8b2c1c503028727000a3c4c10afcde49894d1931b3099a3ab6549d3f7d545276

Analysis

max time kernel
95s
max time network
92s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250314-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
03/04/2025, 09:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

EMV Reader Writer/EMV Reader Writer/EMV Reader Writer Software V8.5.exe
Size

600KB
MD5

5b1df20ca9a036c586b419dee459601b
SHA1

3b50df96cd3e5456652b29cb93dea532da6e9b39
SHA256

79502f9bbaf79f22644838f3a58b53694d09bb9b3fa658f73a4576ad01dc765c
SHA512

86aace95fdd64dac7914e349b32337976b059f2c16a8eba957a29398527e8b45720b754f45591cf3633cba482429f915897864fdedbe00eccf625736d30130a4
SSDEEP

12288:xdfYgiiKfLs4qzQevE4Hxf+V/OPM33Sh2y4HnG1LJ9KdzW9QwWrugU+6:fYgfwRqzbBHl+gE33S0BHIKdWywn

Score

10^/10

discovery persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2423602651-1712563293-711691555-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "\"C:\\Users\\Admin\\AppData\\Roaming\\yHvp7YTZVsXh7jst\\s8PHPfxGgkJl.exe\",explorer.exe"	EMV Reader Writer Software V8.5.exe

Uses the VBS compiler for execution 1 TTPs

Command and Scripting Interpreter
T1059

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 764 set thread context of 4552	764	EMV Reader Writer Software V8.5.exe	81
PID 764 set thread context of 4552	764	EMV Reader Writer Software V8.5.exe	81

Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 1 IoCs

Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\VBoxMiniRdrDN	EMV Reader Writer Software V8.5.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2004	4552	WerFault.exe	81

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EMV Reader Writer Software V8.5.exe

Checks processor information in registry 2 TTPs 22 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2423602651-1712563293-711691555-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
764	EMV Reader Writer Software V8.5.exe
764	EMV Reader Writer Software V8.5.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	764	EMV Reader Writer Software V8.5.exe
Token: SeDebugPrivilege	764	EMV Reader Writer Software V8.5.exe
Token: SeDebugPrivilege	5532	firefox.exe
Token: SeDebugPrivilege	5532	firefox.exe

Suspicious use of FindShellTrayWindow 19 IoCs

pid	Process
5532	firefox.exe
5532	firefox.exe
5532	firefox.exe
5532	firefox.exe
5532	firefox.exe
5532	firefox.exe
5532	firefox.exe
5532	firefox.exe
5532	firefox.exe
5532	firefox.exe
5532	firefox.exe
5532	firefox.exe
5532	firefox.exe
5532	firefox.exe
5532	firefox.exe
5532	firefox.exe
5532	firefox.exe
5532	firefox.exe
5532	firefox.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5532	firefox.exe
5532	firefox.exe
5532	firefox.exe
5532	firefox.exe
5532	firefox.exe
5532	firefox.exe
5532	firefox.exe
5532	firefox.exe
5532	firefox.exe
5532	firefox.exe
5532	firefox.exe
5532	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5532	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 764 wrote to memory of 4552	764	EMV Reader Writer Software V8.5.exe	81
PID 764 wrote to memory of 4552	764	EMV Reader Writer Software V8.5.exe	81
PID 764 wrote to memory of 4552	764	EMV Reader Writer Software V8.5.exe	81
PID 764 wrote to memory of 4552	764	EMV Reader Writer Software V8.5.exe	81
PID 764 wrote to memory of 4552	764	EMV Reader Writer Software V8.5.exe	81
PID 764 wrote to memory of 4552	764	EMV Reader Writer Software V8.5.exe	81
PID 764 wrote to memory of 4552	764	EMV Reader Writer Software V8.5.exe	81
PID 764 wrote to memory of 4552	764	EMV Reader Writer Software V8.5.exe	81
PID 764 wrote to memory of 4552	764	EMV Reader Writer Software V8.5.exe	81
PID 764 wrote to memory of 4552	764	EMV Reader Writer Software V8.5.exe	81
PID 764 wrote to memory of 4552	764	EMV Reader Writer Software V8.5.exe	81
PID 764 wrote to memory of 4552	764	EMV Reader Writer Software V8.5.exe	81
PID 764 wrote to memory of 4552	764	EMV Reader Writer Software V8.5.exe	81
PID 764 wrote to memory of 4552	764	EMV Reader Writer Software V8.5.exe	81
PID 764 wrote to memory of 4552	764	EMV Reader Writer Software V8.5.exe	81
PID 764 wrote to memory of 4552	764	EMV Reader Writer Software V8.5.exe	81
PID 764 wrote to memory of 4552	764	EMV Reader Writer Software V8.5.exe	81
PID 764 wrote to memory of 4552	764	EMV Reader Writer Software V8.5.exe	81
PID 764 wrote to memory of 4552	764	EMV Reader Writer Software V8.5.exe	81
PID 764 wrote to memory of 4552	764	EMV Reader Writer Software V8.5.exe	81
PID 764 wrote to memory of 4552	764	EMV Reader Writer Software V8.5.exe	81
PID 764 wrote to memory of 4552	764	EMV Reader Writer Software V8.5.exe	81
PID 764 wrote to memory of 4552	764	EMV Reader Writer Software V8.5.exe	81
PID 764 wrote to memory of 4552	764	EMV Reader Writer Software V8.5.exe	81
PID 764 wrote to memory of 4552	764	EMV Reader Writer Software V8.5.exe	81
PID 764 wrote to memory of 4552	764	EMV Reader Writer Software V8.5.exe	81
PID 764 wrote to memory of 4552	764	EMV Reader Writer Software V8.5.exe	81
PID 764 wrote to memory of 4552	764	EMV Reader Writer Software V8.5.exe	81
PID 764 wrote to memory of 4552	764	EMV Reader Writer Software V8.5.exe	81
PID 3860 wrote to memory of 5532	3860	firefox.exe	99
PID 3860 wrote to memory of 5532	3860	firefox.exe	99
PID 3860 wrote to memory of 5532	3860	firefox.exe	99
PID 3860 wrote to memory of 5532	3860	firefox.exe	99
PID 3860 wrote to memory of 5532	3860	firefox.exe	99
PID 3860 wrote to memory of 5532	3860	firefox.exe	99
PID 3860 wrote to memory of 5532	3860	firefox.exe	99
PID 3860 wrote to memory of 5532	3860	firefox.exe	99
PID 3860 wrote to memory of 5532	3860	firefox.exe	99
PID 3860 wrote to memory of 5532	3860	firefox.exe	99
PID 3860 wrote to memory of 5532	3860	firefox.exe	99
PID 5532 wrote to memory of 6128	5532	firefox.exe	100
PID 5532 wrote to memory of 6128	5532	firefox.exe	100
PID 5532 wrote to memory of 6128	5532	firefox.exe	100
PID 5532 wrote to memory of 6128	5532	firefox.exe	100
PID 5532 wrote to memory of 6128	5532	firefox.exe	100
PID 5532 wrote to memory of 6128	5532	firefox.exe	100
PID 5532 wrote to memory of 6128	5532	firefox.exe	100
PID 5532 wrote to memory of 6128	5532	firefox.exe	100
PID 5532 wrote to memory of 6128	5532	firefox.exe	100
PID 5532 wrote to memory of 6128	5532	firefox.exe	100
PID 5532 wrote to memory of 6128	5532	firefox.exe	100
PID 5532 wrote to memory of 6128	5532	firefox.exe	100
PID 5532 wrote to memory of 6128	5532	firefox.exe	100
PID 5532 wrote to memory of 6128	5532	firefox.exe	100
PID 5532 wrote to memory of 6128	5532	firefox.exe	100
PID 5532 wrote to memory of 6128	5532	firefox.exe	100
PID 5532 wrote to memory of 6128	5532	firefox.exe	100
PID 5532 wrote to memory of 6128	5532	firefox.exe	100
PID 5532 wrote to memory of 6128	5532	firefox.exe	100
PID 5532 wrote to memory of 6128	5532	firefox.exe	100
PID 5532 wrote to memory of 6128	5532	firefox.exe	100
PID 5532 wrote to memory of 6128	5532	firefox.exe	100
PID 5532 wrote to memory of 6128	5532	firefox.exe	100
PID 5532 wrote to memory of 6128	5532	firefox.exe	100

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\EMV Reader Writer\EMV Reader Writer\EMV Reader Writer Software V8.5.exe
"C:\Users\Admin\AppData\Local\Temp\EMV Reader Writer\EMV Reader Writer\EMV Reader Writer Software V8.5.exe"
1⤵
- Modifies WinLogon for persistence
- Suspicious use of SetThreadContext
- Checks for VirtualBox DLLs, possible anti-VM trick
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:764
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
  2⤵
  PID:4552
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 232
    3⤵
    - Program crash
    PID:2004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 236 -p 4552 -ip 4552
1⤵
PID:344

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3860
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2008 -prefsLen 27100 -prefMapHandle 2012 -prefMapSize 270279 -ipcHandle 2084 -initialChannelId {4cf00ba2-7ece-46f4-bfbb-c41325b82b93} -parentPid 5532 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5532" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu
    3⤵
    PID:6128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2460 -prefsLen 27136 -prefMapHandle 2464 -prefMapSize 270279 -ipcHandle 2472 -initialChannelId {4dc678be-931c-4726-b907-0944dcb5d1ad} -parentPid 5532 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5532" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket
    3⤵
    - Checks processor information in registry
    PID:1096
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3764 -prefsLen 27277 -prefMapHandle 3768 -prefMapSize 270279 -jsInitHandle 3772 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3780 -initialChannelId {7f9ef713-f2e5-4847-9383-19fe1ab87bbb} -parentPid 5532 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5532" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab
    3⤵
    - Checks processor information in registry
    PID:936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 3932 -prefsLen 27277 -prefMapHandle 3936 -prefMapSize 270279 -ipcHandle 4040 -initialChannelId {c6aec28f-ec67-44a6-974f-001e7a214141} -parentPid 5532 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5532" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd
    3⤵
    PID:3816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 4468 -prefsLen 34776 -prefMapHandle 4472 -prefMapSize 270279 -jsInitHandle 4476 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 4440 -initialChannelId {83fe9137-a4df-4973-a697-3c7cc4371bc1} -parentPid 5532 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5532" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab
    3⤵
    - Checks processor information in registry
    PID:2592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 5124 -prefsLen 35013 -prefMapHandle 5112 -prefMapSize 270279 -ipcHandle 4668 -initialChannelId {07bace1b-7a6e-4776-94d0-6c7080d79f59} -parentPid 5532 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5532" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility
    3⤵
    - Checks processor information in registry
    PID:2904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5296 -prefsLen 32900 -prefMapHandle 5300 -prefMapSize 270279 -jsInitHandle 5304 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5320 -initialChannelId {37873284-02f6-4a65-8b3a-4618dd53b291} -parentPid 5532 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5532" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab
    3⤵
    - Checks processor information in registry
    PID:1928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5328 -prefsLen 32900 -prefMapHandle 5332 -prefMapSize 270279 -jsInitHandle 5336 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5344 -initialChannelId {8ea1b764-6936-4953-aad8-24917df3d7af} -parentPid 5532 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5532" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab
    3⤵
    - Checks processor information in registry
    PID:2520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5672 -prefsLen 32952 -prefMapHandle 5676 -prefMapSize 270279 -jsInitHandle 5680 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5688 -initialChannelId {0e9a9015-bdfc-481d-ab2a-31dbeac996c4} -parentPid 5532 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5532" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab
    3⤵
    - Checks processor information in registry
    PID:560

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3dnsnfa3.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
fea4011a9bc714fc7fcef17ba686df8c

SHA1
b8c2f6ba1a4d3dfd5342f46dbef607db83275576

SHA256
0e39f72fe4824b90ba94678b392327a4c45970ae00e163f2ce031f6cf1ee8936

SHA512
83dee95ee431b9b60fde060aac9172040f5b90cf22185141c9135115aac838f1ff842e102f72da3921ee21a26948c44d609ba16c06854eab7168aab13a11261a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3dnsnfa3.default-release\datareporting\glean\db\data.safe.tmp

Filesize
3KB

MD5
6e567efca102e2833988ea2feaa91db3

SHA1
1a3338c5c2d450c757b6c24e1a052ee5435c8023

SHA256
a99942ac182abc5fb39b829e10232335d9125277bad4bf2e5dd55478dd46b001

SHA512
ba502fed748f21c698d8dc8249a8b8e3e958a6242cfa8b64fa010e553ded809a30fc6392db52e6c1bf840286842bfb419599a46b6cbe56a8609118bb85248ca1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3dnsnfa3.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
0265b0b90ad13b0f804c8cd6b5b4f7e9

SHA1
3c29c59d497ddf36fb1510388f501be09f1a2ac0

SHA256
b3427b3b035753c676ac7971ebba43a3cf4f78b792555184b7bb87d429975038

SHA512
715e6f2f4abb19100d67b5f57775ec6c4885d2f44875b7ab729b89f344b5fb2bc2c34d6a4dea4fffefe3d1b6bd1db7c46f303aed6a207b189afe62fcdc1e342c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3dnsnfa3.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
e10332b67d44ac4a5f504dc7edb6887e

SHA1
fecdad0ceba78823bb7dc8e4e5613a4ca2de73d8

SHA256
f485d6d1256853d580409cebbd3a8977703003e73e53dcc29d8f9bef687db87c

SHA512
9bac04353c0f3146d7bf9b001c7a85a7a5db21d1f1d3d53fa8927ee57074ec093cfb369162f935afe069c6cfe6694723975d8a7851ffe135ac6e533fe24d1bd0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3dnsnfa3.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
229f7ca3178ffc9db049ff4d64434ccf

SHA1
605d27ef142c9f2b3cc002d8504603e6de796979

SHA256
7a7638aa9c9a6d0733a85dd88c125e233f4cd26b6f1af470d7bddcda36005c30

SHA512
87f32aace86467b398bc842c5e64fb60fcafdd291e73366bd255d9f8d62ee8cfdd7faacbe920198d2d0aee17b2d0e18febb5785ed04fbc4202faf1e96b2111e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3dnsnfa3.default-release\datareporting\glean\events\events

Filesize
1KB

MD5
4e9aecc14c78de14cc115751289ca3f2

SHA1
763601ff9a72f390f067f851071fbdc98694b721

SHA256
2ddb0c356aa04c893c0d757e259d9cd4c50144bdf8439281f0ec195a6d4f7b4f

SHA512
3b2f7a422dd7e484e79943c7259f663ab5f0a5fa92ec71dedfafb378a79ccbf9a1e16f7925d7ffced1358e80b35861b9220b79106b685a44e5cf0edf8eda66b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3dnsnfa3.default-release\datareporting\glean\pending_pings\2a1a83ee-8674-4f08-857d-64895bca5501

Filesize
235B

MD5
7eb3910cd3f99710c27751e119e465bc

SHA1
1dd807f42124699c197b31c05903c65bcbc5d991

SHA256
14c8cf024adf6c52ea219286cfdeff3aaacf75c7b050e2030843b4f8dfd40a75

SHA512
cd2f0bb843773da81396e3e1b7d7ad31547017c6d7e52632b255189395b171d7f65050aa67e88a2a0c38d4dc87471dea235830699b9ed33c0c167c0bf3038a8a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3dnsnfa3.default-release\datareporting\glean\pending_pings\6aac88f6-e26f-4e3e-b6ff-25095251ef7d

Filesize
883B

MD5
936b4937553c4011109423233e612bb0

SHA1
366aa2dd785e3a1603b3bbfb1bc7db51ed017339

SHA256
d47413d972d99ad5b85b13db35f6de70b3718def907115164dce5112bbad2361

SHA512
3293d79871312fb92760fc6b6496952e4431d12e45d881ab1dde59d65d23f53189c4e13103f34af1275eae34fe42c5c102175d1998dfb25c60479b14e23fa42a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3dnsnfa3.default-release\datareporting\glean\pending_pings\84d26180-e7d3-4bea-aea9-8b2224db1ac4

Filesize
2KB

MD5
a6a8e0cebb43f570b1872cc7758fdbc4

SHA1
6f7c8be05259f4fd63f1933f2bccb28eac9f3194

SHA256
0e9cb14a0a21bb600515b1391980f3d7e0887617b9aabfbd1cd1602efe3a0a76

SHA512
52686176ca4a6b03ef05a41d8310c8220bf1c43723a2a4132311bbb4d6e2e45b6a9463fe4845964cbf149667286bfcf8ce1d04d2710b5bc50e2deb4be7a4edbc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3dnsnfa3.default-release\datareporting\glean\pending_pings\99ec9bc5-5088-44e3-9145-5268fc9a64ac

Filesize
235B

MD5
ddbc1d7a46ba6eabcb9dc66d88cc29aa

SHA1
288e78f0cdefc4bc1e9ff5f44c088d050c29682b

SHA256
5a81894b26f325d7cb2e7ab3ed4f0734b6843db2a62b1a2dcf85bef7d0bb8f9a

SHA512
241ce6dc61267f235e9ad8e1789cbb2360904b4025bcdbbe4d614323abb1f93d38223c5cc35e464160ef8138b852f3509b86169b50c723da62178910ed39bb88

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3dnsnfa3.default-release\datareporting\glean\pending_pings\b2192b92-be06-4085-9561-58afafa47668

Filesize
886B

MD5
80849b265aae4104985285be12929e22

SHA1
f7262b92972d5865b3245b89f5e04d0f95c78e2e

SHA256
0725884fc34bd9e63f8739b5ab473304ef180dd70a1e302db159c0707c65d4ee

SHA512
976e000a87a44fb85360a9c0741cb027f6ddbf6ad8e68276ca9ae58d7fc3d06f99ca8cc21e3db64ce2d3f712a2ce6d3227442c4fef681a868667f26cfddb632b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3dnsnfa3.default-release\datareporting\glean\pending_pings\f84d1187-cd26-4ee2-8883-b3efc688fbb2

Filesize
17KB

MD5
30d5c3e6ee98b8f403b1769e3278fb47

SHA1
da7937f0401d4c9e71da2ccc30db8fee14926b0a

SHA256
f473043429049423e88067546efa42396a3610aa4ee5fb0de25510c6b3dc1d92

SHA512
08a9c5fe39b3faed9c218981c14e1acda323791cf31ba941e2d9d057b04c1742490aa8535cdb8c46b15ec0c24b78003413acf25208287c07836d676731044065

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3dnsnfa3.default-release\prefs-1.js

Filesize
7KB

MD5
65121326db64e67c9522ad90ec1e6fbf

SHA1
ecca73bffc0a523f0a1bd97937ab87cd2cd94e66

SHA256
e7609be866426cf84c375395e3b1e7099560fe3fcf5c5501c8e103b46202c8ef

SHA512
e1fe73dd3f66f97224add1ecf66a0f328f160599941aa9447c9bafa37705ad38f46f61892956a3d46daee369bae801b2b728b1037121b4c071e0e9c45c75c112

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3dnsnfa3.default-release\prefs.js

Filesize
6KB

MD5
72c80228f30214a247e80b08478e72b9

SHA1
332b09b9643e3dd20a603b7b85edae71b6e6df79

SHA256
0c468dad290ba063ec62934bf41f8460d756ea9c6624b49e5b65111a34bdfaa6

SHA512
5d1a9dada6dcdbd03f8db6eebf20b49ed20c1f1245b041e903bdec3cb0159bd179f60e0a2d78b89a6865cccf3b160d68ca54a69b2816d108002b9e1df57f71ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3dnsnfa3.default-release\prefs.js

Filesize
6KB

MD5
83ae96998788f3b9bafda7bfee3f967a

SHA1
725fbcd7d4a9d314fef78ae00ed98ea6f94c3326

SHA256
bc0471ef1bc46aaab9bae8a055a02bae06b3ef5fa4b19067c03029d977634165

SHA512
f072d405ce628a194bac01c02c0b374b5071289d8f146a1066def948d07797dfff47fee4250b804e931ccd7e934ac634046b0081d0027882d6d03433da86d729

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3dnsnfa3.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
memory/764-1-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/764-20-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/764-19-0x00000000748B2000-0x00000000748B3000-memory.dmp

Filesize
4KB

Download
memory/764-0-0x00000000748B2000-0x00000000748B3000-memory.dmp

Filesize
4KB

Download
memory/764-21-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/764-5-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/764-4-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/764-3-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/764-2-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/4552-17-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/4552-9-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/4552-8-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/4552-7-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/4552-6-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download