trickbot | a1dd74d7301bf8d504449071142c81113bcd4d0c88fee46e7bacf550495a72bc

Resubmissions

04/02/2024, 06:32

240204-ha3wlabef8 10

04/02/2024, 06:29

04/02/2024, 06:26

01/02/2024, 22:12

01/02/2024, 21:43

01/02/2024, 18:25

Analysis

max time kernel
149s
max time network
158s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
04/02/2024, 06:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

87936f0b8f079c7f722ab91029cc3f8a.dll
Size

462KB
MD5

87936f0b8f079c7f722ab91029cc3f8a
SHA1

3e6a4041ed2be36ef85ccde8f170b75607887dfe
SHA256

a1dd74d7301bf8d504449071142c81113bcd4d0c88fee46e7bacf550495a72bc
SHA512

fbda002b393bf96b1c338a960c7694fa63ff97860bb5a9e7fe37d887d56243b0568d4b63cebc1e7079fd8ca2f4d9ab67f3c53d6b5bd0532f6b141f9bb9ed9a79
SSDEEP

6144:7bVPXLakbTqht5o+nKivd8Z4sPYwp4KltOzlZRMCKy6fcWWHDecHAI3C+8hkBt:db4DmavdW4svpLtmRlKMHDuIyct

Score

10^/10

trickbot zev4 banker trojan

Malware Config

Extracted

Family

trickbot

Version

2000031

Botnet

zev4

14.232.161.45:443

118.173.233.64:443

41.57.156.203:443

45.239.234.2:443

45.201.136.3:443

177.10.90.29:443

185.17.105.236:443

91.237.161.87:443

185.189.55.207:443

186.225.119.170:443

143.0.208.20:443

222.124.16.74:443

220.82.64.198:443

200.236.218.62:443

178.216.28.59:443

45.239.233.131:443

196.216.59.174:443

119.202.8.249:443

82.159.149.37:443

49.248.217.170:443

Attributes

autorun
Name:pwgrabb
Name:pwgrabc

ecc_pubkey.base64

Signatures

Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
trojan banker trickbot

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	3480	firefox.exe
Token: SeDebugPrivilege	3480	firefox.exe
Token: SeDebugPrivilege	2868	wermgr.exe
Token: SeDebugPrivilege	3480	firefox.exe
Token: SeDebugPrivilege	3480	firefox.exe
Token: SeDebugPrivilege	3480	firefox.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3480	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3756 wrote to memory of 4852	3756	regsvr32.exe	79
PID 3756 wrote to memory of 4852	3756	regsvr32.exe	79
PID 3756 wrote to memory of 4852	3756	regsvr32.exe	79
PID 4852 wrote to memory of 2868	4852	regsvr32.exe	81
PID 4852 wrote to memory of 2868	4852	regsvr32.exe	81
PID 4852 wrote to memory of 2868	4852	regsvr32.exe	81
PID 4852 wrote to memory of 2868	4852	regsvr32.exe	81
PID 3452 wrote to memory of 3480	3452	firefox.exe	85
PID 3452 wrote to memory of 3480	3452	firefox.exe	85
PID 3452 wrote to memory of 3480	3452	firefox.exe	85
PID 3452 wrote to memory of 3480	3452	firefox.exe	85
PID 3452 wrote to memory of 3480	3452	firefox.exe	85
PID 3452 wrote to memory of 3480	3452	firefox.exe	85
PID 3452 wrote to memory of 3480	3452	firefox.exe	85
PID 3452 wrote to memory of 3480	3452	firefox.exe	85
PID 3452 wrote to memory of 3480	3452	firefox.exe	85
PID 3452 wrote to memory of 3480	3452	firefox.exe	85
PID 3452 wrote to memory of 3480	3452	firefox.exe	85
PID 3480 wrote to memory of 4824	3480	firefox.exe	86
PID 3480 wrote to memory of 4824	3480	firefox.exe	86
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87
PID 3480 wrote to memory of 4964	3480	firefox.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\87936f0b8f079c7f722ab91029cc3f8a.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3756
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\87936f0b8f079c7f722ab91029cc3f8a.dll
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4852
- - C:\Windows\system32\wermgr.exe
    C:\Windows\system32\wermgr.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2868

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3452
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3480.0.437611720\727379098" -parentBuildID 20221007134813 -prefsHandle 1808 -prefMapHandle 1800 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d09a57e8-b89b-499f-87dd-45611bab26e7} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" 1900 22e18ed7458 gpu
    3⤵
    PID:4824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3480.1.1780640618\562286980" -parentBuildID 20221007134813 -prefsHandle 2264 -prefMapHandle 2248 -prefsLen 20783 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b80c395d-db33-4cff-be52-7bbbb6384a58} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" 2280 22e18dfa258 socket
    3⤵
    PID:4964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3480.2.161805388\396778126" -childID 1 -isForBrowser -prefsHandle 3000 -prefMapHandle 3016 -prefsLen 20821 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {db26d74a-f8f4-4a59-8cce-96d5fbc149ac} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" 3076 22e1e1abf58 tab
    3⤵
    PID:4728
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3480.3.18329153\440541434" -childID 2 -isForBrowser -prefsHandle 3492 -prefMapHandle 3488 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2945b15-b612-4d7a-8d6f-40d503b6170b} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" 3504 22e1b736f58 tab
    3⤵
    PID:2180
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3480.4.1689469559\1705319629" -childID 3 -isForBrowser -prefsHandle 4572 -prefMapHandle 4568 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63268181-417e-4b80-ad7b-550f4be83413} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" 4552 22e1ff14058 tab
    3⤵
    PID:3220
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3480.7.1417943651\1308865591" -childID 6 -isForBrowser -prefsHandle 5308 -prefMapHandle 5312 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0cbc03b5-f5e6-4e6c-b4fa-6d4ba1a77ad9} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" 5300 22e20654758 tab
    3⤵
    PID:512
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3480.6.542373506\1832007245" -childID 5 -isForBrowser -prefsHandle 5112 -prefMapHandle 5116 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5bc06163-8d74-4178-8c93-c1876aef2454} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" 4996 22e202dd258 tab
    3⤵
    PID:1920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3480.5.1683236329\1856953872" -childID 4 -isForBrowser -prefsHandle 4964 -prefMapHandle 4960 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e366f36c-ebb5-40ec-a307-f31f0c5beb6d} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" 4976 22e1e77c558 tab
    3⤵
    PID:4084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3480.8.1443909698\310274791" -childID 7 -isForBrowser -prefsHandle 3260 -prefMapHandle 2756 -prefsLen 26469 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30ab0ea6-3900-4df8-bf7b-dd00dd897ecd} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" 2728 22e20642c58 tab
    3⤵
    PID:2340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3480.9.1235077082\2129852539" -childID 8 -isForBrowser -prefsHandle 6004 -prefMapHandle 5988 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {832926d5-768a-4de9-870b-da5137e9793d} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" 6036 22e22636858 tab
    3⤵
    PID:4684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3480.10.919933555\127055180" -childID 9 -isForBrowser -prefsHandle 6344 -prefMapHandle 6356 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c8f9951-2c9c-45df-b43e-38e548057b5f} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" 6364 22e22a77558 tab
    3⤵
    PID:1052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3480.11.1205475347\1821272422" -parentBuildID 20221007134813 -prefsHandle 6772 -prefMapHandle 6768 -prefsLen 26723 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {09132d6e-43ad-48f0-a1f2-1212a5d4cbc1} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" 6784 22e22a18458 rdd
    3⤵
    PID:4492
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3480.12.180888993\2066382849" -childID 10 -isForBrowser -prefsHandle 6808 -prefMapHandle 6804 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2acb8953-4837-4bb4-bd65-436f99077156} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" 6912 22e22a19c58 tab
    3⤵
    PID:2028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3480.13.990796060\984016012" -childID 11 -isForBrowser -prefsHandle 5112 -prefMapHandle 5180 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9cab5c8f-19a1-4e46-9af8-300b85eaf4f9} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" 5292 22e23b64f58 tab
    3⤵
    PID:3324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\60flkfpx.default-release\cache2\doomed\14583

Filesize
15KB

MD5
8e82580646f3e8095c89000cada980f3

SHA1
84b854ff6d58ccb631645e58cf67e65365d36598

SHA256
c50757b503e8a8631eb3def7ac8924fc748c65054cfb05d8f36e607ca6ae0297

SHA512
7d4762d89645cdcb4ded275cae85b4697564c8e74a737d17b3db0284b7978935663bd2fbbd35dcf58d3d9ad82fec483f06b3c10eba45625d284542db595098e3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\60flkfpx.default-release\cache2\doomed\5598

Filesize
10KB

MD5
783b6ce08a683a35774bab4be202b9a8

SHA1
3ba23c5ca8da7fa9b4183f7cff1728cccfaae214

SHA256
a5add64b3a92502b7b4b5ba0e40ebc69981ca9896f2bab06b10dbfba0d6ebf4a

SHA512
af59fa0ed4c1ea1dde2dac7bc8cd26bf86d6a36fbe2aefe225a5fe948ff993520ab2a6d232965bff3df099c14e14aefca3ec31b1f5bf8930945bcade63996a41

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\60flkfpx.default-release\cache2\entries\04E7EBA40D7FD7317637A9111BC5467D9D51BEDA

Filesize
1.0MB

MD5
3d89d4faae6300a218c272c5447804e1

SHA1
925436531e2855e2dd25d9460a62098a7a789ff9

SHA256
4bea7982d8afb8f2dabe33993cc5fe17cf20a24f1d462e446339a53a384a1cca

SHA512
469846b2a337b5abd5bfa5c26b0ced4cd7cf8a2362a7cf2a11d3f9faf827bb251cd716ded296f0048dc7a6bf2bcb200180b8c58379b2340a12cac2dee8692c80

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\60flkfpx.default-release\cache2\entries\12B8630BF13E8F93FF43B7FAA67C5703F564C66B

Filesize
1.0MB

MD5
7d9f9c51584f290ae91e2daf6fb54db5

SHA1
ceb4d267098167a62c1e95c2fb2c0dc47b13d637

SHA256
363c2e788d614cadc218671509b88fe8fbb45acbab16b82e99a3176897d165d7

SHA512
aa3d005c725e62269290e9ddc00281e68820043751019c2bc161426ca3dac1a9caeafb6fc3b73891d1feb70171318b5cbc9b5f778ca9cb8216045b3ab5fd04c2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\60flkfpx.default-release\cache2\entries\CE83C85D442AC2077542659C44E815F2AADD2638

Filesize
57KB

MD5
cd718de62e9b830c46f89e49f670d1d0

SHA1
ca8f2169b2ac8453d20f1aa95ee06124de70027e

SHA256
5fda39418e3c4ef2c3a093e428c935152953c3e8022c923b23c6559c3155e491

SHA512
ec35a4bd7ffceb7f5b34da1ec63949688809b29b887d6f13d0699e6778beeadf4c28489b14c15de53c0bfec3e9ee140c49ba4a8d86c34508b41d3178333e02b1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\60flkfpx.default-release\cache2\entries\EEFE6F94EE3532D6DAED4D54CC20795BDF32F079

Filesize
567KB

MD5
d48ccd7ecd38875ef105afd16f6fe6d2

SHA1
73dd43a3c774ec984dce8881efcf804c1771884c

SHA256
646f74db273d94071f722b0072007cb6a0d166e916ac8b5d00a459e3cd2917e0

SHA512
2bc0210a47e60435d3698704891c5562bcc57e40b1be95383a088ee61f4c7aa3c1647b4ef6d724c7d95d5b65e93c1689755741e938ba4d494a44736fe42156a5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\60flkfpx.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
4f1864dabf70119e145c5f8e7f381b15

SHA1
25278ed6c2f0f4ef34405402050b3d1eea51e135

SHA256
bf3dd1e1184ce86bc511510f4aadf805fc4e8eb402295f4713b2fdca2da2cc0a

SHA512
d3574f109af05f6822cde6b9e7df24af834b5fd3617c416eb4ef3e046241d8c07894b959ddfb06c81585318ce680406bad503e4fd751f3fe310df15a1b743a8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\60flkfpx.default-release\datareporting\glean\pending_pings\6c8761d9-455d-4876-8329-6914a39ecc65

Filesize
11KB

MD5
c0d140c51506cad4ea15f8a04c79bd08

SHA1
ef654dc87b97e975120221e3742aeb05460f4102

SHA256
8f522f3819c79e9b0cfe4e60d2198ae5faff65589b4492c9007e5a3d21dcf9d9

SHA512
37e819bb2d7f54a4c5543b71d50763f1656b75ac1871b2e02f22b2c684deb78f2aa799cdfd322541b27d74ec965002efc8ad00b04b7b09150c2d794540d3f3d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\60flkfpx.default-release\datareporting\glean\pending_pings\a55f992f-168b-410e-a8c4-49bbbe4f6ee3

Filesize
746B

MD5
dcf46ee1f59276f28413fda959ff6094

SHA1
2abd1519aec654afac09b189a58aa303f342def0

SHA256
3e6fc72d32a7c0b515e4304997bfa7412c104491c827bcaccf614c9b87288970

SHA512
981120f30c44ec74a67d49b38f2476532189ed732fdbe9b512208038efafcb3bd308f6190f32db46ea01265a793c6b8c8909c3e21840423ba6318e357b653f13

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\60flkfpx.default-release\prefs-1.js

Filesize
6KB

MD5
87d46ba1fd1e1c9e0fcb866ccf347cdb

SHA1
fb0449c243d5ebd98848b1c2c506005e97dfe4b2

SHA256
69feafa38c6bc52de4868ddda3a49278f9747ea6ae484c502140df2601325423

SHA512
3079eaa87df207c4c66a7fa351c76f7ec7ff8454c6f9f87e5b94fcda49779d264f88d078717b53155581c32b67635a939c097d25bf79d98763d78bc1a0125e7a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\60flkfpx.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1011B

MD5
a43ece0488e6b988c624e3b231d5dd74

SHA1
babe45e42e707ac6b4bc9759d86e40fadce3ea6c

SHA256
eb9781095f94f401967e3b76dce0a1dc638193b2997e8082e0947232c40eb8a1

SHA512
c658ba98e6d7a4b1440ff9db94cc618bad1be189fdd30762572db59d405b62689c4b4c9a25e8ccdee7dd2b78f1e0e55967eec2e95008446e5dd5a2761ff3b46d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\60flkfpx.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
b4e359ac2a56932f763a2cc290b188f1

SHA1
6aa0f2522ee241db7ba500539ce02da60c36d90b

SHA256
8b5dac1b566790e4bcda9c449cdd7a676c3afa693af9a63459705a94eb2a9617

SHA512
9625a8bbc09f68b4f97553dad1c14dbddeebb98c32a0adb361b470984cce5cb436cec62e893b2d2f6f494c47bb412aca5161f4375626082fa312dafa3dbbb091

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\60flkfpx.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
400467807ea3b28f606befc659a72f26

SHA1
fcea05800933371b8a83b4a60d56efdc195079b0

SHA256
43a71c1a98749f86531b68457e764d1398c7a8312507c8bc78e1841103e13de5

SHA512
06e0eec824376f95ae4c739f291cac69226b5eea7526e29d1dd70c16e960cbd201fbefd31b339e5283945ce4ca6243fd4727d3695b8b39d22f2555614028a00f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\60flkfpx.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
afeb3b92825c836df822af84c8b0c5ae

SHA1
dcd67252345d8870d6ebb478dc2fc7a20ec6c648

SHA256
e21a5d7fa94dd78f3c67b4dd51029e2662c8768f86a726948d72072d98d31bdf

SHA512
bdd4deeab87aaa0c953eeb01cc52738a8591d4cf8773d32d580f44add6da5545304019a83446ffd391ecbcb00538458b82cce0167f20e87576ce26fa6343cfaf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\60flkfpx.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
d5ea2a1602140141b2fb4cd24eae6a22

SHA1
3078bfa53ea0a0c3a56f65b05b334fd3022474fc

SHA256
b932e6ad0f84ebe0b9c2cc92f43b13a7ab5925743669030bf788f7824f4b8eb0

SHA512
96d95cc6c2b9c7eb22cdf9a898496b00d4001ee90bd457018518cd654fcd5713bc7e5f5622250519e937bd0d2207936a48360672a835b73b518c25904e364a53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\60flkfpx.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
9eb0ddc8ab9b15fa12705be2eb0700fe

SHA1
91cf5fc8e2802b7e7b88a583dab2ecc371011b8e

SHA256
08ede04f0b1d254532816ed77b9c1297e5b97b21cc0a7ee77f63dac24fc5ef63

SHA512
6766525763b08f5d868a1c3cca6c9c1773b6fe9ac0e94b82f82fdaff6c33a948e86f5af02cef5730c798ed632cb1cece1ebe80cb53eb5b63240746b1cce9995d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\60flkfpx.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
31130df2af7ee82bad32e71e7da3c291

SHA1
192737905a74469554551d599ca2673d862c180d

SHA256
6b365990a52a80d68572ff2799735e47b7d6d1ad460967e12bac16be66623c6d

SHA512
1eba22b764c5a90e1330106a1e14c9b6bed55ffec21d0199284d2a1c45b056b80032fc13298edfbd4e62c4f4bc4a52f15d3ea4c3501465591bb55f7d53334d0c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\60flkfpx.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
13KB

MD5
4320fb0359f1f0d8dbf7b1b0234ae77a

SHA1
fb2eb3c89d0ef7064499379ce78092e58155807d

SHA256
66d66e9755f8365512957024aad38974df5e658c14316bfdc5d309ed3d0e4a30

SHA512
40c30d43fe18fbe6e2204619a932e1eae7c5b62412c8d128136ff88348c131e5e84cf7378ad064f6192131c82b9c997a7bed8d545ec4808d1043c8eed4c6ac10

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\60flkfpx.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
b16764ba3d5c71ce2be64d785b2c5ed8

SHA1
cb30a6fb2a8bbeba6bd22e36c1bae6d9d50c6bc1

SHA256
c3fbdddd99610f87a9c8d7be2723a8bda11edd306537da0d68fb033e68ff9556

SHA512
ce496366f7adf1d3f2ce86645ae1d1c84998f86f9f91e1aa980175b6942b1ad4edaae1a17391771408e8396fe0f7cf5946c56961de5c40debcd1091be8a6020d

Download Submit
memory/2868-5-0x000001DCB8420000-0x000001DCB8421000-memory.dmp

Filesize
4KB

Download
memory/2868-4-0x000001DCB8320000-0x000001DCB8348000-memory.dmp

Filesize
160KB

Download
memory/2868-131-0x000001DCB8320000-0x000001DCB8348000-memory.dmp

Filesize
160KB

Download
memory/4852-0-0x0000000002820000-0x0000000002A7D000-memory.dmp

Filesize
2.4MB

Download
memory/4852-3-0x0000000010000000-0x0000000010003000-memory.dmp

Filesize
12KB

Download
memory/4852-2-0x00000000026F0000-0x00000000026F1000-memory.dmp

Filesize
4KB

Download
memory/4852-1-0x00000000026B0000-0x00000000026F0000-memory.dmp

Filesize
256KB

Download
memory/4852-94-0x00000000026B0000-0x00000000026F0000-memory.dmp

Filesize
256KB

Download