549623f23dcbdd8abe55f8fc7af9d199e4595a89146eacc2a3dcd8399bc6c569

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
18/08/2024, 08:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

549623f23dcbdd8abe55f8fc7af9d199e4595a89146eacc2a3dcd8399bc6c569.exe
Size

1.2MB
MD5

d84d4c3c2c02cf897a5087a3e1fb9f87
SHA1

844614cfa62007cff0519012dea2e695f609cc6e
SHA256

549623f23dcbdd8abe55f8fc7af9d199e4595a89146eacc2a3dcd8399bc6c569
SHA512

10e65096d0026fe143d8cd4e07b7e88658c122b47de27a7583f126d8741e244c6a35fd8ef7d6ae6680a4653438eedc7bc8e564ae5ed2010c7c9671a5d2f64278
SSDEEP

24576:S6zyxJcPpHciLY5FuiTxIpfVjZekDINpSestRFXn63uY1Nax4adF17Ltqtsyt:Ss6cW8Y5keIpfVjZetwU3uwGBdDL8r

Score

9^/10

credential_access discovery stealer

Malware Config

Signatures

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003

AutoIT Executable 4 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral2/memory/4584-3-0x0000000000400000-0x000000000052D000-memory.dmp	autoit_exe
behavioral2/memory/4584-5-0x0000000000400000-0x000000000052D000-memory.dmp	autoit_exe
behavioral2/memory/4584-7-0x0000000000400000-0x000000000052D000-memory.dmp	autoit_exe
behavioral2/memory/4584-8-0x0000000000400000-0x000000000052D000-memory.dmp	autoit_exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3540 set thread context of 4584	3540	549623f23dcbdd8abe55f8fc7af9d199e4595a89146eacc2a3dcd8399bc6c569.exe	83

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	549623f23dcbdd8abe55f8fc7af9d199e4595a89146eacc2a3dcd8399bc6c569.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2536	firefox.exe
Token: SeDebugPrivilege	2536	firefox.exe
Token: SeDebugPrivilege	2536	firefox.exe
Token: SeDebugPrivilege	2536	firefox.exe
Token: SeDebugPrivilege	2536	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe
4584	RegAsm.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2536	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3540 wrote to memory of 4584	3540	549623f23dcbdd8abe55f8fc7af9d199e4595a89146eacc2a3dcd8399bc6c569.exe	83
PID 3540 wrote to memory of 4584	3540	549623f23dcbdd8abe55f8fc7af9d199e4595a89146eacc2a3dcd8399bc6c569.exe	83
PID 3540 wrote to memory of 4584	3540	549623f23dcbdd8abe55f8fc7af9d199e4595a89146eacc2a3dcd8399bc6c569.exe	83
PID 3540 wrote to memory of 4584	3540	549623f23dcbdd8abe55f8fc7af9d199e4595a89146eacc2a3dcd8399bc6c569.exe	83
PID 3540 wrote to memory of 4584	3540	549623f23dcbdd8abe55f8fc7af9d199e4595a89146eacc2a3dcd8399bc6c569.exe	83
PID 3540 wrote to memory of 4584	3540	549623f23dcbdd8abe55f8fc7af9d199e4595a89146eacc2a3dcd8399bc6c569.exe	83
PID 3540 wrote to memory of 4584	3540	549623f23dcbdd8abe55f8fc7af9d199e4595a89146eacc2a3dcd8399bc6c569.exe	83
PID 3540 wrote to memory of 4584	3540	549623f23dcbdd8abe55f8fc7af9d199e4595a89146eacc2a3dcd8399bc6c569.exe	83
PID 3540 wrote to memory of 4584	3540	549623f23dcbdd8abe55f8fc7af9d199e4595a89146eacc2a3dcd8399bc6c569.exe	83
PID 3540 wrote to memory of 4584	3540	549623f23dcbdd8abe55f8fc7af9d199e4595a89146eacc2a3dcd8399bc6c569.exe	83
PID 4584 wrote to memory of 5052	4584	RegAsm.exe	85
PID 4584 wrote to memory of 5052	4584	RegAsm.exe	85
PID 5052 wrote to memory of 2536	5052	firefox.exe	88
PID 5052 wrote to memory of 2536	5052	firefox.exe	88
PID 5052 wrote to memory of 2536	5052	firefox.exe	88
PID 5052 wrote to memory of 2536	5052	firefox.exe	88
PID 5052 wrote to memory of 2536	5052	firefox.exe	88
PID 5052 wrote to memory of 2536	5052	firefox.exe	88
PID 5052 wrote to memory of 2536	5052	firefox.exe	88
PID 5052 wrote to memory of 2536	5052	firefox.exe	88
PID 5052 wrote to memory of 2536	5052	firefox.exe	88
PID 5052 wrote to memory of 2536	5052	firefox.exe	88
PID 5052 wrote to memory of 2536	5052	firefox.exe	88
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89
PID 2536 wrote to memory of 328	2536	firefox.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\549623f23dcbdd8abe55f8fc7af9d199e4595a89146eacc2a3dcd8399bc6c569.exe
"C:\Users\Admin\AppData\Local\Temp\549623f23dcbdd8abe55f8fc7af9d199e4595a89146eacc2a3dcd8399bc6c569.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3540
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:5052
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
      4⤵
      Checks processor information in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2536
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1992 -parentBuildID 20240401114208 -prefsHandle 1920 -prefMapHandle 1836 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c5c6622-7970-4931-850f-6573bae99e32} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" gpu
        5⤵
        
        PID:328
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2669139a-8e35-4e77-a008-4fd1c6df0ac6} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" socket
        5⤵
        
        PID:4484
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2836 -childID 1 -isForBrowser -prefsHandle 2916 -prefMapHandle 3308 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {654d8d6a-d16f-4155-999b-b96f1fa8226c} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
        5⤵
        
        PID:1920
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3712 -childID 2 -isForBrowser -prefsHandle 3704 -prefMapHandle 3700 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0bd789fd-cabb-4177-b891-5372fbb8ebb2} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
        5⤵
        
        PID:4304
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4792 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4736 -prefMapHandle 4680 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {84ea49cf-cb0a-4cb8-b380-bbcfd1886137} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" utility
        5⤵
        Checks processor information in registry
        
        PID:864
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5252 -childID 3 -isForBrowser -prefsHandle 5228 -prefMapHandle 5208 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d2f4cc9-8a96-4aab-9960-e73dbd7a090a} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
        5⤵
        
        PID:3104
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5408 -childID 4 -isForBrowser -prefsHandle 5416 -prefMapHandle 5420 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b8d7a61-d1e4-4f85-9001-41af9dd3872a} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
        5⤵
        
        PID:3576
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5624 -childID 5 -isForBrowser -prefsHandle 5700 -prefMapHandle 5696 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a0c43c0-137a-4ea9-80b3-8d9d23973e29} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
        5⤵
        
        PID:4200
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6248 -childID 6 -isForBrowser -prefsHandle 6128 -prefMapHandle 6272 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {844f2fa5-0cca-4de7-a835-0fc16e7bc4f6} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
        5⤵
        
        PID:3132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r5m741b5.default-release\activity-stream.discovery_stream.json

Filesize
33KB

MD5
de45ae4c89481c64a6e9816d210ad062

SHA1
c5fc5f8736a173348f59f1434a9ed875634143aa

SHA256
4d30513789b15f4b2459df24f4645478f4c998b354596a90136a4bd8480a1415

SHA512
3547fd45ff2f7fdaa9cba91079360fd10f6b921e01cd5f240d166688bd1b3c3c3b3e3e7b75c5096b7e8a390e8ae79ae74634a0456ca1af9abd96e2999c938123

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r5m741b5.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B

Filesize
13KB

MD5
f2e61a51b5bed9512520f530f613201f

SHA1
3c41c38b9e87e17a19689dbd6ece46dc8a798e83

SHA256
bc4234ed681a655373fea7fb0fa7a42a555b0a24fd13431f09ff63101c3b75f1

SHA512
d75a504adb777f5f3cd1b51a6d34da72f3d42f45bd04a83271c6d3cc05f55a5d7e8d4ccafb90e18b3e131f1e11c93524268fad47faed6b40145b26dcd5627a39

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\AlternateServices.bin

Filesize
16KB

MD5
d6df1ecc7fa9a93b2bff73104e4d76e0

SHA1
66ddc2e1e18c2726252a0d00a66b70c9aeb1af09

SHA256
8e99803d6425bcde242fa9194bd07d8fb1310378ee2cf784b00430046ce4461a

SHA512
552aaeed81ead0970ca17b764620544f3ea9f72901eed3472cb66e6387391a16fbe5bc5994d4031162102f04f49fca38eec775f460afae4d475c0f40e65f54c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\AlternateServices.bin

Filesize
10KB

MD5
6faebc25580fe957da76bd9f8ef15523

SHA1
69f3376197baf6318da5ccad6d4d9c10b2da7539

SHA256
dccdc38e3dcb0d5ae6066ef1f0f799a8c3f93c3ac81137f121114b388bfe7d23

SHA512
3414bef2a89eecef2a6687314e116204fe8eaffa7183d3488817fd0a1284b839ab7edf1178aacbaf17a27f3dce6214063e6de7bb6e12d8a098b7ea9cd67d2b98

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
bf5211a94218a3bd46fda6a87c0b24cc

SHA1
33e0869205ad748c2af9ac804ebe5546f6f55ab0

SHA256
213b6ebfdad607ecb077fa79f42cecb7aca414203eb7b92fb896e25a49aad380

SHA512
b845244c0777969fae2e97273c1b249d002080543f37bf55475ae2840ae10d50a2af717834aaa969405f7dda26b40e9f0ae9dcb1cddf9ec6354b793cc61fd97b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
d48abd452c64b3ac20cf0ca7b4971452

SHA1
16a6f4ac92f516cfacc0c20e2508b50e9bede809

SHA256
94f7c379208c2cc07ff9a1042cc45041096ca2eb5d55cf840915c5f948709305

SHA512
b99075cb4bbe0265c6f64f6e4fa361caa9033c9b7e04d312980f8b76f2c5c64ead78b4a4e71b607e2441f6b4a372f38c9c1665c4b6d0640f4ca4711b45e7f08a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
483b6853838645b19e38302a723dcdc0

SHA1
ff17603f166b8b532af726ca129aff7ee1df69cd

SHA256
0e62b75fb14724d087f23f24d7aceb265e0a18cc963d6f8c6499ade94ca213d5

SHA512
d3767e83e068cff63d49da95ba0ce92a4969ca4636648959bd5901abf88988040dd498bc45562cdf42ea8b9c8f4226410879ae2dda363b1e01bda83a9aed80d8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
fd3ed0696556fe017cd92f2b385be101

SHA1
00ffc586229bb8fbdef2546289518058fecb9d3b

SHA256
75415b8ed84b834055f2d3f864cd7367ce32fc9837a89ae50a20d4ba9a5fc4f4

SHA512
7dfc7a5475c7015d98053325aa380247bbb1cf92802dcec78f611ebfd3af344fb9693b9a08c8d965214e7d8a978f58561e2cb56dcf6c3c13cbb8d8b5083ec436

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\datareporting\glean\pending_pings\1fa49b58-f7de-4540-ab10-eef7ec9978d4

Filesize
982B

MD5
54af1f02b4eb5fc6048c8dacd1dcaccb

SHA1
208ba94723728613ee0bf555e6f2bf0690e6425a

SHA256
540286aafce902cdda597b060bdbca853e4e3dca6931e48e287c390ea39a2999

SHA512
352db86e2e7eb081ae8e3b9ddb4f8d5a9fb702b7a77369ae7c9e71fac166976fc7f771fc6a67a02237f8bc5e88552a0711136048c8193c9d5052a1ed918b6e83

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\datareporting\glean\pending_pings\24d00bad-8e61-49f9-b222-892028c750b8

Filesize
671B

MD5
be95b2443ea07048765c73a8778c528e

SHA1
0f5e9525592979f5b0dd436feca6f75f6374b417

SHA256
b6f444bb9de1ee6f5f77e3025a23da9390b0874aaaf767552fdb81a4c2a517f8

SHA512
70d83db1b01a272e0755e25c635b886105966759c10fbe0e857e5f2cd44ae449b04a30a150576b89232ef839d03018922fd39667c1543ab563ec035cf1259d08

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\datareporting\glean\pending_pings\dfead465-b6cc-40f6-9ff5-bbf1ab6dd51b

Filesize
24KB

MD5
ebe22f287d6ce90f0768d1e41470cf14

SHA1
32262f78f991356e5b9a5bc9858f520f9c954730

SHA256
e653b09be882b72cb528d347866831d9047b903095b7a2a753f22ed9d7e99045

SHA512
8a1bb152757c83c1028304f2727ddbd24bc2d128711719cf20161570b5b1d0590acf9c6426603a8fa35fd549f2ffa99abc74612e4925d4ebba5d01c9330b6642

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\prefs-1.js

Filesize
12KB

MD5
f7164498a8be9494b1c9678a80cd4dd6

SHA1
1ead7628d0da363a67c99b4206204b1c91056312

SHA256
dfdf9f2adf25bc6c00ed901612927deafa20b3c697e9246286cac61b13b51183

SHA512
963b2cc4e560983a0155832ca6e3c2270f195390e169ff73bc161dc06913a186a73e45317b29474ed2bc35d027c6de1ab027d80aba7bb97bdc764193212b6058

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\prefs-1.js

Filesize
16KB

MD5
dd34d0959ed555ae89fa07b3f36fb0fd

SHA1
b94727649b93f853907e6bdfcd960589ef2f5c05

SHA256
de61504c9152fe665ce24a040bedf1e3d022ab96f62dda64e09b0cd52a35cf3d

SHA512
60bfdd3416739af003d8a4d3b7f00057c409cbd8151db1e71bbaa0b8cd41cdb867d724b9c135a2356340a128cc71fdf0adb5fa0cbf7e75f2291c9f7c27aa7c23

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
0156e93263d09abdf6a56fa8ebb2a018

SHA1
1e6fcbb895a7cdbc41f3229cadfaee93e481b259

SHA256
9b596d692c0d40fd1e9451bc12b9876cf522c420e6a31016fe17467dd2dc3a18

SHA512
ad634cd4fa8781fec3b1c4afd3a28ae78e54c23a88fcc5e771a9f1acf7bb669aac51a9efaa1f1eba64f9cab3d048f35877add184b90af30e84fc4f0564702c03

Download Submit
memory/3540-9-0x0000000074680000-0x0000000074E31000-memory.dmp

Filesize
7.7MB

Download
memory/3540-347-0x0000000074680000-0x0000000074E31000-memory.dmp

Filesize
7.7MB

Download
memory/3540-0-0x000000007468E000-0x000000007468F000-memory.dmp

Filesize
4KB

Download
memory/3540-1-0x00000000000C0000-0x00000000001F0000-memory.dmp

Filesize
1.2MB

Download
memory/4584-7-0x0000000000400000-0x000000000052D000-memory.dmp

Filesize
1.2MB

Download
memory/4584-8-0x0000000000400000-0x000000000052D000-memory.dmp

Filesize
1.2MB

Download
memory/4584-5-0x0000000000400000-0x000000000052D000-memory.dmp

Filesize
1.2MB

Download
memory/4584-3-0x0000000000400000-0x000000000052D000-memory.dmp

Filesize
1.2MB

Download