44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Analysis

max time kernel
150s
max time network
150s
platform
windows10-1703_x64
resource
win10-20231220-en
resource tags

arch:x64arch:x86image:win10-20231220-enlocale:en-usos:windows10-1703-x64system
submitted
31-01-2024 15:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

authenticator.gs
Size

2B
MD5

99914b932bd37a50b983c5e7c90ae93b
SHA1

bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512

27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\release.zip:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	4872	firefox.exe
Token: SeDebugPrivilege	4872	firefox.exe
Token: SeDebugPrivilege	4872	firefox.exe
Token: SeDebugPrivilege	4872	firefox.exe
Token: SeDebugPrivilege	4872	firefox.exe
Token: SeDebugPrivilege	4872	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
3772	OpenWith.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2812 wrote to memory of 4872	2812	firefox.exe	78
PID 2812 wrote to memory of 4872	2812	firefox.exe	78
PID 2812 wrote to memory of 4872	2812	firefox.exe	78
PID 2812 wrote to memory of 4872	2812	firefox.exe	78
PID 2812 wrote to memory of 4872	2812	firefox.exe	78
PID 2812 wrote to memory of 4872	2812	firefox.exe	78
PID 2812 wrote to memory of 4872	2812	firefox.exe	78
PID 2812 wrote to memory of 4872	2812	firefox.exe	78
PID 2812 wrote to memory of 4872	2812	firefox.exe	78
PID 2812 wrote to memory of 4872	2812	firefox.exe	78
PID 2812 wrote to memory of 4872	2812	firefox.exe	78
PID 4872 wrote to memory of 3856	4872	firefox.exe	79
PID 4872 wrote to memory of 3856	4872	firefox.exe	79
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 3932	4872	firefox.exe	80
PID 4872 wrote to memory of 4360	4872	firefox.exe	81
PID 4872 wrote to memory of 4360	4872	firefox.exe	81
PID 4872 wrote to memory of 4360	4872	firefox.exe	81

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\authenticator.gs
1⤵
- Modifies registry class
PID:3576

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3772

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2812
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.0.143832925\901057413" -parentBuildID 20221007134813 -prefsHandle 1728 -prefMapHandle 1720 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ae5b41a-66ab-4428-978e-099a6e73afc0} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 1808 1c352616958 gpu
    3⤵
    PID:3856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.1.1717203612\79144427" -parentBuildID 20221007134813 -prefsHandle 2136 -prefMapHandle 2132 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {685eb911-5e9b-471b-8de4-6a5646928c2e} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 2160 1c351132658 socket
    3⤵
    PID:3932
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.2.529685599\529529234" -childID 1 -isForBrowser -prefsHandle 2852 -prefMapHandle 2848 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4df14e7-20cd-461d-bd32-39bb5d2abb58} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 2864 1c35155de58 tab
    3⤵
    PID:4360
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.3.1427080673\596515375" -childID 2 -isForBrowser -prefsHandle 3156 -prefMapHandle 3084 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf6b8863-db9e-417b-9273-53c636196ff9} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 3508 1c353edbb58 tab
    3⤵
    PID:3236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.4.2041397170\1703724139" -childID 3 -isForBrowser -prefsHandle 4220 -prefMapHandle 4216 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {db9bd554-2c3e-478f-8041-d0a0049ba0c4} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 4232 1c35750cc58 tab
    3⤵
    PID:2560
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.5.1949180942\1744099367" -childID 4 -isForBrowser -prefsHandle 4896 -prefMapHandle 4892 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac83f771-c588-4c46-9e75-1ea1360f2797} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 4908 1c35398d058 tab
    3⤵
    PID:4348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.7.430184269\1897218530" -childID 6 -isForBrowser -prefsHandle 5240 -prefMapHandle 5244 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {15c1c0ed-1e30-4515-bcf7-2d54be930eed} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 5324 1c357abe058 tab
    3⤵
    PID:4364
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.6.1437239314\175766532" -childID 5 -isForBrowser -prefsHandle 5044 -prefMapHandle 5048 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c50a3f5c-9826-465b-8a86-db5fc8b1dcda} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 5032 1c357abc858 tab
    3⤵
    PID:2848
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.8.1289411777\1816879321" -childID 7 -isForBrowser -prefsHandle 4892 -prefMapHandle 5076 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aece8053-e21e-43fa-9e26-70e87ca667c4} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 5072 1c358f80c58 tab
    3⤵
    PID:2392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.9.1657058716\1219780949" -parentBuildID 20221007134813 -prefsHandle 5812 -prefMapHandle 5808 -prefsLen 26503 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a94f51a1-7029-495f-9413-06e46f6c6050} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 5756 1c359d92058 rdd
    3⤵
    PID:4988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.10.706606531\843055416" -childID 8 -isForBrowser -prefsHandle 5828 -prefMapHandle 5072 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1b8e0f2-cb74-4bf8-aa34-94cc37136cdd} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 4892 1c35878d358 tab
    3⤵
    PID:4348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.11.1361652960\858665786" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6060 -prefMapHandle 6056 -prefsLen 26768 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c3f385c-b987-4cfa-8948-1d79217b1f85} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 4680 1c356756e58 utility
    3⤵
    PID:652

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3224

C:\Users\Admin\Desktop\release\builder.exe
"C:\Users\Admin\Desktop\release\builder.exe"
1⤵
PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
14KB

MD5
7b1c73522a801c813411981411166eaf

SHA1
010a21b59cfcc6192cccd503e404a1cb153cbc9c

SHA256
8604ea39187cc7517ac80c539863e26ea73e2657ef00c52b2d4223b6e0a7ab11

SHA512
4c5175ad77903af8466846d02236e73972fde4af47b1d4d1e5e0a1a3744a9b1329a41888056fa742e2cd196e35fdfbe524d95be4f8a2f74d1d628e3c09a20918

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\doomed\11551

Filesize
32KB

MD5
db943b0ddfb39e2a54753f1403fb60f5

SHA1
4326fc0e6914b01aadd10bdf052b89d4f2dfa5b1

SHA256
3e82624f6493b73e312eafa213efa650298a001b9d2f157061c562b23de52802

SHA512
676aef5bd7f954adad4432cf7b2fa46264a9ff2769db2d9e56ed416f9edf027efd6275ebe46dc3c8568d73832abf937e39c3bf157ee5c2c4f75f536b67dd3987

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\doomed\14153

Filesize
12KB

MD5
d3c6e4aa6bcd0da2a4630f49ac1c2549

SHA1
0fa39c7fa157c439d51a1df138f6daaf1e3238fc

SHA256
0306956dcea26f88bbdd388f4f5b0342fac7089e368bad26385153566114bcec

SHA512
a2d48bd2978be3a0faf903dc2b5352615dcb7b283aa0c8b51722c4e851db6ccc867906e6d07cb23c3dea24f50aa274aa4d199172d9e91b2d401b71b9f672c520

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\doomed\14691

Filesize
47KB

MD5
21862256c9780cadc0a8db177ddb3690

SHA1
d927a380b878e30ef7381fdeb62d3dd03054823c

SHA256
14383f9ef472cc409c15db5dcfc27b95ee83daaf747f89181ba3bbf9b5d7b8b7

SHA512
5514892b19e82e9a0687924a4c241582c2192dedfd13f625b4c370695a9d498885398c7ddd27642ba4b272d81fa08f608e3555e0972c5f6c92598ffcc4d97540

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\entries\1E61518360BA13E897A17737CCDA8D9067374818

Filesize
295KB

MD5
a007f87f15972885d78304a5dc436a23

SHA1
611d6d0b669c9b36aa3ed918da852bb3f1ee8935

SHA256
b6074e7bdb6f065023c8c67a57dad519d3c5e182cc534f3a5901d93376971bfa

SHA512
4fe5d90b99cb1e276f655bd66b3ed1b02d9c358e9fa7bb277279ca332176dc14408644527c3cf2d361907837542e033c9165ac33920352c89510fd0ce6eac925

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\entries\610381FD3C71D594CFA6AFE8B8803962D0EF6779

Filesize
169KB

MD5
fe4b0e85fff169c5e1edc396ecebb7fe

SHA1
56b64ee75ae982f3c648134f7c5180a3730b7e06

SHA256
5fc52630a64f70ad9e1cffa7f65c6c7c674c5c0d48a6773faeb872a13ff48dcf

SHA512
679e157b57a74d34dfadddce191e69428e34746ad2001d605f123b3d008187125f17d5ac611eb11ac72455c9e79fa9920709d2e168b0d74522f928a412cf5f37

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\entries\634E16DC7AF73196290DC0EEA7EC63EF6B95A520

Filesize
90KB

MD5
2b5b53a5a04122cd124c5a69d04d3a01

SHA1
c0b34d5f11fcc763e9b36672879444bee2930b14

SHA256
6a73724905b4ce576299a3d3998c9764d25f8ccba4dd1bcc6548de77642bd52c

SHA512
aa94ac21d85630ffabc1dcecc466c0a97da4738889c7a1cb6dc7358c7811ff1de23366a4e296ebba59cc562b1fd06cffabca5eed1d816f07f81ebfa66db3505c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\entries\9C2BBC7137762B4CA02A130A09A82F71C29112CE

Filesize
68KB

MD5
f951669d9d1777eabb939b18b8b75dcd

SHA1
86a90ea07a63b4a0f43f790c95484caf42dfca41

SHA256
f0a217fd19678e605801925f956db24e51cd860c9756054fbb84da5580882d91

SHA512
d81e60a92fa89dee6ce93522cf49c665e40df053a80a6ddaaefbfcf926a8990d8e5d5ef35e0e7a2786d3043a19ab0cc2b6637d0bc76957dd8a3591d804c8de98

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\entries\9D00C2F18FF2DF29C2CBFAD56AE88A9E2CE969A0

Filesize
147KB

MD5
04352a512d9d2d4e63d75967ee8a02ec

SHA1
c0c8cfaec3cc97b4aefb822313fb71b988970b46

SHA256
aebab44c12d0757d2a082b1f4ca251a7f5fee5e5e8d980841e3b66ec5341baf8

SHA512
5eab5b1acf2c4eac8b56753a627966748c6792a0121ca2ae4769b3d912ea9f40fad2617931fba9b3849834f3352e18d98a19c2f4cb01f5600cca278c099b2023

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\entries\B514093AD97EB137639E70982E6CC2877881F842

Filesize
14KB

MD5
a6da9e4cd42e9bfac3abee824baa84d3

SHA1
729ec4f56fc65c7d2d7a37bb91fc85d54126bfc3

SHA256
c6d6227b4a9b46670263f1f02c77476653a148803782141676ad452c98d9d67e

SHA512
324d061c3b4d36e5315a7c08514706bea8c5cd4ff4fc879bed86bf4aaab8f737b02dff7581fee3cc582878725e59d8bf8ee2fe61fb43503c02d93b3340c4ca13

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\entries\DC6CB4D23713E5F558FEB0D8FBE338CC7797A724

Filesize
71KB

MD5
481eb373327fddf5fd96aa6fac248eef

SHA1
2b9cb4cef88060b75b79c0865f57da2a31a434b8

SHA256
0428d014a3c7b63cd3f92d3978375846092fdeb127712719e659ea3c5239ea29

SHA512
15b38703d8b3fa2850fd9b787be1738004c4ea80cd3ae67dcd3cef00e56d455bea6637cf2d66460763fe859c0850f3e5321bb963db6776c7b0723bbacc220904

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\entries\F1C49281349CA1EDCC1827D26710CF46014642CC

Filesize
168KB

MD5
672e64809fcba86d7386014244cdca17

SHA1
8d46b75fd449e6f76e66d06a85a5b32b26b0defb

SHA256
8258347f45aaf0ea6cdb2e378fab9ac8273a5a4de4786735e6fc70dfed5da20f

SHA512
6a8eca3396430127f9b081cb6e7f38a006f06836b902c2684b9c6de78c415118df05e91f4f0409f2311a5a857934c3310439aa61126196f152dc304c58661573

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\jumpListCache\deu1j40o8GeQcUHnR03hHQ==.ico

Filesize
25KB

MD5
6b120367fa9e50d6f91f30601ee58bb3

SHA1
9a32726e2496f78ef54f91954836b31b9a0faa50

SHA256
92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0

SHA512
c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
1.8MB

MD5
3be9c37a2215271aefb30d7cd5aa9bbb

SHA1
18dcdf1e30dddb69aa17bcc7e0d106213a6b0b59

SHA256
8c70fb1840614a98e9a804dc26a52c9c24cc44299d75ca9d74c9d5cc8e6247e1

SHA512
d57ee756bf910c074b1303eb104f1e20ed7a3d56db7206f253a4b8d1b5a2f69e8b7ce3b58a465f15ab4d1a94c46bc9fea3d63bed9c037c963a1adc0ff1788460

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
c5af4af5d1990953a88d445733def1f1

SHA1
753940940c107f608dc31404dd33e4108f1d2c10

SHA256
9343c1b1069dfd228951dcb71fcc5d29f14a52d15044b1275e86c375b3669c4f

SHA512
fd9e5af6777fef06264dda0af578c30b7407544b43bbdadd43c246190be33df3540c47c0f82b988c52838a52698bd275e41f03c493e2c8254817eddc2a7c27ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\datareporting\glean\pending_pings\2ce1b1d3-285f-400a-b8d7-fe4f357c1eeb

Filesize
11KB

MD5
cea57dbd7be26200dd523e4ca1f17285

SHA1
c7beb157891cb946b0d839747ea7e59459abb0d1

SHA256
092997a73ffa1cc8b856a32790d1c139054babc2a9151c473411e9001767cbad

SHA512
99ba8f6febe616a955abc9361691ee5d8a7a2046d85d78a561a7e100ccbeea7b9a48fb7386ab38a624dda38c2924d42b9ccdfcb876f20bfca74b6dfad1284862

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\datareporting\glean\pending_pings\73b4aaac-3f14-4ea2-bfb0-a23613c8ff8f

Filesize
746B

MD5
702355e919f385fedfb0a4671ef3ae4b

SHA1
97c9d0cc9aa9f2893cf8a0c18f4c74c7b7c41e41

SHA256
14a3d267e47f89b93f1e46ea2bfd43ab1fc1075da4bd6e0c4d83f946e9e6db9c

SHA512
9eef43f165aeae2777418230774872c000d01673c588d7463f35368cfab96e8d78c71f310f5b94b3347696bfc4efd6f370d331761b3ea5a3e0624b94e4a821bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
1.1MB

MD5
3920428a93ae972aa1b8c08701f3f3ff

SHA1
52aaac2a92bdfe0586b1e1c0989742d98a185079

SHA256
1ec149283f092780f65d588adda77dd0f09cae3190ce249daf4e87d31d966fac

SHA512
dbf1ecf87717a6b5d5afb15c5153a392e9d0c911ea03598eb2ddf8e23ccfa2564171bfdf5c0aaca4281422ca56da4fadf4e810ec56ecda709a02ac1fb509dfba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs-1.js

Filesize
6KB

MD5
20197481dea27d9418d24db9f2b3854b

SHA1
b198d12a0423b26daaf5398a4b38acc51aede6bb

SHA256
f7eb3caf4d4eb7246a085999888c72bcef4e38037a7acb82e665621a10029d5f

SHA512
98789e140e4d6d378ed16ef6cb8edae6aa3f5f54cd8f89858a9b30b2055028b993b3640fa1a4513ebff0d157ed1cfe0d5062877835b9771cae186dc8900123ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs-1.js

Filesize
7KB

MD5
ea85c4065f21666239e4ad15b6fea09a

SHA1
d2241d11b9759b47345e6af0e391978d2988e719

SHA256
056ef541c559335cdf377623bf936e1c8bba0a8f7b693ebcba85d34473340616

SHA512
0a8c181296ef5c9a6d1cf09e16f6e3da4e749036a2bbab7330cc069743bcc2aa6a6c5c73833fcc242caeddef9e64394131f41e888e0525af8ff8a40c929f5a75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
8b23d49c976b92f92a87d924c6e0d67b

SHA1
2d62231880de62a71118101fe6f94348013976b6

SHA256
da44280da0d5bd95bfd1e427796d09c53a24fb12cf0a8d07103f62862043bccb

SHA512
a03168afff2252aed2da262deaf31b54b7a61fd8c73d174d395ff755cf89611353569a048aa1c36b60a94ac8a45da8bc365ed86be28eaa9b4e4e4fbf2ced19d4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
eb63f9e72ebbd9a7d920058229212e41

SHA1
d913f303c4731ddc32d115c0fca2676900e03af2

SHA256
8db7c694fae9f08e786952dc34d5dad167c06574b42ba000d9384b667f02abab

SHA512
869d6eff78119e7b8b21b2b660f700281d03bbd14817bb861792b92f1fabc87c4471f1668046127bed27f60c6dc46cf07ccdb997c646ca0dbb9145603c3a7699

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
72407a319f657a6030bd717240096a02

SHA1
c32b8e43be24ca6e3adb189b2e00945ff898beff

SHA256
8fef4034956f9b6294e9747c871e94fd05d525836c29acb385f5b7f2c45d06ae

SHA512
6d8584b68b8a39008c4856f9139c7f3099feb075f86e7560c8693a48ace2141d82408b9a5e94c465d36c4c8143c1693dc8d728381556905c4003e6ddb2f12f94

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
0eac94364d616f5dea06fda1c3659ef6

SHA1
8f1bbd1ea115bd2d54f7bab4100f872ae0d6056b

SHA256
64eab2f02f7b92ffa2c0730900189813ac402532e6d4e34893637875a26cfdd2

SHA512
3c28e8c8b7bf1a29dacb572e9ca6233f997bf97e3f044d5cfe4a96389ca76b17bf9014cc6c5addafdfc0c3ac4dd6aa70880f35000cac20a1b121406f108d4e1f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
16cebe26413bbdc9044b4997053cf598

SHA1
accd8f4b09aca91587f6ac8f8200ca1dfacb8ad1

SHA256
f56a521a525fb08c62b1fe8a9d28a7a23a34b10a98bfe153807b2065ba3a5e8d

SHA512
0c57b542e3ad58fa976d96a91e4acf10878cbbc872b8cb45fe5d17bd4a2b6628dc46af9ce68d59d0873c5447afe59cb39648fabae0fbed42a107a24e0e28c40b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
b9139b9a7e6f493365f3b8d039bda61c

SHA1
6ede3455eaad1b86f58145cd442e822dc368aed8

SHA256
93acb18f1978ae5e468aa48fc84ab026387cc822f89f340f27a03ad414cb2e46

SHA512
e548ec97b65ea250545ba7c9e3867f248ac38bb88c98f3e7ccb68931f46d856161b863f94f68986ea498ea4226735885a942e199652746fb54d51061736c61b8

Download Submit
C:\Users\Admin\Downloads\release.Uc5_0Uss.zip.part

Filesize
445KB

MD5
06a4fcd5eb3a39d7f50a0709de9900db

SHA1
50d089e915f69313a5187569cda4e6dec2d55ca7

SHA256
c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

SHA512
75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b

Download Submit
memory/2316-737-0x0000000004BB0000-0x0000000004BC0000-memory.dmp

Filesize
64KB

Download
memory/2316-724-0x0000000073C20000-0x000000007430E000-memory.dmp

Filesize
6.9MB

Download
memory/2316-714-0x0000000004C20000-0x0000000004C2A000-memory.dmp

Filesize
40KB

Download
memory/2316-713-0x0000000004BB0000-0x0000000004BC0000-memory.dmp

Filesize
64KB

Download
memory/2316-712-0x0000000004C90000-0x0000000004D22000-memory.dmp

Filesize
584KB

Download
memory/2316-711-0x00000000050F0000-0x00000000055EE000-memory.dmp

Filesize
5.0MB

Download
memory/2316-710-0x0000000073C20000-0x000000007430E000-memory.dmp

Filesize
6.9MB

Download
memory/2316-709-0x00000000003B0000-0x00000000003B8000-memory.dmp

Filesize
32KB

Download