7d0a097941c8ee5453e9de9b17bbdcad9b98b9516dd92b9043871bf7fb1c1ac0

Analysis

max time kernel
147s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
30-04-2024 06:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

furtools.exe
Size

37.2MB
MD5

4d0de883f8564dfbc4fbe83443518e43
SHA1

a57a735839d60cbb5b45975b6627e4f501ce6dd7
SHA256

7d0a097941c8ee5453e9de9b17bbdcad9b98b9516dd92b9043871bf7fb1c1ac0
SHA512

8fcfbe92177ad96a00840332431b0a8cc8e19e8a38142ebc94ea19430cd2c90c97026353ddae3111f5f5fe5a09eb8f9d930d20ef22d10f62dfcaaea09e171a7f
SSDEEP

786432:BR5vKmr2puI2aEPVFfdoeUE75F22R6W83oHB4QQFuzc:B3fr2pB2aEPDfJ7z22QWNHBRbY

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 38 IoCs

pid	Process
3752	furtools.exe
3752	furtools.exe
3752	furtools.exe
3752	furtools.exe
3752	furtools.exe
3752	furtools.exe
3752	furtools.exe
3752	furtools.exe
3752	furtools.exe
3752	furtools.exe
3752	furtools.exe
3752	furtools.exe
3752	furtools.exe
3752	furtools.exe
3752	furtools.exe
3752	furtools.exe
3752	furtools.exe
3752	furtools.exe
3752	furtools.exe
3752	furtools.exe
3752	furtools.exe
3752	furtools.exe
3752	furtools.exe
3752	furtools.exe
3752	furtools.exe
3752	furtools.exe
3752	furtools.exe
3752	furtools.exe
3752	furtools.exe
3752	furtools.exe
3752	furtools.exe
3752	furtools.exe
3752	furtools.exe
3752	furtools.exe
3752	furtools.exe
3752	furtools.exe
3752	furtools.exe
3752	furtools.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 34 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	furtools.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	furtools.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	furtools.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	furtools.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	furtools.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	furtools.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	furtools.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	furtools.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	furtools.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	furtools.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	furtools.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	furtools.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	furtools.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	furtools.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	furtools.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	furtools.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	furtools.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	furtools.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	furtools.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	furtools.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	furtools.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	furtools.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	furtools.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	furtools.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	furtools.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	furtools.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	furtools.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	furtools.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	furtools.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	furtools.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	furtools.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	furtools.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	furtools.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2324	firefox.exe
Token: SeDebugPrivilege	2324	firefox.exe
Token: SeDebugPrivilege	2324	firefox.exe
Token: SeDebugPrivilege	2324	firefox.exe
Token: SeDebugPrivilege	2324	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2324	firefox.exe
2324	firefox.exe
2324	firefox.exe
2324	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2324	firefox.exe
2324	firefox.exe
2324	firefox.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2324	firefox.exe
3752	furtools.exe
3752	furtools.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4268 wrote to memory of 3752	4268	furtools.exe	94
PID 4268 wrote to memory of 3752	4268	furtools.exe	94
PID 2832 wrote to memory of 2324	2832	firefox.exe	95
PID 2832 wrote to memory of 2324	2832	firefox.exe	95
PID 2832 wrote to memory of 2324	2832	firefox.exe	95
PID 2832 wrote to memory of 2324	2832	firefox.exe	95
PID 2832 wrote to memory of 2324	2832	firefox.exe	95
PID 2832 wrote to memory of 2324	2832	firefox.exe	95
PID 2832 wrote to memory of 2324	2832	firefox.exe	95
PID 2832 wrote to memory of 2324	2832	firefox.exe	95
PID 2832 wrote to memory of 2324	2832	firefox.exe	95
PID 2832 wrote to memory of 2324	2832	firefox.exe	95
PID 2832 wrote to memory of 2324	2832	firefox.exe	95
PID 3752 wrote to memory of 4428	3752	furtools.exe	96
PID 3752 wrote to memory of 4428	3752	furtools.exe	96
PID 2324 wrote to memory of 3592	2324	firefox.exe	97
PID 2324 wrote to memory of 3592	2324	firefox.exe	97
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98
PID 2324 wrote to memory of 3248	2324	firefox.exe	98

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\furtools.exe
"C:\Users\Admin\AppData\Local\Temp\furtools.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4268
- C:\Users\Admin\AppData\Local\Temp\furtools.exe
  "C:\Users\Admin\AppData\Local\Temp\furtools.exe"
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3752
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:4428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/furtools
    3⤵
    PID:5216
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5444

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2832
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2324
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.0.909562712\413978570" -parentBuildID 20221007134813 -prefsHandle 1824 -prefMapHandle 1816 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {29d09ac2-8791-4a31-ade1-474d3430db83} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 1928 18ce58d3258 gpu
    3⤵
    PID:3592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.1.4336957\160649585" -parentBuildID 20221007134813 -prefsHandle 2328 -prefMapHandle 2324 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb74746a-01a9-4219-97ca-b8130c1eee03} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 2364 18ce53e9258 socket
    3⤵
    PID:3248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.2.2019637697\2145061486" -childID 1 -isForBrowser -prefsHandle 3040 -prefMapHandle 3036 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2eb04412-4139-488b-9ef1-162669baa8b7} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 2936 18ce5864058 tab
    3⤵
    PID:4004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.3.1816617208\217996969" -childID 2 -isForBrowser -prefsHandle 1048 -prefMapHandle 2520 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c1fd6ab-4bc8-4142-955c-17910880ba6e} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 1040 18cd1869c58 tab
    3⤵
    PID:1412
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.4.729538905\957519623" -childID 3 -isForBrowser -prefsHandle 3796 -prefMapHandle 3792 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a67f852e-c578-42f8-8ce4-f67ac9d5f58e} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 3808 18ce7bc6458 tab
    3⤵
    PID:1312
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.5.1247611113\1375637735" -childID 4 -isForBrowser -prefsHandle 4784 -prefMapHandle 4780 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {84818815-cd99-4369-835e-401b73dbaf9a} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 4808 18ceb58c858 tab
    3⤵
    PID:1860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.6.337134982\1644506691" -childID 5 -isForBrowser -prefsHandle 4968 -prefMapHandle 4972 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5d59012-6f09-43c2-9f4f-58bd57c02c45} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 5048 18ceb778c58 tab
    3⤵
    PID:4204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2324.7.1728127972\1712364836" -childID 6 -isForBrowser -prefsHandle 4952 -prefMapHandle 4956 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4c1f37f-415b-44ea-be68-b28e8da4e276} 2324 "\\.\pipe\gecko-crash-server-pipe.2324" 4844 18ceb779e58 tab
    3⤵
    PID:2000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5256 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:1
1⤵
PID:5248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=2648 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:1
1⤵
PID:5264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4780 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8
1⤵
PID:5288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=4960 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:1
1⤵
PID:5428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5828 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:1
1⤵
PID:5448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4188 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8
1⤵
PID:5552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4760 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8
1⤵
PID:2312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\CC9AFF3BE02AD27708D587AE49B3DC68644172BA

Filesize
13KB

MD5
f4a30273f169471b84aeff2319c65632

SHA1
0179d9b7c6a168cac174bc1170e36d456fb44a2d

SHA256
dd52565fd2d3ce5b96661791c0a415da38cf97455b94eb80fcd11d4cb223e260

SHA512
cae1cc67f8ed356d8f29c932079c5fd06a9e7bccca9fd39b10bf57a19bacf694a4ef522d8512a15f06d663d94b8f0634f9477431a7858a2b6b8cadb32d9e0f7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42682\PIL\_imaging.cp311-win_amd64.pyd

Filesize
2.3MB

MD5
442b67aacded7ea702d53b9f601fcecb

SHA1
b0c644cbf7298c7f319b6bdb27eae2dcffdb66e4

SHA256
338db35f14174040ae3fa5b246b8dd6d0a8264cec1ae64ea87c9446bbdebf193

SHA512
645bd6fd0008b29a2e88d9a86120525496aa011d29a29e3518b35016d31f21fed62fb333efa92a1ec6d9ee5a6943624023b4a03931a6acbdd4ef8b13084bfb82

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42682\VCRUNTIME140.dll

Filesize
106KB

MD5
49c96cecda5c6c660a107d378fdfc3d4

SHA1
00149b7a66723e3f0310f139489fe172f818ca8e

SHA256
69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc

SHA512
e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42682\VCRUNTIME140_1.dll

Filesize
48KB

MD5
cf0a1c4776ffe23ada5e570fc36e39fe

SHA1
2050fadecc11550ad9bde0b542bcf87e19d37f1a

SHA256
6fd366a691ed68430bcd0a3de3d8d19a0cb2102952bfc140bbef4354ed082c47

SHA512
d95cd98d22ca048d0fc5bca551c9db13d6fa705f6af120bbbb621cf2b30284bfdc7320d0a819bb26dab1e0a46253cc311a370bed4ef72ecb60c69791ed720168

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42682\_asyncio.pyd

Filesize
63KB

MD5
511a52bcb0bd19eda7aa980f96723c93

SHA1
b11ab01053b76ebb60ab31049f551e5229e68ddd

SHA256
d1fb700f280e7793e9b0dca33310ef9cd08e9e0ec4f7416854dffaf6f658a394

SHA512
d29750950db2ecbd941012d7fbdd74a2bbd619f1a92616a212acb144da75880ce8a29ec3313acbc419194219b17612b27a1833074bbbaa291cdb95b05f8486ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42682\_brotli.cp311-win_amd64.pyd

Filesize
801KB

MD5
d9fc15caf72e5d7f9a09b675e309f71d

SHA1
cd2b2465c04c713bc58d1c5de5f8a2e13f900234

SHA256
1fcd75b03673904d9471ec03c0ef26978d25135a2026020e679174bdef976dcf

SHA512
84f705d52bd3e50ac412c8de4086c18100eac33e716954fbcb3519f4225be1f4e1c3643d5a777c76f7112fae30ce428e0ce4c05180a52842dacb1f5514460006

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42682\_bz2.pyd

Filesize
82KB

MD5
4438affaaa0ca1df5b9b1cdaa0115ec1

SHA1
4eda79eaf3de614d5f744aa9eea5bfcf66e2d386

SHA256
ec91e2b4baca31b992d016b84b70f110ce2b1b2dfd54f5e5bef6270ed7d13b85

SHA512
6992107ac4d2108e477bc81af667b8b8e5439231e7e9f4b15ce4bce1aeea811bc0f1aaa438be3b0e38597760cb504367512809ee1937c4b538a86724ae543ba6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42682\_ctypes.pyd

Filesize
120KB

MD5
6114277c6fc040f68d25ca90e25924cd

SHA1
028179c77cb3ba29cd8494049421eaa4900ccd0e

SHA256
f07fe92ce85f7786f96a4d59c6ee5c05fe1db63a1889ba40a67e37069639b656

SHA512
76e8ebefb9ba4ea8dcab8fce50629946af4f2b3f2f43163f75483cfb0a97968478c8aaef1d6a37be85bfc4c91a859deda6da21d3e753daefe084a203d839353d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42682\_hashlib.pyd

Filesize
63KB

MD5
1524882af71247adecf5815a4e55366a

SHA1
e25014c793c53503bdff9af046140edda329d01b

SHA256
6f7742dfdd371c39048d775f37df3bc2d8d4316c9008e62347b337d64ebed327

SHA512
5b954bb7953f19aa6f7c65ad3f105b77d37077950fb1b50d9d8d337bdd4b95343bac2f4c9fe17a02d1738d1f87eeef73dbbf5cdddcb470588cbc5a63845b188a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42682\_lzma.pyd

Filesize
155KB

MD5
737119a80303ef4eccaa998d500e7640

SHA1
328c67c6c4d297ac13da725bf24467d8b5e982e3

SHA256
7158c1290ac29169160b3ec94d9c8bcde4012d67a555f325d44b418c54e2cc28

SHA512
1c9920e0841a65b01a0b339c5f5254d1039ef9a16fe0c2484a7e2a9048727f2cc081817aa771b0c574fb8d1a5a49dc39798a3c5e5b5e64392e9c168e1827be7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42682\_overlapped.pyd

Filesize
49KB

MD5
ac053ef737e4f13b02bfa81f9e46170b

SHA1
5d8ebeb30671b74d736731696fedc78c89da0e1f

SHA256
cb68e10748e2efd86f7495d647a2774cea9f97ad5c6fe179f90dc1c467b9280f

SHA512
6ac26f63981dc5e8dfb675880d6c43648e2bbe6711c75dcac20ebe4d8591e88fbfac3c60660ab28602352760b6f5e1cb587075072abd3333522e3e2549bfa02e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42682\_queue.pyd

Filesize
31KB

MD5
8bbed19359892f8c95c802c6ad7598e9

SHA1
773fca164965241f63170e7a1f3a8fa17f73ea18

SHA256
4e5b7c653c1b3dc3fd7519e4f39cc8a2fb2746e0ecdc4e433fe6029f5f4d9065

SHA512
22ea7667689a9f049fa34ddae6b858e1af3e646a379d2c5a4aef3e74a4ff1a4109418b363c9be960127f1c7e020aa393a47885bc45517c9e9aebe71ec7cb61a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42682\_socket.pyd

Filesize
77KB

MD5
64a6c475f59e5c57b3f4dd935f429f09

SHA1
ca2e0719dc32f22163ae0e7b53b2caadb0b9d023

SHA256
d03fa645cde89b4b01f4a2577139fbb7e1392cb91dc26213b3b76419110d8e49

SHA512
cf9e03b7b34cc095fe05c465f9d794319aaa0428fe30ab4ddce14ba78e835edf228d11ec016fd31dfe9f09d84b6f73482fb8e0f574d1fd08943c1ec9e0584973

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42682\_ssl.pyd

Filesize
172KB

MD5
a0b40f1f8fc6656c5637eacacf7021f6

SHA1
38813e25ffde1eee0b8154fa34af635186a243c1

SHA256
79d861f0670828dee06c2e3523e2f9a2a90d6c6996bde38201425aa4003119f1

SHA512
c18855d7c0069fff392d422e5b01fc518bbdf497eb3390c0b333ecac2497cd29abbdae4557e4f0c4e90321fba910fc3e4d235ce62b745fa34918f40fa667b713

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42682\_tkinter.pyd

Filesize
62KB

MD5
89f47cd630f7dfa63268fbc52d04f9e9

SHA1
0cc250df4c2f44d8ca8820756f9f05df1e893e28

SHA256
8e4cab61b3838f9545b5d1e0b287f18c22d360b8e6a8daca4178cc69df78f83d

SHA512
bd2406ea0d5396df0153ac22ce55ca49615291ead6419a96e99007ac85059054a718c4f98942e0adb23da85899f145504b79772866d683a9a686fde6ade784e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42682\aiohttp\_helpers.cp311-win_amd64.pyd

Filesize
37KB

MD5
526a3f976a6b3d947ee5feda49b06b13

SHA1
a0cc66b8cc9368085fc1ef245901b93d89ef96d7

SHA256
634247428fb072ef5fe9d9cd7bbaee6be01706cbea028dbb5d22436e92593f94

SHA512
ec3d80694cde7dbe82c581849e6f0326f8c469000479ae2fb5c2e56516c205e408c7e702eb6d8da3e75bd0d4c01021f43afb9d81ba786414e1034f7d7ab7bbf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42682\aiohttp\_http_writer.cp311-win_amd64.pyd

Filesize
34KB

MD5
615199313bd1c18b47ccd96c405fc54f

SHA1
452815d3b10bc68de24f5ec082fd7ee07ceab6be

SHA256
cb20aa328e0bd40ef705447ad21d1bcbbfc3aec875e95343982ae8181b9ee584

SHA512
823c3c21296d37e9fc978c3b0a66ed2dca467f33b786dc5e7ffa499b99c4b6786c140ec328be3d09eb85655ec04cc6f3a501a166347a281bffa14699f73aab00

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42682\base_library.zip

Filesize
1.8MB

MD5
1df66a5a8d8c7bc333ed59a827e131e3

SHA1
614986f57b9922cedf4df5ebadaa10ea307d46d1

SHA256
190afb1aa885c2aa3516ab343e35f6b10472f4314492c8c4492c7d0f2add2f80

SHA512
6568af0d41b1d2f1d4a75e25705777ec263c4a903db164923f4a10118218270a2b003f16f39ae238fe71f0dc1ad52d0cc1ac93a7bf2c6643d009f825dd00e1aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42682\libcrypto-3.dll

Filesize
4.9MB

MD5
7a6a8c2a8c379b111cdceb66b18d687d

SHA1
f3b8a4c731fa0145f224112f91f046fddf642794

SHA256
8e13b53ee25825b97f191d77b51ed03966f8b435773fa3fbc36f3eb668fc569b

SHA512
f2ef1702df861ef55ef397ad69985d62b675d348cab3862f6ca761f1ce3ee896f663a77d7b69b286be64e7c69be1215b03945781450b186fc02cfb1e4cb226b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42682\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42682\libssl-3.dll

Filesize
771KB

MD5
64acb046fe68d64ee475e19f67253a3c

SHA1
d9e66c9437ce6f775189d6fdbd171635193ec4cc

SHA256
b21309abd3dbbb1bf8fb6aa3c250fc85d7b0d9984bf4c942d1d4421502f31a10

SHA512
f8b583981df528cf4f1854b94eff6f51dd9d4be91e6fa6329a8c4435b705457c868ae40ee030fa54bebb646a37b547bc182c9cbf0df9a07fea03a18cf85c6766

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42682\multidict\_multidict.cp311-win_amd64.pyd

Filesize
45KB

MD5
b92f8efb672c383ab60b971b3c6c87de

SHA1
acb671089a01d7f1db235719c52e6265da0f708f

SHA256
b7376b5d729115a06b1cab60b251df3efc3051ebba31524ea82f0b8db5a49a72

SHA512
680663d6c6cd7b9d63160c282f6d38724bd8b8144d15f430b28b417dda0222bfff7afefcb671e863d1b4002b154804b1c8af2d8a28fff11fa94972b207df081b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42682\pyexpat.pyd

Filesize
194KB

MD5
cdcf0e74a32ad7dfeda859a0ce4fcb20

SHA1
c72b42a59ba5d83e8d481c6f05b917871b415f25

SHA256
91fe5b1b2de2847946e5b3f060678971d8127dfd7d2d37603fdcd31bd5c71197

SHA512
c26fdf57299b2c6085f1166b49bd9608d2dd8bc804034ebb03fb2bba6337206b6018bf7f74c069493ffae42f2e9d6337f6f7df5306b80b63c8c3a386bce69ea6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42682\python3.DLL

Filesize
65KB

MD5
0e105f62fdd1ff4157560fe38512220b

SHA1
99bd69a94b3dc99fe2c0f7bbbcd05aa0bc8cd45c

SHA256
803ba8242b409080df166320c05a4402aab6dd30e31c4389871f4b68ca1ad423

SHA512
59c0f749ed9c59efdbcd04265b4985b1175fdd825e5a307745531ed2537397e739bc9290fdc3936cfd04f566e28bb76b878f124248b8344cf74f641c6b1101de

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42682\python311.dll

Filesize
5.5MB

MD5
58e01abc9c9b5c885635180ed104fe95

SHA1
1c2f7216b125539d63bd111a7aba615c69deb8ba

SHA256
de1b95d2e951fc048c84684bc7df4346138910544ee335b61fc8e65f360c3837

SHA512
cd32c77191309d99aeed47699501b357b35669123f0dd70ed97c3791a009d1855ab27162db24a4bd9e719b68ee3b0539ee6db88e71abb9a2d4d629f87bc2c081

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42682\pywin32_system32\pywintypes311.dll

Filesize
131KB

MD5
90b786dc6795d8ad0870e290349b5b52

SHA1
592c54e67cf5d2d884339e7a8d7a21e003e6482f

SHA256
89f2a5c6be1e70b3d895318fdd618506b8c0e9a63b6a1a4055dff4abdc89f18a

SHA512
c6e1dbf25d260c723a26c88ec027d40d47f5e28fc9eb2dbc72a88813a1d05c7f75616b31836b68b87df45c65eef6f3eaed2a9f9767f9e2f12c45f672c2116e72

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42682\select.pyd

Filesize
29KB

MD5
653bdccb7af2aa9ccf50cb050fd3be64

SHA1
afe0a85425ae911694c250ab4cb1f6c3d3f2cc69

SHA256
e24a3e7885df9a18c29ba058c49c3adcf59e4b58107847b98eca365b6d94f279

SHA512
07e841fda7a2295380bfa05db7a4699f18c6e639da91d8ee2d126d4f96e4cddaedbd490deb4d2a2e8e5877edfff877693f67a9dc487e29742943e062d7be6277

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42682\tcl86t.dll

Filesize
1.8MB

MD5
ac6cd2fb2cd91780db186b8d6e447b7c

SHA1
b387b9b6ca5f0a2b70028ab2147789c4fe24ef7a

SHA256
a91781fe13548b89817462b00058a75fb0b607ec8ce99d265719ced573ade7b6

SHA512
45b24ca07a44d8d90e5efeded2697a37f000b39d305fe63a67292fdd237de3f8efd5e85b139b5702faa695f9f27f12f24ac497e005e2f3c24c141d7cd85305b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42682\tcl\encoding\cp1252.enc

Filesize
1KB

MD5
e9117326c06fee02c478027cb625c7d8

SHA1
2ed4092d573289925a5b71625cf43cc82b901daf

SHA256
741859cf238c3a63bbb20ec6ed51e46451372bb221cfff438297d261d0561c2e

SHA512
d0a39bc41adc32f2f20b1a0ebad33bf48dfa6ed5cc1d8f92700cdd431db6c794c09d9f08bb5709b394acf54116c3a1e060e2abcc6b503e1501f8364d3eebcd52

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42682\tk86t.dll

Filesize
1.5MB

MD5
499fa3dea045af56ee5356c0ce7d6ce2

SHA1
0444b7d4ecd25491245824c17b84916ee5b39f74

SHA256
20139f4c327711baf18289584fa0c8112f7bb3ba55475bded21f3d107672ed94

SHA512
d776749effa241ba1415b28d2fcff1d64ed903569a8c4e56dfddd672a53b2f44119734b1959b72a9b3f4060bb2c67b7dea959cc2d4a8e9f781f17009c6840fc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42682\ucrtbase.dll

Filesize
1011KB

MD5
849959a003fa63c5a42ae87929fcd18b

SHA1
d1b80b3265e31a2b5d8d7da6183146bbd5fb791b

SHA256
6238cbfe9f57c142b75e153c399c478d492252fda8cb40ee539c2dcb0f2eb232

SHA512
64958dabdb94d21b59254c2f074db5d51e914ddbc8437452115dff369b0c134e50462c3fdbbc14b6fa809a6ee19ab2fb83d654061601cc175cddcb7d74778e09

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42682\unicodedata.pyd

Filesize
1.1MB

MD5
1905b5d0f945499441e8cd58eb123d86

SHA1
117e584e6fcc0e8cfc8e24e3af527999f14bac30

SHA256
b1788b81fa160e5120451f9252c7745cdde98b8ce59bf273a3dd867bb034c532

SHA512
ed88cd7e3259239a0c8d42d95fa2447fc454a944c849fa97449ad88871236fefdafe21dbfa6e9b5d8a54ddf1d5281ec34d314cb93d47ce7b13912a69d284f522

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42682\win32\win32file.pyd

Filesize
140KB

MD5
06afadb12d29f947746dea813784efe1

SHA1
60402c0f3e5bc5a50f220aa98a40060572b8f5cb

SHA256
4a9f813daa23e27c8a1d0915cfcc1c06e4df10c9ee33a37e215888129501d256

SHA512
3032eb20475873d037ab3722596d98841ddc18a698981697dca85a5d446d0d9985b397eaac1b91c44527adbfdd97a6435261b28529acabe6dd7b4ed59c1162ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42682\yarl\_quoting_c.cp311-win_amd64.pyd

Filesize
65KB

MD5
0edc0f96b64523314788745fa2cc7ddd

SHA1
555a0423ce66c8b0fa5eea45caac08b317d27d68

SHA256
db5b421e09bf2985fbe4ef5cdf39fc16e2ff0bf88534e8ba86c6b8093da6413f

SHA512
bb0074169e1bd05691e1e39c2e3c8c5fae3a68c04d851c70028452012bb9cb8d19e49cdff34efb72e962ed0a03d418dfbad34b7c9ad032105cf5acd311c1f713

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
244ed421d59806c2a4381f9d59a297c2

SHA1
e4a6054e943c476aff901885002be34cff38af0f

SHA256
38f7d53041c7d46798eda271e29eb7c3cbec08b957fbc0744e56367cd18cef79

SHA512
dafaa52a5cee652b560342fbd9ba1e608f257873bed9d8de36f4926f5c1873b8ffcaf54e1604de0bbc5b458509b8fde24266a440a928c324aa2676431f0ae330

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\3497ee6e-52ee-4bcb-86c4-93f91c51c2f0

Filesize
746B

MD5
94925d6195732b25902d62366537b3a9

SHA1
154403e7427a78bb3927d607925b8e7e3c65a22f

SHA256
0fa53e6a91ac34826433e9ea05aa99d795727d3bbffa56d1491aa82fd521c324

SHA512
ddee93391b39f4eaa3d105202f3b61cac14a711d274ed1f0a62080b724ff095f97487e70751549a164dd5c2a3043fc6595077133d5ef5b78375d14a674ef4cac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\ce68adda-f729-4d4c-9d4a-15e0bf5c9f0d

Filesize
11KB

MD5
8c572e12c0dc882f47e68ad5a27c7b29

SHA1
9828d9e3e0b9bb39e66e454c35c5fa70c52392de

SHA256
488cec594a1d351ff818d91d5220e58f7b0f447ce7b65c4cdeb92abfacff5105

SHA512
d0c52ca99bf70724c52fe40aa253d96819c99c0879d3517f10c9d29afec0a276f7cad87905d273e6ee31f4b36270f4f9b0c8936e03d3f8daab7b8555c977c03e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
c2092b7da969d7eb25eef58d71f3d2f5

SHA1
f7b9a7e3477a86da4c8cb8d2b9ef54526345910f

SHA256
c56a2716ba52c196f76f7fd839d40d2e75c7f2a8ee4f248513818099cee6c2bb

SHA512
781a0b37c317ec629d94b7abcee4e6c067418e4ff244205350189a5a5faf0201242106f990485ff41e35503245b306036ddef66767b0f79208ae3b451da4b805

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

Filesize
6KB

MD5
002135c7ebe5c33cc4d3c9a802a2a00a

SHA1
6d61fea4dee7ee7ea594a43274b95fe3a63fbaeb

SHA256
4058c47b9f456b1e226478666832bb5e330941666479b35a24fae93d0b9cc295

SHA512
5914f89a1afdc0772a19dd14dcaade3a9528f8d92196bd10df250324a5e4ab1ac0de27d32883a23df527103fe495ef3e7701802b833c423393ab29629a42e1c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

Filesize
6KB

MD5
2d1f6ef6fe6890a0eaa8259a3e106b09

SHA1
aeccf34cac6623438e6478cc4ef3b18c70b6467c

SHA256
2f55725056c0e6721f2fa86c3025c7b5dd40a878d51b56a1e9007e10381ee169

SHA512
bbdfd54e872bbb1c94ba3155ceefc14339c33b8f7c458561fcbebc59fa2cf5eab48e8e57ce89d8ac3ea6f90adaedc4e2dd494653c496cbe2c5ff14b4fa054124

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

Filesize
6KB

MD5
1039293160b9dbf48c50e4ec70be7834

SHA1
81ce97694f50d12cad6780dcabf0c6be5b55d28a

SHA256
56675dd2a53c29a8f4b88239790efc6ccfebe294732f3b7513e8a010523007ce

SHA512
242739d6eb66c8bd9962309a3f4ebe2bdcca66772ab752e0b9dbd53721558296f03aef7cb102cd777811092ab53c306568b4d148d0df8bedf2c0ce1a12fefb98

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
54f5626b38ead5ade0d01ca7f4d6fa3a

SHA1
a5f720f769b6461e9f4716b6dd194687302710eb

SHA256
c4ef25f675d5885f50c6648179a62b4a05756accf8aa264a709c63fdc2a4958a

SHA512
b2272e6360863282c88ebff720a22c56eccdd9d5b6d214c7f2813e6bf62ea1869bba5ad77e06b825e589999624352ee4ca621d4762dddad1614b9c57b1c1e3dc

Download Submit