d5c3971bc68e05f1902bca8c6bb07fb179c7130370486bef310d9b7fa5e212bf

Analysis

max time kernel
151s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 07:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

test.bat
Size

5KB
MD5

bf2e2de0bbdf899b68c77344755eff6c
SHA1

41b137c3a162388b24841b8ed01d03a9f4bc4671
SHA256

d5c3971bc68e05f1902bca8c6bb07fb179c7130370486bef310d9b7fa5e212bf
SHA512

02cb243f0fbd911377012bd19b061c9e9b831c84a33123158309a2b91ea8dcd7bd88152bb7dbdd298590d49244733738cd2d5bf88cb1be1850245bac657ce68e
SSDEEP

96:U/FOIz23YEQpLuLpDqUmDsYW0LGMJi7sJEJxaJeJdHLgLxkp/FOIz23YEQpLuLp8:G23YEQpLuLpDq7QYfLGMV+jasHHLgLxK

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 41 IoCs

pid	Process
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2840	firefox.exe
Token: SeDebugPrivilege	2840	firefox.exe
Token: SeDebugPrivilege	3536	taskmgr.exe
Token: SeSystemProfilePrivilege	3536	taskmgr.exe
Token: SeCreateGlobalPrivilege	3536	taskmgr.exe

Suspicious use of FindShellTrayWindow 56 IoCs

pid	Process
2840	firefox.exe
2840	firefox.exe
2840	firefox.exe
2840	firefox.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe

Suspicious use of SendNotifyMessage 55 IoCs

pid	Process
2840	firefox.exe
2840	firefox.exe
2840	firefox.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe
3536	taskmgr.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2840	firefox.exe
2840	firefox.exe
2840	firefox.exe
2840	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3620 wrote to memory of 3568	3620	cmd.exe	93
PID 3620 wrote to memory of 3568	3620	cmd.exe	93
PID 3752 wrote to memory of 2840	3752	firefox.exe	109
PID 3752 wrote to memory of 2840	3752	firefox.exe	109
PID 3752 wrote to memory of 2840	3752	firefox.exe	109
PID 3752 wrote to memory of 2840	3752	firefox.exe	109
PID 3752 wrote to memory of 2840	3752	firefox.exe	109
PID 3752 wrote to memory of 2840	3752	firefox.exe	109
PID 3752 wrote to memory of 2840	3752	firefox.exe	109
PID 3752 wrote to memory of 2840	3752	firefox.exe	109
PID 3752 wrote to memory of 2840	3752	firefox.exe	109
PID 3752 wrote to memory of 2840	3752	firefox.exe	109
PID 3752 wrote to memory of 2840	3752	firefox.exe	109
PID 2840 wrote to memory of 5008	2840	firefox.exe	110
PID 2840 wrote to memory of 5008	2840	firefox.exe	110
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1900	2840	firefox.exe	111
PID 2840 wrote to memory of 1988	2840	firefox.exe	112

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\test.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3620
- C:\Windows\system32\rundll32.exe
  RUNDLL32 USER32.DLL,SwapMouseButton
  2⤵
  PID:3568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3956 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
1⤵
PID:4012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3752
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2840.0.826500131\136148180" -parentBuildID 20221007134813 -prefsHandle 1872 -prefMapHandle 1864 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7bfbcf9e-2539-4c22-96d8-6e46ddeb0fef} 2840 "\\.\pipe\gecko-crash-server-pipe.2840" 1964 1bff25d7058 gpu
    3⤵
    PID:5008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2840.1.886217059\784668586" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d14f360a-7f50-474d-897d-7b6c25474a32} 2840 "\\.\pipe\gecko-crash-server-pipe.2840" 2364 1bfe5b71058 socket
    3⤵
    PID:1900
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2840.2.616060566\865035745" -childID 1 -isForBrowser -prefsHandle 3320 -prefMapHandle 2968 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {059f2611-8baa-4a70-bbbd-b1753cc16070} 2840 "\\.\pipe\gecko-crash-server-pipe.2840" 3208 1bff65a6558 tab
    3⤵
    PID:1988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2840.3.1792109410\170562330" -childID 2 -isForBrowser -prefsHandle 3588 -prefMapHandle 3584 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b320fdcf-1641-484f-8e7c-4ab27e7d1cae} 2840 "\\.\pipe\gecko-crash-server-pipe.2840" 3596 1bfe5b62558 tab
    3⤵
    PID:844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2840.4.1299271077\383530777" -childID 3 -isForBrowser -prefsHandle 3924 -prefMapHandle 3920 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5af3e265-f70b-4000-bf81-e31a3bcd0cfb} 2840 "\\.\pipe\gecko-crash-server-pipe.2840" 3932 1bff7604e58 tab
    3⤵
    PID:4440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2840.5.399766094\925087854" -childID 4 -isForBrowser -prefsHandle 5032 -prefMapHandle 5060 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e4710e0-bc19-4529-925f-23bde4c0dc08} 2840 "\\.\pipe\gecko-crash-server-pipe.2840" 4952 1bff7fa6258 tab
    3⤵
    PID:5080
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2840.6.814295688\16557308" -childID 5 -isForBrowser -prefsHandle 5212 -prefMapHandle 5216 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5199121e-a152-4cb2-8810-c441f0d1fe0e} 2840 "\\.\pipe\gecko-crash-server-pipe.2840" 5200 1bff7fa6e58 tab
    3⤵
    PID:448
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2840.7.1113611575\1683942112" -childID 6 -isForBrowser -prefsHandle 5400 -prefMapHandle 5404 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c590786f-fe75-4025-b741-08298afefa5b} 2840 "\\.\pipe\gecko-crash-server-pipe.2840" 5504 1bff8727858 tab
    3⤵
    PID:4076

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3536

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
317eba00d7820c9d05843e5e5bfd7517

SHA1
e508c6394c96a7262e9b8bbad840b6617959653d

SHA256
b87531fd4f8285e55d1f5578d97f711a34fd3696eb1c7bd9819f892de6885cc3

SHA512
f6e17a62384fcaf17d94246f311b0dba00d7533d5911bcf6a4fe9b3f6272e17db617bd8ba4e610ecf3137995a6ab436f6a66a9fc1122ac62776b3e9f5832b201

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\1c07f012-691d-4e9b-89fb-32c020445419

Filesize
11KB

MD5
fa9f698a7dccecb5db556d8a80120013

SHA1
e97b9c935413295f3c0fc59fc7424f4749be1bda

SHA256
dbcd6ae84bc2a5833200c91af0a04f8a90f3562c8b6253e9c7332d6faa214a53

SHA512
dc72d569bf11c893de78dc4146474b86e18b0cdc4ce146d031428185a98c2ffc164062171c19d27c7a1ab7a77b3d45da8f7b8a6567a6d957dec53cadf7aa9330

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\b2f6571f-96fb-484c-8e56-a65317fdc764

Filesize
746B

MD5
ebdfa48139245ed24c41f627e730d1bb

SHA1
e49fbe4d29be2706456b2ab3e9978a81b4fc9571

SHA256
0f8f5414e0d28468778e84ae079c273ac938be4e22ffac97131bcb6fe983f0c8

SHA512
7be4b5ee165b287cf0cd09bd971b6aa407454ac7da6b491b5fc8d27627324f1c1a0f3b0b75c5f80c72286ed42676804411e98ecc999ecc5393606dc4e36eb6a2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
82ce59de203713d821dc872456bd9b65

SHA1
06e13273c348eb8acbcc63d3a366ff8ffda506db

SHA256
62ff1ed8aaf61d4886e07859c46972cb40280d7904887bef17d40c627b4dbafb

SHA512
5bcf4a5217645dbe6a168bdadfc353a176be8bd46c4d0a71d7a7a2f2d3fe7cff225b943e96cde036d687f674509e2cb56b8348e8b5e34d18d54ebd20c7434fbd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

Filesize
6KB

MD5
b1f552543bc3cc91fcda1c170e2dff57

SHA1
7ade96086ab5baf7220d6098622cc6c1387b453a

SHA256
698eae2a17fab2f3d5fccb7184dead2ed11021cc65c45dbaba1400ac2f665806

SHA512
9073185dafd08e9f6cea1021e592ba4811811e959149abdb3fd5ecfc58442d8702d92ac33bb43d1669bfa34620adee4d99657e18cbdcb80566700e54e6c15a2f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

Filesize
6KB

MD5
4463e5f5227188e09596a6fbd6ec6a3a

SHA1
58f2c44febd703e99bd7f52ea9e5dcbc1ba804f3

SHA256
2b790518d3d4f8e1f2d409b314f16c5b3910a042a6d774c890b3500bbd416f06

SHA512
4d275ebe372027f0c674f654540c682df38f0de100b2c315c60c2d244215897188fe3cde040b370ec116f9c90a24ac387f3ceca7a98c9fad61f9f29351037186

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
b74612ce8b5833d4c637ab4eb975e6cb

SHA1
116b37dd301ce6994fc43dca5a7572aa1b9c78d6

SHA256
bc18512160a8f787ee413204e9111c4c2992c6fb53e0b8ae2791b61bb5ac81d1

SHA512
13c1aa8d5f545fb8c78edffd90a9659c9ed8326a3527685429378c09ffde2da01e6676e2fe006b2de2eadd2d679bb846e8e18f8698ee578bfd94fc3697ca0610

Download Submit
memory/3536-101-0x000001CA56AB0000-0x000001CA56AB1000-memory.dmp

Filesize
4KB

Download
memory/3536-95-0x000001CA56AB0000-0x000001CA56AB1000-memory.dmp

Filesize
4KB

Download
memory/3536-102-0x000001CA56AB0000-0x000001CA56AB1000-memory.dmp

Filesize
4KB

Download
memory/3536-103-0x000001CA56AB0000-0x000001CA56AB1000-memory.dmp

Filesize
4KB

Download
memory/3536-105-0x000001CA56AB0000-0x000001CA56AB1000-memory.dmp

Filesize
4KB

Download
memory/3536-106-0x000001CA56AB0000-0x000001CA56AB1000-memory.dmp

Filesize
4KB

Download
memory/3536-104-0x000001CA56AB0000-0x000001CA56AB1000-memory.dmp

Filesize
4KB

Download
memory/3536-100-0x000001CA56AB0000-0x000001CA56AB1000-memory.dmp

Filesize
4KB

Download
memory/3536-96-0x000001CA56AB0000-0x000001CA56AB1000-memory.dmp

Filesize
4KB

Download
memory/3536-94-0x000001CA56AB0000-0x000001CA56AB1000-memory.dmp

Filesize
4KB

Download