asyncrat | 9888ce35d905f7a831dd0ff96757c45c6bd7adea987720b05141f3522c480b18

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
04-01-2025 19:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.exe
Size

4.2MB
MD5

781da1c06e074c6dfbb0c6b797df9eb7
SHA1

38e79b6ea79d430c6858a976afb0bb60a5aa3320
SHA256

9888ce35d905f7a831dd0ff96757c45c6bd7adea987720b05141f3522c480b18
SHA512

69df833452ea77393c54ffa449dc625720ac0fb449a3ee1da20d867c208555edf5845076ea00dc5a6d05254cf87fdd39fed12e33d3c6f726ba2e42060a9c2b3e
SSDEEP

49152:PAD5nl+y9ozOA1IXEA3SaVXjHZ/35XqFluh5VC5LQ/EqRBL7akCZYXR:ID5lPSyVJrj5/3Fr7akC

Score

10^/10

asyncrat stormkitty discovery persistence rat stealer

Malware Config

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat
StormKitty
StormKitty is an open source info stealer written in C#.
stealer stormkitty

StormKitty payload 1 IoCs

resource	yara_rule
behavioral2/memory/1596-2-0x00000000051A0000-0x00000000054A4000-memory.dmp	family_stormkitty

Stormkitty family
stormkitty

Async RAT payload 1 IoCs

rat

resource	yara_rule
behavioral2/memory/1596-2-0x00000000051A0000-0x00000000054A4000-memory.dmp	family_asyncrat

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system0189 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\.exe"	.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
1596	.exe
1596	.exe
1596	.exe
1596	.exe
1596	.exe
1596	.exe
1596	.exe
1596	.exe
1596	.exe
1596	.exe
1596	.exe
1596	.exe
1596	.exe
1596	.exe
1596	.exe
1596	.exe
1596	.exe
1596	.exe
1596	.exe
1596	.exe
1596	.exe
1596	.exe
1596	.exe
1596	.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	1596	.exe
Token: SeDebugPrivilege	2148	firefox.exe
Token: SeDebugPrivilege	2148	firefox.exe
Token: SeDebugPrivilege	2148	firefox.exe
Token: SeDebugPrivilege	2148	firefox.exe
Token: SeDebugPrivilege	2148	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
2148	firefox.exe
2148	firefox.exe
2148	firefox.exe
2148	firefox.exe
2148	firefox.exe
2148	firefox.exe
2148	firefox.exe
2148	firefox.exe
2148	firefox.exe
2148	firefox.exe
2148	firefox.exe
2148	firefox.exe
2148	firefox.exe
2148	firefox.exe
2148	firefox.exe
2148	firefox.exe
2148	firefox.exe
2148	firefox.exe
2148	firefox.exe
2148	firefox.exe
2148	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
2148	firefox.exe
2148	firefox.exe
2148	firefox.exe
2148	firefox.exe
2148	firefox.exe
2148	firefox.exe
2148	firefox.exe
2148	firefox.exe
2148	firefox.exe
2148	firefox.exe
2148	firefox.exe
2148	firefox.exe
2148	firefox.exe
2148	firefox.exe
2148	firefox.exe
2148	firefox.exe
2148	firefox.exe
2148	firefox.exe
2148	firefox.exe
2148	firefox.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1596	.exe
2148	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 2148	2020	firefox.exe	96
PID 2020 wrote to memory of 2148	2020	firefox.exe	96
PID 2020 wrote to memory of 2148	2020	firefox.exe	96
PID 2020 wrote to memory of 2148	2020	firefox.exe	96
PID 2020 wrote to memory of 2148	2020	firefox.exe	96
PID 2020 wrote to memory of 2148	2020	firefox.exe	96
PID 2020 wrote to memory of 2148	2020	firefox.exe	96
PID 2020 wrote to memory of 2148	2020	firefox.exe	96
PID 2020 wrote to memory of 2148	2020	firefox.exe	96
PID 2020 wrote to memory of 2148	2020	firefox.exe	96
PID 2020 wrote to memory of 2148	2020	firefox.exe	96
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 1228	2148	firefox.exe	97
PID 2148 wrote to memory of 3388	2148	firefox.exe	98
PID 2148 wrote to memory of 3388	2148	firefox.exe	98
PID 2148 wrote to memory of 3388	2148	firefox.exe	98
PID 2148 wrote to memory of 3388	2148	firefox.exe	98
PID 2148 wrote to memory of 3388	2148	firefox.exe	98
PID 2148 wrote to memory of 3388	2148	firefox.exe	98
PID 2148 wrote to memory of 3388	2148	firefox.exe	98
PID 2148 wrote to memory of 3388	2148	firefox.exe	98

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\.exe
"C:\Users\Admin\AppData\Local\Temp\.exe"
1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1596

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2148
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2012 -parentBuildID 20240401114208 -prefsHandle 1940 -prefMapHandle 1772 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d3c1097-13de-4205-97fb-934f13b974b5} 2148 "\\.\pipe\gecko-crash-server-pipe.2148" gpu
    3⤵
    PID:1228
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2424 -parentBuildID 20240401114208 -prefsHandle 2416 -prefMapHandle 2404 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d83af500-3d21-4a84-9156-13b6ba61a89f} 2148 "\\.\pipe\gecko-crash-server-pipe.2148" socket
    3⤵
    PID:3388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3416 -childID 1 -isForBrowser -prefsHandle 1564 -prefMapHandle 1444 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a909ed68-57e2-4cf1-bd87-4169b6631add} 2148 "\\.\pipe\gecko-crash-server-pipe.2148" tab
    3⤵
    PID:3064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4136 -childID 2 -isForBrowser -prefsHandle 4128 -prefMapHandle 4124 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00d743b9-115c-43a8-aadf-4f66df161b3e} 2148 "\\.\pipe\gecko-crash-server-pipe.2148" tab
    3⤵
    PID:4612
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4832 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4904 -prefMapHandle 4900 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd5276de-d072-4ae2-bfe6-743efd1f66f5} 2148 "\\.\pipe\gecko-crash-server-pipe.2148" utility
    3⤵
    - Checks processor information in registry
    PID:5368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5332 -childID 3 -isForBrowser -prefsHandle 5312 -prefMapHandle 5316 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6099ce32-ae53-4213-9c8a-a26989da810a} 2148 "\\.\pipe\gecko-crash-server-pipe.2148" tab
    3⤵
    PID:5756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5468 -childID 4 -isForBrowser -prefsHandle 5476 -prefMapHandle 5480 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {541ccece-69b9-42f2-93a6-f95a2ae2dc2f} 2148 "\\.\pipe\gecko-crash-server-pipe.2148" tab
    3⤵
    PID:5768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5748 -childID 5 -isForBrowser -prefsHandle 5668 -prefMapHandle 5672 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af6b1982-cea0-4cd4-8703-d23fd7be3899} 2148 "\\.\pipe\gecko-crash-server-pipe.2148" tab
    3⤵
    PID:5780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5900 -childID 6 -isForBrowser -prefsHandle 5908 -prefMapHandle 5912 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d54926a4-45c5-4a26-89a1-d8f87a69d8cd} 2148 "\\.\pipe\gecko-crash-server-pipe.2148" tab
    3⤵
    PID:4132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\activity-stream.discovery_stream.json

Filesize
22KB

MD5
917c75b7880ee5d088dbe73320afcbb7

SHA1
57fcf0481327a5f6f6f89bfb98e8069f3393a9cd

SHA256
3366d8f564260b1ad1031f27dffd4343f3e6cb5ec130461ab4a0c9f263f49aa4

SHA512
5dd3f702a32b2459f131c45e199bbbb4621c5972f6057ef8aaf3f814ab344380f4276d66b1420cbbe928c2404a9a28feadb72490e37caf5548ab3f1bb6400b93

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\6653BC7BE242C21AA1988A4A42D1DEDA18231C31

Filesize
13KB

MD5
1714dc85f96945f8f4c35c41b31598e9

SHA1
1ca4fdb81065914985af8231d03d898c75c9c0a4

SHA256
7f3f40568420dd5a7090ca4973cb76f077a8f437013de0d390392b8320e01464

SHA512
cce2de48b5f0b2978eb20bec27a284c2f995b290a77096f699ca300260bc399abf66a2a865f24ea0c9d5155483f792a67e2497e98c7449758c5521efbd6c510f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-2

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin

Filesize
8KB

MD5
45eb70bb2c603af0df3d7ac1cee5a44c

SHA1
b2690c48ae036dc784216d5c3917fd7300dfb02d

SHA256
dc07ce95e7d61be7ec0766813bdb3da0993d032567981c055c742073b594e461

SHA512
df0b8cb872e7c1ee3e9f85c55476d016d01be63d51585e72bfdcbc279b7f8bd3edb77f8df999293220340faa0cd61d4bc1fed4ec2d41fe8f2108a5772903f04c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
267fa3b4201a97f8bda4163bbdc8896e

SHA1
706563325f9acb1732c485b5f9384c517bd018d1

SHA256
3071deee14b49be9160451361402e9b4b3d1f9e1e705f27ffb5187b883b17275

SHA512
141a77c2ba19d54e7363413e682f019a3e25814b66f3081be011d9492441b5b95070e4cba38b9246b90bbae43b824fa862d1a63e572ab76718c5dfe0f71765cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
950c325d12979ea1aa21c504b487f956

SHA1
12f7fca10a7d2c6a801bee486e599a6b9856e152

SHA256
d3a92b52660904b11ac66ce398a81dcc48a0eb14b6527558a1bffad82e4bc6e0

SHA512
47fa7ae55e29c99397eef91fdacaa9a8143f80aa77fd8a51aed7ad2b7de42a852a57ad229c70840432d4fd811ba73f8707d76587d728cd794b67a252374b07d5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
0607e33e18d22afa422beeb30d9f331a

SHA1
735ca3788c7761c579005c905ca4a82476de70af

SHA256
9a140dd2ed0df2c2541a5a0d03d8c7620a408f220027c1e4d4903ace2992a4af

SHA512
6b920de29f0015b9256fc92d9c6f56e7cd1d5f10fb464ab90faa9717544602c45e3e55630f891f3cc8c4859fbe96da6d58751e16f5fb76327ccea027520a2705

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\388cd7c6-a788-44c4-8053-ae6d993e443b

Filesize
25KB

MD5
c3af169d544dd256047060371c0b8630

SHA1
a00c67fff359ca6663749cac2c58119a0153e434

SHA256
feb045e433d005681c724438345badc748adec92d1f02e02d8b7286202ee4457

SHA512
add6e1e44dadeaafd66b2b82e796d0d45d92edb94b43051affeef3e670a9f278ddf6b1e25de11f45c37ca4c2cf12ab94fd1a8a6ad7968b2129c264ef1e07125c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\3a1ec24e-11bf-453b-86f1-4fcd9e0e5b5d

Filesize
982B

MD5
b3a01aa195c9da4aaa0aec73507b6054

SHA1
eb036f508ea1d5c655b05ff1734dc6ab52596831

SHA256
d8e7b785f09ba50bd64cf55c25cbf1dc923eddcc3c421ca0ce5ba5032b828ec9

SHA512
91517bca646566ee4dda140e2f91eb26f1c52417bb492348eb5f57839ed11d97e7d0207456f3b57b24cd69862098930b40d30b25f057e74923fbc1cf8584e745

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\6baba013-34b4-4821-8d09-40e79f5a95df

Filesize
671B

MD5
c4b1f993bf3a6d0980d2edf536330861

SHA1
6d942618c257fd96acf11848bf0723ed82ec61d6

SHA256
67fd987b7d23fb1447309bbdfa07cc5a54d9dd1c66e9247a3a001fdda8690886

SHA512
568114c3017ed57f7a20c4655bc9ae6b3ccab0334850e09fbd4e2ff796b1d14407c04471802a9345ab8b77d345031d4192fcbc92bed0671cc0a96e14a7c5246e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-widevinecdm\4.10.2710.0\LICENSE.txt.tmp

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.lib.tmp

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.sig.tmp

Filesize
1KB

MD5
36e5ee071a6f2f03c5d3889de80b0f0d

SHA1
cf6e8ddb87660ef1ef84ae36f97548a2351ac604

SHA256
6be809d16e0944386e45cf605eae0cd2cf46f111d1a6fe999fec813d2c378683

SHA512
99b61896659e558a79f0e9be95286ebf01d31d13b71df6db4923406e88b3ba72584ef2b62e073b2f5e06901af2c7d1b92d3d12187fe5b4b29c9dd2678444f34e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs-1.js

Filesize
10KB

MD5
045b6fc2e7f6edc59ec8adc0097d3c2b

SHA1
3cd5b7f482935b95166f56835eea38d917941d8f

SHA256
a4607a86b558bd8e0b32fada46f4db4f8a004d1fe9e762f533259f116074d4e2

SHA512
e6e5f3cfdc815a6b01c2c847eb8f9ab0214ffcad8b40a8d39535219ff9baa79614c734305c5c92090cc5d805fdb59c4a17ef3ab97a147e78f3ad2f3bfa487190

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs-1.js

Filesize
10KB

MD5
9f683843bda120988b7e93b4747ffc23

SHA1
2cd426e87dd7ac1e72d13bdee2a71379d7c33975

SHA256
2628414d56cd80d642b6e78f5e07f5c804d8a1cd100ed18c061588048cfa0849

SHA512
6a2fd903062fa9555641ba8971e567940fd4ab9b8c2d80c7567e7ea4966dd870a7adea350c4233bf754d8d079193c433520748b6f88da37f891595cd2761b767

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs-1.js

Filesize
11KB

MD5
f6d62872927d8785dfaa26c60c73a108

SHA1
6ed599e9590e7dc01a7667b8cd1e4b0aa8d8126a

SHA256
f39fba3078e799e59b8cf38e5f646e889cb55d5cd7341d18db2ade5f6d90937c

SHA512
19178b202d1b97723e1537e7b3cb0eff126eb15d11be4dff40bd4962edc3bc547ae9c95f781e2bea33b68d2ee72c1272776c5ee4e85d1773aa9582acf2742415

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs-1.js

Filesize
12KB

MD5
724d57d1175d96b65b779774c1bb3ac2

SHA1
0a4092d00e7d8afccc38e70ed12a3840f1f0a83b

SHA256
11ed394c9ff4b310e9fd28597634f4d2bb821109b3c78d2b6480b0faa27e752a

SHA512
15fcfebe751b399755a8a4cfde86b1b05d7ea991005996a6687c45194f19a0f21d3aa3960a85087c9777856c9d70fc2fc2c13c102923edea3fcd95948ddaae8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
2916c5ce19c1ad9bf2c57e382287e26f

SHA1
bc6819c0ad5057098ccc8ab0de97c49ed7b56ba9

SHA256
b70f21c9f7882149713104a2c952ed37c9f97860c1fc37f42776f85fb26b70a1

SHA512
ffb859d99055744874f75a2964cab87d8d7f29c05fda42b6dc6a2a88196e6f983de7df988bac7eca6bc0683d42b70d6b3bb8fa92f339630ce24f0de95fdaee6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.2MB

MD5
477c7b1ba4d555db023fccc10e00e5e2

SHA1
77187d758ccc8caf0151efc82ffa98dde49ccea6

SHA256
64098a0f129d54e562cc96fe9eb18c9d8ddbb73a8718f8a90c848bd694bb6e8e

SHA512
5f67920d60492d5d6e1ccdeb8761900cf5a3f0405049c30061a75f907f81e6ef47ae40139c1832b06f6adfd749758d7d319087b602d332e5db670c2ab448b59c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.3MB

MD5
03428563693732a18a2c97c8bbd5002b

SHA1
bcee7ae376d7f356351e36b65b86f2afd746266d

SHA256
da9576e4812c2ea20e2b5e16a33ff3967ae5fddb98dfd869d75f3d8f6b43d3fb

SHA512
df6f101c4b319da0a7eba26f8eca4e9f3077032387b606db168f794f056321225897cdae4c88abf150ce815dfba68598bc7925554b888aac4aa9f0cad4f9f0f3

Download Submit
memory/1596-8-0x000000007474E000-0x000000007474F000-memory.dmp

Filesize
4KB

Download
memory/1596-9-0x0000000074740000-0x0000000074EF0000-memory.dmp

Filesize
7.7MB

Download
memory/1596-0-0x000000007474E000-0x000000007474F000-memory.dmp

Filesize
4KB

Download
memory/1596-7-0x0000000005960000-0x000000000596A000-memory.dmp

Filesize
40KB

Download
memory/1596-6-0x0000000074740000-0x0000000074EF0000-memory.dmp

Filesize
7.7MB

Download
memory/1596-5-0x00000000059F0000-0x0000000005A82000-memory.dmp

Filesize
584KB

Download
memory/1596-4-0x0000000074740000-0x0000000074EF0000-memory.dmp

Filesize
7.7MB

Download
memory/1596-3-0x0000000005AA0000-0x0000000006044000-memory.dmp

Filesize
5.6MB

Download
memory/1596-2-0x00000000051A0000-0x00000000054A4000-memory.dmp

Filesize
3.0MB

Download
memory/1596-1-0x0000000000490000-0x00000000008D6000-memory.dmp

Filesize
4.3MB

Download