99c9a015812ff34dcbe7949dcfba0977d01e76e7110373f8496ea58ba478d27b

Analysis

max time kernel
1595s
max time network
1693s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
24-06-2024 21:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

new_recording_-_6_24_2024_4_29_31_pm_Original.xml
Size

271B
MD5

46a548c4b44f02fa86292f39f5fd5558
SHA1

70b8b1d74803b585fd1f2a080705c3c3fbf44294
SHA256

99c9a015812ff34dcbe7949dcfba0977d01e76e7110373f8496ea58ba478d27b
SHA512

e7db5806eee5bad1c7acda64f841b22f23631878ff44145c0a1caad95bc70cab3a35ef7cc5490a340958762b1c429c87eec4b82c742b9187e52beee57567f0e3

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies Internet Explorer settings 1 TTPs 54 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31114879"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "464624187"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\FlipAhead\FileVersion = "2016061511"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a046211c7fc6da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c517910592b48541be24303fa89e939b00000000020000000000106600000001000020000000a7e11da8904b3270f48f0f3d7496a671d6d10fb622dd19ee847342026792d190000000000e80000000020000200000004588c49464d59d66604cb4344bdd6f5e678c4ceeb9396855879d943857019c892000000030f41e4a301d5268e2584d83d487a083fb402d182bfa7c10bbbdc93e6b80b9fc400000005e9a524608890f133d816aee6e0baf57175e00420f8d4e53952be87053f2c8fe650bfad706fc0db6d606007c7964ebd723bfcd3c5b15810afd283bebe15baf81	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "426046756"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31114879"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31114879"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31114879"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "466408926"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0d51e1c7fc6da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "464624187"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz!	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{472A5804-3272-11EF-B03F-E6651DA5F279} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\FlipAhead	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c517910592b48541be24303fa89e939b00000000020000000000106600000001000020000000b0c09f6ae92407a55e6b0da67dc092e4ece05b935eebbd4252afa3aa5fa42098000000000e80000000020000200000009d42ebb7329a124c92580d78f9ea597554720d1f901ea401a36ddadf54f806a620000000e22214cfc46a2128037125692fb4a1e2d26500e386814343c8c555aa02dea572400000001c8fa790685535b32d782d14be3421d2ef229176e5c0d82c2ba33e65cd54bd6f57482596300f146313d6af2342cdd0c5cae888d1233c5222370e86136c491c56	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "426078747"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "466408926"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426030162"	iexplore.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	2312	firefox.exe
Token: SeDebugPrivilege	2312	firefox.exe
Token: SeDebugPrivilege	2312	firefox.exe
Token: SeDebugPrivilege	2312	firefox.exe
Token: SeDebugPrivilege	2312	firefox.exe
Token: SeDebugPrivilege	2312	firefox.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
2952	iexplore.exe
2312	firefox.exe
2312	firefox.exe
2312	firefox.exe
2312	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2312	firefox.exe
2312	firefox.exe
2312	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2952	iexplore.exe
2952	iexplore.exe
792	IEXPLORE.EXE
792	IEXPLORE.EXE
792	IEXPLORE.EXE
792	IEXPLORE.EXE
2312	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 748 wrote to memory of 2952	748	MSOXMLED.EXE	74
PID 748 wrote to memory of 2952	748	MSOXMLED.EXE	74
PID 2952 wrote to memory of 792	2952	iexplore.exe	76
PID 2952 wrote to memory of 792	2952	iexplore.exe	76
PID 2952 wrote to memory of 792	2952	iexplore.exe	76
PID 4304 wrote to memory of 2312	4304	firefox.exe	78
PID 4304 wrote to memory of 2312	4304	firefox.exe	78
PID 4304 wrote to memory of 2312	4304	firefox.exe	78
PID 4304 wrote to memory of 2312	4304	firefox.exe	78
PID 4304 wrote to memory of 2312	4304	firefox.exe	78
PID 4304 wrote to memory of 2312	4304	firefox.exe	78
PID 4304 wrote to memory of 2312	4304	firefox.exe	78
PID 4304 wrote to memory of 2312	4304	firefox.exe	78
PID 4304 wrote to memory of 2312	4304	firefox.exe	78
PID 4304 wrote to memory of 2312	4304	firefox.exe	78
PID 4304 wrote to memory of 2312	4304	firefox.exe	78
PID 2312 wrote to memory of 4992	2312	firefox.exe	79
PID 2312 wrote to memory of 4992	2312	firefox.exe	79
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80
PID 2312 wrote to memory of 508	2312	firefox.exe	80

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\new_recording_-_6_24_2024_4_29_31_pm_Original.xml"
1⤵
- Suspicious use of WriteProcessMemory
PID:748
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\new_recording_-_6_24_2024_4_29_31_pm_Original.xml
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2952
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2952 CREDAT:82945 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:792

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4304
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2312
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2312.0.2069458691\1410834090" -parentBuildID 20221007134813 -prefsHandle 1748 -prefMapHandle 1740 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bfbf2e72-595c-4f0a-ab91-c98f82d8bf5d} 2312 "\\.\pipe\gecko-crash-server-pipe.2312" 1828 172757f3258 gpu
    3⤵
    PID:4992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2312.1.1845468566\780289271" -parentBuildID 20221007134813 -prefsHandle 2172 -prefMapHandle 2136 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcdf9716-852c-4144-aaa1-ffaf96a3e1d9} 2312 "\\.\pipe\gecko-crash-server-pipe.2312" 2184 172633e5c58 socket
    3⤵
    PID:508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2312.2.95276804\899351091" -childID 1 -isForBrowser -prefsHandle 2848 -prefMapHandle 2844 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d8cf76a-003d-4ef5-b3f8-5a98ccf5c602} 2312 "\\.\pipe\gecko-crash-server-pipe.2312" 2696 172798aa658 tab
    3⤵
    PID:1092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2312.3.1999835725\717901655" -childID 2 -isForBrowser -prefsHandle 3448 -prefMapHandle 3444 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc1b301c-c230-4f0b-b84b-a014391d3b33} 2312 "\\.\pipe\gecko-crash-server-pipe.2312" 3452 1727a0ef958 tab
    3⤵
    PID:4116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2312.4.875507131\1612776825" -childID 3 -isForBrowser -prefsHandle 4488 -prefMapHandle 4484 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5baac086-5f4a-4887-a87c-69ff1d8e232c} 2312 "\\.\pipe\gecko-crash-server-pipe.2312" 4140 1727b8e2c58 tab
    3⤵
    PID:216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2312.5.1730573521\365039946" -childID 4 -isForBrowser -prefsHandle 4944 -prefMapHandle 4940 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5266a033-ef9c-457f-995d-1f743687b02c} 2312 "\\.\pipe\gecko-crash-server-pipe.2312" 4796 1727a0ee158 tab
    3⤵
    PID:3620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2312.6.1232377060\1656926832" -childID 5 -isForBrowser -prefsHandle 5076 -prefMapHandle 5080 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {025a75e4-0142-448c-a61b-37c4ee71475d} 2312 "\\.\pipe\gecko-crash-server-pipe.2312" 5064 1727be45e58 tab
    3⤵
    PID:2468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2312.7.117529216\925634248" -childID 6 -isForBrowser -prefsHandle 5256 -prefMapHandle 5260 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {72485f33-83fb-4e6e-b149-80e7ab0e8b3f} 2312 "\\.\pipe\gecko-crash-server-pipe.2312" 5248 1727c2b9358 tab
    3⤵
    PID:5084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
06f5f3f6abfa0faa19dac83b5346ccb5

SHA1
28c8b2b412b44c21726132ce9f51aa9e2207f328

SHA256
1f08ea567a623c9f9015efd9b209b823cd5bce6d474256440ffceb4f5ccffd8e

SHA512
dd94f4ddc9e6cd90f1f4ae6c9175d16a6687329b2d1b928d24510229001a5539966b5ac1685d527606084a2cadc1ea856d14209c2e61b7434a699a293ebba448

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
5d603f395f471739aa8b5feb5628a63e

SHA1
7747f4ed0da38c153ed097565f1ed36e0227c072

SHA256
e5374cd4537ccc362d8f6191b4b424a5fac299bc1bf9b0881bb3d66d37de4aa1

SHA512
18cf3e68e8ba0150a3b96158618b770b77dcfe992f63d421f788b363aa3f5ae42d8f3a6a79688afe7388abd73d3ef4fb3c9208a5ccfc639bb9429d8da6971bea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verDFB1.tmp

Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CRDFDX20\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\C3KYJUDI.cookie

Filesize
541B

MD5
e8fad1a1bac0599da08619daa5cce0fc

SHA1
175e6fb37e3f41b9a7a6a460f6596cf6b52c701c

SHA256
d15e0f3e1a37821dc0986c6d99e22da816d03e7e4b6a6d139422b37b36bcba48

SHA512
e9387c3117893a571f0b56c4957e92bd373ef893c4dc028c90250c0222bc922708367caedb5ce568628c4e3f8b0cdd391aa6c28d403dab2e1c4bedd31eacb46c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\19682

Filesize
11KB

MD5
687149453af1c47dbd2fd3775f2cff34

SHA1
66efcdbc04cabf2e70a2052f8a3ecd4f4c9e0a48

SHA256
3737306191ba533e52a646586a0ded0bad6c8120be0061c67c562e88b0b3999c

SHA512
92f48830852737e0fc1b28d07f790f6fe75a9833c7bf39dbfb9ef47356d606b4ee01a8479220b1484fd74073752848e96ba29e5976d2587e0504612b5295802e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

Filesize
13KB

MD5
1451dc7e4858173d284f9810879e80ff

SHA1
c062a19493af971b15397003415e4282bfdfe731

SHA256
e1aed0d840b08bb4929dc8c037419378747bc2e852ea6b6bc732e4776c4462c9

SHA512
4102f05715b899facfb27b00d70df7bfda3046072e34008af3a55cfef89956f8907e16787a0601d52a3486b4d29f11ba8aeabf6c4ec852c3662da0c2e07b82c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
bb3e3bada51203a0801635878b571bf8

SHA1
5f10571f2d705d3981b62a53e1263ae5e9bdfabd

SHA256
7132005f8193e1495aee9fb63a15f6111e432f8f8e55574cb80668fe8ba3f794

SHA512
2406d11b1000e2b5bbcbe414b56d8aaebdc4c8cb6b553e753f95c76173db874dcf0c6402bb4310e0865634395e2c3588b5ec7f6342cc43b3bde1635dcb11b674

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\bookmarkbackups\bookmarks-2024-06-24_11_MaaMR8mhAQTbCgvsLumwIQ==.jsonlz4

Filesize
945B

MD5
838d93fe7f64f4f752cc6aa88379ef54

SHA1
55f0a2bd40fd96e3a319f886a58891fd9d416c0b

SHA256
1b13e0ebb1dab164edd26588e55ea99c9909f18c56c9a3478937d96719d9a54d

SHA512
8a4fddabc8792bc2fdc4868e1873f415614c3dc08bbb50272b64fbab124b4516ab0e3be04f31cfb8e02e7b653bff231053208d1638dcf0372439dcec71d33f00

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\broadcast-listeners.json

Filesize
216B

MD5
10c38e800491b19b1af65b4b0415a9b3

SHA1
95727c20dd2a823c9b6238393398c941dfd33af7

SHA256
ba4ca1281cc23c8ef0fc6c61d9405db73c37991874cd90c2e61c7fdcea1b3d0e

SHA512
b905876ce13219ac3367a29dd8aaa340d04036e73c88e21efaa29274f6d003ea5b7c74b3c063a2ae2773049dc86df30edf66458060f5ff30cbad6ce338fe4fb4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
d8d8c4619d644042f14778321a64690a

SHA1
f038da7c8efd2718c05923756566c67a5e5864cb

SHA256
1771efd2d1bd2595aaa894a559d53b2d0ba638cc8685a7da7ef64da767b3e832

SHA512
1bfcbd3183dddbd52774ebba4be8e180a461b7b34391364398dd9673326cb798ea5780c5d3a68aae1b99182bde597f25af53a0911c32f71ae1a9bb7207b162dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\128a2bfb-6725-4c06-96e8-6e655ad93fdd

Filesize
9KB

MD5
766926df65e8408c35df19534f3e51aa

SHA1
8da635f46a3e6764759679bbbc34d5dd4e4098b8

SHA256
fbe2e58d6d077996eee524979fe0b847fcfda3ae3f85406ed1a87afb1dff99a4

SHA512
0646325f1d59ff28ca2ea12feb45350d5f1451ed16b551a0e0caaa4f4a7ea781e54bceb90abeeac0c5b2673c769dfe52f7720e8db5ba59348dfa38bc76013af4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\894b04bd-827a-44c5-9c2b-c3006994e06d

Filesize
746B

MD5
df944872122f9b056615e6a28f6ba492

SHA1
e4a5a9189cd7affbad864a107d23f8e25474386f

SHA256
d5a29d80dcd8ce88cd701188133e71cc6f715067eebfe0bb7993b1afc429359d

SHA512
ebad3b0de7cad825b493753c7e62abcbc20653d844f3ae8d6f608f2bf3592176a83c845e5daf14941e442897377d819dcfb5a8957a38df67e97f7f60ad99483d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\extensions.json.tmp

Filesize
34KB

MD5
f8b209c5df7a3833cd9bf79d62380f6d

SHA1
25dce57657618f1be8d98409f28537e38f0d8d8e

SHA256
ca033cb0c618bfd2e0982b404363686a79a0e6672d7a484fe97a5f1d7a74c398

SHA512
2758d26715470183d207d2dbe8c9c95698e8f1bb79a2faa0c922f701175cc96e7bd2fbc7e43a2e2fb806c4e237bdfed7dc6e1d1a131dffc071e19cc94903bd1c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

Filesize
9KB

MD5
b26d8a1b05bd3b590a6540a89e8adf36

SHA1
6fd8f3f33927e45d8bc137fcff8d115161f28c82

SHA256
390580186d3ded70312a88c15731fe06f4c837d50397bfa640116bc847fb716a

SHA512
9e5798e0d96b990e001f04578aafa8621cb75fd55af4b5e45684098ac936f344d8b14e47b8539fffdeb80f5e706b97f0f3563b3e1c94daa96252d71f5a0ff841

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

Filesize
9KB

MD5
050f29fa9235ebcd693c618fcd81bb8b

SHA1
da05110e93659f02535d8c502126f43687916d3c

SHA256
0cbdd646fe747217a12355aff0bfbf837564bcb67f10582e9c91182e0bc69ebf

SHA512
3b428c54f3f24b8f9f33b174f482ba7f20c8fbce84ff0fe5133fc18c4fa827599970d3f228b2f29fda6ab7737d8a4206ad25af808ef61fc5f949e76e273b1cb9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

Filesize
10KB

MD5
388620f164de9779560be04b03d2bc45

SHA1
b6bd9e06b80a9967d8e8c2448dbe0f835f811f82

SHA256
d59301f146348b110ced1032ab15d1d394a815515994e1a47a031d2f612f94bf

SHA512
34d4b5f7198048a3752f20368602639ae8744d31234d3366832f080d8e1c146e51637ea0bec81340da8c0288da8190ea284df7fff16d961dd3edd39f65c63cd2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

Filesize
7KB

MD5
1a037e7bfea0dd7a424b26e6d47a081e

SHA1
39bc2e7eaab4b7d3bf19f45886c55909f094309c

SHA256
227db2a3fe18e3f93eaf1a491cd7fe143bb4fce0fb8ef86daed8e71d13ac8b43

SHA512
dac61b77800ee2408efc0aeff2836d0065b5ac4087889875195fe755aff631e3971f5a0b55ecf4caebed77444740c1a367f8a3a211bb4d1a6388a5c4e7e6f700

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

Filesize
9KB

MD5
f232458a602a5851b077fdae3a97c10e

SHA1
6c36621c67f218f2a1cec68e3a954f39f149cdd3

SHA256
ff87eaf133dd69a0604dc9bcdc3ccd0fba08bf8862c548037aa0c1bd07674850

SHA512
ea93c756dcf52db5ebe51fc832d7fdf1f70b1bc8c38f01416e2e6106430382851e86e99b7abb4c40bf71fd7aba2d8d715fff2357c0ba4bac9af5ab3a49228972

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
3ce1b8d6a12ce35f6743f13031021060

SHA1
4025f1b3a9dae29fe96bc00ac46dfbc834ecf8bc

SHA256
d0d7c7d0ed84387e2384b4d1d59c21305ddadce360ed1db431d0dcce250e422a

SHA512
94f4e4e769133031aa07f24fc968f916dae4532ca3908448064d5964f15642a8f0b7ef7feede1d59735059f8985b1fbadd90a78a585bffc404cf6eddffb07937

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
7.8MB

MD5
8788416a046efc4143058e2c082c8d92

SHA1
c4e8ac4ee79c70470d9fffcbbe02f6c897811510

SHA256
7a3707a4353f300b9d47b9ad9583522257ed48bb07c1ffab0cf56708d1134252

SHA512
984ebd25cda56622b1917c35b6416e8cb82dc47a94cf073bb4f7152c8a48061702d0f2b5356a58138dbb3dfbae52125afecab8c280f8ced6aa6f0627fed09f33

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\targeting.snapshot.json

Filesize
3KB

MD5
adf91a5be4b3a36d7658e4ec6c7e06bd

SHA1
876e2dcb6e7ba47094f7d771c393466f25dfeb1a

SHA256
fff8ac282be42a775424f83aaa53a8c97bc5eddfafaf6ced69bde239d54862f2

SHA512
fdbc529106ce77aa988df6a4d2242d42967e9a3511b20efd60decea06831f9eeabb28d9777c374b0e3b149724f47c05d57c1b8436373e57681bb8a34d0c80972

Download Submit
memory/748-10-0x00007FF85F470000-0x00007FF85F480000-memory.dmp

Filesize
64KB

Download
memory/748-12-0x00007FF85F470000-0x00007FF85F480000-memory.dmp

Filesize
64KB

Download
memory/748-11-0x00007FF85F470000-0x00007FF85F480000-memory.dmp

Filesize
64KB

Download
memory/748-1-0x00007FF85F470000-0x00007FF85F480000-memory.dmp

Filesize
64KB

Download
memory/748-4-0x00007FF85F470000-0x00007FF85F480000-memory.dmp

Filesize
64KB

Download
memory/748-2-0x00007FF85F470000-0x00007FF85F480000-memory.dmp

Filesize
64KB

Download
memory/748-3-0x00007FF89F485000-0x00007FF89F486000-memory.dmp

Filesize
4KB

Download
memory/748-14-0x00007FF89F3E0000-0x00007FF89F5BB000-memory.dmp

Filesize
1.9MB

Download
memory/748-5-0x00007FF89F3E0000-0x00007FF89F5BB000-memory.dmp

Filesize
1.9MB

Download
memory/748-6-0x00007FF89F3E0000-0x00007FF89F5BB000-memory.dmp

Filesize
1.9MB

Download
memory/748-13-0x00007FF85F470000-0x00007FF85F480000-memory.dmp

Filesize
64KB

Download
memory/748-7-0x00007FF89F3E0000-0x00007FF89F5BB000-memory.dmp

Filesize
1.9MB

Download
memory/748-9-0x00007FF89F3E0000-0x00007FF89F5BB000-memory.dmp

Filesize
1.9MB

Download
memory/748-8-0x00007FF89F3E0000-0x00007FF89F5BB000-memory.dmp

Filesize
1.9MB

Download
memory/748-0-0x00007FF85F470000-0x00007FF85F480000-memory.dmp

Filesize
64KB

Download
memory/748-15-0x00007FF89F3E0000-0x00007FF89F5BB000-memory.dmp

Filesize
1.9MB

Download