2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
24/07/2024, 22:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HorionInjector.exe
Size

147KB
MD5

6b5b6e625de774e5c285712b7c4a0da7
SHA1

317099aef530afbe3a0c5d6a2743d51e04805267
SHA256

2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d
SHA512

104609adf666588af4e152ec7891cedafd89ad8d427063d03fb42a228babefc59428b0c8b1430cb3fc319a5014d2ee1083ff2b74fa585cab2d86cdad346e8b08
SSDEEP

3072:ckgHqUGSCoEslON/q178+oO3BAE4T/DvueX:cNHqUGSCPBh+7VST/Ke

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	4408	HorionInjector.exe
Token: SeDebugPrivilege	2504	firefox.exe
Token: SeDebugPrivilege	2504	firefox.exe
Token: SeDebugPrivilege	712	taskmgr.exe
Token: SeSystemProfilePrivilege	712	taskmgr.exe
Token: SeCreateGlobalPrivilege	712	taskmgr.exe
Token: 33	712	taskmgr.exe
Token: SeIncBasePriorityPrivilege	712	taskmgr.exe

Suspicious use of FindShellTrayWindow 59 IoCs

pid	Process
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe

Suspicious use of SendNotifyMessage 57 IoCs

pid	Process
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe
712	taskmgr.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe
2504	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 2504	2088	firefox.exe	100
PID 2088 wrote to memory of 2504	2088	firefox.exe	100
PID 2088 wrote to memory of 2504	2088	firefox.exe	100
PID 2088 wrote to memory of 2504	2088	firefox.exe	100
PID 2088 wrote to memory of 2504	2088	firefox.exe	100
PID 2088 wrote to memory of 2504	2088	firefox.exe	100
PID 2088 wrote to memory of 2504	2088	firefox.exe	100
PID 2088 wrote to memory of 2504	2088	firefox.exe	100
PID 2088 wrote to memory of 2504	2088	firefox.exe	100
PID 2088 wrote to memory of 2504	2088	firefox.exe	100
PID 2088 wrote to memory of 2504	2088	firefox.exe	100
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 4744	2504	firefox.exe	101
PID 2504 wrote to memory of 396	2504	firefox.exe	102
PID 2504 wrote to memory of 396	2504	firefox.exe	102
PID 2504 wrote to memory of 396	2504	firefox.exe	102
PID 2504 wrote to memory of 396	2504	firefox.exe	102
PID 2504 wrote to memory of 396	2504	firefox.exe	102
PID 2504 wrote to memory of 396	2504	firefox.exe	102
PID 2504 wrote to memory of 396	2504	firefox.exe	102
PID 2504 wrote to memory of 396	2504	firefox.exe	102

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\HorionInjector.exe
"C:\Users\Admin\AppData\Local\Temp\HorionInjector.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4408

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2504
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1980 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 25753 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0e57b66-69d4-4f15-90aa-76726532283a} 2504 "\\.\pipe\gecko-crash-server-pipe.2504" gpu
    3⤵
    PID:4744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2392 -parentBuildID 20240401114208 -prefsHandle 2384 -prefMapHandle 2380 -prefsLen 25789 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {263a0eac-1c73-481e-a53b-ee2bdd85d4d3} 2504 "\\.\pipe\gecko-crash-server-pipe.2504" socket
    3⤵
    PID:396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2992 -childID 1 -isForBrowser -prefsHandle 2984 -prefMapHandle 2980 -prefsLen 25930 -prefMapSize 244658 -jsInitHandle 1144 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d48e797-0033-4e02-b131-1eb38e8506c3} 2504 "\\.\pipe\gecko-crash-server-pipe.2504" tab
    3⤵
    PID:3560
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4272 -childID 2 -isForBrowser -prefsHandle 4264 -prefMapHandle 4260 -prefsLen 31163 -prefMapSize 244658 -jsInitHandle 1144 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20b86f7c-56db-4baa-ac40-b26392ed8259} 2504 "\\.\pipe\gecko-crash-server-pipe.2504" tab
    3⤵
    PID:4768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4892 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4884 -prefMapHandle 4880 -prefsLen 29197 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa382151-264a-4914-8b8c-9ad8299c1ee9} 2504 "\\.\pipe\gecko-crash-server-pipe.2504" utility
    3⤵
    - Checks processor information in registry
    PID:5404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5172 -childID 3 -isForBrowser -prefsHandle 5244 -prefMapHandle 5188 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1144 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1fcea73-18cc-4b65-b9ae-dba736a3e6f8} 2504 "\\.\pipe\gecko-crash-server-pipe.2504" tab
    3⤵
    PID:5808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5384 -childID 4 -isForBrowser -prefsHandle 5180 -prefMapHandle 5148 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1144 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ede442c2-8aaa-4d3c-8061-56c4a5bc6d0c} 2504 "\\.\pipe\gecko-crash-server-pipe.2504" tab
    3⤵
    PID:5820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5648 -childID 5 -isForBrowser -prefsHandle 5568 -prefMapHandle 5576 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1144 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37244c61-bdff-4494-bd10-3ce654c83bdf} 2504 "\\.\pipe\gecko-crash-server-pipe.2504" tab
    3⤵
    PID:5832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5572 -childID 6 -isForBrowser -prefsHandle 5988 -prefMapHandle 6000 -prefsLen 27777 -prefMapSize 244658 -jsInitHandle 1144 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b5d8f44-f225-4cf4-8264-3150462580fc} 2504 "\\.\pipe\gecko-crash-server-pipe.2504" tab
    3⤵
    PID:6124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6336 -childID 7 -isForBrowser -prefsHandle 6352 -prefMapHandle 6348 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1144 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {47a04a27-b9ff-4487-b3a9-9ed517b27dfa} 2504 "\\.\pipe\gecko-crash-server-pipe.2504" tab
    3⤵
    PID:3124

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\onffaicf.default-release\activity-stream.discovery_stream.json

Filesize
21KB

MD5
f1fd33214fb04351da13bcc3f3d623b7

SHA1
005a1986f2dc0cccd26c619b582257508eacc70e

SHA256
c819041dddf556884242f13bba5c4ad943075f0b6229d3d51c4729d12f5c4711

SHA512
0741607a0759db3c62e15154e001695a9ccd8864df6c63fb48924fd16c3e3611364055555faaaaf8e98c0d68fc6c3f3347fdbacd143477ddacb24fe237afe1fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\AlternateServices.bin

Filesize
6KB

MD5
523d409f303dcc6177b984c5ee88213f

SHA1
9c91fa29bf7295065b79ca12fb729b76f3dff3c8

SHA256
7be4eee69a9b98df23796657bdc2e87889e26c9038ccb6dfa19b4f5eaa4c358c

SHA512
252f13613d7c7cb6c87283f5a232312b34a5ca8261522bdec3ba72d67cc783774d19fe193051323ecd84ce8c220ec3957c67b4159d1917dfd380bb9ff99b7825

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\AlternateServices.bin

Filesize
8KB

MD5
87c5927f31fba894d56595f46a1a6b4a

SHA1
8261396a398aa9c1431b47df72439898887c8851

SHA256
cd706bf6d5dfb395f5d2823c849cff54d45ab6ea72249f578f1d13825caf2ae6

SHA512
7f50032d7d540a7bb8e676680575e6da1d71b7076c0282c6dc4240fad3155bde2cbd9c73ffb75bca5a1f16dd202df12add967bc856cab919490804f277988396

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
8ad02ef4ea5480c276c5f5201da43e89

SHA1
772f1c0e7031cadd4bd6a8c06ef0becd31130af6

SHA256
b06d73070e4af2593ac344fe631e0feb858648791a933abadce7c62a5fee3c97

SHA512
0812915af1a3a77bf9b65f8b425712b13b1fcc21d1046abe0fbcf0ed3d089fa1988c24934ec28f91a365a3b29da66bb7f1ce9828cbe17114206ab99427d3af52

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
93fb723ad1d7bd2b9fc880e3e13d8e73

SHA1
efd595c067bedbe1de6c378e35aea6b42cc8b4a3

SHA256
db52fabd00cc6185c81b46bcde7585373756ad2e1a592f9a217ab85982a77872

SHA512
9eb25cabe8330a974b028cc28c7da7289da6781e504103fd321328d3c2ec26133fb8bbf15916afdb5b7fbd3eccb212e65d7ba17706a127bbe42ee120c672b6cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\pending_pings\668a7cec-5125-4cb5-97a0-5b16353efe6e

Filesize
671B

MD5
e2326ca3be88b30a83fa8156d7dcaf4b

SHA1
3684efd294df9b9724ab4a664aae086fd4e84fd5

SHA256
0212abc807dff71f78e49d6b8a04b66bf44b0a8a09089cd440c5be89e6271172

SHA512
55d12b3336e5f883ecc562396f9279821612e692b493ca47b0b307e2b72a795637262153629fb8aa3d33e1150f32ddc53429651c042cd72cf1d99fddee9abdcb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\pending_pings\6a249a7c-f85a-4746-9cd6-a219ea2e8c4d

Filesize
982B

MD5
6db76f3eed08024a934bf90232e199e0

SHA1
ca03ca6eda872e67c65d2f092d56b33ab56f8178

SHA256
3e0301fbfd7c14f199cfd06fdcf51db43ddc1c6fba468acb0576eac40fbfb445

SHA512
faa7ff3aa366181814daf5f5dbdb90a4bfd9304492d458e5140d532460141bc8f127224edffff845c065c7cd1175de86842874bdef050b79716e86f2045a0e5f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\pending_pings\9e8a3220-9f24-49b9-9d90-07945433eac6

Filesize
27KB

MD5
e3f7a58eecd07d8364588b006ada952b

SHA1
e36ec94b4b71911d7961c9ebd146825369f7caee

SHA256
78b5b55064a4873f0485ad9d3951dc8ecd12862e3c79382bbb6f9966d14a495d

SHA512
5eec99788b087756d3c127d525a43385b27862b4a791423564efde0f1c7b2f20956b18d964a60c729af1e4ef1e848030311fc5cf25934d787a3b583270524554

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs-1.js

Filesize
12KB

MD5
07bb90ccfc4598d1ca2022b0faac2542

SHA1
a5267002a8e2381139a7f15c5e1a720af0c972be

SHA256
6978611954631c9e423b5b8185a38c4f3b7223a1f2d619a96c735d3a8abf8cab

SHA512
8af2bd790318b9f3827a3d8a4b48443ec2b6eb1e727e873ea63cd2e43d445c5e28147ee996a07e874fdfe0b31bcc3b4b71196f56908609023f13dcbad08b9cab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs-1.js

Filesize
11KB

MD5
d953ec16a765962409071d126a1bbde6

SHA1
39141ea9b40a2d60027f59aff417588aaecba5ea

SHA256
9e7d6d2310f83dda1681b7f38d7f754b65e013c82aba310ac972436f81f5e76d

SHA512
65126311023382df4a1e885c120e36ff9751de8d9c40520862bea76621a3b8821d5b464e228bc522c8470afccf07e732aae26612f51e3ec7c02c68b26b7d2d2d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs.js

Filesize
8KB

MD5
867641e3a744057e5f2eef74c9ace009

SHA1
08f5a89166e8e245282dfae6c5e5c97c88610c9c

SHA256
d61f207a5896a47e5b508865244dc52a7056d0a796e48679d5e6b8774ca14b02

SHA512
34d3c55fc6b6c6f6c469c6c9e804332ad46083686ec1411c6d8377ae1d71edbeb1560785b17639e3c944d7411bc2c34815188135e29f8b7c26d3aeb6e307cf87

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs.js

Filesize
11KB

MD5
6142c16e385e13ff23a8639595f0099b

SHA1
134e12a05aebfb47febd58da6b168649e169c882

SHA256
038cff0c336749e78294ac0aca1ffa3aa62b605f78144fe69e97a2f40da54a49

SHA512
cb65936cdacbd49f077ff994ee83bf84554342d0f22034f3e81c55c68135a0cb5bfeb34666c9c8d51428b4e9a2288af53be2bb2cad828d48d5620d98f5a245ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs.js

Filesize
11KB

MD5
64148d1dbc2b6920a4d27fb048cf76e3

SHA1
9a5f530a71be1d1a9f9a61c9fc57ca4062487be3

SHA256
edeffed96bb60e53c3a82cae3ab0ac304802696da1b88249f6ebe0fe98e65dc7

SHA512
f4d26a2efdd9b1d55729b630b312fe8ed4f223a923f48509101abb229ff6f4a3bc5ecd9b22da3bcc4d800ea37ea177aba58533136d12289a527d56ceced8854c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
c5ea379325b33d3e57620797721e8ddc

SHA1
bdce8f3a859faa4b70ed30077fbcab80b2329336

SHA256
10db0f09f68ef8a726f586b6b185154edfc55ca0f4cee812b751d64ac0b4a2da

SHA512
39aa0892c19565657c715714a9adf1e70539521d389d46ca92c25643057ea1f504dc5fa3dae3ff7efdf4e66fbca6982591e6af4aa03f5a53d3a45435d5ce6bf1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\sessionstore-backups\recovery.baklz4

Filesize
61KB

MD5
2153e53faf44bf34f276aae98fa006dc

SHA1
87af557b95797fac9810d38fc13fcc86164380f5

SHA256
3843f6790c875d4207180074907e5955d88e4d43656933733ff53f8504a5c4c2

SHA512
6b7f74e90d6f26e88a4669b4a95c8ed0a4004518e1f0ace06ff407ac4a8e4e491f8907f8a91cec4edfd64c83eb001613b7edce914ee611dbebb9254ec5e1d0c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
220f3b2099163e3a79f3ce403853ecc5

SHA1
c7b8e9680a39729478bf98d9c730871169a5a6b2

SHA256
2f1cb8489d664d337b347c915ca7c6a6f9ad476d47fe41189846bf0d1e278173

SHA512
95c6700c46b0b0b5e9f932b02ca1842583ce530df8260abb2a9466f897ccdf002f2e08fade13a74b557a0f140b0ffce59b921a1139783ee1d78bc49f21b52083

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
1182c9a7daeb920cb6cbe3435efe9114

SHA1
3fec075e63b629370f9028bf56aa8cd95e091b7b

SHA256
c76db2b35ee2c6aa7e95b36ebdbe758762fd0803dcf1bb8cf8bbaca36767706f

SHA512
ab28ac047748776e32ab2a4656e18a262dbf24b38d75e023ae387d66ff5a2fa09b3541612eae16dee20310658b388173058ffe98f20a84a8cc2e0910564226aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\sessionstore-backups\recovery.baklz4

Filesize
58KB

MD5
cfe6af3d96d2d7249cc144eb053fad15

SHA1
da1fa5c6886d36671a1f15acb6a3c0b3c7609ee9

SHA256
922f1dae00e2623c17e21debda915debbb997b1517e25e1cb1939dd3486d2aa5

SHA512
aace3fa6edf8f57a2b1ed39957fb18300c11f9e1e48a1e7acbe165fb61e3488a8cd33d5053666e9a4249f0592add0995c03caa1c650fbd8e07fb98371e154463

Download Submit
memory/712-540-0x0000024605C50000-0x0000024605C51000-memory.dmp

Filesize
4KB

Download
memory/712-544-0x0000024605C50000-0x0000024605C51000-memory.dmp

Filesize
4KB

Download
memory/712-545-0x0000024605C50000-0x0000024605C51000-memory.dmp

Filesize
4KB

Download
memory/712-547-0x0000024605C50000-0x0000024605C51000-memory.dmp

Filesize
4KB

Download
memory/712-548-0x0000024605C50000-0x0000024605C51000-memory.dmp

Filesize
4KB

Download
memory/712-549-0x0000024605C50000-0x0000024605C51000-memory.dmp

Filesize
4KB

Download
memory/712-550-0x0000024605C50000-0x0000024605C51000-memory.dmp

Filesize
4KB

Download
memory/712-546-0x0000024605C50000-0x0000024605C51000-memory.dmp

Filesize
4KB

Download
memory/712-538-0x0000024605C50000-0x0000024605C51000-memory.dmp

Filesize
4KB

Download
memory/712-539-0x0000024605C50000-0x0000024605C51000-memory.dmp

Filesize
4KB

Download
memory/4408-7-0x00007FF9EC4E0000-0x00007FF9ECFA1000-memory.dmp

Filesize
10.8MB

Download
memory/4408-14-0x00007FF9EC4E0000-0x00007FF9ECFA1000-memory.dmp

Filesize
10.8MB

Download
memory/4408-0-0x00007FF9EC4E3000-0x00007FF9EC4E5000-memory.dmp

Filesize
8KB

Download
memory/4408-3-0x000001ACE6480000-0x000001ACE653A000-memory.dmp

Filesize
744KB

Download
memory/4408-4-0x00007FF9EC4E0000-0x00007FF9ECFA1000-memory.dmp

Filesize
10.8MB

Download
memory/4408-5-0x00007FF9EC4E0000-0x00007FF9ECFA1000-memory.dmp

Filesize
10.8MB

Download
memory/4408-6-0x000001ACEA090000-0x000001ACEA098000-memory.dmp

Filesize
32KB

Download
memory/4408-2-0x00007FF9EC4E0000-0x00007FF9ECFA1000-memory.dmp

Filesize
10.8MB

Download
memory/4408-8-0x000001ACE6A20000-0x000001ACE6A58000-memory.dmp

Filesize
224KB

Download
memory/4408-9-0x000001ACE67D0000-0x000001ACE67DE000-memory.dmp

Filesize
56KB

Download
memory/4408-10-0x00007FF9EC4E3000-0x00007FF9EC4E5000-memory.dmp

Filesize
8KB

Download
memory/4408-11-0x00007FF9EC4E0000-0x00007FF9ECFA1000-memory.dmp

Filesize
10.8MB

Download
memory/4408-12-0x00007FF9EC4E0000-0x00007FF9ECFA1000-memory.dmp

Filesize
10.8MB

Download
memory/4408-1-0x000001ACCA5C0000-0x000001ACCA5E8000-memory.dmp

Filesize
160KB

Download