hxxps://github[.]com/FailedShack/USBHelperInstaller/releases

Resubmissions

08/05/2024, 23:10

240508-25zbfacf8v 4

08/05/2024, 21:14

08/05/2024, 21:13

07/05/2024, 20:34

05/05/2024, 21:55

05/05/2024, 19:37

03/05/2024, 01:17

02/05/2024, 23:32

Analysis

max time kernel
277s
max time network
279s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
05/05/2024, 21:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/FailedShack/USBHelperInstaller/releases

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	2332	firefox.exe
Token: SeDebugPrivilege	2332	firefox.exe
Token: SeDebugPrivilege	2332	firefox.exe
Token: SeDebugPrivilege	2332	firefox.exe
Token: SeDebugPrivilege	2332	firefox.exe
Token: SeDebugPrivilege	2332	firefox.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe
2332	firefox.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
2332	firefox.exe
2332	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2332	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3372 wrote to memory of 2332	3372	firefox.exe	79
PID 3372 wrote to memory of 2332	3372	firefox.exe	79
PID 3372 wrote to memory of 2332	3372	firefox.exe	79
PID 3372 wrote to memory of 2332	3372	firefox.exe	79
PID 3372 wrote to memory of 2332	3372	firefox.exe	79
PID 3372 wrote to memory of 2332	3372	firefox.exe	79
PID 3372 wrote to memory of 2332	3372	firefox.exe	79
PID 3372 wrote to memory of 2332	3372	firefox.exe	79
PID 3372 wrote to memory of 2332	3372	firefox.exe	79
PID 3372 wrote to memory of 2332	3372	firefox.exe	79
PID 3372 wrote to memory of 2332	3372	firefox.exe	79
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 2628	2332	firefox.exe	80
PID 2332 wrote to memory of 1844	2332	firefox.exe	81
PID 2332 wrote to memory of 1844	2332	firefox.exe	81
PID 2332 wrote to memory of 1844	2332	firefox.exe	81
PID 2332 wrote to memory of 1844	2332	firefox.exe	81
PID 2332 wrote to memory of 1844	2332	firefox.exe	81
PID 2332 wrote to memory of 1844	2332	firefox.exe	81
PID 2332 wrote to memory of 1844	2332	firefox.exe	81
PID 2332 wrote to memory of 1844	2332	firefox.exe	81

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/FailedShack/USBHelperInstaller/releases"
1⤵
- Suspicious use of WriteProcessMemory
PID:3372
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/FailedShack/USBHelperInstaller/releases
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1932 -parentBuildID 20240401114208 -prefsHandle 1860 -prefMapHandle 1852 -prefsLen 25455 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {89a937fa-94f7-4b38-9dcd-be66d7e200a1} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" gpu
    3⤵
    PID:2628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2368 -parentBuildID 20240401114208 -prefsHandle 2360 -prefMapHandle 2356 -prefsLen 26375 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1c35d46-4106-4d25-b663-f595498aa037} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" socket
    3⤵
    - Checks processor information in registry
    PID:1844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2724 -childID 1 -isForBrowser -prefsHandle 2828 -prefMapHandle 1068 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1040 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {017c6bdd-7ddc-48ed-90a2-e91a05f03904} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" tab
    3⤵
    PID:4220
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3448 -childID 2 -isForBrowser -prefsHandle 3548 -prefMapHandle 3544 -prefsLen 30865 -prefMapSize 244658 -jsInitHandle 1040 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a90c3ff0-4e38-47d6-a4cf-8e50f77f8b0b} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" tab
    3⤵
    PID:1704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4284 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4304 -prefMapHandle 4300 -prefsLen 30865 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c334fe6e-59cd-4188-8bcd-7a2d416de8ab} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" utility
    3⤵
    - Checks processor information in registry
    PID:3960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5344 -childID 3 -isForBrowser -prefsHandle 4220 -prefMapHandle 5324 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1040 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {46e3bb3b-d7a3-4434-9af4-c16e526bfe76} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" tab
    3⤵
    PID:3780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5552 -childID 4 -isForBrowser -prefsHandle 5472 -prefMapHandle 5476 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1040 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8c6d220-c1ca-44d9-af5c-2bc93b84e142} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" tab
    3⤵
    PID:992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5744 -childID 5 -isForBrowser -prefsHandle 5664 -prefMapHandle 5668 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1040 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d61f1e77-e487-463b-8d21-76beea8e0ad6} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" tab
    3⤵
    PID:1596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6148 -childID 6 -isForBrowser -prefsHandle 6160 -prefMapHandle 6156 -prefsLen 31077 -prefMapSize 244658 -jsInitHandle 1040 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {642cdf1c-4f11-4d7d-af18-b57b3040ad6e} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" tab
    3⤵
    PID:3372
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3040 -childID 7 -isForBrowser -prefsHandle 2976 -prefMapHandle 2972 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1040 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4b020f2-c0ff-465d-843d-94d51d4a2a43} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" tab
    3⤵
    PID:4740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5696 -parentBuildID 20240401114208 -prefsHandle 4188 -prefMapHandle 5268 -prefsLen 32331 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad4a13c2-ab68-48ae-8734-f7720efa9658} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" rdd
    3⤵
    PID:4772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5180 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 4064 -prefMapHandle 4052 -prefsLen 32331 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3a1b4ab-a75e-4360-bfc0-2b69d30acb51} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" utility
    3⤵
    - Checks processor information in registry
    PID:3020
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6588 -childID 8 -isForBrowser -prefsHandle 4064 -prefMapHandle 6516 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1040 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {be0ae4fb-1fb1-4245-9117-c0fe45ac72ed} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" tab
    3⤵
    PID:2816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6764 -childID 9 -isForBrowser -prefsHandle 6900 -prefMapHandle 6904 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1040 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da711c90-f4ef-41c9-81fc-b5bdcddfccc0} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" tab
    3⤵
    PID:3424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7060 -childID 10 -isForBrowser -prefsHandle 7068 -prefMapHandle 7072 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1040 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a2980f7-3788-4bc6-82b4-b549bb829b6f} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" tab
    3⤵
    PID:3184
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7268 -childID 11 -isForBrowser -prefsHandle 7112 -prefMapHandle 7108 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1040 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d032daf-42b0-4223-8ca8-0d100c713788} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" tab
    3⤵
    PID:3320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2256 -childID 12 -isForBrowser -prefsHandle 5596 -prefMapHandle 5608 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1040 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9643912-1308-434b-af6c-d2a3bc402e8a} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" tab
    3⤵
    PID:1084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5396 -childID 13 -isForBrowser -prefsHandle 1436 -prefMapHandle 5384 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1040 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {911a3dd2-637f-4667-86de-8c87596165f6} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" tab
    3⤵
    PID:456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6620 -childID 14 -isForBrowser -prefsHandle 5544 -prefMapHandle 7544 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1040 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e63d7d0c-7c37-4479-8014-692ce70bb48c} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" tab
    3⤵
    PID:1384
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7692 -childID 15 -isForBrowser -prefsHandle 7612 -prefMapHandle 7616 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1040 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d405b093-583f-443b-bd80-67b71b43f9f2} 2332 "\\.\pipe\gecko-crash-server-pipe.2332" tab
    3⤵
    PID:792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\664056869D0D4F7ED7E75E76186A518CEE21A33B

Filesize
13.2MB

MD5
2f78fb726df51daadde3bda06242f1ba

SHA1
93591ba33ae86a8e75fdce0c507a6ea640edb50b

SHA256
234b1136bd8117ac6ccb5fadae9375d990d34c27bbb417dbf314c042877a979a

SHA512
84e916d4aa618f08b93d735c6adfc50a62bb93e7ebb9ef8e6ae5d87378e9025b5ba0459371c456012ace6df40fa99d98df63d215ee2aa6f5c054701b17d3dd37

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\jumpListCache\GsBwKhrjW1YbPT8SUfhflM8MVqvFjtlddzR4NVMuYxg=.ico

Filesize
5KB

MD5
eff5c340f66629c70ed83c309d8e5d47

SHA1
9b1185a033654aad5cc2fee20e0a295b7aec61aa

SHA256
0f4c93cefd611e295802798bbd285b8a00e1ad332c352e4e79d3ff3ed55a95a5

SHA512
02456cb55d74793fef4bede9f16170b3e1a3ff751438f51f27b22c9b2bad660291d7c7234c476eac79c6edeaacca215e6d0a648bd76673468d25130b261a435e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
82477fb5a81cb0967be519c37033748a

SHA1
47b119d33b9bbd6c3811db87fa1138f2289bedb2

SHA256
052597aeb15b0955c49875941bf3727907425f3c3b58702c058394e082bf9129

SHA512
533a873ee853278e663ca6701df26092070857d69a35b799f647037bd55654cb2199736ff6ab80da80f6dfe1b1792fbc44f7c4d77b998724412777abdc51adfb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
15KB

MD5
642a6bdd904ac7909120ead3d1e5c9de

SHA1
0cce0fe3a81f61ea723c6ea550f3e4d2a630e6af

SHA256
e689fb7b1a93d56fc7c0cf393b4bc31fad17ce2ef43b288f531759f8f134c9af

SHA512
fafc51d5882f89c74fe84cb46010cb2d194da962d47a802babed0573f73ca54c4b55770f47ddad2da8715047785606572e7cb3eafde4d5f78729b89934cdb30a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\AlternateServices.bin

Filesize
7KB

MD5
1b748b7666c1cb11716360e53ba0ae0b

SHA1
356e96d6a184e705badf456e52b2178364418ea8

SHA256
a5f047684c36921e7236eb0320127fd66fbc63472cbd4ca14f49be78262944de

SHA512
361cf0f28bcaecd6ca8445e91d8155aa1e1c46751c2aed4f4d1427da55354fa8ebd38ebdab140ca28e0d7b6420bb3d5648a80146721cfc48429ff16c2e76c121

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
8cb64b3416c004613dcd5408be799d19

SHA1
fafcc229e47653b3e9e4bcde7312cb38e25c0ecd

SHA256
9fb73c61e59b2998657e928bca70489bc10e09a43a92f7ea1eacd1163021a254

SHA512
0cf518aea63775130cd045092d9d21cb8753c1aa86a81e88297967c9c697980474fc97a1678ff18e6206568dc0f522f834f630d85bfe08f47ce9c3d3a5a13b48

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
930cf6f990d5dc186947610d2f216eb7

SHA1
a21dba629b548442f575735164d225c91ed42a38

SHA256
2ca1d44a68906e3a21c3bc83fe79b60908d7b2694d70f78cebeaf9112abc595d

SHA512
7384c4faac594cb3f62337f7bbc4ab770e33eb913a586a28dd320d5ad9c747e8e52ebeba99c8be51427e07d06405a929bbe55dbfeec243a4e785c75c465712c7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
122KB

MD5
ce7dc8b475472f73ea125345fabf9179

SHA1
641b8935bec171db154582b9d9f7b8d4d6942d1a

SHA256
c7cb6d63e150dc92f7a8b564efd6a73e22bf12c5a9f907571aa27d8f020069fd

SHA512
fcc9483de8eae26e29c4208364398102680e2f4f8c426060074a95e9a2f747f6621a54b4cc8da6d1139bfce2a62a28f71321b8fef0c1a4bb0c70c0cfb03829b2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
123KB

MD5
5e8e547ea5aa956f0e2267dbab22c8fe

SHA1
f9fcf4206bde9075cab2c57bbd034178c4935fc4

SHA256
29259ffd80f2307cf987b4287d8345e18585d2116a1a5073edead375cb94f72b

SHA512
0f72435afa479802eae5f9fe8a024dc56cf95c065062fd0af67d6e1df6c689dcfe069888a8dfad8b8bb417fe1bdd5820ed6191a3ef365e1c4ff51130fa176f9f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
51KB

MD5
13586510231af2ef451e52fcdf6acf2e

SHA1
d65d3d7345e7072f30bb7595b989aaed0038f508

SHA256
ff2e8b25b46e4c04153b8c9db0ea18fd65ef9374fb012218e039436dad6f0a15

SHA512
6fa86ff7d9470cc57c71ea701f010c88ed45c14b2257f137ada38340b0d1dc3eb5cab572ec78c64c53be11f3381f379d74d69ab05561fa70c761677ea7d4b599

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
e5afb8d6789580604284df3c2d47b9db

SHA1
13ead89cf57170d3efc482812047470c045625ff

SHA256
d2216fd514271ebcd5e20ee9256c5e668e979ddc123389237541e3e3e71314ba

SHA512
d14851ba9bb7f634719b13390a4439ae5bcfe218cb589cd90da3ff41c52c35b842bf8c8ec5d365ed5a26dbe4462ca72ba8ed487fc72c423bf226e414fb122a4f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
f187857332ca0cfacefb67c72bdd0be3

SHA1
f07a2527c3117a2eab5f1a2bee8fa54ab3163472

SHA256
859dd27271abd3e3de1bf45be1d0871b44c7b968ba2d2dc95a61c89fd407d460

SHA512
593aad133d9866bee8bf4705a724e63e617b034ed8e283af301106c401e976ec883019e017e8b65bff56cfbcd16da6555fcc7550be75f118286ae80df92fb743

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
122KB

MD5
a3726603c00027a7b7ec3e420b20a369

SHA1
f2a73797b1d87af46259ccc540980fe3474b3e78

SHA256
bed1d5e23404eab39476d955ddb94593806f247cf581e08c08f4467beed695ed

SHA512
faa1f7144501b67b21912038f458ae42fc5e51fd801c7199e0aef37a31c7cc15336211e905b98f5792ea0f6a9f849dbda9ce834ee213c2c5c90b276f10b0fa4c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\166c08fa-18b0-4a70-825f-b673e4f8135c

Filesize
38KB

MD5
f588308859edcbe1c23fe95a598e2fd8

SHA1
75d2a7b9ce37a97b2a18bbbdaa4530303907e54e

SHA256
a06121551a5d9abbb9f6ebb31ab5f110afd3f75395fbf3b35a59a83d21dca900

SHA512
ba72ae38b9c3974e8dd20dffa92c9e1d6d8d76b33e3f02f1378f65d2ea123228bd47e3d86bbd0a06ff41594ff68fa45972072607a42b9d33018f0bd242dc3151

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\4c5aee35-4095-432e-8fd1-55e4c54397d7

Filesize
26KB

MD5
e4e92b01bf1f6671fb485a9a14d1a43f

SHA1
d4c7b6b0a0cce8af5917cc10993b01d7be68014c

SHA256
6bc52a24acaf4e512b063fce720fc4b9aff5285227b828de0dabcb327ba86fd5

SHA512
5fe6a80d9f24b45856f8588ef1100823cfe6e7575b472d4c92824daf319731ab5e49a23cd432f8ff87c1b198e2e8dfab02db4ffff175facae74fbd2423d4b661

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\9683214e-7d9c-4cbe-9da5-01773fb8f4bd

Filesize
3KB

MD5
e4b18ebb2586c545515d4394360d21de

SHA1
a803353b4874da50d3064abac2d37f605c00c844

SHA256
572e490d1de9107ee889c51cb1a3a548ad1b3c44f76fb73256cc6d0929ce4a54

SHA512
a0b10e009187d3f5ba08cd429208ef52b2f865ee57fa948909b7c930bfcb12ba505ea02da599c789f5ac9163f9080354f108a8929e693d02157c94dc6a8f88f5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\e2ec2c4e-4e28-4536-9ac5-871763bf7244

Filesize
847B

MD5
cf1949ccc8cde394d980aae3923488b7

SHA1
849645d7866bb82ef5bba9816f5406df5956c3b0

SHA256
a60f93d48e5ababdd69843ce34a532f8847caab903830424b9883ca0328b8363

SHA512
be47b5aad67f2b06dd0bbc329e794b142216c1b236259d8071645dccfbf1c1080a8a3764424fe98f1ebb60b5e79021b8dbf968da6a87ce6b6833755f7f3e077a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\f4da6994-11fb-47fd-87e5-1427e64420e3

Filesize
671B

MD5
89fb5fa7aaa0b4e1bc73a90a5222f26c

SHA1
0fe537391ec718862cc4eedaeae57dbcd9036560

SHA256
923d02993fc92628dab3a421d58940e101863746c8cf6d49cf281c3ff842cc35

SHA512
cde66883823373b0012726972e0d2bbf5c76da5a637b81c50d4e0f093730eb7292763f826635c582a854a4be964e44c3e71b37ae9ee1fedfd41aa2c4ed21ced7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\fbd3d416-3358-4cc5-af63-70862844bf92

Filesize
982B

MD5
260bf5257b55668a98ffc8ee68ba1706

SHA1
79962ffd649207d79ea0ee05961e4d1c03491215

SHA256
8a737497ce7acd4e9089bfb0e1603470faff1179d56911dc4282c28949093a7e

SHA512
b2832289f2aef0c834bf93bdc11fce670af6193d251573c9511a1352572ff815023d1d06ba10db428e7c91f81498a66f77139eb5f30f650ec31907e180497285

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js

Filesize
8KB

MD5
fb33af98845cb2af856da226394be3eb

SHA1
4de2f82158c990130536e354d99370571be68510

SHA256
2eac4f271fb19b5f921e783759a0e335f9d3862f2796b437be356c616169a21b

SHA512
7eb4ba7dbccc42aa060a1057cfe2ac399a8a4bb616025e6c860d32171831f623f67978092f5492e6f3e11d2b13360745fb1fa0ffca49aa8ed693fea49ca13489

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js

Filesize
8KB

MD5
2641d802c9306d65a91ebd38d9c32104

SHA1
2deed9b0af3c7d5f30517f750a356cdfb99594fb

SHA256
eac82b1d8a24b1d6b1e61fad3e0af85a29ea919fe592c926ce4df555c1828087

SHA512
8ee538a39f57b67a7c8eaf5961005dd92baf4da6920355051ffc1b53bf8bd19f136485ec55cc3fe756216aa1884e74eff2042849d02c6b64c00778a60139a107

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js

Filesize
9KB

MD5
006c05f345a0bca552fd3e9eb0b3fd0f

SHA1
7950c7202e6d71d6bc18d5eb830679f47070f03c

SHA256
ea9e91da3f0a0131b0549a510b45f5b7e72dbd214e215905d92e491f5ec9d877

SHA512
f80a20589943f76d12e6cbf562c7c65d6bbb31644143eb334a3d16079513fd207e0e65e02aebb6a627f804fca2da5eb7554adab37609d0a3d75fbca8dcf35784

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
a43bd21d161f9daacbd7b431d963f0f2

SHA1
62f1e62285470ac22b68f01215e87bba588e9878

SHA256
9cd06100b87d9da1e991c1c3849c1339a5430e21a62127d1e08ee7879d558cc0

SHA512
7cab2e6146449847e2c8cb76d07c89dd56402a69735206bcf63eecb55e381ab1c1fe26736f02cd5698cfcf2fdf22b917f9d3e7782fb0c31ad43f5ca22ad4186e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
c5c0dc9a93b528ab10ea0f6e742a9475

SHA1
d138c18cbad08c3685320f972555600c6624bf25

SHA256
8200657814a5c90a320afb0ef6a634308923f1b1c66bf6940dae30a2f8e578a5

SHA512
c7cc5c972a42b83fd93d625730364d1f530136dd689e07fa46665640717780fc98adcfc171f9e1f91f6780705747628341f10442125a95d49e69239c64b4f6a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
cbdc912f09b83ce610293a41e420357d

SHA1
43560fce45bb22e4b56049d97adfaa54df1c6fb7

SHA256
e3da84a17948b47743c3836f4ba2b5f9be40b50a8b3ec48468db6b4c4b2d19d5

SHA512
42b99ac7b1a87e64b4c610d55e72c6cde507437956bbe4fbdf78c7d66bb9dee93caa62227b2676c3d581d71b10922b012249bbefd1d164cee1e873816a0a1af2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

Filesize
15KB

MD5
61cc1b84754dedc5c0e6d4f999009dbc

SHA1
3ec2d4ce27d97194db33338a4051b306806f5d58

SHA256
da1ac330aa76aa302ee37367ca94f458eef13eb88a7f06f2eb1feca0c000c404

SHA512
50ba59c71fba0a151beae1e51a8bcb707f34882752a56d2f73fd2cb0f882f1da7100a27460f29917d3f0b4b3a32bf663df7ce82a2263bb12b375dff90f16d962

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
c1552520bd6b04e8c0e3d03c17fe1f43

SHA1
10bc4659b802063b040e00f1945fa91e11f7b48f

SHA256
a83a49c3891d3d498d92052b7022d23f7c1e06aecc43d147a55429a65dbabd6b

SHA512
e603b77d3ab532f4bac0521894cfce19d7fcbf77314b1116a70fc471240e1a47eafd700ac96b5b189b7737e34b876598f1a008c670daf35a08921de8b1195341

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

Filesize
8KB

MD5
91fe9c6ccb3e7834619cca1b17ec1899

SHA1
c186804553ef4123ad4f7743bf6ee4338b308103

SHA256
6e2f40228a6316183f6ae9e66c377f6d0b96cf58605c4f7fc1c2a5233059acba

SHA512
2dce7b0647df7b30550338606289662d69a0c2580c20d99f0252d07a0d5f2fb5c4ae356592040c98ed79d81e3c326829a05f2abfa948f70a0a34975a45b9ce4d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

Filesize
10KB

MD5
86eab9a43c3187e9760c70780fefd563

SHA1
b2aafe3f92a1cd48faa3ce1cd0f837f054a18f38

SHA256
aff1d5bbca0b51ff3bf13e20411e5415123577ab2acd1be52e3708f5e80e018d

SHA512
af8b557a9250fe96c6e8628fd6f2b16eb1395285fd095d5ed4029ddbe8b1698f4e151ad44474da187b8ad37a37757348dfeea8c07ce5d140ca30dd34ddeea9cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
8be509ecfaae3100aeeb5a381cf69f5d

SHA1
f6c273f366c285ef3ae09b7a523d40918a6ae696

SHA256
82d873e213d9737e4b33755cc55df0395153d42569f1e1cd1f27372cb1619ac9

SHA512
66590775ad56232690a4bb9cd0bc3448c37771809fbea9c624ef07dc82216bc5e7c52736c55d651134b451bd2ab2ce62a994b51bb717c73fd14cc734e256416d

Download Submit