ab2d5ede7bc314245972ffdaa7b7b4f1ee3c8dbffefe9b62a814ef1a6902b7c5

Analysis

max time kernel
1033s
max time network
947s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
08/08/2023, 18:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Copy of VALUE STREAM MAPPING (MACROS).xlsm
Size

159KB
MD5

02a822b178d00c485e368f18df24d777
SHA1

efac62e7b32d0b9f762a1942d50e76854b7b8db7
SHA256

ab2d5ede7bc314245972ffdaa7b7b4f1ee3c8dbffefe9b62a814ef1a6902b7c5
SHA512

822108f16584c325fe5d9714128f5e5059e54649e76064dce0c4261a85bc7b8d2f25e4ecf86cf9928da90d38ae22b56ee207cca19d694e1462f4483f6cb3e1a7
SSDEEP

3072:s1DejTscanBTnumDw8fvEgaNYzc5N67IEDua4qizrFnxVeIIBNf14naLXe4PV:eejtaBP9Y3s7IAuzqiHFxEIID/LXf9

Score

1^/10

Malware Config

Signatures

Modifies registry class 40 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\NodeSlot = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 5600310000000000e3565c6b100057696e646f777300400009000400efbe874f77480857e3902e00000000060000000001000000000000000000000000000000ba9c9600570069006e0064006f0077007300000016000000	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 5a003100000000000857e390100053797374656d33320000420009000400efbe874f77480857e3902e000000b90c000000000100000000000000000000000000000009edf800530079007300740065006d0033003200000018000000	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	firefox.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4068	EXCEL.EXE

Suspicious use of AdjustPrivilegeToken 24 IoCs

description	pid	Process
Token: SeDebugPrivilege	1020	firefox.exe
Token: SeDebugPrivilege	1020	firefox.exe
Token: SeDebugPrivilege	1020	firefox.exe
Token: SeDebugPrivilege	1020	firefox.exe
Token: SeDebugPrivilege	1020	firefox.exe
Token: SeDebugPrivilege	1020	firefox.exe
Token: SeDebugPrivilege	1020	firefox.exe
Token: SeDebugPrivilege	1020	firefox.exe
Token: SeDebugPrivilege	1020	firefox.exe
Token: SeDebugPrivilege	1020	firefox.exe
Token: SeDebugPrivilege	1020	firefox.exe
Token: SeDebugPrivilege	1020	firefox.exe
Token: SeDebugPrivilege	1020	firefox.exe
Token: SeDebugPrivilege	1020	firefox.exe
Token: SeDebugPrivilege	1020	firefox.exe
Token: SeDebugPrivilege	1020	firefox.exe
Token: SeDebugPrivilege	1020	firefox.exe
Token: SeDebugPrivilege	1020	firefox.exe
Token: SeDebugPrivilege	1020	firefox.exe
Token: SeDebugPrivilege	1020	firefox.exe
Token: SeDebugPrivilege	1020	firefox.exe
Token: SeDebugPrivilege	1020	firefox.exe
Token: SeDebugPrivilege	1020	firefox.exe
Token: SeDebugPrivilege	1020	firefox.exe

Suspicious use of FindShellTrayWindow 9 IoCs

pid	Process
4068	EXCEL.EXE
4068	EXCEL.EXE
1020	firefox.exe
1020	firefox.exe
1020	firefox.exe
1020	firefox.exe
1020	firefox.exe
1020	firefox.exe
1020	firefox.exe

Suspicious use of SendNotifyMessage 6 IoCs

pid	Process
1020	firefox.exe
1020	firefox.exe
1020	firefox.exe
1020	firefox.exe
1020	firefox.exe
1020	firefox.exe

Suspicious use of SetWindowsHookEx 54 IoCs

pid	Process
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE
1520	OpenWith.exe
1520	OpenWith.exe
1520	OpenWith.exe
1520	OpenWith.exe
1520	OpenWith.exe
1520	OpenWith.exe
1520	OpenWith.exe
1520	OpenWith.exe
1520	OpenWith.exe
1520	OpenWith.exe
1520	OpenWith.exe
1520	OpenWith.exe
1520	OpenWith.exe
1020	firefox.exe
1020	firefox.exe
1020	firefox.exe
1020	firefox.exe
1020	firefox.exe
1020	firefox.exe
1020	firefox.exe
1020	firefox.exe
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4068 wrote to memory of 4596	4068	EXCEL.EXE	83
PID 4068 wrote to memory of 4596	4068	EXCEL.EXE	83
PID 1520 wrote to memory of 1968	1520	OpenWith.exe	94
PID 1520 wrote to memory of 1968	1520	OpenWith.exe	94
PID 1968 wrote to memory of 1020	1968	firefox.exe	96
PID 1968 wrote to memory of 1020	1968	firefox.exe	96
PID 1968 wrote to memory of 1020	1968	firefox.exe	96
PID 1968 wrote to memory of 1020	1968	firefox.exe	96
PID 1968 wrote to memory of 1020	1968	firefox.exe	96
PID 1968 wrote to memory of 1020	1968	firefox.exe	96
PID 1968 wrote to memory of 1020	1968	firefox.exe	96
PID 1968 wrote to memory of 1020	1968	firefox.exe	96
PID 1968 wrote to memory of 1020	1968	firefox.exe	96
PID 1968 wrote to memory of 1020	1968	firefox.exe	96
PID 1968 wrote to memory of 1020	1968	firefox.exe	96
PID 1020 wrote to memory of 4480	1020	firefox.exe	97
PID 1020 wrote to memory of 4480	1020	firefox.exe	97
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98
PID 1020 wrote to memory of 2044	1020	firefox.exe	98

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Copy of VALUE STREAM MAPPING (MACROS).xlsm"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4068
- C:\Windows\splwow64.exe
  C:\Windows\splwow64.exe 12288
  2⤵
  PID:4596
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "mailto:Textbox@05"
  2⤵
  PID:2292
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url mailto:Textbox@05
    3⤵
    PID:3336

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:2452

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1520
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "mailto:Textbox@05"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url mailto:Textbox@05
    3⤵
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1020
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.0.1890839555\2084058623" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 20860 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5ca44ca-a936-459b-b8cc-6b8220773c7b} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 1964 1cffe5f8158 gpu
      4⤵
      PID:4480
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.1.656135373\314519507" -parentBuildID 20221007134813 -prefsHandle 2380 -prefMapHandle 2368 -prefsLen 21676 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b96baba-4135-412a-8409-0d0bab9f6b5e} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 2392 1cffe2fc358 socket
      4⤵
      PID:2044
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.2.909822581\1471539590" -childID 1 -isForBrowser -prefsHandle 3248 -prefMapHandle 3260 -prefsLen 21779 -prefMapSize 232645 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0bf7df34-80e3-4916-8618-aae5a35de22f} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 3268 1cf82b37558 tab
      4⤵
      PID:2492
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.3.1419823767\147972756" -childID 2 -isForBrowser -prefsHandle 3600 -prefMapHandle 3596 -prefsLen 26359 -prefMapSize 232645 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe3de248-3056-4cc0-b304-1854c39dc252} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 3608 1cf830b4158 tab
      4⤵
      PID:5064
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.4.442590895\2048149966" -childID 3 -isForBrowser -prefsHandle 4692 -prefMapHandle 4652 -prefsLen 26593 -prefMapSize 232645 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {19d5e3de-9d48-491c-80e9-2dd4f87d92d6} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 4708 1cff1b65f58 tab
      4⤵
      PID:2348
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.5.635340256\1548253651" -childID 4 -isForBrowser -prefsHandle 4940 -prefMapHandle 4936 -prefsLen 26593 -prefMapSize 232645 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5fd41d0d-c26c-4ca4-b534-d9c91942cc3e} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 4836 1cf851f0958 tab
      4⤵
      PID:5044
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.6.980201890\1868375836" -childID 5 -isForBrowser -prefsHandle 5092 -prefMapHandle 4916 -prefsLen 26593 -prefMapSize 232645 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {efe32a6b-9bf4-44e7-acfb-018ed9936ce2} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 5076 1cf851f1258 tab
      4⤵
      PID:3068
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.7.1075192579\687379016" -childID 6 -isForBrowser -prefsHandle 5524 -prefMapHandle 2772 -prefsLen 26752 -prefMapSize 232645 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {96dfe304-bd06-46a6-82c4-aadbe16c1aec} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 5540 1cf82b37558 tab
      4⤵
      PID:3832
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.8.1064130293\870245274" -childID 7 -isForBrowser -prefsHandle 3376 -prefMapHandle 3292 -prefsLen 26752 -prefMapSize 232645 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fad80581-389b-4bf3-8a7c-92b9fff611dc} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 3364 1cf830b6858 tab
      4⤵
      PID:5012
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.9.397130252\1662901756" -childID 8 -isForBrowser -prefsHandle 7352 -prefMapHandle 7380 -prefsLen 30334 -prefMapSize 232645 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {94c40a1e-51ce-49f2-b8c1-e71b48f43210} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 7272 1cf91010458 tab
      4⤵
      PID:5728
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.10.708989802\1687251455" -childID 9 -isForBrowser -prefsHandle 7440 -prefMapHandle 7436 -prefsLen 30334 -prefMapSize 232645 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f22fd5fb-fee2-457d-8eb6-9599dbadb4b9} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 7004 1cf92181158 tab
      4⤵
      PID:5740
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.11.11657624\733633684" -childID 10 -isForBrowser -prefsHandle 7436 -prefMapHandle 1696 -prefsLen 30334 -prefMapSize 232645 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd0e0af2-49af-4bef-9ac3-1bf959e5e204} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 7212 1cf94b16e58 tab
      4⤵
      PID:5940
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.12.950644331\1699403469" -childID 11 -isForBrowser -prefsHandle 7008 -prefMapHandle 3996 -prefsLen 30343 -prefMapSize 232645 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f09b81ac-436d-4842-8481-8273790dca03} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 6432 1cf8457ee58 tab
      4⤵
      PID:5320
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.13.1671617481\1198917923" -parentBuildID 20221007134813 -prefsHandle 6500 -prefMapHandle 5896 -prefsLen 30343 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5360ab5-e212-4bdb-9210-214e8a8e6392} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 1188 1cf8d219e58 rdd
      4⤵
      PID:3092
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.14.2004141543\1076227656" -childID 12 -isForBrowser -prefsHandle 6408 -prefMapHandle 6820 -prefsLen 30343 -prefMapSize 232645 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f05b3ea0-8488-4bf9-852f-54ecdc86af01} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 7380 1cf8fc7be58 tab
      4⤵
      PID:1436
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.15.590328181\1888110636" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 7708 -prefMapHandle 7676 -prefsLen 30352 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81d2cb97-aa5c-4c15-a86a-9e821419cc76} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 6840 1cf8ff6f258 utility
      4⤵
      PID:3040
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.16.1176632072\2105332523" -childID 13 -isForBrowser -prefsHandle 7880 -prefMapHandle 7884 -prefsLen 30379 -prefMapSize 232645 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45a2b25c-b64c-489c-88c6-40dbb3bc1b57} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 7432 1cf91af9558 tab
      4⤵
      PID:3280
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.17.1993568917\1294960584" -childID 14 -isForBrowser -prefsHandle 11856 -prefMapHandle 7160 -prefsLen 30379 -prefMapSize 232645 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc612ddd-4c45-4ab4-943f-89463821ef1c} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 11864 1cf91ac8b58 tab
      4⤵
      PID:4324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\46be7tph.default-release\activity-stream.discovery_stream.json.tmp

Filesize
144KB

MD5
86a6854b7f6d9debaa00241fbc49cdf7

SHA1
e37d5d946be2b2f821e3853f8a733b201adbf6b6

SHA256
8551e4470f95cc7d23e903c06ef0fc876a0d7b1c7a332ff9647dab1050ab5b3c

SHA512
f7fccfc4854ba68b0b4f4ed03b044c7230046fa4d5a2ad1787e25e804d2590d931a5651bd7e4e621ef67af27e21df12cd54f4c89038a5e08b69b1dd31b7109f6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\46be7tph.default-release\cache2\entries\70DBE5F90BD35EEC6D4A07D16DB46EC38E379124

Filesize
13KB

MD5
dc58daed3d1775fdb8fd96c077d89bc8

SHA1
81e60ca5558cbd5438acda9b313d263a9aff9dc5

SHA256
75e727ce45275b5eea80737f0c017f19174f58b606cda1cb0838c51eb9d0bc71

SHA512
21cd0e7b7fd6bb3c1a1e1d18efafa8d19e35243d336dac9780d000d51c7d016ca84aa1ce481c66ee216b0c3a844b6f70b2ee5f74fd14a97f8d1d3ce59c9ee632

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
543a42d7fa0b85cdc9425ea4754fe39f

SHA1
db716d3ced10f066011ef1fee9d82e22e69cdad4

SHA256
8cf79604911df48e3ab33b1d948a33b7509f4842ef9d98cad10470722bf5fa1c

SHA512
75ce4debf8951d586532d27031448d5944176e6e89d57cae311df698b46507cf94bffc77635df125a99e378b90ffa12991520aa54377c5a39aa6848151be5c61

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
8KB

MD5
9467362b3d9bc1335f0b7a511a28b99c

SHA1
830c0dc5e4bad2db078475bf5eaff5a99b58ced0

SHA256
3e722e3e95e730a9142221c704e8857f6ef8948c7f25de8716e04209068f08a5

SHA512
47a31a2e2b45248ce06022e1f3f670224b1ede1812e64bdb450429bc23df3234ee2349c015400ea35bd31fd3fc7dda6ce759f7d0532c59070ac60e84224c4dfb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
8KB

MD5
73788c469042bee5e2475706a07953a0

SHA1
55712f16ec8453ddd02262ecc8f02918a7f648b1

SHA256
ff2c0f5657d559b90c4e35105bcea19aba1716fdf7347c571dcc6d820de20647

SHA512
0bafe0d1ddda68804a09e80d6c660a4b2cb73bb8e35bcfd6458c1599b5a7eb5d2caefef89aac461dbf86f228ecc3b5250f60b2948e8a3c0680f3521f1d9183f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
7d3d11283370585b060d50a12715851a

SHA1
3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3

SHA256
86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9

SHA512
a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
c58234a092f9d899f0a623e28a4ab9db

SHA1
7398261b70453661c8b84df12e2bde7cbc07474b

SHA256
eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c

SHA512
ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\handlers.json.tmp

Filesize
410B

MD5
a436d19f1da018a3deb3d6bdd0216ad5

SHA1
a8890adb5c7e56e4d5fb4f99f89e57a101c9f852

SHA256
2d8a2a215383985a8b18b9134627a403820562a19301bf6f41044b3dbd331887

SHA512
5eacbcadd27ce2ba3a36cddc1295d9f7f678069fe1e5e9054fc758029da850c12189b776acf3b4490b1fe74eb08834051b4c89871fb46b885d227c037371a883

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\prefs-1.js

Filesize
6KB

MD5
1921d95bd0249fb57096634f88aca51d

SHA1
17c281d6f0d287f738b9482903b247d684d4393c

SHA256
fc1b2133262eeddbd643ef410e249f17dc7eee755f2199dcb77a5ac6fb40c335

SHA512
ee1e35b13b545098ddaff3be4a70484ae409b922112ef0cfc2f1ceab94292d6101e9bc3b96a7cdadf9588346fe92facd8790c951fcf1c58cf3b3367708aa3401

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\prefs-1.js

Filesize
7KB

MD5
08beda35b9c20cc9f135318700d2f4c8

SHA1
44425e9c2d5594b2c8d9bfa7c3d44ee2ca1e9615

SHA256
227ae661c622a882e2eefdd33c59399d6eea7a38445a4cc8d0d67dc3838dfdcc

SHA512
5fcb71bd8e16582d0f04fc8a4fb689e87c0784b3d7882a6c6e85b2dd81429424c649adee38f251e4a593398bb343656a2b019fafd784de1e3ad80a01a93de37d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\prefs-1.js

Filesize
8KB

MD5
1aea58d0f2fcac9c14fc03d5b3c75269

SHA1
ce6e1f4e37f1c18b4a1b6dd8fcea05de9d973635

SHA256
18ebe6079d754c12d59460fcfce4654f8aa4ec8223676b938dc103fca04ba090

SHA512
1875ddf7b292e4c847cbc78637038c6d884e06da7d6846fbec537f9e4745c58669441b2a1fc89b43cc1a12b4dbf9ae98c9e07397b4bfffcfe93bc69a5fb72e2b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\prefs-1.js

Filesize
10KB

MD5
913fe6a991cc663eaa73a3d4ee8e5729

SHA1
33a610ca801a3a2b375ba81b22ed2670d8ab02a8

SHA256
08e2cbc6ed0918aa7daa1402621ba0b2c61b3d5ddd484053c58e99d3f34c5c26

SHA512
f75e9dd4f057619aea8f84d064214f26c0f323d21305e92235e7f660de3d17797bf69fefae6f84ef7970610a22aac11867b0c4034995eb36d420f09cf64c9959

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\prefs-1.js

Filesize
10KB

MD5
bebb513a0d0a1ec5d68904bb8e3f0cf1

SHA1
c479411fff670ada65d7e98b995cbe8cd4dc6210

SHA256
9f295ea90312dde9229379ad699df05c1875bf8bb78f9e7300cb2256b8750739

SHA512
f2a51bf1e9b22003a20346cc1ea032b636b4572f8b66241b98c5748b0de2259dd42730511075cca1753b8572b794b8ad2c8aafff874f64528ea3e803433a39a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\prefs.js

Filesize
6KB

MD5
0b530a59f217230f45f81e148c9597e3

SHA1
1ab4179e354ee549a8144bed3821b532c056a5c9

SHA256
41dbaa2e93c343611bd676daa2ca6c61a8acbcb4953b0bb1bad71ca61fde1073

SHA512
abe90fae43b1077ef4e30542be8222c1dcf6419f88ef739a2c8c0ead0c2a831a757460b30f510d24d27e5b186193bec82722b8b907e6af801fa7507b10baeebe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\prefs.js

Filesize
6KB

MD5
6a86b865a5119ccbd6c1685d2827332e

SHA1
85a9c2a1146ba2a2e0e3f17d03491a2e784d3f36

SHA256
4d55797f227576114405921a0b1831103667f260773291c114ac30a9a8abe30c

SHA512
17e1629494c74b33264e9376a57209f9f341f89d020b5a86ee8a6a65ed60ca167bf9c3c2f8b8a965ff352e57dba51e18082c9b19456e53ac143b67a10088f6c3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\prefs.js

Filesize
6KB

MD5
fd1f018c8e175b61e523fd3964d3a44c

SHA1
e9da0506be31629d2d84b36c915472575ff5f376

SHA256
fa3d604a3256869f811436d9e6827d2bd6990af82f82f996805876cd9f7fd5b9

SHA512
c8fa2f4bad6a1c417378fe6b22339d17dcf286ccd85143a57ce7c7d870a594a263b494c4bad6554fe946381eb082bdbe6425be98362572b3b08bf1a0ed2f9304

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
68897790d6fa5013b50a3ff07aff0824

SHA1
13ed79435e6192663812394eed3a319a826e2161

SHA256
f9d885acc67dc47a32af4163c7eca4d997fc2fcf1d16d84c03c5dc4a87e91994

SHA512
609c77138fb39b74d9e8ff0f4e82349d1d4b05caeef1dece1581ccae9e7dd3bdfb8e30745ffe95f904da591f45aa3f2f0c94f84527047d2c45f0059dd7d3ffa1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
fbd8bf5523389599bc204e7fa918b8a4

SHA1
ec5f5ea259d1b4133c0bc886d8838901d5e61471

SHA256
c2e758e6edefae2cfe22ba83ed7a9824924c6b1597d82e31f1f46effc8336006

SHA512
4de26a0fbd82057b690f7e3d6d549ea41216f6c6e72c1e7d7323674b9c98d63a401b67e9df68afe5ab4ad9cd8367d46f8bba23f74a1a38cda0a60bf4aeb5a665

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
70c1769e4129871a3edbc4d858441955

SHA1
9ced964280ae776362094f3bce467fa795a2e4f4

SHA256
b76df568f0c2d7503edd8c682e195a8b09563c025d0195acffd346154b107d82

SHA512
1e1fbc0a3701b999bdd70f8e2eb52d826bc6484eb413745d7295331b05cf0daba111731be3f7b1586f0ab854a1742e2164ebb732fb96da3273fa1990412d02a5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
ad0053253f827f03b0780c87ae42f4b2

SHA1
54c2216b820319ba3cf55b808cceb60bfa423839

SHA256
bc9289e4a6fbae08f0a7de962428db42f26bb950b6d0e062a56b26611802bd79

SHA512
515d63fd3140dda6e3009df1db17bb2e616bca1d7a7ee4d3ee286af1b408b83cb66bb806aaa18ab4b71ed5266aa3cbeefd1915a9f47113fbfb0432d2d513bef0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\sessionstore.jsonlz4

Filesize
5KB

MD5
a0be76f19e25afcadfa84e7db234546f

SHA1
06d33ff2439b458c48696965758767d68c3a7f18

SHA256
4a70c9b2d5a9a2b436248428502feea916edafbe6e4d6c326cc65d8c0921a08d

SHA512
226c6b421319ae6c2f84db22d21f7860c620e21450fbf35e333eff47cf871d7082c006e87c37d46ab8358834427f165eeba37af8f874842e2325130060dd8f44

Download Submit
memory/4068-146-0x00007FFF49020000-0x00007FFF49030000-memory.dmp

Filesize
64KB

Download
memory/4068-143-0x00007FFF8B850000-0x00007FFF8BA45000-memory.dmp

Filesize
2.0MB

Download
memory/4068-149-0x00007FFF8B850000-0x00007FFF8BA45000-memory.dmp

Filesize
2.0MB

Download
memory/4068-152-0x00007FFF8B850000-0x00007FFF8BA45000-memory.dmp

Filesize
2.0MB

Download
memory/4068-151-0x00007FFF8B850000-0x00007FFF8BA45000-memory.dmp

Filesize
2.0MB

Download
memory/4068-150-0x00007FFF8B850000-0x00007FFF8BA45000-memory.dmp

Filesize
2.0MB

Download
memory/4068-148-0x00007FFF8B850000-0x00007FFF8BA45000-memory.dmp

Filesize
2.0MB

Download
memory/4068-147-0x00007FFF8B850000-0x00007FFF8BA45000-memory.dmp

Filesize
2.0MB

Download
memory/4068-160-0x00007FFF8B850000-0x00007FFF8BA45000-memory.dmp

Filesize
2.0MB

Download
memory/4068-145-0x00007FFF8B850000-0x00007FFF8BA45000-memory.dmp

Filesize
2.0MB

Download
memory/4068-144-0x00007FFF8B850000-0x00007FFF8BA45000-memory.dmp

Filesize
2.0MB

Download
memory/4068-153-0x00007FFF49020000-0x00007FFF49030000-memory.dmp

Filesize
64KB

Download
memory/4068-135-0x00007FFF8B850000-0x00007FFF8BA45000-memory.dmp

Filesize
2.0MB

Download
memory/4068-141-0x00007FFF4B8D0000-0x00007FFF4B8E0000-memory.dmp

Filesize
64KB

Download
memory/4068-142-0x00007FFF4B8D0000-0x00007FFF4B8E0000-memory.dmp

Filesize
64KB

Download
memory/4068-140-0x00007FFF8B850000-0x00007FFF8BA45000-memory.dmp

Filesize
2.0MB

Download
memory/4068-138-0x00007FFF4B8D0000-0x00007FFF4B8E0000-memory.dmp

Filesize
64KB

Download
memory/4068-139-0x00007FFF8B850000-0x00007FFF8BA45000-memory.dmp

Filesize
2.0MB

Download
memory/4068-136-0x00007FFF4B8D0000-0x00007FFF4B8E0000-memory.dmp

Filesize
64KB

Download
memory/4068-155-0x00007FFF8B850000-0x00007FFF8BA45000-memory.dmp

Filesize
2.0MB

Download
memory/4068-137-0x00007FFF8B850000-0x00007FFF8BA45000-memory.dmp

Filesize
2.0MB

Download
memory/4068-134-0x00007FFF8B850000-0x00007FFF8BA45000-memory.dmp

Filesize
2.0MB

Download
memory/4068-156-0x00007FFF8B850000-0x00007FFF8BA45000-memory.dmp

Filesize
2.0MB

Download
memory/4068-133-0x00007FFF4B8D0000-0x00007FFF4B8E0000-memory.dmp

Filesize
64KB

Download