hxxps://github[.]com/cheat-engine/cheat-engine

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/08/2024, 13:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/cheat-engine/cheat-engine

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
59	raw.githubusercontent.com
54	raw.githubusercontent.com
55	raw.githubusercontent.com
56	raw.githubusercontent.com

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4456	firefox.exe
Token: SeDebugPrivilege	4456	firefox.exe
Token: SeDebugPrivilege	4456	firefox.exe
Token: SeDebugPrivilege	4456	firefox.exe
Token: SeDebugPrivilege	4456	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3932 wrote to memory of 4456	3932	firefox.exe	84
PID 3932 wrote to memory of 4456	3932	firefox.exe	84
PID 3932 wrote to memory of 4456	3932	firefox.exe	84
PID 3932 wrote to memory of 4456	3932	firefox.exe	84
PID 3932 wrote to memory of 4456	3932	firefox.exe	84
PID 3932 wrote to memory of 4456	3932	firefox.exe	84
PID 3932 wrote to memory of 4456	3932	firefox.exe	84
PID 3932 wrote to memory of 4456	3932	firefox.exe	84
PID 3932 wrote to memory of 4456	3932	firefox.exe	84
PID 3932 wrote to memory of 4456	3932	firefox.exe	84
PID 3932 wrote to memory of 4456	3932	firefox.exe	84
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 4676	4456	firefox.exe	85
PID 4456 wrote to memory of 3976	4456	firefox.exe	86
PID 4456 wrote to memory of 3976	4456	firefox.exe	86
PID 4456 wrote to memory of 3976	4456	firefox.exe	86
PID 4456 wrote to memory of 3976	4456	firefox.exe	86
PID 4456 wrote to memory of 3976	4456	firefox.exe	86
PID 4456 wrote to memory of 3976	4456	firefox.exe	86
PID 4456 wrote to memory of 3976	4456	firefox.exe	86
PID 4456 wrote to memory of 3976	4456	firefox.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/cheat-engine/cheat-engine"
1⤵
- Suspicious use of WriteProcessMemory
PID:3932
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/cheat-engine/cheat-engine
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1964 -parentBuildID 20240401114208 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f9dc966-aa6c-4fd3-9bb7-336ab969fbb4} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" gpu
    3⤵
    PID:4676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2408 -parentBuildID 20240401114208 -prefsHandle 2384 -prefMapHandle 2380 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ca94bf9-d09a-4061-9e24-202a9bdc90c9} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" socket
    3⤵
    PID:3976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3216 -childID 1 -isForBrowser -prefsHandle 3032 -prefMapHandle 3120 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a08d00db-8a11-4ee9-90aa-5fbe2caf8f30} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" tab
    3⤵
    PID:2728
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3652 -childID 2 -isForBrowser -prefsHandle 3644 -prefMapHandle 2576 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc4ce2b3-d0d7-4cb2-aeed-48c2b41c26a3} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" tab
    3⤵
    PID:2340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4508 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4352 -prefMapHandle 4436 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4514650-19de-44db-90ce-2e2076fffe7d} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" utility
    3⤵
    - Checks processor information in registry
    PID:4408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3640 -childID 3 -isForBrowser -prefsHandle 5252 -prefMapHandle 5248 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5a737cf-1b55-44f0-8d79-3e836a090ef5} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" tab
    3⤵
    PID:4500
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5428 -childID 4 -isForBrowser -prefsHandle 5504 -prefMapHandle 5500 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b4563fa-f198-462f-bad2-e7c7382a1f33} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" tab
    3⤵
    PID:3516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5708 -childID 5 -isForBrowser -prefsHandle 5700 -prefMapHandle 5696 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d232270-91dc-4e0f-bffb-2e50f33af127} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" tab
    3⤵
    PID:976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\activity-stream.discovery_stream.json.tmp

Filesize
18KB

MD5
222636d452e42180b1769e49b02d72f0

SHA1
91cea83bf97233088d928d66e623f5082c380d8e

SHA256
f754649292a46757064a3e0c3cc6ce34a8c3fadc711b2b4b6481117e91e944f1

SHA512
cf89e12efccf3e37c06b530c44ae5553122ad69a6b54b0185021758ba518404dec7eba433a8ad258a75c239524c854df4057797283ce7b052def0de0377d4de7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\cache2\entries\02B1C85BC65E874EBF467B83C6ACFB93AE959187

Filesize
65KB

MD5
f9355527f1d95fc294885d745b77b575

SHA1
577258986a6ea7e0aa2ae098cc9c080797ada393

SHA256
27fb568e4c581343635df8a97a8234356bcc15e03622dfc20a46d5f206b5b485

SHA512
22458169f7318ab9d1bf70b8376f7772b039431d1bd6c40f7ecd35f2b4099cae88f431f28aa43277cc728fbc9f661dce21f94a2561fa723734e5b00b53e44410

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\cache2\entries\03C5414C101F2F03E0251F68E14AC8998D89E1D8

Filesize
18KB

MD5
e30857da14502f4c416253eaa819a72c

SHA1
82625d8897dcc8f637b964a3d0c06d7508f55359

SHA256
a2e90b78fbc0d1503d3075d97738e73e363405d90d383a2ffcb9512b65741ac8

SHA512
8a9959ab353b348407c6e6fb5415fc4bdca5af14ad104401856a4239c21c1674dbd72ffc22411f22ae194b189b8da09f92b95fa3db76242a8f47640bddd8ccfd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\cache2\entries\2492994A253B970917AF5CDF605580B1C2DC16A0

Filesize
63KB

MD5
7bd968bde481d4ee5c5d6c25148b7d79

SHA1
2eaadb25f6d1b48da8494f0f4c49db103681d0c0

SHA256
90a8371a696c5bf4026a9d440844db677c9a72b2347f1c728702dfe6584a3a7d

SHA512
373e1e6ef8e66c458f91916e87221efac85e319086029438b2c5c5a801b44993ab93ee54158b6ca97b80087252df1ea574d06169bd5c0992424221fa1688751c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\cache2\entries\4BCF7D608B2663D7D1515223C0F13E5D72484770

Filesize
14KB

MD5
c1e7ee5d641733abe17f529a08616550

SHA1
439135c0c5714d8965fd2b75269b319b57e09da4

SHA256
17b5e4821495e7a90568d95785682486d742722b586e24ea60d77d0e703e54f5

SHA512
118fb66b8f4890cdec176003aba38d8b9cc27e1cb42f2c59873400f161255befa533fbd03dcbbc570639a4bc6894d462643158302634dc288e7660f055a92bf4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\cache2\entries\AF6E7B7DB9908D7B867517AC33D094ABD56E38F7

Filesize
14KB

MD5
7073f93333236150ad4b3e5385b58f5b

SHA1
74292740dd971edd80b4f89ab174ec75e56fc0b2

SHA256
0984d24a25456df1c9beecbf230fcd331472fbff1534e3765173d4db0c49cc72

SHA512
af1a53b684ecaa7e1e6b97a491111879e5c03f2395038121a6c7fa687850e1d5895b3a0e1221ad1fc59851fc3a6c282f32cf3ac691e1b7ee7c2a93d70506711e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\cache2\entries\AFEE38AA38427B711FFEE3E8F2C60029E5E7321C

Filesize
86KB

MD5
4080c958daf5a326d4eed02fc7b098b5

SHA1
e4c6ef8d97e17340667eada781798e7ce3ac7aba

SHA256
23ff41fc1d3f755ef71ccd318e77578335b7a30e4142cd9f75a88348a1443939

SHA512
f9a07a036b6df26db6b0b161955aaa940cf9cfa69674a23054d8ada40555c6e18d7ad25e1ae3be3685a6b6e6201ad013550c6836db48bb65eab86108e3742c2d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\cache2\entries\BF0923D6C9AC3F4148AB74C98E937ACD57DCEAD3

Filesize
16KB

MD5
f9c69ee8342eb6a9d6056f538c507582

SHA1
d854da83dab74d127415fcbf4fd0f3616e65946d

SHA256
03f03ac96540772a5d45e0e79924e9ab117fd02ff1b73e36f8912a465dfb765d

SHA512
1723277677047a892f87a2b3a66780d93756e33442654eeeb24c26ce3aec367207f01353d53438eb4ebf7fd496e240e08a3518e8afe83b97e2c670f487b10171

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\cache2\entries\C88FE6FE8ED0018995E76FB6B4CAEB37655B5835

Filesize
147KB

MD5
302f23a0bb0408815921aa1a8b5d2b94

SHA1
8fa74e98503789ab8392a78dfbdbf0412545e489

SHA256
406e413ba0bf2c70c0ecaaa9f5d4699a32d7f8b7c402c5b792d9333f2571b5d0

SHA512
23858adb64dc77e7705e231ae3d10e38cec0792633c3401cf07efd160bc52f68cc03dc9df0129aa52fd2ffb384369d32e92725d09a9dab1c8e91d97f693a0772

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\cache2\entries\E6C22A3DFCD18E3C6145370266896FF76AE3F7EC

Filesize
39KB

MD5
0ed146e9d8bd39e778ef97b6ae94c49a

SHA1
cff356844464be288db89095d5fccb26a3b896cb

SHA256
d01c9514a92124ded3a611398f62e12e560494e9ac59285654c0a0d07e3a840b

SHA512
0f4b3ba0572c0593a8ee74af82f81abce047164e74925de91efa79def6d83e2aae62e83ee33dbc36392b65e5e09a265ae22ae2d1404847cf2c40f77f3e1debb5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\cache2\entries\ECE281212C7D34C2D33214DAB8505B450499A76C

Filesize
13KB

MD5
e94a6ceede0507b6044a5beedc313037

SHA1
7ce2bad1d572cec57c7f4a1f3d33d456f700ef4c

SHA256
2dcf6b85d19f63af081452092961ba58ed9c0dd3a7c28659ae4c49e44d199bfd

SHA512
846d2a7aebe3cdbe89835c181b873e344d4ccedb0ffd0fdf3af45f337ab819267b0c7bdb243cb41dff678858befac38ef98729b4d442ff15738f946e96d4b6f7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\cache2\entries\F5A1FBDEF4E6F115791D6C8EF1598942067B8080

Filesize
14KB

MD5
1fb77000beaa29cba28cdf8735342070

SHA1
8b049aa30dff0f2700b7a03ec74f3541a2ffe7bf

SHA256
8812c10c8da58767bead772a83bcb0637f8691855009fca261c4504eb4d8ffcc

SHA512
25d0a8654e15c58e12641e99ec19f8e62af7f72cd8a7444b633f1a57d1194e8b92a20b8ae12e578c4847fa5074b42fdf317a83bb72310621a0734a44e83a9d17

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\jumpListCache\MsSvrBnfvw4YHVB_lvB+hylJIKQE2Gyb8sWjx9ouqcM=.ico

Filesize
25KB

MD5
6b120367fa9e50d6f91f30601ee58bb3

SHA1
9a32726e2496f78ef54f91954836b31b9a0faa50

SHA256
92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0

SHA512
c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\AlternateServices.bin

Filesize
8KB

MD5
61dc3dee81f360aa506857c2ef156cef

SHA1
8af0815b96ad02a07e121b2283c43833d7584bcf

SHA256
846004909041553876023978619319d20aedadc159dfe62389b3519756a5c743

SHA512
34f8dcda3186b586dd021d2f4eddfcdbb66e2b769dcad61ba0476a236458f68d14be24029f3e81a21bf660c21244ce4346a7deeb6cae0b329d566038f0fb176e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\db\data.safe.tmp

Filesize
40KB

MD5
06903ece0df6cb1ca21ec7dc9ede6a8e

SHA1
165e9b8c4a6c3e17076219c51194d300e2aa283d

SHA256
5fdc359250265b818d4b24ab31ffa40992c5ae60ffb0766f9b53ab98bba3d206

SHA512
7fd285b59d4cec1757eaee8d2f12f47d84792797108a7392c121817daa1d335b57ef6282ff739f998eafae50fdfac81c1662f78699a09f28022f573fc49cfd0b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
020f0d5eabf15c23a7f39a78025ddbc5

SHA1
430c0c1be3b374a38fd7180003f323b64cb15522

SHA256
8a85aedd311a210455c074e7c3b1becc22176e0e760597aa9f2b6cc1a1a91d20

SHA512
38c32631bb1ba98a9151659570e43946bbc99d32d039c4ba24a371e605b1e27167ceec45c73414d6e2563c6eb5889801202a23681d29faf8eead6778e5540de3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\db\data.safe.tmp

Filesize
40KB

MD5
4996dc68139ed21ed80b7a53f3098b2f

SHA1
1a51cfbb951b4f1a8cf673e1471591ed0045aa29

SHA256
49712debd95d61f467c33f7d2728429b5a13301a191734358a506b051e24fdf4

SHA512
588227a6337fec8ebab5c648345e4b865379a1d1e231fa6fc6b36ee64376922a3c0663ae84fc0c7747b65ef397c0a20f5c195bc15bb02737054296974695a713

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
4fff89a5cfaca333bf9e4846c1d5f352

SHA1
a2a2a6913256c0b2d4a13525a7ca855eb79c4704

SHA256
49483882f0830cafd05ab32a27a99436b90fd88d78fe521eada14d6a7725dc2e

SHA512
d86849a455d91a43317d15cbd034f3e13ae74f408a031ab09adc8ff4f116ea03ead582ae4ff9b60bc1b5c014df749cbc7483e1b73f9246eca5a4f31a657e721f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\pending_pings\6db106d5-7927-4ac5-9415-d8004dbe3cfe

Filesize
671B

MD5
25f13cb2d7e2fd84bb6b424ce05bd821

SHA1
e8a571ff92a2b71b6eabb12aa813ae6082dbaff4

SHA256
17dca9b07d5b30395f05ba8c623f4cecbf1d8f2fade87a751635d7707d8d0d30

SHA512
a4ba55edecd1c211b33a0edf0216631d56d09f296798f57542da6db09b3dd7d632e3cffd0cfbd9cc9ffbb1486116d5bdd0a35e8e3839b614c47bfd59eb29c8e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\pending_pings\bc36c2e9-38ba-4e78-8657-7830876ee98b

Filesize
847B

MD5
3fd44feb31a2bcb4bec5871f618afe68

SHA1
cddad4deed5d392b63f1a7e52159561d3a714c8c

SHA256
515c8bd14cad2281c2acac6766f600dcf4a5afbd584f3c1da0e48076889d17ad

SHA512
492ae69a0ceff8a42fd444d69fcb79ed0441ba88f77fa6ca408db727affe86602874df7edf84f461b6f54305400366cdfeafef9562ae80525de5bf69edd13349

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\pending_pings\ca621895-4dd6-4f35-86ee-e17d8db0e468

Filesize
1KB

MD5
a5f749a1abd781d5ed2aac932d1cd034

SHA1
2cc7cf957ac503453ccb531f93760d81eef85085

SHA256
5c8f60d2911b6e33974f7c48a2da8375fb2b0d0ccadb82d70b649b34f8122d79

SHA512
904549bb45fe37da1cd267f89415073410b4ab7e33ea3e524b499eb02075865e3a9cd12796a6e7bd8175e90112cc8a442ec7eb65ef9a11df9e2c17101c2191c7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\pending_pings\ea63a6a1-4dcc-4436-9051-100c7de65825

Filesize
982B

MD5
29bfae41351dd4903c48ca951d1685a2

SHA1
9bee5d2a39508d3ea487e066c231cf8b70e21850

SHA256
38415fdab0913cee18600a8425d11aebd4d89520e89d1fd67c588070005aa551

SHA512
a7fe122d224b95c553c85ef2974fb9877e604dddf065bff9707723e0fe896a36136c79608cfbbfce888cb8f3c3b62023b4e1f6a1a124b31f1e4def2f1fae4d97

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\pending_pings\fcb802dc-8ac7-4ef6-a8a4-940bb9eb51e9

Filesize
26KB

MD5
ec94d0c324bf9acba544ab7c2969ebff

SHA1
fa134d9ef0d700c27beaf6db46403a210a68283b

SHA256
7449d0d66719cbb1da04a352336c63c993cc00ee6dfae2a2a307a2100d390138

SHA512
b2b8e424e8f3c3df36f4c0a1dd907ef0870a03f43214ffbf4133e763f57f616df8dd5c2d345bc617f794d03774826eac4e5a0cd20fb1f490b5b88517466b90b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\prefs-1.js

Filesize
11KB

MD5
15cc7f4df40facf1feb86378a6110ed3

SHA1
706ba6cbe260eb3e2613bf319971e538d97142b9

SHA256
047310dc267d07cb3ad14d94633b741b5a69b9a04c5495a07053bd6c3afac0ad

SHA512
d7c0e70f89eca8030b1b049abb82766dd1dec4a18b643f205eb1f44a59eb0bcec977ba7af10e21e2aa2334da9514b5989de5ec16136430989d5e9c9b9f0fc11e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\prefs.js

Filesize
11KB

MD5
ecd78ce3a17e83725357eec1c4f97133

SHA1
07faa274d8951ea07baaf7a09a0c33927c7ae985

SHA256
08f4ed608a681bd47fcc78d56ee9437dcc5200957b876137b19c4b04e8e44736

SHA512
54266b63419a3a66ba61fe2dc55553e21e82086d49de0df837445c5a416787c6f88085db36f2fd6bc2159694e9706305187877b134aa502daa9a063bd910d901

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\prefs.js

Filesize
11KB

MD5
68d4c1b8b120b1f6e33f2d426f5d592a

SHA1
2396c7ba7b8d31ca569c56f594a74f0d5b659021

SHA256
71b1bd225ece6c7ec1baf171995db11833e9669b598fff00db0cc9e4c9a74b60

SHA512
9d8413a5ba705f9ab4e210c51075b26dafdafd0ea5d6adf6c9304cbdcd9c576ee4afc0597e85c1d274c14671a26235515c2a733e2ca6d5e989f7feedf421229e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\prefs.js

Filesize
11KB

MD5
456dd05a148a8b809ebeb66167959e51

SHA1
b4c6ebc0fb121187352affc6c6436e2c5102c252

SHA256
b0b0687c18dbee3436e5f864964155267504e0d4dc42698ba8474cb972c111ba

SHA512
d8ebc3931a1b5cd866d8c2cb8c6eafd17084efc49ae1cd340885b6cbddfebf1f41fa1289af36db42959129af661255080edf20055377d83d8bd7c86f3d150fa7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
3273915451b6aeb669e5b82b327cf0e0

SHA1
b9c4d62938557f8867fa650117eba5311da62a1a

SHA256
b3ab562a749f9a029a840121fff2acc8f487e3b6b7f43ac14ec82202e1c005ec

SHA512
9d9b5a8eef3fe097586551f248c0bab26cba3e21578187ba68699ca248e40093e514c643731078f550c566c78390a914bc1fa900ed4e672e1de921328ca79997

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
39988153f30d126ea74009f0a1e1dd73

SHA1
7fd52f44a04d46a4dc36742cfe907f35ee04c239

SHA256
d2541893cd033ee3076c82b950c476f99184449166f95ea398476c91a27a8526

SHA512
8dcd0ddcbf18608abe9108b0c9a6ac27b71a739895a022bae31a5860e8d5cc03b77498df8e86f8e5082fc82505a64bb5b64dd8bd86e97316b511d4eab1fb8c21

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
b5114dbb8527157fab15709cc76b85cc

SHA1
59a66f0df2720fef3db1861a68b6e9ca1a24c419

SHA256
04051bd62b41d221ef2409dd3ecf4732730282bfc954ef9150f9dd11c0d260bd

SHA512
8728f4075343610779303e240242a1d3a6671cb4db668fa0388a63f0055463a6872d3df13af315d3e3f3a80af43bbfa9d8e936466209a2e96218d32428b16197

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
263ac54e112e26ac05ac8618aafef46d

SHA1
d22a127e28ee5fe9a3c915fad712024eb8c93a67

SHA256
0f532771b7c40a67723fa8a2eba14b7795cb8e322e39841d15a55f0f0c313c03

SHA512
3307c99df8f10647ba478f0265ea9ac6e6f37e3fa7ec3b8abfb8ce4594e2afb9e696977d35160db2623e58f5151bbc993b9152a36551837e9a176d2ea6b84276

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
5beb43b9d3901e35dece497bb97841c6

SHA1
5110d3d61b1711a3f876b43f7be0bc7f75eeac46

SHA256
42c40acc60aa8b74bca75509ffe11528418bafa3918c70c33e1079402eeae470

SHA512
52c17516bfabcf5a12ad3d70adbce16f0ef61a06d199c85e6d3b71dacd1a8a7210a8e1ad57d986dc69a5898d45f91332bedc81347993d8fabd4b389b32305dff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
9040a655b97c0fbdfda2596171350985

SHA1
b9675be18821cc20fd4f27a10fad36857de4a2ff

SHA256
9b3f4d79b1f69a61f346cb4e906bf2e869b987755eb08223ea871faaae7aa201

SHA512
037b1077a6c1218507ccab1e0fe709aec841d8e2903a446cd32e34deba19820145a8018e6d021d5f1b95e03ccdcacfd3d33e19631238b024acd94bef84d650ff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
97f0899ec7fcd8831c368bdb5afcac91

SHA1
1d2be0f1cb117464d3477aed3ba0b3db7596e6c6

SHA256
978112bf2df9a94a2056cdf932c6cb23d0111b8ae805de0b7cc7033ede36ebce

SHA512
2e32a94c129a702b9d7c8253f8e674674dec7b4ea18efb621e5dd4088c51dd9d3c9167e8fb41f922c64f3ca8a52fd8c7be720db5463788b278060295881c4a02

Download Submit