Overview

overview

4

Static

static

1

URLScan

urlscan

1

https://cdn.discorda...

windows10-1703-x64

4

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    16/06/2024, 19:18

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    https://cdn.discordapp.com/attachments/1251971981939703860/1251977977923899502/yrwqwjea.jfif?ex=66708ada&is=666f395a&hm=1ff372727e943364b47d28d74595438706e59ab999f517b982186854c56f3672&

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 7 IoCs
  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 5 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "https://cdn.discordapp.com/attachments/1251971981939703860/1251977977923899502/yrwqwjea.jfif?ex=66708ada&is=666f395a&hm=1ff372727e943364b47d28d74595438706e59ab999f517b982186854c56f3672&"
    1⤵
      PID:4268
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2352
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:3596
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3792
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:3120
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:2320
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1372
    • C:\Windows\System32\DataExchangeHost.exe
      C:\Windows\System32\DataExchangeHost.exe -Embedding
      1⤵
        PID:1668
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Drops file in Windows directory
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:1560
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Modifies registry class
        PID:4624
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Drops file in Windows directory
        PID:4204
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Drops file in Windows directory
        • Modifies registry class
        PID:4644
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Modifies registry class
        PID:5076
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:5172
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe"
          2⤵
          • Checks processor information in registry
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:3592
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3592.0.1976523281\716421517" -parentBuildID 20221007134813 -prefsHandle 1704 -prefMapHandle 1696 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca8f7cf0-5158-40b0-92b9-39b289a17684} 3592 "\\.\pipe\gecko-crash-server-pipe.3592" 1780 1800fad8158 gpu
            3⤵
              PID:5404
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3592.1.372957121\2068890988" -parentBuildID 20221007134813 -prefsHandle 2116 -prefMapHandle 2112 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4f1475f-40b2-46bd-96c6-98a4a4a9e7c2} 3592 "\\.\pipe\gecko-crash-server-pipe.3592" 2136 1800f632c58 socket
              3⤵
              • Checks processor information in registry
              PID:5612
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3592.2.1936363715\4090375" -childID 1 -isForBrowser -prefsHandle 2784 -prefMapHandle 2684 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a876750-dde2-490b-b3af-8fd75b8affdf} 3592 "\\.\pipe\gecko-crash-server-pipe.3592" 2860 1800fa5e158 tab
              3⤵
                PID:424
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3592.3.687782070\1018218632" -childID 2 -isForBrowser -prefsHandle 3300 -prefMapHandle 3296 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {902af4d0-cc22-4c71-acbf-9a821f6c3558} 3592 "\\.\pipe\gecko-crash-server-pipe.3592" 3312 18014b63a58 tab
                3⤵
                  PID:4488
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3592.4.1608491917\1648936758" -childID 3 -isForBrowser -prefsHandle 3908 -prefMapHandle 3920 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2d32243-eaf9-4829-bd68-713fa5f999bd} 3592 "\\.\pipe\gecko-crash-server-pipe.3592" 3872 18015479658 tab
                  3⤵
                    PID:5908
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3592.5.170761318\758195169" -childID 4 -isForBrowser -prefsHandle 4844 -prefMapHandle 4852 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {80622351-3ec6-4130-890e-824a1d90fd92} 3592 "\\.\pipe\gecko-crash-server-pipe.3592" 4860 18004a66358 tab
                    3⤵
                      PID:5760
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3592.6.498365531\276756287" -childID 5 -isForBrowser -prefsHandle 5096 -prefMapHandle 5092 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e0845e0-ff3d-4f92-b8df-da1e30bbf495} 3592 "\\.\pipe\gecko-crash-server-pipe.3592" 5012 1801624f458 tab
                      3⤵
                        PID:96
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3592.7.650475922\1247369727" -childID 6 -isForBrowser -prefsHandle 5208 -prefMapHandle 5212 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2dc9f00-e8da-44df-b59a-1290ac47a20f} 3592 "\\.\pipe\gecko-crash-server-pipe.3592" 5292 1801624fa58 tab
                        3⤵
                          PID:2156
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3592.8.1059690913\1411701909" -childID 7 -isForBrowser -prefsHandle 5480 -prefMapHandle 5528 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f0c4d19-fbcb-4aa4-aa2e-64eab91384e6} 3592 "\\.\pipe\gecko-crash-server-pipe.3592" 5540 180124c2258 tab
                          3⤵
                            PID:6588

                      Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
                              Filesize

                              4KB

                              MD5

                              1bfe591a4fe3d91b03cdf26eaacd8f89

                              SHA1

                              719c37c320f518ac168c86723724891950911cea

                              SHA256

                              9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

                              SHA512

                              02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

                              Download Submit

                            • C:\Users\Admin\AppData\Local\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml
                              Filesize

                              74KB

                              MD5

                              d4fc49dc14f63895d997fa4940f24378

                              SHA1

                              3efb1437a7c5e46034147cbbc8db017c69d02c31

                              SHA256

                              853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

                              SHA512

                              cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\CEFDDC23B82E690918E0D0A34455B852A760D9D9
                              Filesize

                              212KB

                              MD5

                              c16610fe635e2568d92fb82317d02846

                              SHA1

                              873d0c5858c76d2971bc8b975e67c7e611207344

                              SHA256

                              b075804db1d05e044589097d7db9301d3b042623c418470b1128273ba4a2ad9a

                              SHA512

                              37d33aca2ca222e24e89ed856afc5dec727b14d6c7edebbc8101707ef551920a3cb18c66e8c5b1dedaf4dacd4aec4033fe10b1fc9b7a238a887d0e7df46bd04f

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\D4D34D19E2639F2E09A6AEED2F398A705DF5A427
                              Filesize

                              60KB

                              MD5

                              497ca86193cd34123d38112599e4e47b

                              SHA1

                              19914e1495fbb37222fc783a5cb7c6927b6e4ebd

                              SHA256

                              0108ccd52c3fef4853c67762ec05232c0db8dec1d7b372c0cc4e5a45c548da28

                              SHA512

                              d4f1f104a4944f1b419f776a287a9789473fa948716cc14991ddbd028a5e4418bd55464c979fd14c9f99ff9d3a95aac1d1459edcb9a5ade9084ff709026eb693

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HXDG7Y1F\fRSNKQanUHk53F1a1Bi8UA71Qt4.br[1].js
                              Filesize

                              289B

                              MD5

                              9085e17b6172d9fc7b7373762c3d6e74

                              SHA1

                              dab3ca26ec7a8426f034113afa2123edfaa32a76

                              SHA256

                              586d8f94486a8116af00c80a255cba96c5d994c5864e47deac5a7f1ae1e24b0d

                              SHA512

                              b27b776cb4947eef6d9e2a33b46e87796a6d4c427f4759c08cf5aa0ee410a5f12e89ca6ab9cddd86c8471037e3c505f43c8b7fc6d8417f97f9fe3c5c47216bc4

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WMVQ8NTB\4TQ6xhX_0XDFyLdFRS-kPhFXirA.br[1].js
                              Filesize

                              7KB

                              MD5

                              fbf143b664d512d1fa7aeeeba787129c

                              SHA1

                              f827b539ae2992d7667162dc619cc967985166d9

                              SHA256

                              e162ccd10a34933d736008eb0bc6b880c4e783cf81f944bca7311bf5f3cd4aff

                              SHA512

                              109ec6433329f001c9239c3298a10e414522f21be2a3d7b8a9eb0b0767322eaad1fdf8f5b11edb1f42882b4e75ae71bef7fe786716407c8efad4feacb3dcf348

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\W9HYA15L\www.bing[1].xml
                              Filesize

                              1KB

                              MD5

                              d529c43498bda70fdd4497653c6f2c31

                              SHA1

                              1a6ac775f2f2c1cc2deee7f87c2e5d4fd55fff12

                              SHA256

                              8b46ada98d86be118d1f2cf5591974c4b0b8013f7c6f85f9f8ec3003fde47613

                              SHA512

                              22c89c3074559391e00eedae4cfdd0d6208c4990314ec61b8e4a826d0d55a8c7684f02bd59bb16c2f8c3e74badc7da16cb60cffdf9ffd85f91ea71f5356eec86

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\11294CNY\favicon[1].ico
                              Filesize

                              4KB

                              MD5

                              da597791be3b6e732f0bc8b20e38ee62

                              SHA1

                              1125c45d285c360542027d7554a5c442288974de

                              SHA256

                              5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

                              SHA512

                              d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\P3VDVJ51\favicon-trans-bg-blue-mg[1].ico
                              Filesize

                              4KB

                              MD5

                              30967b1b52cb6df18a8af8fcc04f83c9

                              SHA1

                              aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588

                              SHA256

                              439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e

                              SHA512

                              7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\RYUDK3B2\suggestions[1].en-US
                              Filesize

                              17KB

                              MD5

                              5a34cb996293fde2cb7a4ac89587393a

                              SHA1

                              3c96c993500690d1a77873cd62bc639b3a10653f

                              SHA256

                              c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                              SHA512

                              e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A
                              Filesize

                              314B

                              MD5

                              e4d92e021ccf14aabc6d9bf62dd336f1

                              SHA1

                              85765a830d538617cbd0a2d0f97ef4a71a7e4845

                              SHA256

                              7b930958efe8b8a20b7eae64173b0153f35392f5788be6650e4f2fa2a9afe960

                              SHA512

                              3a3d90b38aa82ce8e5d3069be978d8f23cf9d72d7290bb1e9e3debebf6e7cb9882148e05875e15bf5a819219ab3f8fae71252cd7efa47525df396dd0492a16c4

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A
                              Filesize

                              404B

                              MD5

                              35fe8a58e8c741edd708b54dff462bf0

                              SHA1

                              f3faa9b86b8ebfac451e18a154b09e09124c5604

                              SHA256

                              a287f329aa68f7d38b7f483ad52a1df9ba40ed9741f562e7b2e7692d1860c7f4

                              SHA512

                              55bf52ffd3aa8784328ac1a56259021b6cce482269526c50df5ae493b61a2527f72c4e9b6e72b26c955976b0f64879d60e89e51ea7e0088130a53a4a2cbc3548

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
                              Filesize

                              2KB

                              MD5

                              ec66fc31af6fac5a8b4469eb94aab3d5

                              SHA1

                              6563f00a410fe1f06205b016b3f4c03719bb2c4f

                              SHA256

                              a4fddbb5994017ce2ddf543ea88bbf1374d4c04bbcb230b993211bb72a6cd8e0

                              SHA512

                              40e8951bab1f4ac0c058a4d170e476ab7e3cf1c526a7a47a0d2abd9b55da2ba613b319262c4a3798f45540f525e94649a6f422b59dc5b2a2bf85ff3ae626813c

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\4408c85a-cff2-4680-81f5-4913a3405a43
                              Filesize

                              746B

                              MD5

                              a6e320ee90483222b2be7b9a98844622

                              SHA1

                              1fcf64be035b769d095a41bb33a8407d1b4bd033

                              SHA256

                              4e42a5ff5234f0254658e27de80b6ed00466d609376128032b8141b55dac64ff

                              SHA512

                              b2d06ab6cfc1080efadd6344c2b5587369b25091033a4751552a94366c1fef2ab6b6de4bf7e341fc779002fc429d33668c536c683d62d0601c6a4d75f9b426fa

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\f00cc2f0-b7d5-4a76-9d62-8cf7a29d96f7
                              Filesize

                              10KB

                              MD5

                              b57adaec580ba8b944f5408667ef1e20

                              SHA1

                              a3fe78843aec9d380dbeebc8e63c9d42146e8e7e

                              SHA256

                              df6a99cfde03415dcbe1daa328ad333c3df246a17b05bbe5ed6424fe9ae9e5e6

                              SHA512

                              12aeb7353c916155c7ea8dab91b7af4ec180e9760cb0576e624b4a97e41238666dfaeeff3fd9eb4ecf51289c209c72e1bb370bb4895e02aabf33c77851beae98

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
                              Filesize

                              6KB

                              MD5

                              be81114cbf04cc6b1cca32aaa52676ef

                              SHA1

                              8d1664ebe69a038de0ed7f6b0432a2beb8d4afa7

                              SHA256

                              9d24af00e601b422461e62a5b67c0af7486ee4c6cfe100ade9ca3c82a0e5d3cb

                              SHA512

                              15e3bac4ba3c6ac6b19fa669718ea7970d6179bea5bde2796d426979e5c6b7954aa01381a9a32437b8368c1c3f623e68d0643bee60334c7edb5f132e4bf06274

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
                              Filesize

                              6KB

                              MD5

                              07c921f3753b646a69f15abb49ce7108

                              SHA1

                              8c092c490f896c415471a89bb088ecdbfd9fdd94

                              SHA256

                              809186de02885ee3674254666b9719d67f30806f5b6cffb609717d23fadd28c1

                              SHA512

                              468da08434e2474b570399a68b691083768af8944d0e7ec6bb5cb43efa6e73ab43b21133ca7ff1565d9dcdab9d0b671f5bd3fb99edc349ada4ec321caf4cef33

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
                              Filesize

                              3KB

                              MD5

                              133ceb3ca4d43ab4a7a720c890285823

                              SHA1

                              1a66d6d2a18ff29f9003b6ce29d8c91efef308f6

                              SHA256

                              5ab9d05bc90842b229a0cc392f63828dfaef0f435216ef237a69ccc83db3fc47

                              SHA512

                              9732c17cb28889c09bece24c04bec07750ef1fabffc9944f22652443be31da31059ed535f90483c1f054cbf86bd0c03888190f6e9a6db3e1baecd18c5338a7f9

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
                              Filesize

                              4KB

                              MD5

                              fcb65342366252c631726f1e15bb5d5c

                              SHA1

                              8eb090c68e3a16ddf28a3d8a5aad2815485a7eb9

                              SHA256

                              ecc370d38c1f7aaf7a36e9a7f75f33cf8d5c486f1f5cec925ffae624848777f2

                              SHA512

                              4df1bcb1f690b5e926d538632c281331662950db50f0e00d34dc77c1ea4dc6cb394a89bab7c3ee9a73f255a8bda5b78cf8a8920c4fc2c30a8322dfa247aa692b

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4
                              Filesize

                              4KB

                              MD5

                              7107326e3b2dc8230d16f6c96f718045

                              SHA1

                              28dc6572e9a7754ad1d3c8b6ec92a8696f391432

                              SHA256

                              b6fe49f08090054c9cc5d668c04067c720573322ded2bd2c02eb1b8e1ae99fa9

                              SHA512

                              50e97e6f184fe3db8e1e64b74f3e07ea304d478e9142c56923e0d0112acd1a1b16769b73df3d7ecef1e7e2a7e94d70f107ce3c47890f87b5a64b1abf92377354

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                              Filesize

                              184KB

                              MD5

                              e7d901ad03d22078f4c42ecc83c3bd45

                              SHA1

                              13ffe2ced2026e6b99c39a96d006c7832a72ba17

                              SHA256

                              fddee54013f830a84e74dce5679f6e4c3c71b4c5c51ecdf58bcef7e27eba4f17

                              SHA512

                              8e7373116183db845f03c74e28effbe85b53c6c109f0a1a867fc4daa2944c099846644c5b6ecfa6408091d097a08b3f1b8cedcbeffbdcfaa14147f6b76663ec9

                              Download Submit

                            • memory/1560-252-0x000001957A4C0000-0x000001957A4E0000-memory.dmp

                              Filesize

                              128KB

                              Download

                            • memory/1560-210-0x000001957A080000-0x000001957A0A0000-memory.dmp

                              Filesize

                              128KB

                              Download

                            • memory/1560-138-0x0000019558D00000-0x0000019558E00000-memory.dmp

                              Filesize

                              1024KB

                              Download

                            • memory/1560-146-0x0000019569180000-0x00000195691A0000-memory.dmp

                              Filesize

                              128KB

                              Download

                            • memory/1560-162-0x0000019569700000-0x0000019569800000-memory.dmp

                              Filesize

                              1024KB

                              Download

                            • memory/1560-205-0x0000019579CF0000-0x0000019579D10000-memory.dmp

                              Filesize

                              128KB

                              Download

                            • memory/2320-76-0x000002C01EC20000-0x000002C01EC22000-memory.dmp

                              Filesize

                              8KB

                              Download

                            • memory/2320-53-0x000002C00D030000-0x000002C00D032000-memory.dmp

                              Filesize

                              8KB

                              Download

                            • memory/2320-50-0x000002C00D000000-0x000002C00D002000-memory.dmp

                              Filesize

                              8KB

                              Download

                            • memory/2320-55-0x000002C00D050000-0x000002C00D052000-memory.dmp

                              Filesize

                              8KB

                              Download

                            • memory/2320-63-0x000002C00D910000-0x000002C00DA10000-memory.dmp

                              Filesize

                              1024KB

                              Download

                            • memory/2320-64-0x000002C00D6E0000-0x000002C00D6E2000-memory.dmp

                              Filesize

                              8KB

                              Download

                            • memory/2320-67-0x000002C01E2E0000-0x000002C01E2E2000-memory.dmp

                              Filesize

                              8KB

                              Download

                            • memory/2352-0-0x00000291CAE20000-0x00000291CAE30000-memory.dmp

                              Filesize

                              64KB

                              Download

                            • memory/2352-35-0x00000291C84D0000-0x00000291C84D2000-memory.dmp

                              Filesize

                              8KB

                              Download

                            • memory/2352-16-0x00000291CAF20000-0x00000291CAF30000-memory.dmp

                              Filesize

                              64KB

                              Download

                            • memory/3120-43-0x000002041BEC0000-0x000002041BFC0000-memory.dmp

                              Filesize

                              1024KB

                              Download

                            • memory/3120-42-0x000002041BEC0000-0x000002041BFC0000-memory.dmp

                              Filesize

                              1024KB

                              Download

                            • memory/4204-262-0x000002999DBA0000-0x000002999DBA2000-memory.dmp

                              Filesize

                              8KB

                              Download

                            • memory/4204-260-0x000002999DB80000-0x000002999DB82000-memory.dmp

                              Filesize

                              8KB

                              Download

                            • memory/4204-264-0x000002999DBC0000-0x000002999DBC2000-memory.dmp

                              Filesize

                              8KB

                              Download

                            • memory/4204-257-0x000002998CF10000-0x000002998D010000-memory.dmp

                              Filesize

                              1024KB

                              Download