2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d

Analysis

max time kernel
47s
max time network
48s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18/01/2025, 19:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HorionInjector.exe
Size

147KB
MD5

6b5b6e625de774e5c285712b7c4a0da7
SHA1

317099aef530afbe3a0c5d6a2743d51e04805267
SHA256

2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d
SHA512

104609adf666588af4e152ec7891cedafd89ad8d427063d03fb42a228babefc59428b0c8b1430cb3fc319a5014d2ee1083ff2b74fa585cab2d86cdad346e8b08
SSDEEP

3072:ckgHqUGSCoEslON/q178+oO3BAE4T/DvueX:cNHqUGSCPBh+7VST/Ke

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe

Modifies registry class 21 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1256	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe
4836	HorionInjector.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4836	HorionInjector.exe
Token: SeDebugPrivilege	464	firefox.exe
Token: SeDebugPrivilege	464	firefox.exe

Suspicious use of FindShellTrayWindow 22 IoCs

pid	Process
464	firefox.exe
464	firefox.exe
464	firefox.exe
464	firefox.exe
464	firefox.exe
464	firefox.exe
464	firefox.exe
464	firefox.exe
464	firefox.exe
464	firefox.exe
464	firefox.exe
464	firefox.exe
464	firefox.exe
464	firefox.exe
464	firefox.exe
464	firefox.exe
464	firefox.exe
464	firefox.exe
464	firefox.exe
464	firefox.exe
464	firefox.exe
464	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
464	firefox.exe
464	firefox.exe
464	firefox.exe
464	firefox.exe
464	firefox.exe
464	firefox.exe
464	firefox.exe
464	firefox.exe
464	firefox.exe
464	firefox.exe
464	firefox.exe
464	firefox.exe
464	firefox.exe
464	firefox.exe
464	firefox.exe
464	firefox.exe
464	firefox.exe
464	firefox.exe
464	firefox.exe
464	firefox.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1256	explorer.exe
1256	explorer.exe
464	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4836 wrote to memory of 1908	4836	HorionInjector.exe	99
PID 4836 wrote to memory of 1908	4836	HorionInjector.exe	99
PID 1096 wrote to memory of 464	1096	firefox.exe	111
PID 1096 wrote to memory of 464	1096	firefox.exe	111
PID 1096 wrote to memory of 464	1096	firefox.exe	111
PID 1096 wrote to memory of 464	1096	firefox.exe	111
PID 1096 wrote to memory of 464	1096	firefox.exe	111
PID 1096 wrote to memory of 464	1096	firefox.exe	111
PID 1096 wrote to memory of 464	1096	firefox.exe	111
PID 1096 wrote to memory of 464	1096	firefox.exe	111
PID 1096 wrote to memory of 464	1096	firefox.exe	111
PID 1096 wrote to memory of 464	1096	firefox.exe	111
PID 1096 wrote to memory of 464	1096	firefox.exe	111
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 1808	464	firefox.exe	112
PID 464 wrote to memory of 3108	464	firefox.exe	113
PID 464 wrote to memory of 3108	464	firefox.exe	113
PID 464 wrote to memory of 3108	464	firefox.exe	113
PID 464 wrote to memory of 3108	464	firefox.exe	113
PID 464 wrote to memory of 3108	464	firefox.exe	113
PID 464 wrote to memory of 3108	464	firefox.exe	113

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\HorionInjector.exe
"C:\Users\Admin\AppData\Local\Temp\HorionInjector.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4836
- C:\Windows\explorer.exe
  explorer.exe shell:appsFolder\Microsoft.MinecraftUWP_8wekyb3d8bbwe!App
  2⤵
  PID:1908

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1256

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1992 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1920 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b963e8f1-4ca7-41da-86ea-31531b267e01} 464 "\\.\pipe\gecko-crash-server-pipe.464" gpu
    3⤵
    PID:1808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2340 -prefMapHandle 2336 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79f348c5-379b-4225-b1be-06b7bdc1916d} 464 "\\.\pipe\gecko-crash-server-pipe.464" socket
    3⤵
    - Checks processor information in registry
    PID:3108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2972 -childID 1 -isForBrowser -prefsHandle 2820 -prefMapHandle 2920 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a09c6c5-caad-48ed-a17a-e48c167b9d16} 464 "\\.\pipe\gecko-crash-server-pipe.464" tab
    3⤵
    PID:2108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4232 -childID 2 -isForBrowser -prefsHandle 4224 -prefMapHandle 4220 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {13cae69f-7274-4dc3-8d9e-e36d5b6812c6} 464 "\\.\pipe\gecko-crash-server-pipe.464" tab
    3⤵
    PID:2096
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4904 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4772 -prefMapHandle 4800 -prefsLen 29144 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0d44fd3-f943-4cb1-8ffa-79c87ea7218c} 464 "\\.\pipe\gecko-crash-server-pipe.464" utility
    3⤵
    - Checks processor information in registry
    PID:5468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5268 -childID 3 -isForBrowser -prefsHandle 5280 -prefMapHandle 5288 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cc0e8e2-8d43-42aa-9bee-5a17eef8815a} 464 "\\.\pipe\gecko-crash-server-pipe.464" tab
    3⤵
    PID:6132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5484 -childID 4 -isForBrowser -prefsHandle 5280 -prefMapHandle 5412 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a16418a4-0d78-48c0-8953-b9e5607ddd53} 464 "\\.\pipe\gecko-crash-server-pipe.464" tab
    3⤵
    PID:5504
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5696 -childID 5 -isForBrowser -prefsHandle 5608 -prefMapHandle 5612 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aec6ff1f-b08b-4355-b3ba-558f683ed0ee} 464 "\\.\pipe\gecko-crash-server-pipe.464" tab
    3⤵
    PID:4452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\42vejdix.default-release\activity-stream.discovery_stream.json

Filesize
22KB

MD5
f927fcd4a7b0af637adf523269664ecd

SHA1
173fd7b8ae2eded693b1b726dd7c8e52e035882d

SHA256
02f692231929b8a62feb276cf527cb6b4dc4da2f3db6033ce220c567ed44e50c

SHA512
ab4679fc9c812da2538787c847e18131fbad76fc8ed0feeb3e5be90c1502d798279de85061bc7d2769e8d9fdb639f2aa04e5847de943991e6fdb12b7e7ba6df0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\42vejdix.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\AlternateServices.bin

Filesize
6KB

MD5
35e6ce963f82a8b79ef14deaeed830fa

SHA1
3edb3310d2744cdeb88cfb10a99926d9bd32a37e

SHA256
ddec566a75ae896f96af0fdadd0fe8ceb4f3b720ba00c438b394dd171df7b55b

SHA512
95d82984f71ac823e2794c93e8c109012e11bfbaece4ce83775c12140551369a7872b6290cf0753ae8b8b85ce8e631f51c2d7b39957bf7db01798bcc70058b7c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\AlternateServices.bin

Filesize
6KB

MD5
1c3b484fc599c41ba50ac3ee8623a37d

SHA1
e691b4d9f2e2aa992e547a4bc459fe48a22f9109

SHA256
56f4bf6d81eead8fbe0a29bcadd45399fdd5aec062dbcd3a1e5c92d1387f9d94

SHA512
db77d50c4e231c7caf21ce813d7b65a826988db1442bab1ab0648d3e9897d09f0604a0e5f49c4fd0b23fcca038a14c6fe2fd3c335915d0adcc08546e6d828d89

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
4ff274b95391559f734ce6e08b37ac08

SHA1
81b2a3bd97fc79ced24b285c1836177e363837a2

SHA256
06b8adad7e1517d8620b93c10fe2330204526428695308aa4674bec6c8184d72

SHA512
e15cc3f93513e00298cf8daca1948cb5c179cdc3e4b441fd9960332369e2e3597a5ac8f0d13263e99fedede13b0e368fa7ae90e3dcf6b1f71e92d92015c44036

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\558c2a29-31b4-40b9-bb9a-08c81fb076e3

Filesize
27KB

MD5
5ba012ceda5c18abfc7407dbf4b0fb62

SHA1
d07c0b337cd89403e6b98b19bcb19c7f0774d43e

SHA256
4178e548efe5bec285819b6d3c85046817e5c919d0c2e2b57442adc6e3c3fd1e

SHA512
d8a5acd8ef6fe94fb3ec6e8d51781a6c67b5c720ac7c6431310794085b9b4564e51ac3ea6507adab37c2adba46452f845b0432a598e4a32a25d2bd1769adae69

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\cd0648ec-ce19-4310-ba22-3b857c0d97f4

Filesize
982B

MD5
f9c8056d998772b6fcb22a8edecbc944

SHA1
853154face3f185a8745b4a5789e2710d4c9fe3c

SHA256
54c5a051be0a8bb4b462c487b82cb931f0bb915fa95e55cf2b7da1a6c247cdbf

SHA512
625941300eab88351f9dbcd8ee7c2ec1ccafa078d4f2139a7301d0ee74462c394efb93fc7133968b234bfed04b6e870d30894ec79d35dbcbb3eefa4c6ace6708

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\ddf71cc4-54ac-4654-9be5-5da4d5fc3a7b

Filesize
671B

MD5
04a3b23e46160f5c213684873c4a3c09

SHA1
f90abb8c8a71453a85268927b8f88e064215a5c1

SHA256
2cf080908e9e279ad056c84c4222dd6a84e72e636325d8b75a42e5012e785cb8

SHA512
e400c5e1dda2b131d7a140c6c543065267b777795d702d314ab6bd421da76473bfb9373970a7e185c88f2cd7304c32f752280dadf0546f7cb2624249720761f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\prefs-1.js

Filesize
9KB

MD5
1397c941b25cca496e6f1786873c2c05

SHA1
f516ae0548638c25690cb7945385cb95ce793e2d

SHA256
f4c29da1be2f2845022fd061e8b2ea2731acb9262a46b3438da16a05cd6bc0b1

SHA512
e40e8afddb95dbe847aa63352e864f46cb5baafee00f2b243d4e460d49901f10b292bafb9a2eb605ab4e1114e21bf7f7534622121d581185362658252ee008ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\prefs.js

Filesize
10KB

MD5
daa88edf9153cb45f2b08e5c6e6c538c

SHA1
31a10e2841646f31a14b5c900ce352b44cb366de

SHA256
296b514d1ee620c388e25cca5a54cfe4ac10f16159a27fc915d3be3314312edb

SHA512
1111f92eb9f88624a1784f8d18519bb9b82bd3f15718ac54f38dafcc57576712704ec11b2cb6cba8ec25bf61b7e9f5b6630dd7ac33563edc0a7df70b57d72f37

Download Submit
memory/4836-5-0x00007FFCFBDB0000-0x00007FFCFC871000-memory.dmp

Filesize
10.8MB

Download
memory/4836-11-0x00007FFCFBDB0000-0x00007FFCFC871000-memory.dmp

Filesize
10.8MB

Download
memory/4836-10-0x00007FFCFBDB3000-0x00007FFCFBDB5000-memory.dmp

Filesize
8KB

Download
memory/4836-9-0x00007FFCFBDB0000-0x00007FFCFC871000-memory.dmp

Filesize
10.8MB

Download
memory/4836-7-0x000001855AB90000-0x000001855ABC8000-memory.dmp

Filesize
224KB

Download
memory/4836-8-0x00000185572F0000-0x00000185572FE000-memory.dmp

Filesize
56KB

Download
memory/4836-6-0x00000185572D0000-0x00000185572D8000-memory.dmp

Filesize
32KB

Download
memory/4836-0-0x00007FFCFBDB3000-0x00007FFCFBDB5000-memory.dmp

Filesize
8KB

Download
memory/4836-4-0x00007FFCFBDB0000-0x00007FFCFC871000-memory.dmp

Filesize
10.8MB

Download
memory/4836-3-0x0000018556D60000-0x0000018556E1A000-memory.dmp

Filesize
744KB

Download
memory/4836-2-0x00007FFCFBDB0000-0x00007FFCFC871000-memory.dmp

Filesize
10.8MB

Download
memory/4836-1-0x000001853AEF0000-0x000001853AF18000-memory.dmp

Filesize
160KB

Download
memory/4836-376-0x00007FFCFBDB0000-0x00007FFCFC871000-memory.dmp

Filesize
10.8MB

Download