58a60fd9737d68b66aa8d5e2c1e19a6ba106372ef4bbc43f826aee5f17d68e82

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2023, 13:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

RougeCracked-main/interface.exe
Size

12KB
MD5

bce9a6fe857f381be422d56894a5fb97
SHA1

bfd810291fe67f4052f59d110f79dbb43e4e628d
SHA256

8b59e3e7af2f61498eb617b1ad54b10b0c21c93db8f9d0263a3450188775a59e
SHA512

ca0fa61b85a2cb63e7882529d4e3d5af671ec0d365e0a8e29182b04fda340c508fade16a8e0546049ce76e3477b0265edb3754d9d86a8d4482be60e0eb81634d
SSDEEP

192:wlhtwcnffNU9vY3l7Lx3ifuN1C0x0h52wa//TW:wljw8ffNUcnxEY1C0Gh8ws/T

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	1864	interface.exe
Token: SeDebugPrivilege	3460	firefox.exe
Token: SeDebugPrivilege	3460	firefox.exe

Suspicious use of FindShellTrayWindow 7 IoCs

pid	Process
1864	interface.exe
1864	interface.exe
1864	interface.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
3460	firefox.exe
3460	firefox.exe
3460	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3460	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 3460	1972	firefox.exe	101
PID 1972 wrote to memory of 3460	1972	firefox.exe	101
PID 1972 wrote to memory of 3460	1972	firefox.exe	101
PID 1972 wrote to memory of 3460	1972	firefox.exe	101
PID 1972 wrote to memory of 3460	1972	firefox.exe	101
PID 1972 wrote to memory of 3460	1972	firefox.exe	101
PID 1972 wrote to memory of 3460	1972	firefox.exe	101
PID 1972 wrote to memory of 3460	1972	firefox.exe	101
PID 1972 wrote to memory of 3460	1972	firefox.exe	101
PID 1972 wrote to memory of 3460	1972	firefox.exe	101
PID 1972 wrote to memory of 3460	1972	firefox.exe	101
PID 3460 wrote to memory of 964	3460	firefox.exe	102
PID 3460 wrote to memory of 964	3460	firefox.exe	102
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 4504	3460	firefox.exe	103
PID 3460 wrote to memory of 2164	3460	firefox.exe	104
PID 3460 wrote to memory of 2164	3460	firefox.exe	104
PID 3460 wrote to memory of 2164	3460	firefox.exe	104

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\RougeCracked-main\interface.exe
"C:\Users\Admin\AppData\Local\Temp\RougeCracked-main\interface.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1864

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3460.0.649699326\734199875" -parentBuildID 20221007134813 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {25c47268-cac8-42e2-ae7b-51f4dfa1feb1} 3460 "\\.\pipe\gecko-crash-server-pipe.3460" 1960 1b2f70f3158 gpu
    3⤵
    PID:964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3460.1.512920160\594756372" -parentBuildID 20221007134813 -prefsHandle 2348 -prefMapHandle 2344 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58945bcb-7c00-44e1-a9a7-62ba76a2822f} 3460 "\\.\pipe\gecko-crash-server-pipe.3460" 2360 1b2ea570458 socket
    3⤵
    PID:4504
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3460.2.649409851\1207008347" -childID 1 -isForBrowser -prefsHandle 3280 -prefMapHandle 3156 -prefsLen 21012 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc9b6bf7-6f97-43f1-bc07-a14ba44d5003} 3460 "\\.\pipe\gecko-crash-server-pipe.3460" 3420 1b2faeb2058 tab
    3⤵
    PID:2164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3460.3.1214324533\477035825" -childID 2 -isForBrowser -prefsHandle 3576 -prefMapHandle 3288 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc6c01bc-2e97-49bd-873e-659989934bb6} 3460 "\\.\pipe\gecko-crash-server-pipe.3460" 3592 1b2f991e258 tab
    3⤵
    PID:4728
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3460.4.334264529\746483251" -childID 3 -isForBrowser -prefsHandle 4040 -prefMapHandle 4032 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba33d922-171d-4a86-a153-3f9abf6bcc28} 3460 "\\.\pipe\gecko-crash-server-pipe.3460" 4048 1b2fc326558 tab
    3⤵
    PID:1068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3460.5.1474963129\264830604" -childID 4 -isForBrowser -prefsHandle 5208 -prefMapHandle 5204 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36351ba1-a99e-4709-81c8-0bd3715f64f2} 3460 "\\.\pipe\gecko-crash-server-pipe.3460" 5228 1b2fcfe8f58 tab
    3⤵
    PID:3616
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3460.7.1074595724\1847538088" -childID 6 -isForBrowser -prefsHandle 5368 -prefMapHandle 5244 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f1bb67b-1a0f-48ee-8aff-c36fc6b73d8c} 3460 "\\.\pipe\gecko-crash-server-pipe.3460" 5456 1b2fcfe9858 tab
    3⤵
    PID:3784
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3460.6.2095763923\1111143119" -childID 5 -isForBrowser -prefsHandle 5220 -prefMapHandle 5216 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24153d6d-b71d-40b8-a468-59c0e0446b9f} 3460 "\\.\pipe\gecko-crash-server-pipe.3460" 5244 1b2fcfe9258 tab
    3⤵
    PID:1004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3460.8.585161353\1678209057" -childID 7 -isForBrowser -prefsHandle 4912 -prefMapHandle 5976 -prefsLen 29889 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3bde3ec5-37eb-428e-a20d-171dcfcf5330} 3460 "\\.\pipe\gecko-crash-server-pipe.3460" 3344 1b3026c7358 tab
    3⤵
    PID:3328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ob75hbeb.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
c7e325a0f0b70102bdeb922ddd118896

SHA1
8af461abe9aa2716887a41e90ec57f97cce41f3d

SHA256
c2538f1e2a4f69d884de1d77a5f27fa64dd48559bf3ba43b670ad7102e3c2cc1

SHA512
f0b2e7cb2c1d541116e0b07b079d5ccc12aafe925d2858312ebceca20c86bc99bc6f47d3f9a02fff2279c1c9e18b783059d92db9ae25e8c0384218914ed0b32d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ob75hbeb.default-release\cache2\entries\180089313729568CF6D0CAF9991F0FA4115478F0

Filesize
13KB

MD5
6f08cec595b9135ea26d8bfd264b176e

SHA1
703c142f7857f3ac8757cf299a3be450b65cdaee

SHA256
57eb54e65730b0e03355d0e79f0d08b7ce48618c86377f7cefaffe3ef5d01f7a

SHA512
6846dbd805e173fec4f6e731fd6653f83caadce626565d28c326c3d68ac0fcfaa7832c79c580e94b2c1b50e1c772242a51690f351816a2c122fdb8aa2f5d2f22

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ob75hbeb.default-release\cache2\entries\4EED77ABF2B13446DC47048EDC01C87DFC8AFFC2

Filesize
32KB

MD5
5b4fbce8d60af056698c2927ca538c90

SHA1
fb2d68d4b0a4aaa71462f871d4d2c79754ef829b

SHA256
cd0078f3adb3186f56f3ec08415715b2931c6826268e8f95abcd3e7f81728b78

SHA512
bc6859b79253487cac5892321d35d712ffd76a51351dc1af44ce81f37d4e1b83483bdc9e4117211b2a46667714ca24469d9373d2a744bc928f02e7e11fc1240d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ob75hbeb.default-release\cache2\entries\58A756A796A86993036E1F0F79183245EE2ABF58

Filesize
13KB

MD5
2d80a886657b38db8f399919f2342187

SHA1
2c071cade3aa9193f8ca11d3bf3c1bbffee8019b

SHA256
13bd86beb80799286a331fa690adf64e9ca7790c9445d9259a2b08a2b93a1d08

SHA512
b68d534014945f4388cff25653b74337488898947ff704ba9a161238b13c561b012aa483897a571a939a814aed7bdd9934211285c84ea4d38a52d69fc5b6e95c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ob75hbeb.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308

Filesize
9KB

MD5
69a0f56aa67e09e32e0fcb391914e00c

SHA1
7c4a01f3953097a9faa47c8c8100e09b00bfa2ec

SHA256
13b95dd2308882b1a74b7568903f3ea30102b54ab85dcc6c108c7671f74fb441

SHA512
0b04989afc2b47c4b93aca0342019e2261460fd1960e066e380fd150f096b4d2b6ac1649c5c8d0b8ef91ade6ed672614d12dc559f9f485662db9df7ad4a76a2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob75hbeb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob75hbeb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob75hbeb.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob75hbeb.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob75hbeb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob75hbeb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob75hbeb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob75hbeb.default-release\prefs-1.js

Filesize
7KB

MD5
35c5f32d2a7ee7e4f0f0d25cc19eea73

SHA1
0bc4a0cd31a52927895f53331bc43deac2805bc0

SHA256
6b7eafae199f6c097e4306f05b7d885a0d9ceac57a00279703f3c9fd27229e00

SHA512
c7dc03f21e1c84af7033eb2a10019b605d020fdaba6883f004ab0c16a4342223f747b303355225c2676a0c5c506249d3d29b90aab0a28fa6004a7ac702ee55f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob75hbeb.default-release\prefs-1.js

Filesize
10KB

MD5
9339ae07834994434e46c471f30c96f8

SHA1
18719171555c3b8211b56e0bdc48cefb485460a3

SHA256
2be73eb8d0dbcf5b4ee31ccc7b4208fdf461a0efa8ba0036b59da0f100542991

SHA512
4e3bac020eb4e9a125e518d0d23b81560a9f4f6d1987a8e2e3241d4aaf522c6d6f56c834b72100d42472284cf65573a7cd094bc1dd26f90b3b96b46a2e79bb92

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob75hbeb.default-release\prefs-1.js

Filesize
10KB

MD5
052bca3c531a811efb3b9571d2751b2c

SHA1
7c17bb443da66040d63bc4feb778b21d054fd15e

SHA256
739ddaf89845ec4f1524338a55c1dc63da084a3c62261400a47ba29a6ed5eb46

SHA512
1e44650fb1debaa83f26c79a24f89456eb8c608ca025979dc17ab140868570c10bbfe1e5099a0496eb2fa8998d12b130c415727ab2e8dd2c6c906b45763d0729

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob75hbeb.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
88227a5e2075cfa367aa9938f57b8069

SHA1
9e9b9d3852772d3f10313e1bc9900428a32132d0

SHA256
4c0f5428424e2d57c109ba7a6d13ec916cb625a187cb53d7b0d2ddfe6786504d

SHA512
e30ffad4585b9e92a3c8be7c02c5e9baaeeaf98526bfad7b8864de3cd95ede4061d6b1a6c2bbf8f51f4a9a0a39020dd683c35da133e2c0f4ca47098cb9c55af8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob75hbeb.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
30e2dc25709e97daeef5d8fbbe0c464d

SHA1
5f8e465fc475b06b3385e0bc742d926a38b8e029

SHA256
de42e5cc8dd2a4c4e0d7a020c6316f9815da63f48efb780e88350e94177dc514

SHA512
db5a91befda06aa6fb033cedac131eebf8ce26466e51d1d5ea9c5d9bfc71739b44f2020840df47ba14b1323a1b69d822d303a15470c88e4aac9bb49cc87e1e39

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob75hbeb.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
fcd5a0ea4169505768b69010dcdcd3ec

SHA1
e56ba1abcb1b81ee1b744b934b32ebba45b12b8a

SHA256
16fc7ef1e8fbbac71b22c83903155288fcc989b565b17cd71f4cf39dd12eda66

SHA512
4039eb089705be4bcdfb3066049b19343c92736365cbad205706de74a43f7cba6bb055fb308cf7810e975016781df0f22f4c04c589a1f5c426c697a9849e9e13

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob75hbeb.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
fd035e25d67f76c12c7735a022446885

SHA1
5cca7a39240e1aaead55a768410ab6cadf2397b6

SHA256
a197bb035d6e56a23610b255dd0927d186dba203a49933bc9dba1e4772783101

SHA512
2d23531fbb535850f1f22aeaf390f3cda014a805bc9b0c2f8714e4abbd1147eac91223ec773dd46b8b446d926f75be834f011f56baa3b163c4f740012e7fd4ac

Download Submit
memory/1864-7-0x0000000074E30000-0x00000000755E0000-memory.dmp

Filesize
7.7MB

Download
memory/1864-0-0x0000000000770000-0x000000000077A000-memory.dmp

Filesize
40KB

Download
memory/1864-3-0x00000000051A0000-0x0000000005232000-memory.dmp

Filesize
584KB

Download
memory/1864-2-0x0000000005670000-0x0000000005C14000-memory.dmp

Filesize
5.6MB

Download
memory/1864-4-0x0000000005110000-0x0000000005120000-memory.dmp

Filesize
64KB

Download
memory/1864-5-0x0000000005330000-0x000000000533A000-memory.dmp

Filesize
40KB

Download
memory/1864-6-0x0000000005110000-0x0000000005120000-memory.dmp

Filesize
64KB

Download
memory/1864-8-0x0000000005110000-0x0000000005120000-memory.dmp

Filesize
64KB

Download
memory/1864-9-0x0000000005110000-0x0000000005120000-memory.dmp

Filesize
64KB

Download
memory/1864-1-0x0000000074E30000-0x00000000755E0000-memory.dmp

Filesize
7.7MB

Download