cobaltstrike | hxxp://3[.]145[.]83[.]235/

Analysis

max time kernel
224s
max time network
219s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 17:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://3.145.83.235/

Score

10^/10

cobaltstrike 0 6 backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

http://3.145.83.235:8080/q2Gs

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0)

Extracted

Family

cobaltstrike

Botnet

Attributes

watermark
0

Extracted

Family

cobaltstrike

Botnet

http://3.145.83.235:8080/ga.js

Attributes

access_type
512
host
3.145.83.235,/ga.js
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
polling_time
60000
port_number
8080
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQcjnLyLAiX5rAavkW1KOk4civipSN0IoUXe8t4j0BTrKcsAhlOVMVUXUzJ7AsButVHbwL/yOgZvaXkfM/zLsHdpB1pRq0LR4DTt1EZYB6w3PS0d8WCnUAIL9FjocxLAvYoUUNO7TGCbojgElB+6uLe8FVv7c3GQbZcR8jEMNnqQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/submit.php
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; InfoPath.2)
watermark
6

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Downloads MZ/PE file
Executes dropped EXE 1 IoCs

Processes:

flash.exe

pid process

5492 flash.exe

pid	process
5492	flash.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings firefox.exe
NTFS ADS 1 IoCs

Processes:

firefox.exe

description ioc process

File created C:\Users\Admin\Downloads\flash.exe:Zone.Identifier firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	firefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\flash.exe:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

firefox.exe

description	pid	process
Token: SeDebugPrivilege	3256	firefox.exe
Token: SeDebugPrivilege	3256	firefox.exe
Token: SeDebugPrivilege	3256	firefox.exe
Token: SeDebugPrivilege	3256	firefox.exe
Token: SeDebugPrivilege	3256	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

3256 firefox.exe
3256 firefox.exe
3256 firefox.exe
3256 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

3256 firefox.exe
3256 firefox.exe
3256 firefox.exe
Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

firefox.exe

pid process

3256 firefox.exe
3256 firefox.exe
3256 firefox.exe
3256 firefox.exe
3256 firefox.exe
3256 firefox.exe
3256 firefox.exe

pid	process
3256	firefox.exe
3256	firefox.exe
3256	firefox.exe
3256	firefox.exe

pid	process
3256	firefox.exe
3256	firefox.exe
3256	firefox.exe

pid	process
3256	firefox.exe
3256	firefox.exe
3256	firefox.exe
3256	firefox.exe
3256	firefox.exe
3256	firefox.exe
3256	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 4160 wrote to memory of 3256	4160	firefox.exe	firefox.exe
PID 4160 wrote to memory of 3256	4160	firefox.exe	firefox.exe
PID 4160 wrote to memory of 3256	4160	firefox.exe	firefox.exe
PID 4160 wrote to memory of 3256	4160	firefox.exe	firefox.exe
PID 4160 wrote to memory of 3256	4160	firefox.exe	firefox.exe
PID 4160 wrote to memory of 3256	4160	firefox.exe	firefox.exe
PID 4160 wrote to memory of 3256	4160	firefox.exe	firefox.exe
PID 4160 wrote to memory of 3256	4160	firefox.exe	firefox.exe
PID 4160 wrote to memory of 3256	4160	firefox.exe	firefox.exe
PID 4160 wrote to memory of 3256	4160	firefox.exe	firefox.exe
PID 4160 wrote to memory of 3256	4160	firefox.exe	firefox.exe
PID 3256 wrote to memory of 2720	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 2720	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 4072	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 1444	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 1444	3256	firefox.exe	firefox.exe
PID 3256 wrote to memory of 1444	3256	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://3.145.83.235/"
1⤵
- Suspicious use of WriteProcessMemory
PID:4160

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://3.145.83.235/
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3256

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3256.0.1305294916\701127171" -parentBuildID 20221007134813 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {af523bf4-c676-44b8-aae6-dd9ce360bac5} 3256 "\\.\pipe\gecko-crash-server-pipe.3256" 1960 1b4645d7958 gpu
3⤵
PID:2720

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3256.1.1077360254\1254280762" -parentBuildID 20221007134813 -prefsHandle 2372 -prefMapHandle 2360 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0be13ed-9e4c-4adf-92de-22423776623b} 3256 "\\.\pipe\gecko-crash-server-pipe.3256" 2384 1b4643fb758 socket
3⤵
PID:4072

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3256.2.1196255136\977429221" -childID 1 -isForBrowser -prefsHandle 3184 -prefMapHandle 3180 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b245a81d-8749-4a4f-bb47-dd0c3f935619} 3256 "\\.\pipe\gecko-crash-server-pipe.3256" 3192 1b46455ee58 tab
3⤵
PID:1444

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3256.3.511022771\1464636005" -childID 2 -isForBrowser -prefsHandle 3876 -prefMapHandle 3872 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd8ed43e-0046-438c-b371-572ed87f51d3} 3256 "\\.\pipe\gecko-crash-server-pipe.3256" 3884 1b46992d658 tab
3⤵
PID:1192

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3256.4.283270857\548509442" -childID 3 -isForBrowser -prefsHandle 4876 -prefMapHandle 4848 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9882d2ce-a0b3-401e-b0a5-ace55aec6eb1} 3256 "\\.\pipe\gecko-crash-server-pipe.3256" 4888 1b46a9aea58 tab
3⤵
PID:4936

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3256.5.868674353\873306271" -childID 4 -isForBrowser -prefsHandle 5004 -prefMapHandle 4904 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d20eeb2-706e-4875-8620-eec4e47f6369} 3256 "\\.\pipe\gecko-crash-server-pipe.3256" 4900 1b46af2eb58 tab
3⤵
PID:2952

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3256.6.1101128771\1006401168" -childID 5 -isForBrowser -prefsHandle 5200 -prefMapHandle 5204 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {633f9fbb-d80e-47cb-b2d6-2b3c96b2574e} 3256 "\\.\pipe\gecko-crash-server-pipe.3256" 5188 1b46af2f158 tab
3⤵
PID:4720

C:\Users\Admin\Downloads\flash.exe
"C:\Users\Admin\Downloads\flash.exe"
3⤵
- Executes dropped EXE
PID:5492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3592 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:8
1⤵
PID:5936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\F4EFE37A30D0F14C6AC03FF7949A51CBC2EBC649
Filesize
13KB

MD5
215ad3944f087c3869316bfe42131a9f

SHA1
ebad993c903453b273cb61c4d99fcbc82f805cea

SHA256
67de70ddcf2cb8852a5d789d41720ef61864520e54c67cfda7795dd7d4e12f1f

SHA512
3baa37d1455d214d942954363dec241789db36c49f8f20db201fe7172a3f4e62e21882a3896e05900aacd2f25f1a672b8ac4cc07e505f64b2df26c1b74264e1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin
Filesize
2KB

MD5
fc61c938a885857f2565822250af7260

SHA1
d41708a4484bc1551847ae81d39ed260c9223c0d

SHA256
8ffb1094867db665ff97f12db784fc200f5680999e708f52c7864093856e6a31

SHA512
7c5054ab8188fc99a692d2965e591b115ddda727019b1dcc0c34b4c29c5afa7a3876b85f9ae315105d3de9c146d6efd200b0c5a497b7e4ee4b640af9e9630801

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\62c4d224-f854-447e-98d8-2cc1ce0693a9
Filesize
746B

MD5
e18dfc7ffdc45d93bba2e32a023ad4e8

SHA1
c52767e68d68bc2ccdfa9ab8e7f5f0d073554b37

SHA256
2f95c11d577f53f57652aa58ebaf1b250c7a2b1608c964eab9067e27e15ebd61

SHA512
155bfbe93f4ec7585e78c5089ed9c1ffea771f395d11bedbf9c46fc1a98a8fd8fcc239040d44db08f5bf6a996c00888e55995d9fb3d4fc96e3857f2adbb65363

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\df17fea7-a96a-4e42-8c5f-a16a0be5671c
Filesize
11KB

MD5
e41fb2fe2e89903b1b217f8c954b0f85

SHA1
fd606637d5d122c682e1e3a4046babe90e5a89d0

SHA256
ee623c2605532f017ddea17a0d8d6a255b8977a07eb3fc1bc8cb05b37bf69e23

SHA512
d46d5887bd6c03e42fe630bbfa729f042cd259112d11b350357c624014023fae87ed8583a40de5fb613fa2476fef5d6c573bad97f214efaabd1648e8660b96f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
Filesize
7KB

MD5
6301b44b46bcbea04e847b77feca72de

SHA1
b4fd0861e9578c32199d644b1198e295ddc0a7ac

SHA256
649c6d278cc3a7bb08a905cde417563933877e5faab9a298a6dfcda63eef9d1e

SHA512
06e12ec4592415f160b46520457087654a9476d5ee0aaaa80aa7292206b3a38d8367ca86f72c24b309ae8e63e388acd3933923481fde66c1fcd8902fc64c96f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
Filesize
6KB

MD5
070ee87cc060460ab99f3894a4a6309a

SHA1
b1ec00e40e51fc962052b5b9e274c813e05250d8

SHA256
99241b525d7518b32b56be66f5fe2c5a87c90c8ae5311dfc83bd4220cdfd5b5b

SHA512
f0117cba72c46a98f073e71713784ab3e4f12262bfe89a6e89c3318e328593f5bbfaef6d7aad5fcf1d8de3cb01e1e49681ab9552121e13bd0dd32e5f433cea63

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
Filesize
6KB

MD5
db841e084e6495db9a2e311d350b8d60

SHA1
c112614e0ae6999b60ed12fe8d983dd721101439

SHA256
a6ef0225dd9aeef11a0d81258bb24134419e49286754fa9817f997af4afdc01b

SHA512
a1be721bbf9c62535b3395afb51576bc5ba20e8b9018d5cc09d4a43af5b96e49f2a6277fe6d811f0189de023926caa3dc4c141862bf20759bb95f41dec9d9831

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
Filesize
6KB

MD5
194c6429127b62f604a38a234830ff9e

SHA1
d4cc3cfb8a2fc91d25cfdaaae223af2afec16052

SHA256
265f1502c38b6fc188f6740a79c0efd65592a9f06d1cb9a4ed79c4bb0b1d88f1

SHA512
0f8058e5e49fe3d91d5cc5e5308dae54376030def82443c1147f897947857a76b3496bc8cd500f2b0e6e055183110795657133c6807c3883ef9490920ee6bf0e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js
Filesize
6KB

MD5
8e0a3c381d7e67c57384a02ae111ec01

SHA1
97a5d8861d4e7f800d7466bf37c21f7d094a3ed3

SHA256
bcb3b1833e05eb421158c9e3d3a8cb3c0df78308b143840179aa29373116adc9

SHA512
2cf21941b25b49abc0d5c535e88c4509ee9603db7ec0c2e54b8ac1699598bc41656241e8ce9f2e2bda80cfb007f58af3561fd027b0effb43708625dfc8a04da9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
998B

MD5
0d6e2f35004fd79f41de2f14ed47e784

SHA1
79c435f7a6cd6dd5c64ab99d4a28e77ac5885b93

SHA256
19af867cf4a47f0a64d7b196ddf62fe3fa86af119fe73ec3b54eac3c708cb58a

SHA512
7ec60889c1ef65279633bc8fe4867806edb74bf6b0571704a4c739575eb29d9f85250977579d6422499264ad687bd4797dc315cbaca9c2b80ddd21586ecf30b7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
184KB

MD5
89fb414d778d11d3a12991de60301815

SHA1
1d7a63ca92d9ad28930ce2feaac8c71c3f699ef7

SHA256
935ba660008416f0b46a028a709944f11f9c2858243a2f7bc0b57aa1d96314be

SHA512
49f06dc78f2e08621ba4ed19925d8c7ed040502f13edaeedc7df3d675e77417d8b7b3c0b3feaf7f4fcef989091b363f5af1fa9258de57cee5bd904e1d7a31f9b

Download Submit
C:\Users\Admin\Downloads\flash.XnZlPOkp.exe.part
Filesize
17KB

MD5
c7e1d79a678a55dc2facda715e60ec5e

SHA1
03c37a21b90f4d5e42072ed5f26b6df3c35c995a

SHA256
799352dd262a34eb25dae93b87c6fc5d7991351c0baa83ccceb2156ed18d6a8d

SHA512
73329592f29249fe74923b0adaf47c24498c3357732bbb9c038c99bf60664ca26d849525e3bfd7286758b1cd95c5cf96292088f4212461d9e27d757661d3a1f2

Download Submit
memory/5492-159-0x0000000003AB0000-0x0000000003AFE000-memory.dmp

Filesize
312KB

Download
memory/5492-156-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/5492-145-0x00000000036B0000-0x0000000003AB0000-memory.dmp

Filesize
4.0MB

Download
memory/5492-146-0x0000000003AB0000-0x0000000003AFE000-memory.dmp

Filesize
312KB

Download
memory/5492-144-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download