Analysis Overview
SHA256
0bb71786dd42fced85fd4d47da823753e83a5cb6af260bf67bb116905c8328d3
Threat Level: Known bad
The file XyU8ZgqTP.dll was found to be: Known bad.
Malicious Activity Summary
Qakbot/Qbot
Unsigned PE
Program crash
Modifies registry class
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Checks SCSI registry key(s)
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-05-11 15:13
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-05-11 15:13
Reported
2023-05-11 15:18
Platform
win10v2004-20230220-en
Max time kernel
300s
Max time network
303s
Command Line
Signatures
Qakbot/Qbot
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\XyU8ZgqTP.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\XyU8ZgqTP.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2304 -ip 2304
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 668
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1984.0.1723964441\1879951873" -parentBuildID 20221007134813 -prefsHandle 1840 -prefMapHandle 1744 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {484bf637-ce54-4e1f-b1ad-887b7a02bc85} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 1916 1bb8500b858 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1984.1.1338132491\401058548" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {345a8f9f-0a15-495c-b848-6144df5adb81} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 2316 1bb8553a558 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1984.2.1414385346\1735736797" -childID 1 -isForBrowser -prefsHandle 3020 -prefMapHandle 3124 -prefsLen 21009 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa277cbe-3496-4731-b52e-e3f54223d03e} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 3168 1bb87e40958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1984.3.891857199\2027007676" -childID 2 -isForBrowser -prefsHandle 3532 -prefMapHandle 3428 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5ff7b21-6b2c-4b41-b4e5-e48a753732c7} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 2452 1bb87e40358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1984.4.828482478\1878326712" -childID 3 -isForBrowser -prefsHandle 3816 -prefMapHandle 3820 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {515e31ea-6e7e-4cd5-b9f4-f7ef04625c76} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 3808 1bbf705c458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1984.7.2106233663\704903726" -childID 6 -isForBrowser -prefsHandle 5428 -prefMapHandle 5432 -prefsLen 26657 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b57a3906-1dcd-42d1-b116-4759e14176fa} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 5420 1bb8ab43b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1984.6.903349768\1522170844" -childID 5 -isForBrowser -prefsHandle 5236 -prefMapHandle 5240 -prefsLen 26657 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ceea59f-1e8c-426d-9737-e768437baf03} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 5228 1bb8ab45358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1984.5.263918209\1709384789" -childID 4 -isForBrowser -prefsHandle 5112 -prefMapHandle 5108 -prefsLen 26657 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea7a925b-16e0-44f0-89a6-e40cd4482d56} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 5088 1bb8ab46558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1984.8.2066534633\1698570998" -childID 7 -isForBrowser -prefsHandle 5816 -prefMapHandle 5824 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a2a0a46-2ba3-446f-b4fd-196847bf5ab1} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 5236 1bb87d34d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1984.9.708709816\1068521388" -childID 8 -isForBrowser -prefsHandle 5668 -prefMapHandle 5672 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {642fea12-eae1-41ae-b36c-a3f320b82220} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 4532 1bbf706bb58 tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 123.108.74.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.24.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.36.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.238.32.23.in-addr.arpa | udp |
| US | 13.89.179.10:443 | tcp | |
| N/A | 127.0.0.1:49773 | tcp | |
| US | 8.8.8.8:53 | 63.13.109.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:49780 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 54.149.234.21:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.117.65.55:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 239.237.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.5.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.100.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.234.149.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.65.117.34.in-addr.arpa | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 191.144.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.168.217.172.in-addr.arpa | udp |
| US | 13.107.4.50:80 | tcp | |
| US | 8.8.8.8:53 | 254.7.248.8.in-addr.arpa | udp |
| US | 13.107.4.50:80 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| NL | 142.250.179.142:80 | google.com | tcp |
| NL | 142.250.179.142:80 | google.com | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | 142.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | 209.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.208.110:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.208.110:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r2---sn-5oxmp55u-8pxe.gvt1.com | udp |
| AT | 144.208.213.45:443 | r2---sn-5oxmp55u-8pxe.gvt1.com | tcp |
| US | 8.8.8.8:53 | r2.sn-5oxmp55u-8pxe.gvt1.com | udp |
| US | 8.8.8.8:53 | r2.sn-5oxmp55u-8pxe.gvt1.com | udp |
| AT | 144.208.213.45:443 | r2.sn-5oxmp55u-8pxe.gvt1.com | udp |
| US | 8.8.8.8:53 | 110.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.213.208.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.103.197.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.220.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.113.223.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | 105.104.123.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.255.255.239.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | fennec-catalog-cdn.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | fennec-catalog-cdn.prod.mozaws.net | udp |
| US | 34.117.121.53:443 | fennec-catalog-cdn.prod.mozaws.net | tcp |
| US | 34.117.121.53:443 | fennec-catalog-cdn.prod.mozaws.net | tcp |
| US | 34.117.121.53:443 | fennec-catalog-cdn.prod.mozaws.net | tcp |
| US | 34.117.121.53:443 | fennec-catalog-cdn.prod.mozaws.net | tcp |
| US | 34.117.121.53:443 | fennec-catalog-cdn.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | 53.121.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.208.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.152.241.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | fennec-catalog-cdn.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | fennec-catalog-cdn.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | fennec-catalog-cdn.prod.mozaws.net | udp |
Files
memory/2304-133-0x0000000000D80000-0x0000000000D81000-memory.dmp
memory/2304-134-0x00000000025C0000-0x00000000025E4000-memory.dmp
memory/2304-136-0x00000000025C0000-0x00000000025E4000-memory.dmp
memory/2304-135-0x0000000002560000-0x0000000002583000-memory.dmp
memory/2304-137-0x0000000000400000-0x00000000004A1000-memory.dmp
memory/216-138-0x0000024E8C4C0000-0x0000024E8C4C1000-memory.dmp
memory/216-139-0x0000024E8C4C0000-0x0000024E8C4C1000-memory.dmp
memory/216-140-0x0000024E8C4C0000-0x0000024E8C4C1000-memory.dmp
memory/216-144-0x0000024E8C4C0000-0x0000024E8C4C1000-memory.dmp
memory/216-145-0x0000024E8C4C0000-0x0000024E8C4C1000-memory.dmp
memory/216-146-0x0000024E8C4C0000-0x0000024E8C4C1000-memory.dmp
memory/216-147-0x0000024E8C4C0000-0x0000024E8C4C1000-memory.dmp
memory/216-148-0x0000024E8C4C0000-0x0000024E8C4C1000-memory.dmp
memory/216-149-0x0000024E8C4C0000-0x0000024E8C4C1000-memory.dmp
memory/216-150-0x0000024E8C4C0000-0x0000024E8C4C1000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\prefs.js
| MD5 | 2ca68eec3c1fdbaa1ae996ee759fc3c8 |
| SHA1 | 54363409a7393613ff528d0488d1cc16796ef2d8 |
| SHA256 | 4fe10ac0c622a99629804d64c89b59339a12a63ffb0b56132bfe39ec9b25aa1a |
| SHA512 | e2fdc625ee7d3e54c1cca72810eccccc3f493253319dad56693d77904692830302564897d7d9c33b876f645bfcd1a5498be9be81bb18932e3333d00ca3408c12 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\prefs-1.js
| MD5 | 0b0453e877a925dba1992c10f630e6e6 |
| SHA1 | f2f2ff71ececbde124789f41d1598514ccdc99ed |
| SHA256 | 3266a13a86b1108f4f84abfd0e1c9912b6d9d7e495147515c8828eb1e316d1d8 |
| SHA512 | ab1c51074ab94db0eedb638ba4c8f39dd33bafccdfb83c576d7b28777adb3d2ad719bcae7a05cb63b9e3f19062603e89787efa4e05134db31ba7cfa1b5ff703f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | a196c0903f9246afd7dafd59f1c414bf |
| SHA1 | fe3d04f5917ad4d0a12f80d09c5a4efd5c5ba9e0 |
| SHA256 | cffc17f35cb158d48879ebba9437628ed5ec0650e7e8dc2729c794622c90a7e1 |
| SHA512 | 5b2b5c81d5d039292c9223621c41c900015e1e06ed13b19833503142e7bd99b5c3fce91e0f2fb7b2c84ab6c777034fdc32a74dcd2b6a424e9198747c58a463ba |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\prefs-1.js
| MD5 | 269489eb9a5c5516968a8e85e9cc6ec7 |
| SHA1 | eb73714a07724d10fdbe46228b557bc2dd503c05 |
| SHA256 | 01ee770ec696b3f378bffe803ef4636d90aa703480897be5815b2c39c3d4567f |
| SHA512 | dda1ebdad6db8ccc911ff20f94199dae6ec9e00c0f783a3cae28993e1d485c16d43a54e9c94e9154e9c6fc03cd1669dfbf8429742128fcea041185515c1ef017 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 187df73437347c0374c5840ae15547e4 |
| SHA1 | 945359430c5bd3eb28a67e70926c26b8ef24daa7 |
| SHA256 | b2b9d1e07e8b5fb8d0eaef328dd598757e571f4442ad76440bd3f72b44b5a8fc |
| SHA512 | 83c662841a86d440f397eda9f76630db711c1934d2276bbcc4da652a1e38c9cc7e3e11555c7817c3fa5e98226d6bce1b65e06df0dcfd1962e16632b8766d5a84 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\prefs-1.js
| MD5 | 913b872dd038d8b73609f980af92ee7a |
| SHA1 | 97988e32045c42ec2134696cc0ed924f1df3833d |
| SHA256 | f30f23358a4ee024af75c9b739b8bf107fe3f05065625abc55e0b4e5b36bbca6 |
| SHA512 | 9516f52865265d90bc1cef0072c6c34b50fc065cf5a63834df2312ba9dc34c227382c0ee56dad95d3cf79583bbb54d52e9ba6abb75ae6a9a4c1863efe7e76ac3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | f0ccb896ac9aa5af2001732c55650557 |
| SHA1 | ad8074c8d4e77eede6237c4f96e8b0f436ddb201 |
| SHA256 | 3cd117682da7c7afe597e33fc64dda0406c4c108c276453879f294c6ba40906b |
| SHA512 | 334b6e292f7cb864e2a7ba03b1439064c2ad769ccaf45a7c1ca0bb6474ef0d875c59707eff2e4c6fd864b5cab3088be430ad3a07956e7e168ecef7cf238814e9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\prefs-1.js
| MD5 | b2c154d1d11f0dc5071d7ffd4baddd53 |
| SHA1 | 201ee2f7a4caf769f5991095716055b083b2e689 |
| SHA256 | 4b4c36dca5dd98a5cc1de36abadc606472d502322e462925b11713bb28dd0dab |
| SHA512 | 8b0a6a5593590cac30a7c03f16db7b8ce1de578df83ad3bb0c40adb1535b46d4239b93b911b38da80108d9457d5b585e351fcec80f7b5227fc57c09c4d0399aa |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\prefs-1.js
| MD5 | b5ff48b745ed373633baf67b67a411b5 |
| SHA1 | bd2e39a010b070e5c4315691307f4d6f8f4b6e0b |
| SHA256 | 05d4865207dd5d8058cdd7f1f204fb6d7220e2844bf002982b5e2027844ff8aa |
| SHA512 | 1b3a331db52f87c5bc0351cb0aa02b1458e0ebbfd690c1b29dc71e688bce55cb32e1fb6e253f9dc38f9b73a38cd8b558b2050ccacc554c7c0610ce7ae636fc51 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\prefs-1.js
| MD5 | 00bf4ef39361a085c671b350d68794b2 |
| SHA1 | a0b4193e01863e91f3f70806c27ebfd22da0175e |
| SHA256 | c95f688f5c3c1aa864fd03e0b938afee8911629637c7251a4d4fb483d0c08140 |
| SHA512 | 9ed84c6bbb8a09ecbef3ad0ae3f9fe571a235180175a5292e664135b7caa5ef4b2c991d54785a84acc4555bc2349662b15add311bd8e8f56b899becbe0b91567 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\cache2\entries\250EE2BC03AFF526F1A1C3DB212A79DE3EB60D5E
| MD5 | 86f3a181249667aced525cb6d787d484 |
| SHA1 | 7b8ffd742bb66294ec09439b9a3d1a2c4e3321d7 |
| SHA256 | 5ab3b25a32eec5b59619e99e4055f2180a34b77734c8d2a110311b96f0e0f421 |
| SHA512 | dbc9d38c288856f4e835267d344ea2d174478c9896717b7a1790725e2240e3369017c33b09922578bcf51e1e45e6f1fef5089cc3901c314406ab16e937cb25f8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\prefs-1.js
| MD5 | a1b08e036074f8b06bc8598ca4e16fe6 |
| SHA1 | 194a8610cbe74283f44078dc1dda2b2c03471b3d |
| SHA256 | 01ff7db65b8da828c3dcd552e7492a7b1a04557ab3ad634b84ee35b21c6c4c20 |
| SHA512 | 543bd8ecb8581ad8dcf47d822de4d7395fc28998f2e097612424be0f260766520e2324a5bf3d2f32a959877a1b868f8b6d5a02afbc4ec96dc0287923baf0ea23 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\broadcast-listeners.json
| MD5 | 72c95709e1a3b27919e13d28bbe8e8a2 |
| SHA1 | 00892decbee63d627057730bfc0c6a4f13099ee4 |
| SHA256 | 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa |
| SHA512 | 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\search.json.mozlz4
| MD5 | 033eb0645837c8b618a593f7b9a72642 |
| SHA1 | cf4c2e7ccaa275ee47cdd945a7bd1f8b57c61172 |
| SHA256 | 3409fd08295094b37673d748a0374cf0afaecf1671188b2ed012626cad67a582 |
| SHA512 | 27dd0743306b0845c06b3be3e3ae2f515777dced4bbf91a4864bb95c5873e2d6351d99be36d4762a2ba8262130c6d139db3f4f5272afb8717e02b09c1e39c2b4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\sessionCheckpoints.json
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\targeting.snapshot.json
| MD5 | 9238d86cd92b18aefd3d785ee7211bdc |
| SHA1 | 1022d5bd413b0bcce1b35fac59740785c40e06ca |
| SHA256 | e577a91b33992078b7f43344f15d205b4e00b86fa9a1765ef32680c0c0f3fba5 |
| SHA512 | e8b6cc407120891e11c85d46a429e881b067985607fc653b29f5d363322efdc5e9b038a1b41ce16f58fa87572bc056f7c49eff824e41cfdfe69088349d1ba999 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\personality-provider\recipe_attachment.json
| MD5 | be3d0f91b7957bbbf8a20859fd32d417 |
| SHA1 | fbc0380fe1928d6d0c8ab8b0a793a2bba0722d10 |
| SHA256 | fc07d42847eeaf69dcbf1b9a16eb48b141c11feb67aa40724be2aee83cb621b7 |
| SHA512 | 8da24afcf587fbd4f945201702168e7cfc12434440200d00f09ddcd1d1d358a5e01065ac2a411fdf96a530e94db3697e3530578b392873cf874476b5e65d774a |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 4bc1b338a4a64ee9728c25e6d694e1f7 |
| SHA1 | b3e8bc48c1669498da91636cae2ab21e44b6f5d7 |
| SHA256 | a12623e7b72d72347f2397a919cba385fd16a3f9b1754160051b7726517c59b2 |
| SHA512 | a69f4781bebb74dbedfe48642ec445d2c1a739f416ea181edb2f359a66fdfdadb2d120718d3fa147c1bef2bfdffa0989378bc296e3c4dfef7c1e75252b7e7ef1 |