12b689ebcd8af3e44c6d363d967ff665feeddf820ae13132b79b67ef31df5238

Analysis

max time kernel
104s
max time network
110s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
01/02/2024, 17:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

StockX.Invoice.Gen.v1.1.1.exe
Size

70.6MB
MD5

254a3933caf9db07f2ff6af2cba4979d
SHA1

e4d9a947c6eb259e20f187f30a0bd1a6016f43ad
SHA256

12b689ebcd8af3e44c6d363d967ff665feeddf820ae13132b79b67ef31df5238
SHA512

4c584ad25291dba7bd12f39141c4965e510da1ee3c03548c4e77e49d300993cb5c3a47e743b816b2fbbfb85b9b412a2aef446404d78de85e4da4d90fab3937c3
SSDEEP

393216:ZP59FKgzrS1BgwcSQLscMcjQ8n5AYfgNRae20g01Gmdz5BvxZVSdi461Pyzoz4sv:ZXfKcpgNRao7nQNZOJiC74SJrbt4k

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
4688	StockX.Invoice.Gen.v1.1.1.exe
4688	StockX.Invoice.Gen.v1.1.1.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4916	firefox.exe
Token: SeDebugPrivilege	4916	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4916	firefox.exe
4916	firefox.exe
4916	firefox.exe
4916	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4916	firefox.exe
4916	firefox.exe
4916	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4916	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3148 wrote to memory of 4916	3148	firefox.exe	80
PID 3148 wrote to memory of 4916	3148	firefox.exe	80
PID 3148 wrote to memory of 4916	3148	firefox.exe	80
PID 3148 wrote to memory of 4916	3148	firefox.exe	80
PID 3148 wrote to memory of 4916	3148	firefox.exe	80
PID 3148 wrote to memory of 4916	3148	firefox.exe	80
PID 3148 wrote to memory of 4916	3148	firefox.exe	80
PID 3148 wrote to memory of 4916	3148	firefox.exe	80
PID 3148 wrote to memory of 4916	3148	firefox.exe	80
PID 3148 wrote to memory of 4916	3148	firefox.exe	80
PID 3148 wrote to memory of 4916	3148	firefox.exe	80
PID 4916 wrote to memory of 3808	4916	firefox.exe	81
PID 4916 wrote to memory of 3808	4916	firefox.exe	81
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 3160	4916	firefox.exe	82
PID 4916 wrote to memory of 2976	4916	firefox.exe	83
PID 4916 wrote to memory of 2976	4916	firefox.exe	83
PID 4916 wrote to memory of 2976	4916	firefox.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\StockX.Invoice.Gen.v1.1.1.exe
"C:\Users\Admin\AppData\Local\Temp\StockX.Invoice.Gen.v1.1.1.exe"
1⤵
- Loads dropped DLL
PID:4688

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3148
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.0.523155890\181552789" -parentBuildID 20221007134813 -prefsHandle 1816 -prefMapHandle 1712 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {575ed598-1ff2-47fd-ac56-05974f04625b} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 1896 2b1249e9f58 gpu
    3⤵
    PID:3808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.1.1194813079\385113404" -parentBuildID 20221007134813 -prefsHandle 2252 -prefMapHandle 2248 -prefsLen 20783 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {862c8c1f-44e5-496b-ad49-d3aa45a6328d} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 2260 2b1248fd558 socket
    3⤵
    PID:3160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.2.215447991\343479557" -childID 1 -isForBrowser -prefsHandle 2924 -prefMapHandle 3188 -prefsLen 20886 -prefMapSize 233444 -jsInitHandle 1064 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b23bc2f-d4f3-4231-918d-a099f68240b2} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 3164 2b129a9ec58 tab
    3⤵
    PID:2976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.3.589767348\865958723" -childID 2 -isForBrowser -prefsHandle 1012 -prefMapHandle 1008 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1064 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5af83abc-3587-4ee2-b815-d2ea4f3a092f} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 3516 2b118967258 tab
    3⤵
    PID:4528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.4.1807877306\183070339" -childID 3 -isForBrowser -prefsHandle 4556 -prefMapHandle 4552 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1064 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c519748d-7092-4018-b18c-134bb2acbd02} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 4564 2b12b6ebd58 tab
    3⤵
    PID:4124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.5.1464014029\1520542713" -childID 4 -isForBrowser -prefsHandle 4400 -prefMapHandle 4960 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1064 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e8528f6-efb8-417d-ae0a-7422dec18517} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 4972 2b129a53758 tab
    3⤵
    PID:3308
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.7.1598654093\749781110" -childID 6 -isForBrowser -prefsHandle 5380 -prefMapHandle 5384 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1064 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ff3c199-a623-45af-82bc-689511e72455} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 5372 2b129a53a58 tab
    3⤵
    PID:920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.6.135463489\1271329206" -childID 5 -isForBrowser -prefsHandle 5188 -prefMapHandle 5192 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1064 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfa45c13-8b70-4969-8289-8edf8a0fd075} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 5180 2b129a53458 tab
    3⤵
    PID:2448
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.8.1752336236\422753997" -childID 7 -isForBrowser -prefsHandle 4448 -prefMapHandle 4760 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1064 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {98b699a7-dd2f-47f8-9e10-73de71483581} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 4740 2b124c87f58 tab
    3⤵
    PID:4536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\.net\StockX.Invoice.Gen.v1.1.1\FGH+gd7C9pgmxyBKoQkps9wQoGyYrq8=\clrjit.dll

Filesize
99KB

MD5
a08a76592061895a858ad807ad4b9a09

SHA1
7ff3271fda09741e31b7ad6337109a28045f55d0

SHA256
b0b66c777328053f7bc72a0b6d6f74abf9152af955561e3c350bd0bf9eb0a16d

SHA512
f6449d9a4e2b001b4ac57f0e9b322f3acaa65ab21d7040f84d1aeec6168d41774f9e85bcba8806b9526c02e84daa622a030800c6b4caf4930f1479e1b47d8afc

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\StockX.Invoice.Gen.v1.1.1\FGH+gd7C9pgmxyBKoQkps9wQoGyYrq8=\coreclr.dll

Filesize
981KB

MD5
a559af1433bb329e0a3512272d67283a

SHA1
cd2c52ce916584853a46f4ca363a6a05039c5f77

SHA256
526922d79bfdf0b3efda6f52b08eb9d4da6f50c4b0fc5cceb3cb7ba079aad870

SHA512
7a229819c24a9a5ddd9a16b92daaf8c494f4cbe686db6e3fc0449b1d1ae480f0ea8064be463a5c8bf44d7653b93f2600a4d499b66da5affa9e39994d831868b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
1.7MB

MD5
18e499224377587838f558ea85446c05

SHA1
a519cffc1a06fcf5f0f29f75f882094520c898ff

SHA256
820a1c2764b52f1a9195474fd08f6417fc3b3420ebd68e056d641bc4abdf4887

SHA512
937d0e4c241aa6b436bb9aacfae4b5173be2a0c41b5783a7348492212b893b7a774d86d097916eefb130acf8726c898e7e23a23f1f440c2c8de6aabedd3bbed5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
1b72425b91b36eef529a1848b6e03e32

SHA1
9f4e8b6845a3fcc660312d5fb228f76e38a8ad66

SHA256
cdc3cac11de2c72e59ec56850c2b64833d29e29a759b9f885dd77dcbba303293

SHA512
eaf4a0adc9f8d976600d3e45589ea0af279a42fe191ce73f8b70631b48af7dc0a2b01531c796b9719ac720ffb11ce2c70a17b088ec6ba49146d4087ea82e6f35

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\datareporting\glean\pending_pings\8bcf3fbb-ccca-4442-a5e2-5671e3f30a5d

Filesize
746B

MD5
83f26e7fe741cceb27a646ef6e5313c5

SHA1
395a193251fcafa6dc4f41c9ab3a68de14405c13

SHA256
37bf56c599d44d7a15cd9279fa6453ff0f558822ccff956fc20ee54e0e4003c3

SHA512
603e09f9dc51a412f22b644f3193fcbd18acf32c672e24d265834139947afae64b9cd24c5356763b7be2ccc06a3eb7ab9e8e88a54297a687c4e106173dcf6415

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\datareporting\glean\pending_pings\aad036f7-f1fc-461e-bf1d-bbefaaef9bbb

Filesize
11KB

MD5
642a335c63dd9db0828da26be0cfe85e

SHA1
7ad69d123e9eb36e3849f35f8cac0c5fb7e95b29

SHA256
ba28024df4dd8d29cee0da2c01c62930eb9242017733fdf9325c335a7d5cacfd

SHA512
36aaa9a322e71111d639b1dafdd93170c6d1cd1547afec73ff4eed5fc7f6f569d80b690376f7675f562bff6253e629ca7a4882041c247bd17e63f5055c940792

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
806KB

MD5
2ccd107fc66e84fcd3e4f366f5db6c3e

SHA1
09074068aaf67b3b27d9f1d4d5f5904f70798845

SHA256
c3015f0bcf78d288320ae673e5b467571c217f85626b4262f32b397badf05b0f

SHA512
1b2c0d40029c08920c3cd61ae78093fc06912d92c321c7529217ca426cd2a57cbd601709a2af6a2b28ccc88a8e4979417b606af716fba638cbf13e8d45a4b14e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\prefs-1.js

Filesize
6KB

MD5
83e439e8e44ab3a15c8e3ecd20b378dc

SHA1
7817415a1edfa7fa1cedfa8985f0def881f86afd

SHA256
439f9b8151e4f9768afbc97ff2755db4e0ad840f74fe58a5e03d213ac5fad884

SHA512
c2c5e41398377dc5dadd913050b86996c4d79cd223c7a4916f9bc4faeacb4da3178a0fbb22c168ca951b2db095d696f34828197aeb527bca8728532db42ea247

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\prefs-1.js

Filesize
7KB

MD5
48f36e2bdd5c802a08237507af9a5e24

SHA1
b91a7a86f267b444302c5ed85c38d4e317733871

SHA256
fd0575e8c29f71fc68fccaa4927292db84091b656fe231ef5077fb6e15292ae5

SHA512
eef760c6fba73528c3e8d590e85d0a7af1eb7bc270021a798cbab27189cf1dd3880bb64fd3a360dbdd14d25e878622afb4a4acc94bd0cc55471b9eb6c20b511c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
25e0a1eb56b040c2fa400e8ea7932cd7

SHA1
c1896f5044f9d1af6724655486893e10cae60740

SHA256
3b0f4dd1d766a485b3f18f654549963c26122b5630188cf259f9b3b6b704139c

SHA512
4d8dfb9a9f905f4d8a771cf11dee29a9b8cc85417f60915f8caa93ad7550a7a9ac26ac39abf87ac4fa621a633e155118074ae6573f963bf135fac0fc1ebfa2f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
812088d6be162849ff59784e3c8da061

SHA1
ea2772639e429abdf68518b46685a847a91cca5f

SHA256
5bd2230cbfd3d6a7ddee7b52cc77dd7146ce80d6a3faff3f7065fe4dc4f784c6

SHA512
65be1626b5b0b0556fcb587e30df3ecc8eb269334c6ce7a59329c7ca26232b774e4b46d793652ffbb353d98a7e3fe0c5e11e3ce70eda6cd5adc151262f0541b7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
47253fe57bd4b97b057522b6981db459

SHA1
bc48745f5c2d21ba3046e11e8329af5270bd611e

SHA256
0c48f7ad9b9790fb0b89ab8133e16c4717e170b17aa143cf07167fd0096d79ab

SHA512
1df3c0754cebeda5575661ac9fda18494a603b4ffeaf8f6388469d134999d072bac92890cf566b0e64ad494b396c8f4df3208ce03662130c3d9e8b17ff59bfa5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
b0b887eb993b315bbb93e85f38e40814

SHA1
0b3e5d4983acb210fb4ad016325525401a507c4d

SHA256
8acd2aca953c40527ce80848315f7da30e7ba852e44b54c4466418421258f016

SHA512
b3f85e0195e6f0174a2907af4b27addeb68520f4642ba715945e8b781900b1a4003b6e70fde2bf42ebcfb45f768f88daeec410ec7793fb35e6c2e7141f244b25

Download Submit
memory/4688-21-0x00000220C8D80000-0x00000220C8D93000-memory.dmp

Filesize
76KB

Download
memory/4688-18-0x00000644A0060000-0x00000644A00B6000-memory.dmp

Filesize
344KB

Download
memory/4688-54-0x00000220E9490000-0x00000220E94BF000-memory.dmp

Filesize
188KB

Download
memory/4688-69-0x00000220EB930000-0x00000220EBE37000-memory.dmp

Filesize
5.0MB

Download
memory/4688-72-0x00000220EB4D0000-0x00000220EB57B000-memory.dmp

Filesize
684KB

Download
memory/4688-97-0x00007FFA46900000-0x00007FFA46E10000-memory.dmp

Filesize
5.1MB

Download
memory/4688-66-0x00000220EB350000-0x00000220EB36F000-memory.dmp

Filesize
124KB

Download
memory/4688-60-0x00000220E9380000-0x00000220E9387000-memory.dmp

Filesize
28KB

Download
memory/4688-63-0x00000220EB390000-0x00000220EB3C1000-memory.dmp

Filesize
196KB

Download
memory/4688-51-0x00000644A0160000-0x00000644A031B000-memory.dmp

Filesize
1.7MB

Download
memory/4688-48-0x00000220E9390000-0x00000220E93A3000-memory.dmp

Filesize
76KB

Download
memory/4688-57-0x00000220EB080000-0x00000220EB0CE000-memory.dmp

Filesize
312KB

Download
memory/4688-42-0x00000220E9450000-0x00000220E9486000-memory.dmp

Filesize
216KB

Download
memory/4688-45-0x00000220EB040000-0x00000220EB07B000-memory.dmp

Filesize
236KB

Download
memory/4688-39-0x00000220EB0D0000-0x00000220EB14D000-memory.dmp

Filesize
500KB

Download
memory/4688-24-0x00000220E93D0000-0x00000220E9416000-memory.dmp

Filesize
280KB

Download
memory/4688-27-0x00000220C8D60000-0x00000220C8D79000-memory.dmp

Filesize
100KB

Download
memory/4688-36-0x00000220C8DA0000-0x00000220C8DA7000-memory.dmp

Filesize
28KB

Download
memory/4688-30-0x00000220E9420000-0x00000220E9445000-memory.dmp

Filesize
148KB

Download
memory/4688-33-0x00000220E94C0000-0x00000220E9526000-memory.dmp

Filesize
408KB

Download
memory/4688-15-0x00000644A0020000-0x00000644A002A000-memory.dmp

Filesize
40KB

Download
memory/4688-12-0x0000000140010000-0x0000000140027000-memory.dmp

Filesize
92KB

Download
memory/4688-11-0x00007FFA46900000-0x00007FFA46E10000-memory.dmp

Filesize
5.1MB

Download
memory/4688-6-0x000006448A000000-0x000006448A8F5000-memory.dmp

Filesize
9.0MB

Download