463bef1a5e059c9ad7e46e7e71f580d36335b0ac7fd3cbb165d88ded95cc5320

Resubmissions

11/08/2024, 16:49

240811-vbshgaxhqn 7

11/08/2024, 16:43

11/08/2024, 16:43

11/08/2024, 16:37

11/08/2024, 16:36

11/08/2024, 16:33

Analysis

max time kernel
329s
max time network
329s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
11/08/2024, 16:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8b1ca6608cf833fa62650ec0ab9310d6_JaffaCakes118.exe
Size

23KB
MD5

8b1ca6608cf833fa62650ec0ab9310d6
SHA1

f9587d784e3dfdbbd2779b5236ce95cfa750eafe
SHA256

463bef1a5e059c9ad7e46e7e71f580d36335b0ac7fd3cbb165d88ded95cc5320
SHA512

934b6b38d813777ba0fb733e588ef4af5718bbe00ee401253952b66b3f6a154f1e570408b1c2cf820cf4c9d5085b12172fda577345f242bfda8881c4454ebd45
SSDEEP

384:J5EhiDq9F5KRvhZfqic+hOzAaXNHpOukAaCNoNLFlZgM+GPCc/k1:JGUq9vKxhZfA+hOzAadJOxCNoTlZgM+T

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2296-0-0x0000000000400000-0x000000000041D000-memory.dmp	upx

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8b1ca6608cf833fa62650ec0ab9310d6_JaffaCakes118.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2464	chrome.exe
2464	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeDebugPrivilege	1816	firefox.exe
Token: SeDebugPrivilege	1816	firefox.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
1816	firefox.exe
1816	firefox.exe
1816	firefox.exe
1816	firefox.exe

Suspicious use of SendNotifyMessage 35 IoCs

pid	Process
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
1816	firefox.exe
1816	firefox.exe
1816	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2464 wrote to memory of 2840	2464	chrome.exe	31
PID 2464 wrote to memory of 2840	2464	chrome.exe	31
PID 2464 wrote to memory of 2840	2464	chrome.exe	31
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2744	2464	chrome.exe	33
PID 2464 wrote to memory of 2700	2464	chrome.exe	34
PID 2464 wrote to memory of 2700	2464	chrome.exe	34
PID 2464 wrote to memory of 2700	2464	chrome.exe	34
PID 2464 wrote to memory of 2764	2464	chrome.exe	35
PID 2464 wrote to memory of 2764	2464	chrome.exe	35
PID 2464 wrote to memory of 2764	2464	chrome.exe	35
PID 2464 wrote to memory of 2764	2464	chrome.exe	35
PID 2464 wrote to memory of 2764	2464	chrome.exe	35
PID 2464 wrote to memory of 2764	2464	chrome.exe	35
PID 2464 wrote to memory of 2764	2464	chrome.exe	35
PID 2464 wrote to memory of 2764	2464	chrome.exe	35
PID 2464 wrote to memory of 2764	2464	chrome.exe	35
PID 2464 wrote to memory of 2764	2464	chrome.exe	35
PID 2464 wrote to memory of 2764	2464	chrome.exe	35
PID 2464 wrote to memory of 2764	2464	chrome.exe	35
PID 2464 wrote to memory of 2764	2464	chrome.exe	35
PID 2464 wrote to memory of 2764	2464	chrome.exe	35
PID 2464 wrote to memory of 2764	2464	chrome.exe	35
PID 2464 wrote to memory of 2764	2464	chrome.exe	35
PID 2464 wrote to memory of 2764	2464	chrome.exe	35
PID 2464 wrote to memory of 2764	2464	chrome.exe	35
PID 2464 wrote to memory of 2764	2464	chrome.exe	35

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\8b1ca6608cf833fa62650ec0ab9310d6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8b1ca6608cf833fa62650ec0ab9310d6_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7db9758,0x7fef7db9768,0x7fef7db9778
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1276,i,12521979066465459296,7204693699096479144,131072 /prefetch:2
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1276,i,12521979066465459296,7204693699096479144,131072 /prefetch:8
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1276,i,12521979066465459296,7204693699096479144,131072 /prefetch:8
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2292 --field-trial-handle=1276,i,12521979066465459296,7204693699096479144,131072 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2324 --field-trial-handle=1276,i,12521979066465459296,7204693699096479144,131072 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1400 --field-trial-handle=1276,i,12521979066465459296,7204693699096479144,131072 /prefetch:2
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2192 --field-trial-handle=1276,i,12521979066465459296,7204693699096479144,131072 /prefetch:1
  2⤵
  PID:808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3676 --field-trial-handle=1276,i,12521979066465459296,7204693699096479144,131072 /prefetch:8
  2⤵
  PID:1684

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2676

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1356
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1816.0.2029385508\1465937828" -parentBuildID 20221007134813 -prefsHandle 1116 -prefMapHandle 1084 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {90cb7f28-7261-4260-ac2b-5b78a4a08ae5} 1816 "\\.\pipe\gecko-crash-server-pipe.1816" 1252 106d7e58 gpu
    3⤵
    PID:1804
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1816.1.1046856517\250696593" -parentBuildID 20221007134813 -prefsHandle 1476 -prefMapHandle 1472 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7768fa1e-aa8d-48e0-a967-a97b95808c14} 1816 "\\.\pipe\gecko-crash-server-pipe.1816" 1488 f5ee758 socket
    3⤵
    PID:584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1816.2.1280336734\916975068" -childID 1 -isForBrowser -prefsHandle 2076 -prefMapHandle 2072 -prefsLen 20966 -prefMapSize 233444 -jsInitHandle 640 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb05742c-866e-4af7-92a2-2344ede1a7af} 1816 "\\.\pipe\gecko-crash-server-pipe.1816" 2088 10663a58 tab
    3⤵
    PID:2552
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1816.3.711552577\1432871289" -childID 2 -isForBrowser -prefsHandle 1860 -prefMapHandle 988 -prefsLen 26151 -prefMapSize 233444 -jsInitHandle 640 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9be1cc8-0de4-4fb4-b476-448538b39173} 1816 "\\.\pipe\gecko-crash-server-pipe.1816" 2432 f5efc58 tab
    3⤵
    PID:2664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1816.4.1073804562\1122012486" -childID 3 -isForBrowser -prefsHandle 2464 -prefMapHandle 2472 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 640 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {29ebfbde-a36c-40a4-a8c7-6ed525a07513} 1816 "\\.\pipe\gecko-crash-server-pipe.1816" 2496 1c1f9758 tab
    3⤵
    PID:840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1816.5.2022897413\392060568" -childID 4 -isForBrowser -prefsHandle 1688 -prefMapHandle 3812 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 640 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e5871d5-54a7-4f7b-a041-55bb7e160bee} 1816 "\\.\pipe\gecko-crash-server-pipe.1816" 1096 d5fb58 tab
    3⤵
    PID:3644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1816.6.2140470322\954386581" -childID 5 -isForBrowser -prefsHandle 3984 -prefMapHandle 3988 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 640 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a05d9cb5-9486-46ae-a8be-63f830b92734} 1816 "\\.\pipe\gecko-crash-server-pipe.1816" 3972 1f150558 tab
    3⤵
    PID:3664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1816.7.895428658\475509909" -childID 6 -isForBrowser -prefsHandle 4152 -prefMapHandle 4156 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 640 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {03c568dc-345a-4118-ac30-b9ea50b64586} 1816 "\\.\pipe\gecko-crash-server-pipe.1816" 4140 1f150858 tab
    3⤵
    PID:3676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1816.8.1788777971\1410770409" -childID 7 -isForBrowser -prefsHandle 2468 -prefMapHandle 2500 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 640 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {de885c83-7526-43ac-a735-43dc5e18e75e} 1816 "\\.\pipe\gecko-crash-server-pipe.1816" 2556 f5f0558 tab
    3⤵
    PID:3176

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:3800

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0xc4
1⤵
PID:2968

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
1⤵
PID:3304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4886ef16-232f-40bb-a444-7cb51a15b939.tmp

Filesize
5KB

MD5
c78dccc00486e65cbe8b22451f97fa21

SHA1
d8adf37db87bfbe3e149bdb0ba54ecbc1bd3df2d

SHA256
aee444e6bdd1202de124ac36765e08bc0d1d4bbb0e6f85aeea9742acf8ea414c

SHA512
bf46401375f31a4edae2083cc7d4ed43fe5e849f84017411cfe1a6aaadd64eb50c885c92cc1f47a7311b867e2899c6dec74bf57edd3b1497a419e9d7637af00c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
b634b0f1bf9ff38df8a4a7f94780c001

SHA1
cb1fcc7a862fae5907cdcdf5231c50f3a4138114

SHA256
503dfe6e6b74ab243c760d3fd0645c302fb8f967ab40aa473f1d71f43c419d6e

SHA512
fb120777e839c962fa43670d6d3c0479b19774fef1a7826047554925d0daae9fae1bc6a3db917e9d7570a6023d7f97ac6432949b96a0deca91073bb31f060638

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7538b68bfd5821d0e60bcab148fb4830

SHA1
51586723b9e6d667f0c20a3089ac48b1c51a921f

SHA256
1fead43ce7ba5d4da064da3b968111d7598664d7cf90f937dd66c21aaa90185a

SHA512
979d673b0c2799cce2f7849d70bb7387881ed3e5e93c88e2d73a9476aa745673abda2d3733d0b9d5f23a1d9cb8edb908e2e655e36aa200f39a74e4cb0e012bf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
986B

MD5
e98f35c230c10fdf84f3f9064b759984

SHA1
dffe320061e8c384700a09ad002372071b19ff90

SHA256
197c65c415d25d36d8e9adfe5c0683e90ad7fbfb7194689a69df0ee53d346e28

SHA512
5c490f2a4ce4218f016f73561921514922f2fbc226595be54441a08af6cee088c86efdedbcbb186e89035f3ef91281f44412295dfbdcee016cf3a58d8604f6d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
019d2984401bf652b3d959ef538caef1

SHA1
6584e64d39e6912e654b535a76d0c4000fc99f42

SHA256
c4845ea0bcdefa0031e65f747c29d08856cc20ba6be200c9feab81d0cbb46f4a

SHA512
deea3140c4e9502badf9e1cb7d4e7367118146e4f85cd65f077edefc35e4b491a7b260ed07b58e80660b227de9d8e2296df0ff0b3b6099cc65eb4cbcd509275a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
02fbccb5f959c2cbf6327df74a733333

SHA1
6f5a52fed344aaec8ae6ee03d040a8249b998ff1

SHA256
219f8c7528c881bc833d83e0b79e60eaf190ad4931be4d91028f949bf6cdd858

SHA512
8f3675b056837e25cf8fb1666017c34ea1c021fd0ed99ca1b2cb32e89137ad4914def3a76e5b8165456f11816dcf1633770f528e0ca84aa16b0f734521d7b7ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
76c99a975aa87d9cad1b7f58cd12b2d8

SHA1
ecb80a98ae3738e5e0df7f62a9f7f4c97b58bed3

SHA256
a2125376a14e432424e96d0259716006bd327ba7ebdda284d09c7c5948584b3d

SHA512
005b0584e732cf45a621a6d3aa972234c2e2e206556b93eb10dad61d1b2f118f398c6eccdaf7133cbdab52cd5295892cec05ff70b90054750dda757eb13369eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3a6d0b556e50b3f3c4d588134a269dc6

SHA1
a00480c37cb79ff0af94e7bdc35417a29df76ea0

SHA256
b608c6e4254ee3c5d5f72809d5695b55bb71a0532d189f1d6e71b7abd53d38d2

SHA512
6a35cbcee6f960d5f1d3f42e6cf669daca66f6611a7b372321db232d854d84f33e381d317b4ce0cb921090ee770b77a204f7c8fb77531ce9dc90e9e03bb9ac97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\activity-stream.discovery_stream.json.tmp

Filesize
46KB

MD5
ef46d626e194e2bfa8679f4ce27ad4d7

SHA1
b15db4cf12dcc04596c9233dbe97b4afcaad0463

SHA256
f00e746370a3af1c5ec9764fe5359e1137f407810eb719285648aba22c7d792e

SHA512
dd56b27c86e4e728ab9a6306bc50283d225c1fbcfcde1bdc54b5f0187045c8ff9c644602ea6e59c8acf5f4606a804b69a37575bcc8b7208f53ab300a663d1d7d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\entries\8009AA7615959742DB0E2C888BACB228D61FBA60

Filesize
60KB

MD5
9ef39dbee1185af6268762aa90b9c445

SHA1
5889d7bf0ca323bcd36dae33d7402b44a72d2d2a

SHA256
20a2aaeab3113558e8e724555dd81fc39ad25acd7ac340ed0188584ea36192c5

SHA512
3b85658b528def7cf98f2a6c5528cddd7df275d3bd930c0df9f0a3e887a85a2774800b772bdb921cda6808444bdec0744e5b771e212f3e140d559cd396b4054b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\entries\8999BC8CB7B8114B87D8185D8CE1BBF1E6377016

Filesize
219KB

MD5
0c64f6cd2125ab4a4460a343d972ca77

SHA1
75eaf23621e46e03ec3381f6fc6f10261497bbc4

SHA256
c1ed9c4d0f86d070679a58ae77bc1b84bbe2deaf1fdf65bba6f1be4159dfa714

SHA512
624ec6959884393a006be5a04fed0d92722c6be8987a8bd86cc5734b3be37beba95c4ac1dcac256357c31505afaba65d8e16af065eb96beddbafbeddb4fbcd29

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
7KB

MD5
c460716b62456449360b23cf5663f275

SHA1
06573a83d88286153066bae7062cc9300e567d92

SHA256
0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

SHA512
476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
a388b1558f71954774db620e584b469c

SHA1
64d0d7e8aac130dcc1b1a2c66618e802f782e6d7

SHA256
88581e6e75ffbb807c877d380c8b96a40fe606f8eb898bd4879e7fa2681a5000

SHA512
a01007d7fbc8c50c1245d97ecd28e5aa5fbe36958ba3afea89f0a7fea22bebeac28af9cdb6a361bbb18025dcc6b1193ab28b27038de9587113d1cbc422a73d86

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
98c9cc2c666ac6b2f7b75db0bc61b531

SHA1
950fe62d60acea182d1be87b95081822706ac05f

SHA256
c26485bd1695ecb5c81127e775c873386f4433564839ada555f6ff7139d7ba83

SHA512
e816ab8590be17ffe4bbc5926c07723956c5b32e06e7b16e6e97121ac90f758f94e77be9c2db7d7df4d494df954af5654c5526b056af5bb096533b042f143fd4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
3e8ff49fed469ada06207f9abc61855b

SHA1
472feb26b4c6888186eea9cc5da768e1ec607583

SHA256
146b513712ae9fed12ef9a7dfcfeec3f87e7384b899ef2c92c1c4ef12112a64b

SHA512
8520f050fdb07cb5451ac3f4d9610fd50228d82d8d3c6110dcf718b486e16ace6996f5e357bce6e44312607b4553f2d7d1854134e6296c2c8116e247c71040ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\datareporting\glean\pending_pings\479d3252-b5a6-40af-b1d9-4f253b3d6bd6

Filesize
11KB

MD5
18e75866082ca618f5a80477d1910580

SHA1
5a6f24dcdbac091dfdf8fb947e73eb2109e928d7

SHA256
3cdae1d4d847dac21decadcaff8c1d429ad5a6088a0ec972c05eb5422a7bd5aa

SHA512
117861c7dc3942d74a25fada48cc6779d8029640bdf4a76b3e0922084343b18e229ce436272b47f76b051e868ec62571046ac070b474f529b04ce50fa8a8d9ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\datareporting\glean\pending_pings\acac8c6c-a9b0-4d82-9743-59d4ed1d0f7f

Filesize
745B

MD5
b446e753dd947d5ec2a395dc19e49c46

SHA1
cebe161dfa303756a099308943e742df2f3f58d8

SHA256
3d23ebde649a81a80b8432e6ad7d8cab86cbd8cad544a6fdb7a224cd1a49ae8b

SHA512
f9b2728b65e7921638c77afceeec5d5aa1e959a7ca14ad95a06e9ebc6a24cf6c4d3d0a9588c0bf369f953e1c09cae331ab5b3b316eaabf538202ae7b42c3fed6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\prefs-1.js

Filesize
7KB

MD5
a2986f96787e06507926aa9de12f1b73

SHA1
56cc4b6cbc6b057dee3f5eada2ffd32dddd20286

SHA256
58473f5b2ceb51c1caf11e901aad4dc5bc71d821b2304032e25f76a073492f29

SHA512
a92d50ada3f02c94d4fcd8e9cdab24920f6a8bb51442e433d33ca82cb4653b1fd2bf5ec186aea73834b07481b445b13f70e511042ffc8d9c2ddec3dbc2069672

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\prefs-1.js

Filesize
6KB

MD5
36ad8d1edc4a13aa0c3811c2c8dfa100

SHA1
e66c233aaf99bd9613af8c9c363d738f0fa24033

SHA256
d89e65e561851d0bff5a209068e2f76bc33c9d674f0f9d3f5cc2dfa959fa0f88

SHA512
6c3e44b3304cd64c8fc5995acdd91d0334030038c1f33a9bda4e6ac9d194321f2cb148ab78e185a988dde0956167797b0f6ee0de503246bb71a8e2ccff5f40c7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\prefs.js

Filesize
6KB

MD5
4b3a33ca52f495a94b74fcde374a98ac

SHA1
38afc54c8313ee55e119057f81693c2651d18516

SHA256
1e6490168d846fe4e483f5666502f3c1d44deab0bd38d951fadef3a47d1e0a89

SHA512
14f0df2ca37372ce2ab501a12eaaf1a652439bd660d67f30f050c77399e28e6127dc81b0ce384b245e9e409571177ed4085b2ee32255d23783933da6765d450f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\prefs.js

Filesize
6KB

MD5
81a9f19ab0a5c6643a9cba0874576046

SHA1
c3fdf8c46d14d0ec09a05daa0c9fe3e334b68138

SHA256
ef59ac7b10c577e40036e088e954dcad33ad69eca10a15a3a2fd39924ad723fd

SHA512
7e1c158e4c011c4c49519c492424bb35d47c805aadebb7581efaa371a488bbe7b67767c64cfca8e897d91f188b5210f51f8ad486548f282ec950b0ade78ad992

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\prefs.js

Filesize
6KB

MD5
770212f0ac3b84a502cc49e23ea7a540

SHA1
68fc12da6337858b92e871081471e42a18b92a36

SHA256
fdcd283a9e5e91149f6bf4bfa474a5b806cee85f53409bf86e866d3593d12d11

SHA512
9d8020a177c33c5f9b468825b0eb8455b553e699846250ca61cc363bf57d5b1a98826317ee674b527cc67abd6306478cb8c41b95a84d53bf902c54fd55231349

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
c342fd241dbd8f80e0fe5df343b1e512

SHA1
e917deae40da220819fa616f1d19a10dc7ca1eef

SHA256
17257a871c4cc8fdd0976c873a1a33fcd10edc655cdea2d0a086d92023c303ae

SHA512
2bd914fb92ec85000ab9a5cbcec59b7dce5503e55c2ee55be3d7b9b2d62b272fee27da48ee5f4c26e338f71ddf8ee73b825ea07f1e6362607d7ba2a9bf98860c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
d63ea203af9027c02b9df51a3d01f815

SHA1
0dc4bf7c1479a2e32b72efde61e40e18d3b8ba15

SHA256
c534a2c8abcc7bfdf3b69ba0ed8bc50e7b829d4b7612ec0011b317067e6e0539

SHA512
384e538fe913adabed5e87ad926bac4a1d10027cd6bb8753af4f02e56a778c7b296464c910ed406c07b62abcaaa4382553bd4b4d14edafb70c218003f06659b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
dd95502bec90f4e7c4da570b705eff96

SHA1
0aa90235fe9946ce3a1ccff975d3ac9dd61346b6

SHA256
9c76c8188946edc0c0a8b1296143fbe3f360664acdfcf7b4a6e5bf51e1a1259a

SHA512
23498e2a6eeb9fc12613246fd6d1d15840b900a23d461861161f8a1e593d8bfd2e40a198387f44a7396178036e1a0cabe5b8b53dd15dd27bc5d58163c973f8ed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
0c79e6ce870e83ecc247bde703175a96

SHA1
befa70bc6c267aee784d44e0921240ba99b76100

SHA256
01cfea60a4e06d5050316b999368112a9edd4552606eb8ee8b40f76cd284a842

SHA512
829af947d4f3cd787509e5da2dc6a63d206ef0e0582697550a6da91680cd9bcb798b89bf94386b96cdf5d36037a5f8bae06f133933a1d143bbce3badc3cc5154

Download Submit
memory/2296-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2296-4-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2296-2-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2296-3-0x0000000000400000-0x0000000000404000-memory.dmp

Filesize
16KB

Download
memory/2296-1-0x0000000000260000-0x000000000026B000-memory.dmp

Filesize
44KB

Download