330443e86efd23fd22c62a1fb09b86e1caa94e017bab089a92fb41e28ae9ceac

Analysis

max time kernel
144s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19-01-2024 15:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Creal-Stealer-main/builder.bat
Size

57B
MD5

c856a1995fa86d5bf3dde2a2de732d93
SHA1

21de21d0ea29ffb9f3061b5d81116408dd228cb8
SHA256

23fb3df8dca77c02ab3d76013b6e12a2a1fda1a93ef675211c77df9ec6ce39bd
SHA512

793fb9e4d8b146a4e8d6e0dfa2d756ade17143420215f6b10646758bff39df964f6fa29761b4c6755dac7d1f8aea81152ac615d5b91bcea6018f997d0ecb5715

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000_Classes\Local Settings	firefox.exe

NTFS ADS 4 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Cstealer.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Cstealer(1).zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Cstealer(2).zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Cstealer(3).zip:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeDebugPrivilege	4828	firefox.exe
Token: SeDebugPrivilege	4828	firefox.exe
Token: SeDebugPrivilege	4828	firefox.exe
Token: SeDebugPrivilege	4828	firefox.exe
Token: SeDebugPrivilege	4828	firefox.exe
Token: SeDebugPrivilege	4828	firefox.exe
Token: SeDebugPrivilege	4828	firefox.exe
Token: SeDebugPrivilege	4828	firefox.exe
Token: SeDebugPrivilege	4828	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3612 wrote to memory of 4828	3612	firefox.exe	97
PID 3612 wrote to memory of 4828	3612	firefox.exe	97
PID 3612 wrote to memory of 4828	3612	firefox.exe	97
PID 3612 wrote to memory of 4828	3612	firefox.exe	97
PID 3612 wrote to memory of 4828	3612	firefox.exe	97
PID 3612 wrote to memory of 4828	3612	firefox.exe	97
PID 3612 wrote to memory of 4828	3612	firefox.exe	97
PID 3612 wrote to memory of 4828	3612	firefox.exe	97
PID 3612 wrote to memory of 4828	3612	firefox.exe	97
PID 3612 wrote to memory of 4828	3612	firefox.exe	97
PID 3612 wrote to memory of 4828	3612	firefox.exe	97
PID 4828 wrote to memory of 2452	4828	firefox.exe	98
PID 4828 wrote to memory of 2452	4828	firefox.exe	98
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 1160	4828	firefox.exe	100
PID 4828 wrote to memory of 5088	4828	firefox.exe	101
PID 4828 wrote to memory of 5088	4828	firefox.exe	101
PID 4828 wrote to memory of 5088	4828	firefox.exe	101

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Creal-Stealer-main\builder.bat"
1⤵
PID:640

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3612
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4828.0.14368422\2014015890" -parentBuildID 20221007134813 -prefsHandle 1868 -prefMapHandle 1848 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c6ec9e5-b98e-4f57-a56e-dadb49131c6f} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" 1948 2508c2db858 gpu
    3⤵
    PID:2452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4828.1.796817855\1607700577" -parentBuildID 20221007134813 -prefsHandle 2340 -prefMapHandle 2336 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0c3bc99-5c2c-40ef-954a-82a0401b5f01} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" 2348 2508bffd258 socket
    3⤵
    PID:1160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4828.2.68103901\833260804" -childID 1 -isForBrowser -prefsHandle 3240 -prefMapHandle 3236 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {90fbbbf2-81e5-4226-81e6-328898892fb1} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" 3252 250901d2858 tab
    3⤵
    PID:5088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4828.3.1179694917\1696738942" -childID 2 -isForBrowser -prefsHandle 3560 -prefMapHandle 3556 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a881f76-4ff9-4f8f-b41b-618d779a5b99} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" 3572 2508eae7058 tab
    3⤵
    PID:2536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4828.4.666232085\29263432" -childID 3 -isForBrowser -prefsHandle 4128 -prefMapHandle 4124 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c7aaa82-e978-423c-899b-5da43035728b} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" 4140 250914f4358 tab
    3⤵
    PID:116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4828.6.1032558359\1265053435" -childID 5 -isForBrowser -prefsHandle 5276 -prefMapHandle 5280 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4dcc3ac-3f2e-48d2-845e-7e162fdc199c} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" 5268 250925df658 tab
    3⤵
    PID:4296
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4828.5.812037109\334817258" -childID 4 -isForBrowser -prefsHandle 2788 -prefMapHandle 2872 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f006554e-1b24-43ed-9085-e681b1833ed9} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" 2948 25091edb558 tab
    3⤵
    PID:4364
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4828.7.719489960\1759890026" -childID 6 -isForBrowser -prefsHandle 5348 -prefMapHandle 5288 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f79327a5-6dc1-49c5-898e-ffde7b2df8ab} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" 5336 250925dfc58 tab
    3⤵
    PID:4380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4828.8.342043644\744269901" -parentBuildID 20221007134813 -prefsHandle 5852 -prefMapHandle 5856 -prefsLen 26285 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4600ef94-0f30-472d-b9fe-7d6c1716b0f2} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" 5880 25094284d58 rdd
    3⤵
    PID:5232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4828.9.1767459987\1310984865" -childID 7 -isForBrowser -prefsHandle 6120 -prefMapHandle 6116 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4b51650-bf85-4886-84ca-3ee4d6d26432} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" 6096 250941ac658 tab
    3⤵
    PID:5612

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qmjs2eet.default-release\cache2\doomed\12894

Filesize
28KB

MD5
7b3db4d67c740747f744a775927716a6

SHA1
1b1c358cb7fbb5a212634677bf332411adc5b538

SHA256
4d7e99b9765d3f8c6b1a29bbb426e1911f2ab867f5cb510ffd18b391f4a6b599

SHA512
abfce0aa7cf8ccbff3e4d0c5563d55527d3c83f9b9abd85bebb268d6b044c34f65ff63141590c417b251bae44db5d9924161dd9094e5a1e0ee34fe032d238bd4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qmjs2eet.default-release\cache2\doomed\18648

Filesize
12KB

MD5
79ee52e4b4ac0406eb795d7cd08c79ce

SHA1
c4e44d114e4ee35acc93281c5b7d0dff62809dfa

SHA256
670c0be53c54a7a5029c2e37e285f3c83d63ec8c478b47d816523c6609124644

SHA512
93dd09c92a399804186418a44527f4dbd8084c51ad6f58a0caa990e2a98d11e7b40dd072f216cf6e7a0dc5a20c54039ad85fb0d29e365db79be5f4a6038c9cb3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qmjs2eet.default-release\cache2\entries\38998C1D5E2E822AC11FB22564F50EB2CBD1D21D

Filesize
109KB

MD5
391729d3e11d03d75f82b29237dd7c40

SHA1
20340d39a7f874b4d72b176c8b90bcaf382182aa

SHA256
dcd0972025a6f0d76c8ee0bbb5956b9872637c1c6faf90dd77da4fdb1994a40d

SHA512
935e0bd797024b11d6b66f394fca3deae4c60215e2c29f8452dc8c0e9369d809bdb7d96d4189fc600dab018bd7bad88bd898cff6aaebe71014e91576976030c1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qmjs2eet.default-release\cache2\entries\39EA3BF47B91DC6CEF789DEBAEA832001A42E1F5

Filesize
50KB

MD5
ed9ef3a493bdacdf2993e5a45b76cfb0

SHA1
ba9983b7f4a532b4b7aadaa544428f1bfb3a44d7

SHA256
8165c9cd5c0369222517d2e1ced110b3a023eaf3b0e552a0f84c7ebb99552485

SHA512
7e73aad6feb4a10714fae47a4d3a3801aa2d6c9160b571ec0c71c73b84d5ab2e248cbf209e3752044f04954dc1774406109c56e58b5dab7f021ea84423d58c17

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qmjs2eet.default-release\cache2\entries\5F73EAC845FBDCDDC2B53FFFAE34630E4684F651

Filesize
45KB

MD5
54bb61636770478bed72945a5735bdf7

SHA1
3ee02042d851cad6678d283e6d27a4fd1ca441d1

SHA256
8d764f6a0a301a86ed04445fc047aa54aee120f48eaa873278add45666e1bb29

SHA512
32c58660224a95f19f48d8fd01ccc31b4bb23befb98b105d26561dc4b535b4ac18c8466b373aa0299f90243bd973b6d025c7a9b3e1d7a0e446515692277fba11

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qmjs2eet.default-release\cache2\entries\610381FD3C71D594CFA6AFE8B8803962D0EF6779

Filesize
67KB

MD5
abc9b19fb40de51f5e82a2e0a8fbbd40

SHA1
c2030662fed2f59670ae8c41c4e75c926f3cf870

SHA256
60cc42bc54bfcc8575c5e72958ff2ae79d21e1cabb3e5476065b841eed38eb46

SHA512
cf62acc0606678202dbc068e9c037557213e4ed6481babf33c9f4871426806c0e567d5ce52d8c609b6d0b672507629b93c4f64b476d099e9ff054c73a0afa6ed

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qmjs2eet.default-release\cache2\entries\634E16DC7AF73196290DC0EEA7EC63EF6B95A520

Filesize
40KB

MD5
1c4dae52c884a4d54db638c9449e50b5

SHA1
8b5b86aaf29253e65ab599ea5f15d84e827bbc14

SHA256
5aac08ad0affe403f4eeff87951d55a67e128a9af9767c29328b2aedadee806c

SHA512
be19aecdc77abef4f9876bff6d1013118b5b507fc8edcf78bc23f1f626d01685b893ef3e0198479b53d378507339df33851f6936664d243c14404fabd9fd0ef7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qmjs2eet.default-release\cache2\entries\911A5D8089C668F481D81B2795E992327AAB6C47

Filesize
770KB

MD5
6498dcbd0e8eea89ca1ac184bf13c2e2

SHA1
286733b9d0e3a1ba9b57e7198d61e50e4c4b3d73

SHA256
207664d8301b9b0c89aabf643ed2cf5611bda442ebebaa32dcb5aa09853a2eed

SHA512
de8c59e2c119b5d8b17fc25993c80ae658d72cd49a4d945740395e82c98a2f31d44a928c6b8997d259d6d3b776b942b087def41cdab123f191b2a75b7a31f38d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qmjs2eet.default-release\cache2\entries\9C2BBC7137762B4CA02A130A09A82F71C29112CE

Filesize
327KB

MD5
4e5a945b5d47db3ed497fe16926cf567

SHA1
35f6788873654936470070c31764e846ccbbc016

SHA256
b6110542743784055442825761c1f2419ac152df44aaa584d1cd8297f5e07bfc

SHA512
f2b5cdbde44a3a3f34dd4b95b4042446aaefecbe42ab3a0f0aeeef8d8590b9217b6cf8b3fa00ebd36c9264f330858ff8add8a5c3a04803112453dca15bb80991

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qmjs2eet.default-release\cache2\entries\B514093AD97EB137639E70982E6CC2877881F842

Filesize
33KB

MD5
64cd8d062d12fb63f6758272fad013ed

SHA1
d038056d79146a321dbf2f0d68dca0b5bd290461

SHA256
253308f5cbf2705c34145e1d32aad9f9fb674e6d03209d552e6c62f92767680b

SHA512
c6a3100007f4d243470816b4fe0299a5e2d0693e3c01f0c54da0e5ddc0b0cfe954cb2c2e658b2e089d26c9fe64a44728403cb0f5cec67ff7e8fc5fca51020ff4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qmjs2eet.default-release\cache2\entries\D966DF7A29845F0C10F4D7FD9EE329E40956B979

Filesize
56KB

MD5
81caf847ca6b4b54a72e224c94bb9062

SHA1
4dd9ee8372c64f7917b5589b006cd5bb625da52f

SHA256
f67027d539f0b7f9a82b3a7b4209e188bb21f389d0d0bd4db099c50c6c065586

SHA512
90182ae5f84811ad794db7e75bff152bd8ee25c6210fadaf21d787682fed7f8d19471b578bbc65ed0c3e29f755a8131892a0fa3e779709be9af2a8683c0f8588

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qmjs2eet.default-release\cache2\entries\DC6CB4D23713E5F558FEB0D8FBE338CC7797A724

Filesize
35KB

MD5
fd02d167532b379abc536a9cf04a3a4a

SHA1
94ce90c9ada755dbb9a318b14c819d19cde1988a

SHA256
582a5782b51123fbd0eadd8321f18121dac7a132a60ccd587950a3f4383a8f0f

SHA512
b6d13ae17c63b2b166093c79f6680f26471740d8b54720b22bc9e5bd18db545093348c3562b039054b82a5ca25117cfe16967dc1ec06df8e20365bd3784d9c1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13KB

MD5
9e1c44065a4474466b4f116c50a1c0ab

SHA1
8fa3a1cbc6ad0be6912c9bb8970294d3c198a7c5

SHA256
da3866fcdc8112814d89cb725174e581dabae5f32bdba37f3695090fc23e8f29

SHA512
dde3eb04f8bdd6a6d868740ad8859fa406cccc3a3aa794121264ce327f22fb9d571407b721e83586ee5c9acc371cf9a1ce608ec0ba3d527724e1d2b1893d1ab5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
77fa73cb84a69ba439c7179957c8d374

SHA1
21163bf1b8c9a6495116a03b89ac7c90955a2011

SHA256
b264c65a3030eaf31247d0ba8de1be23cb3f9c91cccd0b2d2356f36559aa493e

SHA512
e957252b8a487c4b8fc495b0c39b8337c2b462d2c0545f9b3f05dd4cac551000a98ce88fdad749520b28383b7bdff576bed5238c605697c261f168d00507ad13

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\datareporting\glean\pending_pings\320ee6a9-b50b-410a-9278-8b069fc3bb00

Filesize
11KB

MD5
559e2cd5ee7411ed2c04f56e4de22c8d

SHA1
b52a4c1e6551eddb08ce922c76872c1d0a4bd7f6

SHA256
0839e408b8f9df209698f1c19f9efdf871ddbd27806c083a204cd6ce44e1eee4

SHA512
5ade6a5422d80b34a2858869f8e3d9058da3ee53d76e0dc98b70ffa6aabae4484cfe111cc29253e7ac6b1c40e891ea45877e7ad0c7f2d068d4535a2fd5d324d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\datareporting\glean\pending_pings\fe4c5a75-6d36-4fc7-993b-8e52598bef73

Filesize
746B

MD5
d76ddfa1495fd5773d3555dd5c7244ea

SHA1
25c372b47fa22d23db4448cf151720cf7b70b377

SHA256
28fc62afc92a39eea58d227e2d0ebb77ede3b6f0ef3f74180a561469d45d9e88

SHA512
05eb43a2d94ef4d31919b08b9bb897525f04abaa99a7dfe69e8a58e9278343d3af7c6503918189bc2cb80c13e07594729af584e38b158f694868f8f8eb12d96a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
1.3MB

MD5
f4f9e62836aff4da445b05ec0cc44f73

SHA1
e52775ca342c07e1d3b94836b42433e57fa909f7

SHA256
3f340ac8c02237c071cc659d7dcf231cb95db3ab6fdb5dff80f97fbbf1cb25e7

SHA512
ad83e60cb6453f8f2583507603fce3f2610ca974abc0faa05afda0732dd7e4d594b067f186273ebdfbdceb6e5ad15c6e092c29be4b901d67626e4a9d87f84bde

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\prefs-1.js

Filesize
6KB

MD5
0cd03a34f22cac160c2c573b7a031a41

SHA1
4de1bf85471d700bf898f5f8d65324521971ae5c

SHA256
8e2bc1522a0e13a0c5eeffd23931246134a938419b7bd657b9453dae8ac61ac3

SHA512
ef453d1ee5c9609a4e29263d0614c247bb4ad7749046611877e6b8c014400ead9af3ac2a7ddfe51833c1898455ae279f37657e77e7ba51dce3b36db2dd8586f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\prefs-1.js

Filesize
6KB

MD5
53150dd0bca3947cb3b9f5e8a4be8b5c

SHA1
03493faaf67f2063c051397b749778ddf17f4c84

SHA256
a538456daa6bc24e2cc56cee01a80379d011614f9926c540eef90ddd3f82ac78

SHA512
5efc9037c224234e3bfb7867d3c272c76358da83747328b32c427389dd169bb6cd77b11abfd0f99cbae564d55ebcd627d543531065933c5c2b28235559b24362

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\prefs-1.js

Filesize
7KB

MD5
97af34c8cd8bf4812ad4c068294afcab

SHA1
6669e857aa7306cf5c0dc59c69f90683425e89c8

SHA256
2f4e0a952afdc53cc649715099c37bfe11f1b95b17da846d160e32d078384500

SHA512
bf7d1161a113891c5ccb6771f1b4354e75c974184322c591b1cbc80ee5c71e562273fdba3f29a32014c113f224353b67750818331b2f337946a7d6bdf26f49e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
6d215de32a4fe800f77e1fbbc2910c10

SHA1
c6aac865b61ae48ffe31517e9fa470d8db299474

SHA256
96a4acc669357a209eee467884118967adb985267bbe2a3adb477d894fa9a982

SHA512
81188b843d480c2c5b764a50ce573c03f3243415a78d2a4bea990b8863f0fdf980febf81cc384e1bdb5d850e3786d6476c160def652b8f3509edf3251a7c1e6d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
f6c9812d46a2412f7017ef0fe0d88d84

SHA1
ff2a96163ff1cd2dc80287fcad7079b885e92dbd

SHA256
4015a06eecb76774d5918d49328ff6a49062922d949f796db8778b592367129d

SHA512
24f4d1bfa42da0d3ea81be1fda265e15350ef191fa2f764f1f92311fe07fc2a6f772f91e25a56a14db4249cb37275e3ee45c50e8ad0f6c6678970dcd765414af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
79e9a7918e0a325d3f1e5c1d829c69eb

SHA1
61bc8006cece25b6dedc79ac8eebb2566b806fac

SHA256
a6281533f784d7006ea5d3a0876b0f152bcd59a2d0538e3c516bee9c40ba7766

SHA512
7f24b453cf5ab2c2680ab4b6c3ae4b7766f80539b770e51ac4b1751cc00a3759b08aa4d49326c61dc7d9edc8ee8ae4591181d6adf18ad0c8c50a311f550902a8

Download Submit
C:\Users\Admin\Downloads\1FXAQ8zW.zip.part

Filesize
442KB

MD5
f1588dee158c088ba14a31fc33c2939e

SHA1
0b776d41a6e048d8be953b73c12c09a4d22489b4

SHA256
330443e86efd23fd22c62a1fb09b86e1caa94e017bab089a92fb41e28ae9ceac

SHA512
262d9e39ddfc4438a74023659dc7b7ec1dddb547db46a1cef5aa92190905b870550689ecaa8ff9eb8794b6a231d8091dacad1ca0967771c947483e333e832f57

Download Submit