gpu
    3⤵
    PID:2864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.1.968439656\876526968" -parentBuildID 20221007134813 -prefsHandle 1492 -prefMapHandle 1488 -prefsLen 21019 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c887f5fa-6bce-4037-95d6-3b7970c5381a} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 1508 e6f858 socket
    3⤵
    PID:1468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.2.1640378296\547259517" -childID 1 -isForBrowser -prefsHandle 2068 -prefMapHandle 2064 -prefsLen 21057 -prefMapSize 232675 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {555ddea8-c114-4e9b-9f8f-c2917057d4ff} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 2080 1f33b058 tab
    3⤵
    PID:2400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.4.1247231150\1959645482" -childID 3 -isForBrowser -prefsHandle 2476 -prefMapHandle 2472 -prefsLen 26417 -prefMapSize 232675 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ccaa942-f5c9-4198-b491-4f1b8511fde1} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 2488 1b5e8b58 tab
    3⤵
    PID:1452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.3.1953118377\924704668" -childID 2 -isForBrowser -prefsHandle 1856 -prefMapHandle 916 -prefsLen 26417 -prefMapSize 232675 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {64d8824f-ac4f-4df0-81f8-840acc1784cd} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 2336 e60758 tab
    3⤵
    PID:1260
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.6.1923760021\720843995" -childID 5 -isForBrowser -prefsHandle 3472 -prefMapHandle 3468 -prefsLen 26622 -prefMapSize 232675 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2bb4f93f-3437-4519-a4a7-e63135710257} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 3664 22584258 tab
    3⤵
    PID:1912
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.5.879862356\212994181" -childID 4 -isForBrowser -prefsHandle 3496 -prefMapHandle 3484 -prefsLen 26622 -prefMapSize 232675 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bbc5e797-1f83-4990-aebe-e848ec8d37c1} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 3676 e64a58 tab
    3⤵
    PID:2612
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.7.1615423440\614381782" -childID 6 -isForBrowser -prefsHandle 3688 -prefMapHandle 2876 -prefsLen 26622 -prefMapSize 232675 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fea5fd09-0151-4a88-ac04-2c2a521f7f2c} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 3544 25228258 tab
    3⤵
    PID:2188

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
486a4da191d944d71f536b625077e5e1

SHA1
1af9e25c472a2af7d4468fce89be5295cd81ba1c

SHA256
2866bf176c58a903d0312358249481b1a65fa2b9ee5f8c9c5be8f5ceeec4411b

SHA512
39131de8430fc8b68660cc5c1c199b9b4c5d69a62ec9df934ef53116d8ca7dda0daac243c7a33553fe3ee80323c8309bb9fff49428e428284a06c256833e6ecc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\affebd3c-6ec5-4f04-9596-8429e5530bc8.tmp

Filesize
4KB

MD5
91b6c6c634abac6c5a0f6a32a8a2ae32

SHA1
4b43cc0d8f87ae186f4790b9942af31a3053d816

SHA256
0fdf990ed1deaa6d3589a69bfede9f7181f3205027591c0c8f144fe109da665c

SHA512
94316379a9da7ce7b06e2f449187ef4f63d83583c4eea50bf286978ab9350eef16e7fd47019d191ed83d15a9f575a003fc5c34d25d310e8e4faf0b17a2dfdde3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\klitxzfb.default-release\activity-stream.discovery_stream.json

Filesize
157KB

MD5
456991d69aba6f8e26a1b53710ec8610

SHA1
aebd627ac8590d4fc9ce7d73b307ef458539979d

SHA256
f1ec68d8e2aaa221fa86d431476843861ab0b744771ec090f48994ca806c27c5

SHA512
49cc9ffb972843292cc8b9377a6208550572acfb9a5ceeaa00a2ce1aaf5213515a2712a60c751122f159a68611395068c10dc8a15b8ad139db629c34681a552b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\klitxzfb.default-release\activity-stream.discovery_stream.json.tmp

Filesize
157KB

MD5
456991d69aba6f8e26a1b53710ec8610

SHA1
aebd627ac8590d4fc9ce7d73b307ef458539979d

SHA256
f1ec68d8e2aaa221fa86d431476843861ab0b744771ec090f48994ca806c27c5

SHA512
49cc9ffb972843292cc8b9377a6208550572acfb9a5ceeaa00a2ce1aaf5213515a2712a60c751122f159a68611395068c10dc8a15b8ad139db629c34681a552b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\klitxzfb.default-release\cache2\entries\118BB2BA245AAA64B01692DF29396B97E11FC1A0

Filesize
14KB

MD5
a06a04b797137f27eb38ebc65143e0a0

SHA1
bdd873a7e2f25c55c88d7d5be5ef6b538e3151e1

SHA256
fcf91f099406817f1608e71a05c17045cff828cbf4a5f7db1f247e14521d9877

SHA512
a4b0d2abdd4d5938d386ef909af976da3eb0286321e7128d283970407bc2133fad036bdc1d6ed4800bdc975911999667731f3801f5750889184cf57f542ee9e1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\klitxzfb.default-release\cache2\entries\118BB2BA245AAA64B01692DF29396B97E11FC1A0

Filesize
14KB

MD5
76ba8769861af6b8270ac7a6b9c4fd77

SHA1
9b8f7acb74ce24d44dff525045615fd03e4c0620

SHA256
ebd718efd251981e1247acf6ac19c9ecbe615c81731b00d2af6e335268df8b0e

SHA512
a409563adb157062a7a4839a807718130f9007018c8a95cdf0df850e9776882d61d34c08fe81c45dde22ecd9288b5061d1caa9fb6c7f1e07711e34395c2aaa30

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\klitxzfb.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
9KB

MD5
2c3fde0111b63b33b347a9dadf83a3e9

SHA1
09b4d1af11d78d50ee33d174bb3a258523bf9f03

SHA256
3aa0d16001b0f34e91fb731059ab3534d1eec2c2aaa7069e1b5c8303fedc7c1e

SHA512
f5b47b4cfd3590cfcc322a41b45cbb3c6873701e50df1f5861fe781aa2ffb15aa9cecabe09379594199fbd9e19e45a22ce09a5aadced3ba188e35ad952567d39

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\klitxzfb.default-release\cache2\entries\E78E3F76C38A478389988CA4F4C125CDF3D80965

Filesize
52KB

MD5
5b560150226e8dcd187c365b007be0bb

SHA1
6b4c82b21c6d2d05b7c15c9e6522fa67ee71a076

SHA256
5162f9bfffc044b071fa76a95b42d27dc4ea855cd338a16dfaa4026786b4e8cd

SHA512
7016757e874355cf12a6defccd5995bf7afd9ed060154692f3a972649c500d14176778a969931eee76425b47f30a732b63c0cc54896ec6f85464e205164a1293

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\klitxzfb.default-release\startupCache\startupCache.8.little

Filesize
1.3MB

MD5
02cc783c43d866880de2c7869e636c48

SHA1
4d73b989ac97e5932f8c96c80df365502d881953

SHA256
d1ee6b5c12ab233e153ef1f89fff15e1aec2386270c80d7e87de71161125447f

SHA512
de966cb225a3de223607e7ef850bcf64dbf3e875fcb3172445740956026a3fd540f71dbbf4993710dfe8aa6e64e3d3270222f760fc85af3add3cf14da7e50405

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\klitxzfb.default-release\SiteSecurityServiceState.txt

Filesize
324B

MD5
42e30290730dbfc757b2af3c379c0ebd

SHA1
0fd666f4b0677d3ffddbccde43c9884a4352b5c0

SHA256
64d2a90e0e77fc69b4815f7117892520652a2790d2fde51e065c904d4a5cd5c8

SHA512
c4e5d2e14acad36d2f35fe914f4b80852ab49e99bd4065dbba08a2284ef7ba438cb92fc3386885324be263db2381fede78059e92ff276badce6b18992591c3a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\klitxzfb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\klitxzfb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\klitxzfb.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\klitxzfb.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\klitxzfb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\klitxzfb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\klitxzfb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\klitxzfb.default-release\prefs-1.js

Filesize
9KB

MD5
e80ea5f8e4ca337e9f63e2ad8453c643

SHA1
0e9743b6aaecc70ff1559afdbe2322621047cff2

SHA256
ce57277aba8eeffccff4a52ca0a2bfc9bd52093cefe945844177658936cd6e45

SHA512
a9f9686d5385275cb587dcc4943b8dde546d69c42e4e64c81da2cf8b3fe7ecd5ea99c322eb3f86f0ba88b6a86807483c4b22ff15249c0814b20612eb9a13c1d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\klitxzfb.default-release\prefs-1.js

Filesize
7KB

MD5
efe4c5e2c57d369cc893e4ccd624c59f

SHA1
d39af2deee9231a58bfdc9830b016d3bc88c4ca8

SHA256
b54e640ebeaf522097409278208a5d7b389707d342df26e23d07e763c9372ec5

SHA512
930292387e0867187d5519e3afa5291b5c82f7acc073f62dc3d9178782c2d87d6c6b453de6d7bad57906a789230c0b422cb6af94f0ea3b8444e5ab028529d312

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\klitxzfb.default-release\prefs-1.js

Filesize
6KB

MD5
5f8657833f29dfc0834b8f461373328b

SHA1
e4d8026892f7a4af919895cbf5673b9ba23a68f3

SHA256
d4f489312feecd63bf953b5f022ac9a4b79b616ba85c0bf03ce7aaf999bc0d07

SHA512
1a27298638ae3caaea18313b9e135537529bfd11c30ae2e50995d2894a0b1681a1186b3efe8b3377e630070a97737ce87873601ead1c7a3614f67985ae6fd4c1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\klitxzfb.default-release\prefs.js

Filesize
6KB

MD5
78bb5cce22eedcf01bfad93da7271878

SHA1
5819763966257110360463076db9bd7900b00984

SHA256
2a70cbd6c16ccdda329bed7e1a0282c5cd8cc154cedc9816ac6b72097178e241

SHA512
f08a237257e750e3028efc3d8446f0cc2aee1dc6c819b4267832ac6758fcbf007982fd192d6e6da097d236660b5f4f7160fa6c58479c5dbd135984390db36fb2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\klitxzfb.default-release\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\klitxzfb.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\klitxzfb.default-release\sessionCheckpoints.json.tmp

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\klitxzfb.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1023B

MD5
5fa471a3e10135ddf647b8173945309e

SHA1
a5c741568866a03cabb8a3ce760d3c2a55aa048e

SHA256
343b8200e805326d08c31d36ed8e1f93363b2c03a43b824b0cf63c9086497397

SHA512
7cb84623bae735ba83c3652085cb582802b5b352093ffebfbf81917fbf82b359d3ce2f223b95410a6c87207930ae2ad5762044dd7e68c178f68fea7b12bbae0c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\klitxzfb.default-release\sessionstore.jsonlz4

Filesize
834B

MD5
680a4294b56cf58c7d04640653374213

SHA1
6ede2d1282e17980db22301eb5cc363d65cf37d1

SHA256
9e3d5e91d9a37ac9187898c85269e49ac8b91215473f74e5d848b82e0f7d4a2c

SHA512
b7f46a2b6c1785789901e33652cd30bd452fd0c886275f0376df44fc7a7b4578785be089e8e0a90eb3156dba3b981dfa0cc5a35f10d77ccd62e7ad89d9197be4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\klitxzfb.default-release\sessionstore.jsonlz4

Filesize
834B

MD5
680a4294b56cf58c7d04640653374213

SHA1
6ede2d1282e17980db22301eb5cc363d65cf37d1

SHA256
9e3d5e91d9a37ac9187898c85269e49ac8b91215473f74e5d848b82e0f7d4a2c

SHA512
b7f46a2b6c1785789901e33652cd30bd452fd0c886275f0376df44fc7a7b4578785be089e8e0a90eb3156dba3b981dfa0cc5a35f10d77ccd62e7ad89d9197be4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\klitxzfb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.3MB

MD5
0e7f5fb6522031b3f532e6bc38be337f

SHA1
9d70f2c72920b20f6b4f192afa302e5b02016963

SHA256
dfe15353098b942c7a42f95aee6a5b90eac0da350f1cd4c23a819a867a7eae66

SHA512
26f5ac231ce4aba407637a9099fd0136ffc04b876138c684a79574751b2ddad385e507edfbe6c3d5660eebd922ee2509f261b837a8a1bae1a2ee0792bb86b562

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\klitxzfb.default-release\xulstore.json

Filesize
120B

MD5
05e1ddb4298be4c948c3ae839859c3e9

SHA1
ea9195602eeed8d06644026809e07b3ad29335e5

SHA256
1c2c5d5211674c3c8473e0589085499471399e53e9a85d7dd3b075fef6cbb6be

SHA512
3177b48cd0c877821419d7e5eb247a4c899bc37258994f22257ceaafefb316e6f5959faae02e380e432d7752f0218d45d56d6878c1e751d201d9fdb3ff98612e

Download Submit
memory/336-54-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download