e5f0efdb833e0b8ec06d88d13039ac9ab2b46a70a26a6c9c07868a79b8f11f62

Analysis

max time kernel
1062s
max time network
1066s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19-04-2024 17:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FA Installer.bat
Size

42KB
MD5

ac48f9875234a4e5649d152672903198
SHA1

6795362296194a79770a385a1a81efa89c6fe203
SHA256

e5f0efdb833e0b8ec06d88d13039ac9ab2b46a70a26a6c9c07868a79b8f11f62
SHA512

b5a8cf484eca8afde45a78b6768970a3ccd9f4731f4f9a227ac22e02cb3c9c158c8221c136fef191ce9967b2b4bc8c7f4aa6a4310e04dc5e3e5b8b7fc712df44
SSDEEP

768:lnwnjP9zogqnrT9AHuhUcKhnuxGTBmF5p8yJVS5LTf+iA0:FI89nf9tUc+nuxGIFwyKhTf+r0

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

cmd.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation cmd.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	cmd.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 2 IoCs

Processes:

cmd.exefirefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

powershell.exe

pid process

2704 powershell.exe
2704 powershell.exe
Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

powershell.exefirefox.exe

description pid process

Token: SeDebugPrivilege 2704 powershell.exe
Token: SeDebugPrivilege 896 firefox.exe
Token: SeDebugPrivilege 896 firefox.exe
Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

896 firefox.exe
896 firefox.exe
896 firefox.exe
896 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

896 firefox.exe
896 firefox.exe
896 firefox.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

896 firefox.exe

pid	process
2704	powershell.exe
2704	powershell.exe

description	pid	process
Token: SeDebugPrivilege	2704	powershell.exe
Token: SeDebugPrivilege	896	firefox.exe
Token: SeDebugPrivilege	896	firefox.exe

pid	process
896	firefox.exe
896	firefox.exe
896	firefox.exe
896	firefox.exe

pid	process
896	firefox.exe
896	firefox.exe
896	firefox.exe

pid	process
896	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

cmd.execmd.exefirefox.exefirefox.exe

description	pid	process	target process
PID 4636 wrote to memory of 1476	4636	cmd.exe	WScript.exe
PID 4636 wrote to memory of 1476	4636	cmd.exe	WScript.exe
PID 4636 wrote to memory of 4916	4636	cmd.exe	WScript.exe
PID 4636 wrote to memory of 4916	4636	cmd.exe	WScript.exe
PID 4636 wrote to memory of 3252	4636	cmd.exe	WScript.exe
PID 4636 wrote to memory of 3252	4636	cmd.exe	WScript.exe
PID 4636 wrote to memory of 2144	4636	cmd.exe	WScript.exe
PID 4636 wrote to memory of 2144	4636	cmd.exe	WScript.exe
PID 4636 wrote to memory of 824	4636	cmd.exe	cmd.exe
PID 4636 wrote to memory of 824	4636	cmd.exe	cmd.exe
PID 824 wrote to memory of 2704	824	cmd.exe	powershell.exe
PID 824 wrote to memory of 2704	824	cmd.exe	powershell.exe
PID 3616 wrote to memory of 896	3616	firefox.exe	firefox.exe
PID 3616 wrote to memory of 896	3616	firefox.exe	firefox.exe
PID 3616 wrote to memory of 896	3616	firefox.exe	firefox.exe
PID 3616 wrote to memory of 896	3616	firefox.exe	firefox.exe
PID 3616 wrote to memory of 896	3616	firefox.exe	firefox.exe
PID 3616 wrote to memory of 896	3616	firefox.exe	firefox.exe
PID 3616 wrote to memory of 896	3616	firefox.exe	firefox.exe
PID 3616 wrote to memory of 896	3616	firefox.exe	firefox.exe
PID 3616 wrote to memory of 896	3616	firefox.exe	firefox.exe
PID 3616 wrote to memory of 896	3616	firefox.exe	firefox.exe
PID 3616 wrote to memory of 896	3616	firefox.exe	firefox.exe
PID 896 wrote to memory of 452	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 452	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe
PID 896 wrote to memory of 1716	896	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\FA Installer.bat"
1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4636

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\FA_Antivira\FAinfo4.vbs"
2⤵
PID:1476

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\FA_Antivira\FAinfo3.vbs"
2⤵
PID:4916

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\FA_Antivira\FAinfo2.vbs"
2⤵
PID:3252

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\FA_Antivira\FAinfo1.vbs"
2⤵
PID:2144

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\FA_Antivira\FAshortcutinstallerdesktop.bat"
2⤵
- Suspicious use of WriteProcessMemory
PID:824

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell "$s=(New-Object -COM WScript.Shell).CreateShortcut('C:\Users\Admin\Desktop\FA Security.lnk');$s.TargetPath='C:\FA_Antivira\Fabi_Antivira_Securety.bat';$s.Save()"
3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3932 --field-trial-handle=2304,i,6987730730348465820,3913273227385401271,262144 --variations-seed-version /prefetch:8
1⤵
PID:3008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4680 --field-trial-handle=2304,i,6987730730348465820,3913273227385401271,262144 --variations-seed-version /prefetch:8
1⤵
PID:3892

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3616

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:896

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="896.0.1600133178\544202675" -parentBuildID 20221007134813 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {61855d1b-a1a8-4489-a6ed-5b25150f4c10} 896 "\\.\pipe\gecko-crash-server-pipe.896" 1948 1de29cf2858 gpu
3⤵
PID:452

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="896.1.913980434\1432582666" -parentBuildID 20221007134813 -prefsHandle 2336 -prefMapHandle 2324 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9355c157-72db-442c-b9e9-1262ad393a60} 896 "\\.\pipe\gecko-crash-server-pipe.896" 2348 1de15e72258 socket
3⤵
PID:1716

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="896.2.216756246\64592100" -childID 1 -isForBrowser -prefsHandle 3148 -prefMapHandle 3144 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd42e619-c743-4ea8-b080-c8a75db1ff42} 896 "\\.\pipe\gecko-crash-server-pipe.896" 3160 1de29c62c58 tab
3⤵
PID:3088

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="896.3.801100454\1619645319" -childID 2 -isForBrowser -prefsHandle 3604 -prefMapHandle 3600 -prefsLen 26145 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca692d37-d5c2-4adc-81d8-0da4518b191c} 896 "\\.\pipe\gecko-crash-server-pipe.896" 2488 1de29642558 tab
3⤵
PID:2600

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="896.4.359199954\690429044" -childID 3 -isForBrowser -prefsHandle 3944 -prefMapHandle 3940 -prefsLen 26145 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {773eafbe-4822-4091-ba4b-bd85f6b8be8b} 896 "\\.\pipe\gecko-crash-server-pipe.896" 3956 1de15e62558 tab
3⤵
PID:4752

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="896.5.199133090\681309468" -childID 4 -isForBrowser -prefsHandle 4936 -prefMapHandle 4932 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2cecb5c4-c5a6-48b6-bc34-deb73795ed47} 896 "\\.\pipe\gecko-crash-server-pipe.896" 4076 1de2fe0a658 tab
3⤵
PID:1096

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="896.6.1636715158\1052629911" -childID 5 -isForBrowser -prefsHandle 4948 -prefMapHandle 4944 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3cdd2a81-58bc-44b1-b00d-e4f4de58ccdf} 896 "\\.\pipe\gecko-crash-server-pipe.896" 4976 1de2fe09758 tab
3⤵
PID:1428

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="896.7.69305891\418667205" -childID 6 -isForBrowser -prefsHandle 4972 -prefMapHandle 4968 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76e50390-e709-49c3-a722-61f76a95091e} 896 "\\.\pipe\gecko-crash-server-pipe.896" 5112 1de2fec8158 tab
3⤵
PID:1272

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\FA_Antivira\FAinfo1.vbs
Filesize
84B

MD5
fad7cd2a49837444cde4548abdf478b6

SHA1
376a4ff6acc6ca44f2b660286633c5a31eddd764

SHA256
9c08b7d014ab766305e4525478bf8a1bc2f8cbe4f04aedf38f7daa0660ba3cda

SHA512
287223fdf6ec6347c37b51fc7913ab8931d1fe87c03fae93e1cf8bcacf1b4a2dc13605b08506a0299e5536fac5b02fc15ab387781b5b16873ea3c686daa81cc5

Download Submit
C:\FA_Antivira\FAinfo2.vbs
Filesize
87B

MD5
5a1fc5e5db483c5926a50ee931581cd9

SHA1
419644277a92e109d4ce6739a0d5e2d0ba8f2d42

SHA256
0f79e391fe889e01a6ef37619023af6672e98f1551753a10021efda8dee607ab

SHA512
0351928a53a5586c560e8155d99eb1838c873cbc2b554ae25c6be1433cdae41cea7508b60c016e23e0d2687d99bcc96066bc72f15c1ffb922f348f81e044c240

Download Submit
C:\FA_Antivira\FAinfo3.vbs
Filesize
71B

MD5
a61c87927d31edff281df2818dde924d

SHA1
f076867cb0411e0c584f2f9052d4c1e550cd53b7

SHA256
9220b169c1f0179caa92218990b05bc48cf75c9c36d4e45dd1c2b5f973910517

SHA512
ce5c730e3dea3c9b1a565b02925ca95ee0c50abfe15a5a8a43c21b4cb7daedd1b582ebf264dba5d7dc3fad98e1014e0557a810baa111e83596ecd22fde8fc970

Download Submit
C:\FA_Antivira\FAinfo4.vbs
Filesize
97B

MD5
d912098669bc85cc04cccf0248617120

SHA1
a817741d0ce4427cf0a0fceb7ba483972789fc60

SHA256
e044130f2e60f76a963f3e903af9d077f0ff1a8437d1c7d52ff42345e7e28422

SHA512
578127a4aedf65bb415602b08c16c29724a874b35a40dce0e116b4bf6daf513e8a511f3aed2cee8756efd45ee9245a34381433abbef91ab3908859f47f013a48

Download Submit
C:\FA_Antivira\FAshortcutinstallerdesktop.bat
Filesize
579B

MD5
43ac0b308354a69a243ade90d4710a48

SHA1
eb13fd963da445a000a2bde81254a6165fb35ede

SHA256
a66196a3237ebee214521d8a60c9747137c2abd928dd3123663ce6bf5b760bc7

SHA512
e5a8f9934c72492bb7631140a6bedb0d114f8dbc9b4c1a7cf80976216db0e9acba411cf0841bfee988a3eee2639a0596919a51c6eaeced3ab1a62de2abe96ab0

Download Submit
C:\FA_Antivira\Fabi_Antivira_Securety.bat
Filesize
273B

MD5
c67e9bfe1056431c086554c2206401a3

SHA1
7d7b11a79233fdc2c5b8dcd0e9edf5a028324453

SHA256
d7b9799fdfefc9e083dc43cf74e7f8019a5f1e74c68e30ad54fdd208383cb2c4

SHA512
e38c705f3cbdddc0b437459d1e9ce3b37e421da2d137f091ecd399eeed07b2d491abc39ea420546f2b68c6a6266ae99ee75ca3be656ddd5496513d7643be8b3d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C
Filesize
13KB

MD5
a10ebea81f77b6073e7095169741365d

SHA1
d6ecec1803839d9dcc7c8af1e0b4a8c3e5bfaf7f

SHA256
a46d261833cf2f74bb600fb6ace7133da66e7bfe004e21461e7ef3a5ff9ab404

SHA512
3243fd29e04b32ee0787fa852804d267a2e71770920d16ad9987213722720bf4495d32d94adf21d8e231ca042b6f96e82286b9fa09d92cd3c2415ba1f57c3d1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_chya5kmr.hit.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin
Filesize
2KB

MD5
4b6efa6487bd36438498881250d7de31

SHA1
3d6c506970d34f482cb5ebd218a0e0fac399f9d9

SHA256
4b08c97ef56ca67f33263670a09abe8ebc49b846f4f6500031721b5c83cd1e14

SHA512
14df5b484be448ac19c4a67a628eb4f4c5aac03658a385c084d1ef566bc985bbaa9e2460857cd67c7410fe9305f4fed97a68ab743b0354639ee79ffac0750b0a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\0e55c3ea-e99c-45c4-8061-3bb552469435
Filesize
746B

MD5
ccf6e8c8f4932a41e4b987f9deade711

SHA1
5d62945ff0985709d2eda021deb2114884d0affb

SHA256
be0a57dce6423a121be4d776f9a7e461ca5ee3737c0b6107ed1e91cd7c17a582

SHA512
55f1b5690d7607bd377972e62635dbe51ce9e45edd1c32be45fce3ee989b72ddad309570289f02aeadad6ae81cdf94eedb0d098ec5caa9762e596ce2752900da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\9006c932-7b8a-4717-a50b-2e26e675e34b
Filesize
11KB

MD5
a953674d368a032f02a651a48b9c8ac0

SHA1
f6e98d919624341f0dfe3263a350c6544da88219

SHA256
a34585140d93ff94f76d6909bc899529e23998b92eba4f9fca9374cc5d7daaa6

SHA512
bc46053fb1c545218b18018878dbe74215d36ec7cbc57cad038bd085da999864ad0a57de3ada1e47a5b84206e26b957770129974f5846ea4189600a9a360675f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
Filesize
6KB

MD5
0ac29ff2c967a4cdbeeb356ef58f3b40

SHA1
ef4ee3fa42be23858d1547ec3ba61daa1e5ef889

SHA256
1a19c4ab2c0141cac9f8eb6b2c18a8813508b913b2ee7c1bdd61171df590b59d

SHA512
970c8e060bc66aea03af363fca2e7486f1ae9c6ae406f878dbebdf4090b0387cc76a9e21a0bfb2e2a7b8bfb994657b9d69d291c04945e26b6959c87135c52698

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
Filesize
6KB

MD5
4b3bb40c44710176a2eac1d4afb5ddce

SHA1
75bd4f3800c635e940083eacb95f593926752039

SHA256
0be536b497488e0a137f20a0bcc18a7fdb8446e1433a777d28abdf5648fc240e

SHA512
48596fa713817e52df639997210606edf07a029c3218b89dcd4f9cef7a2637f9dec3505323ce33a8ce34ae534ca81885617f3a0d26d8bac5ea2a3b9b5c9b3172

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js
Filesize
6KB

MD5
892f75787223ffba7aaf9d22f513d847

SHA1
0500c138c7300c48f91c1618c44ee2e875c4eb67

SHA256
d3df40b27dbb934ae4cd2103a0dcf1e59ef3ce8876cd3f7deb36ef6a34447611

SHA512
c20acdcd33f364fb1b5ef5986ae4be498e42833093ff8bae92c2027f5c15a8a34f255aa4fe92bff7cfd297e1ba3de9cb7fb0a60d42e0d517b8caa92fe49b8600

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js
Filesize
6KB

MD5
8d724c2bf842ed224a2f6f0a11f637f4

SHA1
bbb21400c681231dc5ab1901fa989704425e1f1f

SHA256
17d44b0c938ac979977177d96d6816654d5641865984f8d7cb8b907a42c6c960

SHA512
88de6be5ea0d0b2d148635393b683b46ec65b3a1e82f259282b16b974932cc2148e2773c09fc5115863c1918879b98080561a6d8de061b6a9eb1806460bf9054

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
abdf522d795d459d052cb8348f80ec0e

SHA1
11a505bb7e64bb78c468227a56133d7ada3b9925

SHA256
b279df1df16a7779c3a3a499335011474e90efebf1f37fcb2e824f646f34daa0

SHA512
f6de43682006319c7c364dc6d962ec9edd28e4c2bd6630753dc5f0c11cfaf55e728d14cdf857e0169ccb0d94d04fa22d795994c06bd43d5703ff7ace73def592

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
0e7db22757737c63e6953d5d2017e634

SHA1
2eb571f93093c40cb6b09bd04909cc6a643383eb

SHA256
76e416604f5cb80178b48e9add8e284732d9fcded1c8e153731be6bb9d3ec125

SHA512
7409f78d3046e0d8e65e0d51633f8ed2c1cbff6dbabaa29a01f4948d7be90c864d034c8a5588a373dbccc3bcc8141df19fbc856907fcb9f6a64d0b2f761b621d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
184KB

MD5
b961e7bb1730c5f57f727bb20db37094

SHA1
67d13906116a17aec43ae70405be79c0de04d1ad

SHA256
457783c0868b6078acb4be0991eb4b1e9e890c0007fd5c7c667ffa7cb66c017c

SHA512
3ee073f4f9b4516818cd1cd9aab70d25de5dd59cdddd6e4a0f7022b7a514dadf90291cafbe659caa2fe57e03d23e2dad4487c142ef72411e4d917008a10264d9

Download Submit
memory/2704-79-0x00007FFC3D300000-0x00007FFC3DDC1000-memory.dmp

Filesize
10.8MB

Download
memory/2704-80-0x0000021FDB540000-0x0000021FDB550000-memory.dmp

Filesize
64KB

Download
memory/2704-81-0x0000021FDB540000-0x0000021FDB550000-memory.dmp

Filesize
64KB

Download
memory/2704-82-0x0000021FDB540000-0x0000021FDB550000-memory.dmp

Filesize
64KB

Download
memory/2704-87-0x00007FFC3D300000-0x00007FFC3DDC1000-memory.dmp

Filesize
10.8MB

Download
memory/2704-78-0x0000021FDB510000-0x0000021FDB532000-memory.dmp

Filesize
136KB

Download