eafd8f574ea7fd0f345eaa19eae8d0d78d5323c8154592c850a2d78a86817744

Analysis

max time kernel
144s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08-08-2024 23:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

zbxl.zip
Size

43.8MB
MD5

da596c5fa1bfe53dc6ef777e810c2e7d
SHA1

dc756fddd264eaadcc0c8e8576d11259bbe1c150
SHA256

eafd8f574ea7fd0f345eaa19eae8d0d78d5323c8154592c850a2d78a86817744
SHA512

bb7a10c4d9decee9687dfba5987939d1f55c3966bd80d06103d4bde6f61df3957d89392ac185b96ac668bc794193319dad33e34dde199df91eb2981e7e5f9fc3
SSDEEP

196608:rAA/coo9ZmMOfGI0QIdgCUlo1JKq5LJ2q82M/nSk827:rAHX9DQGI0Q321tr82MPl

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

firefox.exe

description	pid	process
Token: SeDebugPrivilege	3056	firefox.exe
Token: SeDebugPrivilege	3056	firefox.exe
Token: SeDebugPrivilege	3056	firefox.exe
Token: SeDebugPrivilege	3056	firefox.exe
Token: SeDebugPrivilege	3056	firefox.exe

Suspicious use of FindShellTrayWindow 45 IoCs

Processes:

firefox.exe

pid	process
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe

Suspicious use of SendNotifyMessage 44 IoCs

Processes:

firefox.exe

pid	process
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe
3056	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

firefox.exe

pid process

3056 firefox.exe
3056 firefox.exe
3056 firefox.exe
3056 firefox.exe
3056 firefox.exe
3056 firefox.exe
3056 firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 1676 wrote to memory of 3056	1676	firefox.exe	firefox.exe
PID 1676 wrote to memory of 3056	1676	firefox.exe	firefox.exe
PID 1676 wrote to memory of 3056	1676	firefox.exe	firefox.exe
PID 1676 wrote to memory of 3056	1676	firefox.exe	firefox.exe
PID 1676 wrote to memory of 3056	1676	firefox.exe	firefox.exe
PID 1676 wrote to memory of 3056	1676	firefox.exe	firefox.exe
PID 1676 wrote to memory of 3056	1676	firefox.exe	firefox.exe
PID 1676 wrote to memory of 3056	1676	firefox.exe	firefox.exe
PID 1676 wrote to memory of 3056	1676	firefox.exe	firefox.exe
PID 1676 wrote to memory of 3056	1676	firefox.exe	firefox.exe
PID 1676 wrote to memory of 3056	1676	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 4300	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 1632	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 1632	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 1632	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 1632	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 1632	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 1632	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 1632	3056	firefox.exe	firefox.exe
PID 3056 wrote to memory of 1632	3056	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\zbxl.zip
1⤵
PID:3044

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1676

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3056

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1976 -parentBuildID 20240401114208 -prefsHandle 1892 -prefMapHandle 1884 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1fda557c-818f-4e26-96ec-78bcb529040f} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" gpu
3⤵
PID:4300

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2360 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a44ba7f-a693-4705-bd88-4762bd4e15e8} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" socket
3⤵
PID:1632

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3020 -childID 1 -isForBrowser -prefsHandle 2560 -prefMapHandle 3004 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6bc9bda7-f9a5-4694-b399-a22589f6e1d9} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" tab
3⤵
PID:1312

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2728 -childID 2 -isForBrowser -prefsHandle 3556 -prefMapHandle 3640 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {654bbc0a-409d-4cd8-a0c0-36bcb01c8086} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" tab
3⤵
PID:3244

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4632 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4688 -prefMapHandle 4676 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa506ae8-ccff-4821-8b83-7dd506737423} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" utility
3⤵
- Checks processor information in registry
PID:680

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5360 -childID 3 -isForBrowser -prefsHandle 5352 -prefMapHandle 5348 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5278677-3a1f-410a-9c36-c2766aa9ca43} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" tab
3⤵
PID:2460

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5500 -childID 4 -isForBrowser -prefsHandle 5320 -prefMapHandle 5316 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3e1f54d-48ae-453e-a5be-1d287fb0aae4} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" tab
3⤵
PID:4508

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5668 -childID 5 -isForBrowser -prefsHandle 5676 -prefMapHandle 5680 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b2901de-339c-4886-b286-c6867d5d0080} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" tab
3⤵
PID:3884

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6188 -childID 6 -isForBrowser -prefsHandle 6176 -prefMapHandle 5532 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7fe6ae6c-cb69-4dfa-b324-9dbb2a778273} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" tab
3⤵
PID:3224

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5304 -childID 7 -isForBrowser -prefsHandle 5464 -prefMapHandle 5696 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {93633162-92d3-425b-8aef-d70ad7c43165} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" tab
3⤵
PID:428

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5172 -childID 8 -isForBrowser -prefsHandle 5216 -prefMapHandle 5244 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f95400d-4485-413d-be19-dd5adfc8691b} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" tab
3⤵
PID:1956

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4524 -childID 9 -isForBrowser -prefsHandle 5376 -prefMapHandle 4576 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63fb33db-1150-4335-9831-eb871b3e05b9} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" tab
3⤵
PID:2284

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6256 -childID 10 -isForBrowser -prefsHandle 6316 -prefMapHandle 5764 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00bad392-dfa1-499f-aac6-562d0c21b0c6} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" tab
3⤵
PID:2452

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6484 -parentBuildID 20240401114208 -prefsHandle 6240 -prefMapHandle 6480 -prefsLen 30532 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4e9dafa-d7e8-4304-9dcd-4723c98b031f} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" rdd
3⤵
PID:4336

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6492 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6412 -prefMapHandle 6228 -prefsLen 30532 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {778ce3ad-35e7-4847-9d77-31a0ca4e6af0} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" utility
3⤵
- Checks processor information in registry
PID:3096

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6704 -childID 11 -isForBrowser -prefsHandle 6696 -prefMapHandle 6684 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {39ad4379-769a-4804-944d-c9e05bbb250b} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" tab
3⤵
PID:3136

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6848 -childID 12 -isForBrowser -prefsHandle 6680 -prefMapHandle 6656 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0fbbfd52-fbcb-4aca-bead-3476314dd98b} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" tab
3⤵
PID:1060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\activity-stream.discovery_stream.json.tmp

Filesize
18KB

MD5
f8fd79a2ee8d5cb3ec892f5b1c77aacf

SHA1
f61b8a64ce98c8a43a1727aa187b450af6422883

SHA256
243d4ae2f560c3f658f48f4420b86a16de8767403d2065a0574b153f45e8bfc6

SHA512
78ecc7a3f704eeee6f4ff1c1d55f07b20f086f8ea3cc27f3024a988faf14445f8eb5d0271eb93ddc360782cc220afe631376b95769a0d49af97dd0cee4df9be4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\0E4A979C363DFA20F6707609C3D4F4CD7C10780B

Filesize
104KB

MD5
c5e93f33d63400eb2ce0b29eb108064f

SHA1
8edd99aed130db6b3a2029b5e878e1e49dec8a11

SHA256
94a43c0dbab1acd4297fe33cb4405155ba17b03bde570ac601cea3e03a14b6d4

SHA512
d3aea228cbc1bebece0d98bd999834178c3cd7bc184e874c6f51386da5814252819e177fff64af1a641a3268725cb341c694c91a6d24fb6e8f0a44812f9084bc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\3848148261E504B514813A70F842C73F678FE58C

Filesize
985KB

MD5
33771a137b2f7eff54770b46ed4da8be

SHA1
f77fed5cad307f189367014437d66e9c88a77bff

SHA256
b39a80d357f55cc39e74812f515a148ffabdd3f7f836eb6e4982935747a9ad17

SHA512
565626edae168f9db36f1e94e9c033ebc9c13c8c2b3a3a3b566e09f6915f2731d2be85775217041798a5fd5e8ca6271f512d24735a4f162dd958b08267297ea7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD

Filesize
32KB

MD5
c0b77ca460b93f4286c628a6803349f9

SHA1
a36a80dba71085d4e57058841c64d96e6519a15a

SHA256
a7b0b81e7482cc9aa2e248bbf8a3172fec13f54c1bc453cd4aefaa4d3fe9c825

SHA512
80268da637910d13f7b22308084cc6b1b17c06d4c8c44ed66fbc919ee6ee743eabb3ffcd7ebc989c8d3da27e518473cc6daf0a343204b216caf97453a84ebaff

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\76E7147E90F950CD5C9FEF108FF5987AED18E9F2

Filesize
60KB

MD5
c64a42c59424857904d4701cdcf6b0c3

SHA1
4456a146d5baa1ea3490d5c77d5781d045433a4c

SHA256
2ae9480b2046ee422dc86f55bc94f852050d6a5c4b6f11339f40bb3e6095ba85

SHA512
8b245808a1d73535c7a4c864f00aea02780628caa013f970299ef64b16fc4ebd2f7a1ccfc6da35a0104968672568aaecf90262792609e0c0ffe4717c55fe5baa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\8999BC8CB7B8114B87D8185D8CE1BBF1E6377016

Filesize
219KB

MD5
c96627444c7364d5487e350be107c291

SHA1
e7dec7379d24591acd1556f1f969a96ddf7298c1

SHA256
be79aad15f33a60f1fa8a508b995e21d5cc590c6b09c33bb025366ca8cd739e1

SHA512
ddb31b8c6073adf2203e569623dca86689bd0c735a8b07d16adab22fa22f9dc75a849d13696799762516a6b454524a012614c4fe5c29108c86271c2dbb234d04

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\EA87465A6B977981215042B94E7AB9FECDDEE708

Filesize
19KB

MD5
bdb5d80eb356c75a722acf1e0c0cff25

SHA1
3c27ca945b638df5c381a2fd71f3826c07601136

SHA256
504be442749cc591ef11b38eb666290b8a706c9e9e0ae445526b8484a91344b7

SHA512
70d41796d313e47ea88d650ea8c32360e4bee66fa072981ebb8e79e9e24e0c2cb6a1a77c327b3667f81a142d62d94e264d072b2501ad11bfde92760a8a52ce2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\AlternateServices.bin

Filesize
8KB

MD5
3dbee3003472a76ca4e5f1aaa5d98df2

SHA1
e6091037246b27cd9caabbd1cd1e3c726b2dc106

SHA256
35b30ead682c348fcc27e209fcb088a1d2a75b650402da4c2c762bd3c54827e9

SHA512
b2afcfdc04b6e0a6234f27326b6164b7453aac55336cdd4748d761f68349ca430b8e60788718f295d2ee86ed9209e9889f67c4d086d3827a504432ae34b585bb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\AlternateServices.bin

Filesize
12KB

MD5
bd3d150259f4a44e77363130ef0b65b5

SHA1
2293e6bba47f7636631f11681cc9f6b886604a79

SHA256
391e62df3fdebb26a3698f4ad620038414557f15960a4e2ffde077b3432e5457

SHA512
f16f795f8b000406900e51f4b75d18ce29bb29230e817b8cd5ac0018a7205d8556fdbf5b6d139c7fb358a47d803c1c70c943122fa46f606e676a89cf0e0ddc2e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
a989066a85fca484a5ecf94742d435c2

SHA1
554583f56a4ee10603e5cfefb71dde4953052915

SHA256
27535031077fd819d165a9eab5d92c6fd919fd53d76c219d71b4d0296cb5d62a

SHA512
c2a05cfdc4f9ef264ee76f7da3e98671f02e8b10c5f9ab4c77aedf868c87768c2a26ef96ffadc31bd705ad1e13865f6daedcb9c474127088d34dcfbd1b0cbe28

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
9872a3ef0e8420921dcab0f44a89c6e2

SHA1
ef53c991fc055b4f3e94287d60e89430e53dffdd

SHA256
85565bc2045c7c6741f746de2484ee1eeae6567776f28918b602b501a21498bf

SHA512
cfe55b3dd147a5bc6cecaa41f4b10ac90c38b7006f3e09edca7cc8b311826e18634498e5184560b6baf4feaae5fc2ca78e0b5bc7cb8da627a013e5824af9bb3e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\events\events

Filesize
4KB

MD5
bcf36ae999fe5799f94f88f50440f143

SHA1
fdf726ae9f63425f5b053a73358e2aafbd2a6699

SHA256
8352a74bb845ef8036e8f70de749ff5957350e726cf4157bd6fa9a049b62ed0b

SHA512
3e712d8bc07eb4ca58f0a2228589ae3a82a8a6d228769b3628ecc84232275f3e57d7276ee7482890224776e83381ed10067b4a4253852f793144fe61ba77ec54

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\704b3450-17bf-4480-8e4b-631af7aa3c95

Filesize
26KB

MD5
1f662c8c9a5e5eb657058f7b7247c229

SHA1
3bbcdd9306a93881fedd66e7ee76d543f6b23941

SHA256
4fa7a795ea258847ccc0dbdaf1ba92f6869b9ded56706641fc07066ac4d7a8bd

SHA512
c9cc1079956c469c707a1bbd718e49d934bc1a48c2f61208dbe6009d79a3251fd89a7bfd92e7c026c34c70355ccea5fb7260fdb9e6e0751395c5a8b9c85d6a75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\ba180b43-0ef4-45eb-a2e0-4ad221f39dd7

Filesize
982B

MD5
21455e0d178f66bb13040cddd9146aba

SHA1
1588445528fe9197a3ca5646759bbc12665b9dc6

SHA256
f69824b3d5762850e51b08828b0b2cd143f70226129ba5e35bbe485f3253e97f

SHA512
7e22763c175f6749a85285df8360199fd688d24843d18e4084ffbedce21fc1b9882161f0503b6a2bf9c52522b5635165596f96c614e720ef23ae5266e9399ec0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\d17ac821-b542-454c-8697-533c5efb6295

Filesize
671B

MD5
5a9f20858666decf65cf85992d7204bc

SHA1
5fcfcf8e5f412cfb9618728fd5d7a3eeb7432d9e

SHA256
67dc2bd93aff45327bd667b821d7694a6fd7ae48128a91f2578bea395e05355a

SHA512
aeafffb8550361582515b113f2b4d1f81f6fbbb576089f9c435f405707d8ca6953632eb445591f2971d384b1292e1cb18f4f36e80f91d3460db1fcaea96ff520

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs-1.js

Filesize
11KB

MD5
11db421ff31b87cd601da7512bb187db

SHA1
848b3469b59a0cf8b364fded5da2bbd57a490e88

SHA256
7c1a8252ed872727f202c78d396deaf9ae7b8ec19375c9878d7127dab5419c80

SHA512
205e84b98d1dd7dcc1d05f82a1c611028dc64720111d1bebb1001357410cc2d443ba4cf153f55e6faebe939858590c8cf8d1c55b091e56224dbf763391e431e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs-1.js

Filesize
11KB

MD5
5c5b0b842294c499f8a093c3d9a2213c

SHA1
82dfeb928846e7946fb013be68b677fdad6262f6

SHA256
085dca0b9f38389c00f454c188027325841d81f0e81c5e3e5620bf19bf761903

SHA512
f14fff655e8168547bc545750cc5f8e628bcd8481bfa0b3ef2d634a1cf22b61f283a59eee552b5744221996bd795adb4b5171f8873fbaf709ef6627dd4e9f7b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs-1.js

Filesize
13KB

MD5
abda0a9322b2cdf79186068b8309e7d0

SHA1
fdd2a01f3bdf284c0788c4121d6a419fe407b6f9

SHA256
c643d072dff6210b3ded6da6d227d56e7cdbc8dc616901730923b52cc9ec83f1

SHA512
2af1fffbecc139499ae9586af65066ed209f91d0ce2140dce2fa4f68328885c39d745f638e1e25fb43100bc9e597f5ca09fff036aa2029a232cb3a03582ac079

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs.js

Filesize
11KB

MD5
c8b40b11f74ed920aa6b4a3c4e395547

SHA1
58a80ad470f7575a7d0aac3e84f6f3ec3daf3ea0

SHA256
19bee0e0542d674d9813c85f8bd36ebbd9942430e93fa3b7657fe115f331955e

SHA512
643268b3ae5bf4b208cac2ca672f948eb9d93993b7fdd5e676f72a07038e24cb5f7d08e4b8f3b302cbb647e44fc5c2f182effafc43a3b4274a0f734e71e5fb83

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
1036f1d413ac5ac78db36a1c1b62b63b

SHA1
b67d1d0bb732e133c51f3968dca728e2eba45d50

SHA256
86d145842702d3f16e528ec03914b71fceb7848e50091d413908b5b7f3b88695

SHA512
2b59234d0f1907e070ad15f33c38d33aed9464a56c136908ba8de32cd344e5f900e9490f91bc8d98cd9a665a22667565b0c0aa6a88890477b5f0a42c17a3ea63

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
0dbf20e953bdff16d356562b2fde3559

SHA1
041c107fd7f1533e891a4d21e51aa14255dcd719

SHA256
af16d9010288ed2c5cef1efa9453d7b2b9e39d47fd839a7dafdc57ab9412f356

SHA512
11f2040ecb6c6e5fdfbdf35d3ffda52a8f01050124aa782b4edd5b161305cbf1a991ba80984829d6d7933a608f3de6027ac052a02890d9251d9e26aa587c1d39

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
3a47d98a2a5b9ef82be83262fa6d3370

SHA1
3c3f02ad406545652fd57287603c7b262596b0cf

SHA256
c10c602c8fcb638dca116fb471817e8c9e7e8d09ce146c0c012b1066abe1e85d

SHA512
91fba1883d59644bd0cffe42ed4e59d122035c4c009c7a24865fa7986543b4c3d0ca6a09b8b02e0c56467cc1945b39697a5fc626da31e1c1bec040eb2cddb490

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
a9c863a7a6c95d6e7b70a72bea6b6cba

SHA1
e0e5ef1b19fbca2a1e965483f9d7caabe55b22ff

SHA256
de329c742426ad9f15fcc2c2e48868154b61776799b03eb499e30a9088db776f

SHA512
03685310b7115ddef789181ad740a1732eb65b226b1a60df4d2f82518fade0028c1b3e1d476fef952a8d59b51432ce833d8bb4a0c0bff9174662fd46f97401a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
4d5606eb7792bd556057acc88a0d7fdb

SHA1
6547ff0ccaffb3344ee0d82c3ff2ea53e733ee55

SHA256
c24921efd0d608f75d6f5b4cc5e875543de4bc5a5686862cc2303977694e71f7

SHA512
4cdac3effd7f43c19aa38cae4a7f4de18d95fec475a7e966a1c4b682e0818b5f6ebe407bbe8f3295a12398cc40ac0ae1ff5871d84d878731fa05cb1a068f3f72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
3202f7830481601b6c253b017c9409bb

SHA1
8ed7d88c9496066d65e5afa8a92c994543247f43

SHA256
7ec3285a910f650face16806205a4cbd9926af5870a29169a4023382145e6c01

SHA512
c477761cf561738c343f88192bd4fdbff2f65af1e73e230ea7f67f0ce29ad8a9ed4a6eab293c76406106168e1f12a6831fdf1bd990afc1dd8de6df69743950ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
4fc66b14ce9156d88d8520547ae6129e

SHA1
98c7d157d79809aa3e95a90e8ab185f49c7e590d

SHA256
3de99750c5a8f0b6dd513af2822a5927b22cd9a91a2ca6430e0d797af2f6792f

SHA512
23b35fefc6117b7caebd3850b9a01144530f95db9d30624f93d53c1b12fb1fcf86c1c82756b4ee27ff92f35b073254c23d4a0d2031605f23ca8b8f17c26d3b55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\default\https+++www.pornhub.com\cache\morgue\5\{38af8d52-696a-4a4e-9374-7936b90a2c05}.final

Filesize
456B

MD5
4849126d62348e96de9f534891ee372c

SHA1
04208116ad7cb0edcb2c7c754042554104172d10

SHA256
92930e52c17a5e42a09f648d090ba0e48384fe2b6f4f6b3e3fc70bd8a0e6ac5d

SHA512
bd7769637a8707a21027e442faf6911019a2c731bff17fc11b9da0b74490162ea4eba2fca41942a7c114cc75ab1941f208c1fcc789bdc0a594b5ed269f6e6f25

Download Submit