09976fd76ae40a608f424655cda82b2be77c426c88ea95af78378b47630397bf

Resubmissions

12-02-2024 22:31

240212-2fvlysdd8z 10

12-02-2024 22:25

240212-2bzecadc9x 10

Analysis

max time kernel
149s
max time network
154s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12-02-2024 22:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LastActivityView.exe
Size

130KB
MD5

f27a284ef9b018cdd2a98a7b78ccdcb3
SHA1

67e260b11e6227c18cae8925b4f6899103c607f2
SHA256

af86dc3f76d39b67b967a3b714e9e70ed43eec8d3871e9691cb45d84372b53fb
SHA512

9a8811f13517748539308a70933b126a3348407f397bf30f903019379f927532c64015853b94acf21bdbc554d638a0265d4394d026e289103db06fe93fe5524b
SSDEEP

3072:5e69eWHZXp1nPDhhloZqX6EsSiEF4Gw1aqL1p7BZ5CJ/:5e/+1nrhPKqX6EsS94H8B

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2812	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2812	vlc.exe
2288	LastActivityView.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeBackupPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeBackupPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeBackupPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe
Token: SeSecurityPrivilege	2288	LastActivityView.exe

Suspicious use of FindShellTrayWindow 22 IoCs

pid	Process
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2288	LastActivityView.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe

Suspicious use of SendNotifyMessage 19 IoCs

pid	Process
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2812	vlc.exe
1544	mspaint.exe
1544	mspaint.exe
1544	mspaint.exe
1544	mspaint.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1716 wrote to memory of 2248	1716	firefox.exe	35
PID 1716 wrote to memory of 2248	1716	firefox.exe	35
PID 1716 wrote to memory of 2248	1716	firefox.exe	35
PID 1716 wrote to memory of 2248	1716	firefox.exe	35
PID 1716 wrote to memory of 2248	1716	firefox.exe	35
PID 1716 wrote to memory of 2248	1716	firefox.exe	35
PID 1716 wrote to memory of 2248	1716	firefox.exe	35
PID 1716 wrote to memory of 2248	1716	firefox.exe	35
PID 1716 wrote to memory of 2248	1716	firefox.exe	35
PID 1716 wrote to memory of 2248	1716	firefox.exe	35
PID 1716 wrote to memory of 2248	1716	firefox.exe	35
PID 1716 wrote to memory of 2248	1716	firefox.exe	35
PID 2248 wrote to memory of 2904	2248	firefox.exe	36
PID 2248 wrote to memory of 2904	2248	firefox.exe	36
PID 2248 wrote to memory of 2904	2248	firefox.exe	36
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 108	2248	firefox.exe	37
PID 2248 wrote to memory of 2216	2248	firefox.exe	38
PID 2248 wrote to memory of 2216	2248	firefox.exe	38
PID 2248 wrote to memory of 2216	2248	firefox.exe	38
PID 2248 wrote to memory of 2216	2248	firefox.exe	38
PID 2248 wrote to memory of 2216	2248	firefox.exe	38

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe
"C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2288

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UndoExit.3gpp"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2812

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\EnableAssert.wmf"
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:1544

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1716
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2248.0.517771325\1033545061" -parentBuildID 20221007134813 -prefsHandle 1232 -prefMapHandle 1220 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2641e3f6-3a68-42b2-893f-6b99c3ec90db} 2248 "\\.\pipe\gecko-crash-server-pipe.2248" 1296 14004158 gpu
    3⤵
    PID:2904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2248.1.260945942\1827216077" -parentBuildID 20221007134813 -prefsHandle 1472 -prefMapHandle 1468 -prefsLen 20830 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d037419-4a03-4280-ac15-e8eb0e044f3e} 2248 "\\.\pipe\gecko-crash-server-pipe.2248" 1500 e72258 socket
    3⤵
    PID:108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2248.2.1930719327\2088941236" -childID 1 -isForBrowser -prefsHandle 2104 -prefMapHandle 2100 -prefsLen 20868 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d702327-1e85-470c-be01-d97a1b10cd5a} 2248 "\\.\pipe\gecko-crash-server-pipe.2248" 2116 1a174058 tab
    3⤵
    PID:2216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2248.3.929649879\619179544" -childID 2 -isForBrowser -prefsHandle 2456 -prefMapHandle 1732 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86643335-76f5-4950-a38a-9c6b58cb3cc3} 2248 "\\.\pipe\gecko-crash-server-pipe.2248" 2472 e5e858 tab
    3⤵
    PID:2616
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2248.4.1171103253\965270156" -childID 3 -isForBrowser -prefsHandle 3064 -prefMapHandle 3060 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cff4d0f-498b-466c-a85b-41a15aa7d99d} 2248 "\\.\pipe\gecko-crash-server-pipe.2248" 3088 1499e858 tab
    3⤵
    PID:2220
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2248.5.1064688834\1651810082" -childID 4 -isForBrowser -prefsHandle 3848 -prefMapHandle 3852 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {29fe369d-674f-4dcc-9a14-c716665e78dc} 2248 "\\.\pipe\gecko-crash-server-pipe.2248" 3864 17ff9258 tab
    3⤵
    PID:2380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2248.6.113685842\1237211728" -childID 5 -isForBrowser -prefsHandle 3864 -prefMapHandle 3980 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d1eb4ed-c37b-4864-b83a-d70581ea6320} 2248 "\\.\pipe\gecko-crash-server-pipe.2248" 3968 17ff9858 tab
    3⤵
    PID:1168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2248.7.2140399619\1821972940" -childID 6 -isForBrowser -prefsHandle 4156 -prefMapHandle 4160 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8776959c-a8c3-4617-bb72-b5009949d6cc} 2248 "\\.\pipe\gecko-crash-server-pipe.2248" 4148 17ffa458 tab
    3⤵
    PID:2456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2248.8.1847347165\1231640591" -childID 7 -isForBrowser -prefsHandle 4520 -prefMapHandle 4516 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d2d5214-5dec-4715-a57b-c9a641a45f58} 2248 "\\.\pipe\gecko-crash-server-pipe.2248" 4532 2114dd58 tab
    3⤵
    PID:1096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
72a1a1999af7daaa947b1fa6c340cc87

SHA1
e3b20ecc4c155b921e29f71e8e183172ff134323

SHA256
b538f3b188bdd521740f1f25b4a65f5c607f55e7c1f5d42eb36da95be1012abd

SHA512
9a54de94117dc0f9a2a1cf92aa9edf05b6fbe79e3ace867ce24437a0ff45673f1c47379e900a96d8b14ce0f1803b502624a35b2d2dd4d19c3db9e99db05e1e93

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\datareporting\glean\pending_pings\83277580-b2c1-4fa8-88f0-b27b84a161a0

Filesize
12KB

MD5
0282992358c60ce14c2e356bccd58879

SHA1
e1c91b6671936ba39e76469e9872513448c74292

SHA256
1e849bcf3d75d1f86f2fb363a06c4cd45e18285fdf8799c2d500a042c029b916

SHA512
8f577a391b386e669e259f403c31ff1642792c436578453cb9a3ff24e8caa2c8ddc2d1e8712794769792e7894dee68d3cf99e3d37669bbf80fe1448d4fc5a052

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\datareporting\glean\pending_pings\a522ae0a-9fc2-4452-9e3c-584255e7e9a8

Filesize
745B

MD5
d227ad289873b93aa8104e01aff3be5e

SHA1
0f5ac97057c0a408792402768a2ee0cf627eb084

SHA256
2072f8add5177f6a42db3a4f88a40be8fa20bf3136bc9dbaf554b2dd5d83d5de

SHA512
df7bb1ed692fed4e211da304652c64de6ac652d86957ad1ce898df4b75062ab4cbed94a2aa7fc307d159056399171ddea058209e0c6f6539ebf29f44b0e9e2ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\prefs-1.js

Filesize
6KB

MD5
cf5e98c531fdf0b44dc650cd3f11dc64

SHA1
7aea0bb413bfded6a07490725588beee64c54965

SHA256
fb59abdf792ffe5a7f357bee2f225b09b824fb22762dc31dcea18578631340a2

SHA512
c04e3bfae226066260727bb771b622e4b21821482507308c6216f09d5538c194b9d122abde2c508038d96dcd4d185c311f1975d51f7f046ee16c724def33cbe0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\prefs-1.js

Filesize
6KB

MD5
4585312def246f5cc4d0dc834119104c

SHA1
514f595d1d7dfc77fec5f286206fcae8744d8004

SHA256
b556bb2d567f7cf95c63c8b8d19dd95287cbfe0503c5020aa4d78e9e210a00a5

SHA512
5cb33e7a497c02d3f97068247878131e8856969e51b85936f21201e142d144649f881a51cfb64f199147b0c2a334485a7f9390055582f53a551ef90235f18776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
b53f6bd0f80682a9e11cc6cbb0a33b25

SHA1
e673d1d67bf080099e807a7c8fe7fb16939d3bfd

SHA256
18ce973395b9e4d4d19c520b804460203c5bec21e2e39d942fec2127e46051c9

SHA512
eb97c098d7949c41ff7d63977de963b59dd0b0d832645c436f26e89822fd4ffd1e7697a6eb0dac1a8fb9956b2471c384cc493ca6e9883359f4e95ecda7dd4e21

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
9cce6656c34f66ac66e60f936bb5d436

SHA1
95b8489d9689a2405ad63246755f8fd4900811ea

SHA256
797c91d015d2446b6a6e4c804dd029be50f27202a054bf2b4f48b007a9f50945

SHA512
a28239bef7bbee4ea655d006c14eee9e5e063cc8e017d9e6c61fa45538de2aafd14cd7dc526c962d8e85d73e62eebaa9a2578eefe8ab421e58cdb47c7bcb01bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
8f9cb5d3287ff7f15fdb0c9b2b889cb2

SHA1
064d9b7770b74b2333518dc77f126435e0df7c29

SHA256
9c2a8b7d0364da71a68ae078a76caf5991f8aacd32e4832a7dcec56e59cb1447

SHA512
a012bdc54051dd1d2386c13c2ca5093569fc9ea72c9070b6f706aff9e4eaffeb91af3c422f27f48cf697ed1594a30b3e905b08ff0a2ff6dfc943b98bfb692ca3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2KB

MD5
36770a68d215811205a9a3d9939bcec4

SHA1
62269b699014924d5bbebaa0e6db0f9fd2f142f1

SHA256
bbbbd86f070fcc3240069d966481a90e684b49df8e8d26fde6ec65bb69f286f8

SHA512
6f070945087f526ba7b17483154411950bf7d0dd631e5c0067e40647ac76f2bbf0196e874d5d43dddbb777d6ee14d0cc4c8962f437f0e99bc04d1c628fee3019

Download Submit
memory/1544-257-0x000007FEFAEA0000-0x000007FEFAEEC000-memory.dmp

Filesize
304KB

Download
memory/1544-258-0x0000000001BF0000-0x0000000001BF1000-memory.dmp

Filesize
4KB

Download
memory/1544-259-0x000007FEFAEA0000-0x000007FEFAEEC000-memory.dmp

Filesize
304KB

Download
memory/2812-51-0x000007FEF44B0000-0x000007FEF450C000-memory.dmp

Filesize
368KB

Download
memory/2812-35-0x000007FEF6350000-0x000007FEF63B7000-memory.dmp

Filesize
412KB

Download
memory/2812-18-0x000007FEF77E0000-0x000007FEF77F1000-memory.dmp

Filesize
68KB

Download
memory/2812-17-0x000007FEFAFE0000-0x000007FEFAFF7000-memory.dmp

Filesize
92KB

Download
memory/2812-16-0x000007FEFB050000-0x000007FEFB068000-memory.dmp

Filesize
96KB

Download
memory/2812-15-0x000007FEF5C80000-0x000007FEF5F34000-memory.dmp

Filesize
2.7MB

Download
memory/2812-26-0x000007FEF49D0000-0x000007FEF5A7B000-memory.dmp

Filesize
16.7MB

Download
memory/2812-29-0x000007FEF68E0000-0x000007FEF68F1000-memory.dmp

Filesize
68KB

Download
memory/2812-30-0x000007FEF68C0000-0x000007FEF68D1000-memory.dmp

Filesize
68KB

Download
memory/2812-31-0x000007FEF68A0000-0x000007FEF68BB000-memory.dmp

Filesize
108KB

Download
memory/2812-34-0x000007FEF6830000-0x000007FEF6860000-memory.dmp

Filesize
192KB

Download
memory/2812-37-0x000007FEF6810000-0x000007FEF6821000-memory.dmp

Filesize
68KB

Download
memory/2812-38-0x000007FEF4970000-0x000007FEF49C6000-memory.dmp

Filesize
344KB

Download
memory/2812-41-0x000007FEF4920000-0x000007FEF4937000-memory.dmp

Filesize
92KB

Download
memory/2812-44-0x000007FEF48B0000-0x000007FEF48C2000-memory.dmp

Filesize
72KB

Download
memory/2812-47-0x000007FEF4840000-0x000007FEF4852000-memory.dmp

Filesize
72KB

Download
memory/2812-48-0x000007FEF4700000-0x000007FEF483B000-memory.dmp

Filesize
1.2MB

Download
memory/2812-46-0x000007FEF4860000-0x000007FEF4873000-memory.dmp

Filesize
76KB

Download
memory/2812-45-0x000007FEF4880000-0x000007FEF48A1000-memory.dmp

Filesize
132KB

Download
memory/2812-43-0x000007FEF48D0000-0x000007FEF48E1000-memory.dmp

Filesize
68KB

Download
memory/2812-42-0x000007FEF48F0000-0x000007FEF4913000-memory.dmp

Filesize
140KB

Download
memory/2812-40-0x000007FEF4940000-0x000007FEF4964000-memory.dmp

Filesize
144KB

Download
memory/2812-49-0x000007FEF46D0000-0x000007FEF46FC000-memory.dmp

Filesize
176KB

Download
memory/2812-39-0x000007FEF62B0000-0x000007FEF62D8000-memory.dmp

Filesize
160KB

Download
memory/2812-50-0x000007FEF4510000-0x000007FEF46C2000-memory.dmp

Filesize
1.7MB

Download
memory/2812-52-0x000007FEF4490000-0x000007FEF44A1000-memory.dmp

Filesize
68KB

Download
memory/2812-22-0x000007FEF5A80000-0x000007FEF5C80000-memory.dmp

Filesize
2.0MB

Download
memory/2812-54-0x000007FEF43D0000-0x000007FEF43E2000-memory.dmp

Filesize
72KB

Download
memory/2812-53-0x000007FEF43F0000-0x000007FEF4487000-memory.dmp

Filesize
604KB

Download
memory/2812-36-0x000007FEF62E0000-0x000007FEF634F000-memory.dmp

Filesize
444KB

Download
memory/2812-55-0x000007FEF4190000-0x000007FEF43C1000-memory.dmp

Filesize
2.2MB

Download
memory/2812-19-0x000007FEF77C0000-0x000007FEF77D7000-memory.dmp

Filesize
92KB

Download
memory/2812-56-0x000007FEF4070000-0x000007FEF4182000-memory.dmp

Filesize
1.1MB

Download
memory/2812-60-0x000007FEF3F70000-0x000007FEF3FD1000-memory.dmp

Filesize
388KB

Download
memory/2812-62-0x000007FEF3F30000-0x000007FEF3F42000-memory.dmp

Filesize
72KB

Download
memory/2812-61-0x000007FEF3F50000-0x000007FEF3F61000-memory.dmp

Filesize
68KB

Download
memory/2812-59-0x000007FEF3FE0000-0x000007FEF3FF1000-memory.dmp

Filesize
68KB

Download
memory/2812-58-0x000007FEF4000000-0x000007FEF4025000-memory.dmp

Filesize
148KB

Download
memory/2812-63-0x000007FEF3F10000-0x000007FEF3F23000-memory.dmp

Filesize
76KB

Download
memory/2812-64-0x000007FEF3E70000-0x000007FEF3F0F000-memory.dmp

Filesize
636KB

Download
memory/2812-65-0x000007FEF3E50000-0x000007FEF3E61000-memory.dmp

Filesize
68KB

Download
memory/2812-66-0x000007FEF3D40000-0x000007FEF3E42000-memory.dmp

Filesize
1.0MB

Download
memory/2812-71-0x000007FEF3CA0000-0x000007FEF3CB8000-memory.dmp

Filesize
96KB

Download
memory/2812-72-0x000007FEF3C80000-0x000007FEF3C96000-memory.dmp

Filesize
88KB

Download
memory/2812-70-0x000007FEF3CC0000-0x000007FEF3CD2000-memory.dmp

Filesize
72KB

Download
memory/2812-76-0x000007FEF3BF0000-0x000007FEF3C01000-memory.dmp

Filesize
68KB

Download
memory/2812-75-0x000007FEF3C10000-0x000007FEF3C21000-memory.dmp

Filesize
68KB

Download
memory/2812-74-0x000007FEF3C30000-0x000007FEF3C42000-memory.dmp

Filesize
72KB

Download
memory/2812-73-0x000007FEF3C50000-0x000007FEF3C79000-memory.dmp

Filesize
164KB

Download
memory/2812-69-0x000007FEF3CE0000-0x000007FEF3CF1000-memory.dmp

Filesize
68KB

Download
memory/2812-68-0x000007FEF3D00000-0x000007FEF3D11000-memory.dmp

Filesize
68KB

Download
memory/2812-67-0x000007FEF3D20000-0x000007FEF3D31000-memory.dmp

Filesize
68KB

Download
memory/2812-23-0x000007FEF69B0000-0x000007FEF69C1000-memory.dmp

Filesize
68KB

Download
memory/2812-24-0x000007FEF6970000-0x000007FEF69AF000-memory.dmp

Filesize
252KB

Download
memory/2812-25-0x000007FEF6940000-0x000007FEF6961000-memory.dmp

Filesize
132KB

Download
memory/2812-20-0x000007FEF77A0000-0x000007FEF77B1000-memory.dmp

Filesize
68KB

Download
memory/2812-21-0x000007FEF7780000-0x000007FEF779D000-memory.dmp

Filesize
116KB

Download
memory/2812-13-0x000000013F550000-0x000000013F648000-memory.dmp

Filesize
992KB

Download
memory/2812-14-0x000007FEFAEB0000-0x000007FEFAEE4000-memory.dmp

Filesize
208KB

Download
memory/2812-57-0x000007FEF4030000-0x000007FEF4065000-memory.dmp

Filesize
212KB

Download
memory/2812-33-0x000007FEF6860000-0x000007FEF6878000-memory.dmp

Filesize
96KB

Download
memory/2812-32-0x000007FEF6880000-0x000007FEF6891000-memory.dmp

Filesize
68KB

Download
memory/2812-28-0x000007FEF6900000-0x000007FEF6911000-memory.dmp

Filesize
68KB

Download
memory/2812-27-0x000007FEF6920000-0x000007FEF6938000-memory.dmp

Filesize
96KB

Download