redline | a6d2d1ba6765e5245b0f62e37d9298e20c913c5a33912b98bd65a76fc5ab28ae

Analysis

max time kernel
14s
max time network
16s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
02/09/2024, 11:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RedLine.MainPanel-cracked.exe
Size

633KB
MD5

baf102927947289e4d589028620ce291
SHA1

5ade9a99a86e5558e5353afa7844229ed23bdcd5
SHA256

a6d2d1ba6765e5245b0f62e37d9298e20c913c5a33912b98bd65a76fc5ab28ae
SHA512

973ecb034ba18a74c85165df743d9d87168b07539c8ef1d60550171bc0a5766a10b9e6be1425aea203be45b4175694a489ea1b7837faa3b1927ca019492ccd37
SSDEEP

12288:JhNkz1XpXpXpXpXpXpXpXpXpXpX7t4umBNOuihNynH91xX:J22Mnynd

Score

10^/10

redline discovery infostealer

Malware Config

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral1/memory/2724-1-0x0000000000530000-0x00000000005D4000-memory.dmp	family_redline

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3884	2724	WerFault.exe	80

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RedLine.MainPanel-cracked.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133697486985482535"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
6004	chrome.exe
6004	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
6004	chrome.exe
6004	chrome.exe
6004	chrome.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeDebugPrivilege	4140	firefox.exe
Token: SeDebugPrivilege	4140	firefox.exe
Token: SeShutdownPrivilege	6004	chrome.exe
Token: SeCreatePagefilePrivilege	6004	chrome.exe
Token: SeShutdownPrivilege	6004	chrome.exe
Token: SeCreatePagefilePrivilege	6004	chrome.exe
Token: SeShutdownPrivilege	6004	chrome.exe
Token: SeCreatePagefilePrivilege	6004	chrome.exe
Token: SeShutdownPrivilege	6004	chrome.exe
Token: SeCreatePagefilePrivilege	6004	chrome.exe
Token: SeShutdownPrivilege	6004	chrome.exe
Token: SeCreatePagefilePrivilege	6004	chrome.exe

Suspicious use of FindShellTrayWindow 47 IoCs

pid	Process
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
6004	chrome.exe
6004	chrome.exe
6004	chrome.exe
6004	chrome.exe
6004	chrome.exe
6004	chrome.exe
6004	chrome.exe
6004	chrome.exe
6004	chrome.exe
6004	chrome.exe
6004	chrome.exe
6004	chrome.exe
6004	chrome.exe
6004	chrome.exe
6004	chrome.exe
6004	chrome.exe
6004	chrome.exe
6004	chrome.exe
6004	chrome.exe
6004	chrome.exe
6004	chrome.exe
6004	chrome.exe
6004	chrome.exe
6004	chrome.exe
6004	chrome.exe
6004	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
6004	chrome.exe
6004	chrome.exe
6004	chrome.exe
6004	chrome.exe
6004	chrome.exe
6004	chrome.exe
6004	chrome.exe
6004	chrome.exe
6004	chrome.exe
6004	chrome.exe
6004	chrome.exe
6004	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4140	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 4140	2964	firefox.exe	89
PID 2964 wrote to memory of 4140	2964	firefox.exe	89
PID 2964 wrote to memory of 4140	2964	firefox.exe	89
PID 2964 wrote to memory of 4140	2964	firefox.exe	89
PID 2964 wrote to memory of 4140	2964	firefox.exe	89
PID 2964 wrote to memory of 4140	2964	firefox.exe	89
PID 2964 wrote to memory of 4140	2964	firefox.exe	89
PID 2964 wrote to memory of 4140	2964	firefox.exe	89
PID 2964 wrote to memory of 4140	2964	firefox.exe	89
PID 2964 wrote to memory of 4140	2964	firefox.exe	89
PID 2964 wrote to memory of 4140	2964	firefox.exe	89
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 2352	4140	firefox.exe	90
PID 4140 wrote to memory of 1432	4140	firefox.exe	91
PID 4140 wrote to memory of 1432	4140	firefox.exe	91
PID 4140 wrote to memory of 1432	4140	firefox.exe	91
PID 4140 wrote to memory of 1432	4140	firefox.exe	91
PID 4140 wrote to memory of 1432	4140	firefox.exe	91
PID 4140 wrote to memory of 1432	4140	firefox.exe	91
PID 4140 wrote to memory of 1432	4140	firefox.exe	91
PID 4140 wrote to memory of 1432	4140	firefox.exe	91

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\RedLine.MainPanel-cracked.exe
"C:\Users\Admin\AppData\Local\Temp\RedLine.MainPanel-cracked.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2724
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 824
  2⤵
  - Program crash
  PID:3884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2724 -ip 2724
1⤵
PID:1284

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1908 -prefMapHandle 1912 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {92dbaeec-da15-4932-a00e-95c8e68d7b65} 4140 "\\.\pipe\gecko-crash-server-pipe.4140" gpu
    3⤵
    PID:2352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2400 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67011fc8-7611-4c26-a900-ba4087378564} 4140 "\\.\pipe\gecko-crash-server-pipe.4140" socket
    3⤵
    - Checks processor information in registry
    PID:1432
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3104 -childID 1 -isForBrowser -prefsHandle 3040 -prefMapHandle 3036 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1044 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {54863856-6238-434e-97bc-c27e879f0401} 4140 "\\.\pipe\gecko-crash-server-pipe.4140" tab
    3⤵
    PID:952
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3724 -childID 2 -isForBrowser -prefsHandle 3364 -prefMapHandle 2600 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1044 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {29289f5f-7539-42d2-a73c-84f6971f653d} 4140 "\\.\pipe\gecko-crash-server-pipe.4140" tab
    3⤵
    PID:4640
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4028 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4128 -prefMapHandle 4024 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {704e526f-af84-4c0b-a394-2b513f356804} 4140 "\\.\pipe\gecko-crash-server-pipe.4140" utility
    3⤵
    - Checks processor information in registry
    PID:384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5a3fcc40,0x7ffa5a3fcc4c,0x7ffa5a3fcc58
  2⤵
  PID:6020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1792,i,1098620998496518420,11163176184983535878,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1732,i,1098620998496518420,11163176184983535878,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2080 /prefetch:3
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,1098620998496518420,11163176184983535878,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2336 /prefetch:8
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,1098620998496518420,11163176184983535878,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,1098620998496518420,11163176184983535878,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4464,i,1098620998496518420,11163176184983535878,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4472 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4812,i,1098620998496518420,11163176184983535878,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4776,i,1098620998496518420,11163176184983535878,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4636 /prefetch:8
  2⤵
  PID:4656

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3504

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\activity-stream.discovery_stream.json

Filesize
32KB

MD5
e0cc80b11d90edd0bf350d93e629d456

SHA1
fa59b9e2faf7d4fddda8f9c62b2a392781458015

SHA256
c5f9827d58103b0880f4a7b49512227230b9ee30f9564ffcd173e3d3f9f41b7f

SHA512
42b09ca4277bfeec258362c13b5059fe8c272f1f082b30a81a15fdac69942b15670d26c42652387d15a7a09e35fe4dee0b1c1c1550fbd0d64fc9259a7729eca9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
7533cfc99c63dcf75ad966855c923c0a

SHA1
11d99d8dfc764b0cd2f4b6b0e2183a9cc6056f66

SHA256
02fb803f2329f4beaf2c419cd1a0ef4e41d92b7467635cdb2321569db6a7fa5a

SHA512
a3424adc443955c968ee2e9b944dcf0e9e3cadd4661f5d2519b7cc3975754a22e889a8372dcfde5851a8076a48e329cd31d87a6b9e2ed56b7ab5d7ffc6aa6be9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
87dfe7d2ff388c675f3dff76335da0dd

SHA1
4ee26a3b2bf1200b48678f46269e927d099154e5

SHA256
d1eed83bed1abee33e11b900a404130a4bcfa3e89949f98727ca085afdcb20fb

SHA512
faf095e7a36ea114f13e163421f210edd3f00986e6aea4495340537cca14eaa283893fc601d6771738b09fd3dab7819e0ffa58c7bcd5846f5899a4318b2da6da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\datareporting\glean\pending_pings\52261c84-ce52-4e91-9bbb-34b2275647cb

Filesize
25KB

MD5
445674e5a7b9f0c1dd50e6d91a5da2cc

SHA1
5c1b8bf33ebe5fb6cdc4d4779b33985a3ccd791c

SHA256
f3c3a46196ee10f9591f8af0db4c57f2d2fc9031d31b26a36fedd33bb86b610a

SHA512
295bab5d70b1049fc3e250886a9453c6e6b16045cf6fcabc9b02fcc0961838db27244fe0ef7cbab20c3cad3363918b75771e9cd8c33bb99182121da3d13de9a5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\datareporting\glean\pending_pings\a83559f8-1d11-49e6-bf78-93886467f4d7

Filesize
982B

MD5
2abdc11a305b7bd99183f4a716d2c457

SHA1
13f502ca0bfcca9edd89b937eceaa2b652c0afb3

SHA256
f371ed5c74eb010d6dd5bc57cd1d8fac5a4459975d3313cb2ef4fbe3974543b0

SHA512
ef292f9b6120504d98f2ee00cb319baf55e27385a1949a3a810132c1fe8b87876b5241db18d19d40df6b2a831d00db6f1aa02c66ea0b1bb87c3f5c1683a76f45

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\datareporting\glean\pending_pings\d46b2d54-e5cc-4ffe-9d29-72e0e44d03d0

Filesize
671B

MD5
8ec5b2e9e96283809e47e1b37fe975c4

SHA1
14954d7a7004012a01dd218acb5496c670b2eb10

SHA256
df9bec142f26c44e6c1ca7044c3faf5562c767b2dd231b9f4b93afc2319dfe57

SHA512
18b34dc81135dfdb71b2ef2a4e277dcff77f88522640ec33059473a61b428e9c1a819f8cbc95f2bbbf26c0b8fbed33d2433da8805fa96eb634ad6fa76a0c5e76

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\prefs-1.js

Filesize
10KB

MD5
2eb3d9e3755f2629b270626a288394de

SHA1
0bd30634954996d1401d45a187214e77e648d64f

SHA256
bcbc04b6e14765069e4ee67afac3ff863f0075733183ac6ffe3e25237ec7c399

SHA512
7d0932010ae992321cef6e695f4a280795f993dfcdbeca1e9036c3283011a59eed7b1ed10d7b7c63a67ef8553c1c056cb22e42dc09f32ad9e1d954b8825d5a65

Download Submit
memory/2724-0-0x00000000742AE000-0x00000000742AF000-memory.dmp

Filesize
4KB

Download
memory/2724-1-0x0000000000530000-0x00000000005D4000-memory.dmp

Filesize
656KB

Download