e84614b994da56d1eb4da1cada066b4cdbc2e407980ac6ee6aed6515a6ede1a0

Analysis

max time kernel
137s
max time network
150s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
10/07/2024, 11:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

493KB
MD5

ec535d0681a90d410d75d424ad5c083e
SHA1

46dbd3500ccd0805228587e0d69f34ef574f8cc9
SHA256

e84614b994da56d1eb4da1cada066b4cdbc2e407980ac6ee6aed6515a6ede1a0
SHA512

e7f86e601c6c43dd0f74b20138b0d0e419f06fafa77b6ae2e841b8e170e2f7583d0abd6a2db2f6ea6e0e6471b5b063fc20430bee0c4c4c15e41b9ea229690009
SSDEEP

6144:s5QAdyAdSAdVAdYAdVAdpAdBAdaAdgAdqUb4n:saAUAgA/AyAjAXArAQA+AjbS

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2200	chrome.exe
2200	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2200	chrome.exe
2200	chrome.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeDebugPrivilege	1000	firefox.exe
Token: SeDebugPrivilege	1000	firefox.exe
Token: SeDebugPrivilege	1000	firefox.exe
Token: SeDebugPrivilege	1000	firefox.exe
Token: SeDebugPrivilege	1000	firefox.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
1000	firefox.exe
1000	firefox.exe
1000	firefox.exe
1000	firefox.exe
1000	firefox.exe
1000	firefox.exe
1000	firefox.exe
1000	firefox.exe
1000	firefox.exe
1000	firefox.exe
1000	firefox.exe
1000	firefox.exe
1000	firefox.exe
1000	firefox.exe

Suspicious use of SendNotifyMessage 37 IoCs

pid	Process
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
1000	firefox.exe
1000	firefox.exe
1000	firefox.exe
1000	firefox.exe
1000	firefox.exe
1000	firefox.exe
1000	firefox.exe
1000	firefox.exe
1000	firefox.exe
1000	firefox.exe
1000	firefox.exe
1000	firefox.exe
1000	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1000	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 2328	2200	chrome.exe	74
PID 2200 wrote to memory of 2328	2200	chrome.exe	74
PID 2200 wrote to memory of 1268	2200	chrome.exe	76
PID 2200 wrote to memory of 1268	2200	chrome.exe	76
PID 2200 wrote to memory of 1268	2200	chrome.exe	76
PID 2200 wrote to memory of 1268	2200	chrome.exe	76
PID 2200 wrote to memory of 1268	2200	chrome.exe	76
PID 2200 wrote to memory of 1268	2200	chrome.exe	76
PID 2200 wrote to memory of 1268	2200	chrome.exe	76
PID 2200 wrote to memory of 1268	2200	chrome.exe	76
PID 2200 wrote to memory of 1268	2200	chrome.exe	76
PID 2200 wrote to memory of 1268	2200	chrome.exe	76
PID 2200 wrote to memory of 1268	2200	chrome.exe	76
PID 2200 wrote to memory of 1268	2200	chrome.exe	76
PID 2200 wrote to memory of 1268	2200	chrome.exe	76
PID 2200 wrote to memory of 1268	2200	chrome.exe	76
PID 2200 wrote to memory of 1268	2200	chrome.exe	76
PID 2200 wrote to memory of 1268	2200	chrome.exe	76
PID 2200 wrote to memory of 1268	2200	chrome.exe	76
PID 2200 wrote to memory of 1268	2200	chrome.exe	76
PID 2200 wrote to memory of 1268	2200	chrome.exe	76
PID 2200 wrote to memory of 1268	2200	chrome.exe	76
PID 2200 wrote to memory of 1268	2200	chrome.exe	76
PID 2200 wrote to memory of 1268	2200	chrome.exe	76
PID 2200 wrote to memory of 1268	2200	chrome.exe	76
PID 2200 wrote to memory of 1268	2200	chrome.exe	76
PID 2200 wrote to memory of 1268	2200	chrome.exe	76
PID 2200 wrote to memory of 1268	2200	chrome.exe	76
PID 2200 wrote to memory of 1268	2200	chrome.exe	76
PID 2200 wrote to memory of 1268	2200	chrome.exe	76
PID 2200 wrote to memory of 1268	2200	chrome.exe	76
PID 2200 wrote to memory of 1268	2200	chrome.exe	76
PID 2200 wrote to memory of 1268	2200	chrome.exe	76
PID 2200 wrote to memory of 1268	2200	chrome.exe	76
PID 2200 wrote to memory of 1268	2200	chrome.exe	76
PID 2200 wrote to memory of 1268	2200	chrome.exe	76
PID 2200 wrote to memory of 1268	2200	chrome.exe	76
PID 2200 wrote to memory of 1268	2200	chrome.exe	76
PID 2200 wrote to memory of 1268	2200	chrome.exe	76
PID 2200 wrote to memory of 1268	2200	chrome.exe	76
PID 2200 wrote to memory of 2268	2200	chrome.exe	77
PID 2200 wrote to memory of 2268	2200	chrome.exe	77
PID 2200 wrote to memory of 2292	2200	chrome.exe	78
PID 2200 wrote to memory of 2292	2200	chrome.exe	78
PID 2200 wrote to memory of 2292	2200	chrome.exe	78
PID 2200 wrote to memory of 2292	2200	chrome.exe	78
PID 2200 wrote to memory of 2292	2200	chrome.exe	78
PID 2200 wrote to memory of 2292	2200	chrome.exe	78
PID 2200 wrote to memory of 2292	2200	chrome.exe	78
PID 2200 wrote to memory of 2292	2200	chrome.exe	78
PID 2200 wrote to memory of 2292	2200	chrome.exe	78
PID 2200 wrote to memory of 2292	2200	chrome.exe	78
PID 2200 wrote to memory of 2292	2200	chrome.exe	78
PID 2200 wrote to memory of 2292	2200	chrome.exe	78
PID 2200 wrote to memory of 2292	2200	chrome.exe	78
PID 2200 wrote to memory of 2292	2200	chrome.exe	78
PID 2200 wrote to memory of 2292	2200	chrome.exe	78
PID 2200 wrote to memory of 2292	2200	chrome.exe	78
PID 2200 wrote to memory of 2292	2200	chrome.exe	78
PID 2200 wrote to memory of 2292	2200	chrome.exe	78
PID 2200 wrote to memory of 2292	2200	chrome.exe	78
PID 2200 wrote to memory of 2292	2200	chrome.exe	78
PID 2200 wrote to memory of 2292	2200	chrome.exe	78
PID 2200 wrote to memory of 2292	2200	chrome.exe	78

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff41bd9758,0x7fff41bd9768,0x7fff41bd9778
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1840,i,8487969451455508968,17680275267778367951,131072 /prefetch:2
  2⤵
  PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=1840,i,8487969451455508968,17680275267778367951,131072 /prefetch:8
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1840,i,8487969451455508968,17680275267778367951,131072 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2808 --field-trial-handle=1840,i,8487969451455508968,17680275267778367951,131072 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2816 --field-trial-handle=1840,i,8487969451455508968,17680275267778367951,131072 /prefetch:1
  2⤵
  PID:3640

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4776

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4444
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.0.1198059704\918828292" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1692 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f38a246a-b2e5-4d7d-aded-e9dd4e71c272} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 1780 2c2fc4d3e58 gpu
    3⤵
    PID:3540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.1.866050224\588701445" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac9ee9fb-f41b-4001-b8ea-694b4cdd83de} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 2140 2c2fc032f58 socket
    3⤵
    PID:2356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.2.1715513868\2082561643" -childID 1 -isForBrowser -prefsHandle 2940 -prefMapHandle 2968 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {56aec676-b568-4301-84b9-8e0352f5c65b} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 2676 2c28229b458 tab
    3⤵
    PID:5104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.3.20603651\1543229068" -childID 2 -isForBrowser -prefsHandle 3496 -prefMapHandle 3492 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a28434d-327d-44ed-b0f0-30cea4c33721} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 3432 2c2809add58 tab
    3⤵
    PID:4240
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.4.679105345\1166281178" -childID 3 -isForBrowser -prefsHandle 4260 -prefMapHandle 4272 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {96d26ca4-7469-45ab-a20f-8167b92e9994} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 4436 2c2fc4d5658 tab
    3⤵
    PID:1972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.5.146510613\1202495311" -childID 4 -isForBrowser -prefsHandle 4864 -prefMapHandle 4852 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86ad1214-8043-444b-a7d1-9cf5d1f4d140} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 4888 2c284868d58 tab
    3⤵
    PID:3708
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.6.663860886\798813561" -childID 5 -isForBrowser -prefsHandle 5048 -prefMapHandle 5052 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7195fb7c-877a-43ff-a806-144c7b33b943} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 5040 2c284869f58 tab
    3⤵
    PID:1268
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.7.1804355674\964017958" -childID 6 -isForBrowser -prefsHandle 5228 -prefMapHandle 5232 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8a3eba6-2500-4e87-aa09-1d21adb30eef} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 5220 2c284d19758 tab
    3⤵
    PID:4452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.8.593652895\1453101854" -childID 7 -isForBrowser -prefsHandle 5608 -prefMapHandle 5596 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b31030ae-60a3-4b7a-9e1d-90e9ee6bf2a2} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 5640 2c2868e1858 tab
    3⤵
    PID:5332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
862B

MD5
e2706ca9b22a7e207310205614f8234e

SHA1
3f276652cd9d1af9bdc6ce431009eb1b571a4c7e

SHA256
365f0a309b6abbb1ea9fadeb249d3153712680c575a80d50eee26f10a1812182

SHA512
ef8bb7d39b0073d38c773aa810eb397047dc04d6e4eee108b71158c0c8e8ab58e671c873cad3e2fc66dc37892e5208e295ba5d780d159da7270ec5b621d317c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
cd65463dded7574c3e2453292eecedf5

SHA1
3417b1369136a13629a525aaed633f711cefe4de

SHA256
df68041c97d5ff3586355317d8b3af2c55c7ce37b09d22920e67a1f0330a5f2b

SHA512
8ed2f58383b8c6a7ffe457dbb38eca6b602580fcf6514932e8936f49b1a1a20a81785c683985bdc7b36a130773052edbe85abed1daff5bd36227e1e08b53663f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
692c00a0fbdfddb0bf91cf5a18156157

SHA1
89699763056c2df2c57ff9523643cee5d0c9fe52

SHA256
99d56edfa4b0f38550c444ec3262fb144f1f6ad0e35060481a5fc739ed6a345a

SHA512
9722789ba4388e2fb326f031c861cccee01b4a50112d3a4c3072c0f859bfc1a7ff94c9d1bfcbd51a99f1eeded19c72ef65b4d0761e233e90658b9c412fbeae99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\2547F4F8D6358638CDE0B31A1322D63360CA032C

Filesize
219KB

MD5
4f4ad164a6c513fa5a5c8e71a646d46d

SHA1
a0816988c47766ad58174b5c4d49a07374f97b09

SHA256
819b3aba48e27c28cdefac1d58a8b6530cf4e415c0762a107fa4f9fe7c52cea7

SHA512
7b93ee99c140728a6fd65edc69b31e458b67a460a00bfba1a933e9bdfab926ec04f0d1d3f1104c2b1c00c82efc31eb41d00937bc83611b4933065ed21403ae81

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
389585dfe4b5a999bd9ec4bfebc6747f

SHA1
7da54eb2acbfe65c4c0e2f5a3199d64346a9ef8b

SHA256
e5f0178c6a27017be1497fb069851a88b363e83573d52fa0a705ecbb31df2876

SHA512
991d9624daa7b8f0a5944720f8244b478174b9fe691a600c86dcb20b4ae48628b28714fdb26e8f73133e73cecaf906f4ce5ffd189f3a78966af58f8849ccdb49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\a0697af8-805b-4ddd-9255-e9e961fcd6bd

Filesize
746B

MD5
0484d057d3b66259d67040af33697039

SHA1
547ffc1fe6b3492718c282fb25ef9efc8bdff446

SHA256
0142b7e35004d5bc2481804f64f90778e5bb59f33bf93711bbbb18df06942f1a

SHA512
92629e4eb5148051a3e866f89ea632f278fde626db4ca52999565a05a4365ec1408c3282114ce1f9e3a0b312a0e416fd5725289142d64624e0dc7558f1750f76

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\a93d5357-f0a7-44fd-9376-d09af7331f62

Filesize
9KB

MD5
f91ec00ca4cdaa93bf0077ed6200e469

SHA1
b6e1d5c996262bfe5bea82b35d733974ef1becb9

SHA256
f324df74711b2ee2ef1a759cf81a454ac213e260cc091ae063abb03365540828

SHA512
b3fd353bca673e51644ac90024b9c4200612fcbed245f2f5db946b3f37373b46098bd9085aca1b71a9cd159edb356bea96ec9de8fb2b5809f9fb7d8081348ac9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
c6968eb3bdc198836ba8f45012386deb

SHA1
ed7ec6b2e99c7b13b9c5f9d461b58823fe2f36a2

SHA256
c8d628634abef81f517758c360815ab42011d6748e3426fe57beb0379cb65c31

SHA512
b3381e5dc86f634905e91b8d51a79800eac26476f556a2fa527b89b37b319b62e0722546d43f0207c32432a1ea2591306475896dc183b613472efb28d8cafd90

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
7KB

MD5
d8255667330d689323407320961a7b11

SHA1
392e139c3864b9890d45a4d6853002a6691e2015

SHA256
20c2d81c2dd02f8233a888c8d92dabd79f041d5f1ef3cc0a75562c4972ac2c8b

SHA512
9c9627bae8d4ebeb242f9152f3a51a473cd0509db2fbeff7d3e63c462e283e42f0f48c53e17a4a47736df3b76e6ee2a133a12d03739e37f5869559a2245e4e0a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
47400ff14f3534dc635d02ca08b4acb6

SHA1
5141a1ed14e85607f83f07b936094ed75df7f1be

SHA256
5916e908278d011dba8f4c07d7c151158977c5554fd3213027b055ff500ec31e

SHA512
ba2b863863ad1facfd3ca1fbb01d3b7a949581b5c39055a017483595a563fd343e558fafbb7202683b713188a0c0d22fbff9edafcc1cab918b3368b5b02b70c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
4709ae441b6a986ba384696c5353b702

SHA1
6cbb9a8fbc634e60e5a9b9ace24c8d162129a29d

SHA256
04022c67cc04cd5cba48398b27572607dcf73c4b76675914848df83dae24b70c

SHA512
ceacf3bed3e40f0d3033dd0fa2f2231b2a1e30cca14fc3481e347713124cba3051d8a80abde47b9110c6a45ac6a5f5c5803915ebdec1532d995c7dfad93ced53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
d528143ccdc790a872235713ac41c150

SHA1
5ba6c94d7c44eab7308c519a31177b772e13c2b1

SHA256
d9f511d28917ee64c55cc279ce8dde9763b261554f67f7aa02334c7472167e48

SHA512
7b4c4bd9afe7072559c2011626f330717bb9fdbc5cafce53f60d39515154778be4e3f3b895a1daddbdcabec64a0b1cd01f931d98cda4c101473ceaff7b45d742

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
41029c03308b8c9cdf0fb41981587f2a

SHA1
35fa581bcf37cc4192ce32f77430d85623f468a3

SHA256
abc522c3acb229c86ef0451f8159f73fafb2acdad8ab636c83d900f8373671c0

SHA512
18d14959db161b59f19e2b501d36a33e2e8033341662e3388e49f98f2af1da7818561c4429382f4a00f53e43d22566d86d3b437fba9993268fad3f80f1b7c38b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
9e6c2247866e356dfd402a83b59a95a2

SHA1
487c25e7f243c706a89cb7cd306c7a8948eddda7

SHA256
824581583bf135233042f6cf94f92e90a7b30dcc85055d25265759c4a76868eb

SHA512
7706006eab324d3155651873804c5896f40581693d73210c03b9d5f6859b28656c33e75ba700e864300b12868aaa7863c4829d190d5b7dd4b13c52c6f56e8a42

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
3849477a5e13da380baeeeed6bb7ecfb

SHA1
4028d19be09268de062623e9e859d902f8a343c9

SHA256
267239341d3e69103b33d115c413048337be33961a2f4e63d179c354e9cf3357

SHA512
80fa2dde105923294ab8e4524b1a944e49a337a7156b39a11d1959afbffcdaf71d74a4efe05c9c1ca8d9145201f7ad7ca80ae5ff9cbe03aeab5370e3e7525d61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
e7d901ad03d22078f4c42ecc83c3bd45

SHA1
13ffe2ced2026e6b99c39a96d006c7832a72ba17

SHA256
fddee54013f830a84e74dce5679f6e4c3c71b4c5c51ecdf58bcef7e27eba4f17

SHA512
8e7373116183db845f03c74e28effbe85b53c6c109f0a1a867fc4daa2944c099846644c5b6ecfa6408091d097a08b3f1b8cedcbeffbdcfaa14147f6b76663ec9

Download Submit