hxxp://pin[.]it/6Tt5a6hAN

Analysis

max time kernel
262s
max time network
283s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/09/2024, 18:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://pin.it/6Tt5a6hAN

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	3868	firefox.exe
Token: SeDebugPrivilege	3868	firefox.exe
Token: SeDebugPrivilege	3868	firefox.exe
Token: SeDebugPrivilege	3868	firefox.exe
Token: SeDebugPrivilege	3868	firefox.exe
Token: SeDebugPrivilege	3868	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe
3868	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3868	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1648 wrote to memory of 3868	1648	firefox.exe	83
PID 1648 wrote to memory of 3868	1648	firefox.exe	83
PID 1648 wrote to memory of 3868	1648	firefox.exe	83
PID 1648 wrote to memory of 3868	1648	firefox.exe	83
PID 1648 wrote to memory of 3868	1648	firefox.exe	83
PID 1648 wrote to memory of 3868	1648	firefox.exe	83
PID 1648 wrote to memory of 3868	1648	firefox.exe	83
PID 1648 wrote to memory of 3868	1648	firefox.exe	83
PID 1648 wrote to memory of 3868	1648	firefox.exe	83
PID 1648 wrote to memory of 3868	1648	firefox.exe	83
PID 1648 wrote to memory of 3868	1648	firefox.exe	83
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 3252	3868	firefox.exe	84
PID 3868 wrote to memory of 1800	3868	firefox.exe	85
PID 3868 wrote to memory of 1800	3868	firefox.exe	85
PID 3868 wrote to memory of 1800	3868	firefox.exe	85
PID 3868 wrote to memory of 1800	3868	firefox.exe	85
PID 3868 wrote to memory of 1800	3868	firefox.exe	85
PID 3868 wrote to memory of 1800	3868	firefox.exe	85
PID 3868 wrote to memory of 1800	3868	firefox.exe	85
PID 3868 wrote to memory of 1800	3868	firefox.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://pin.it/6Tt5a6hAN"
1⤵
- Suspicious use of WriteProcessMemory
PID:1648
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://pin.it/6Tt5a6hAN
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1968 -parentBuildID 20240401114208 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f48b9c29-73a9-4c99-80b1-0e45e9579fb0} 3868 "\\.\pipe\gecko-crash-server-pipe.3868" gpu
    3⤵
    PID:3252
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2404 -parentBuildID 20240401114208 -prefsHandle 2380 -prefMapHandle 2376 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0cdc93a-1419-44d1-b92a-decd9efe0e3e} 3868 "\\.\pipe\gecko-crash-server-pipe.3868" socket
    3⤵
    PID:1800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3356 -childID 1 -isForBrowser -prefsHandle 3372 -prefMapHandle 3368 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c34f55c2-b3bf-4542-b2da-fe49a9c98a24} 3868 "\\.\pipe\gecko-crash-server-pipe.3868" tab
    3⤵
    PID:1612
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3636 -childID 2 -isForBrowser -prefsHandle 3628 -prefMapHandle 2684 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f191ca46-91d6-4d48-aa93-3eb02f8f83ee} 3868 "\\.\pipe\gecko-crash-server-pipe.3868" tab
    3⤵
    PID:4848
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4488 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4460 -prefMapHandle 4416 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {39a0398c-a643-4df9-a350-45416f237576} 3868 "\\.\pipe\gecko-crash-server-pipe.3868" utility
    3⤵
    - Checks processor information in registry
    PID:3988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5404 -childID 3 -isForBrowser -prefsHandle 5384 -prefMapHandle 5392 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {62510ef3-f580-41d3-829f-865953e2460a} 3868 "\\.\pipe\gecko-crash-server-pipe.3868" tab
    3⤵
    PID:4320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5516 -childID 4 -isForBrowser -prefsHandle 5596 -prefMapHandle 5592 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b6f03df-43c6-44b2-810a-d32d9d2aee30} 3868 "\\.\pipe\gecko-crash-server-pipe.3868" tab
    3⤵
    PID:4176
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5720 -childID 5 -isForBrowser -prefsHandle 5796 -prefMapHandle 5792 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d53c233-a228-48d0-a531-c44fc458bb10} 3868 "\\.\pipe\gecko-crash-server-pipe.3868" tab
    3⤵
    PID:1492
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3280 -childID 6 -isForBrowser -prefsHandle 2708 -prefMapHandle 5136 -prefsLen 27025 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e2586f9-4e04-4687-b8a3-f4a5bb750d46} 3868 "\\.\pipe\gecko-crash-server-pipe.3868" tab
    3⤵
    PID:4444
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3600 -childID 7 -isForBrowser -prefsHandle 3608 -prefMapHandle 3604 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a41a62b4-c386-4c80-a4bd-c49d6e93c6c2} 3868 "\\.\pipe\gecko-crash-server-pipe.3868" tab
    3⤵
    PID:4968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3592 -childID 8 -isForBrowser -prefsHandle 6432 -prefMapHandle 6428 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {680844ad-8e00-4252-8560-4ef39cab4ddd} 3868 "\\.\pipe\gecko-crash-server-pipe.3868" tab
    3⤵
    PID:4392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\activity-stream.discovery_stream.json

Filesize
20KB

MD5
aa14d764969e8e950f37e9ed53440649

SHA1
f2831b0eec47538256aebe6fecf6118e9b99bf08

SHA256
a24b2922a9350d40803e688f2b596a9196dd2ef1b961c6527cfe80cad614d2a6

SHA512
e1cae7241b69b02eff16c5f5b95957811ea09674b138181d2258b4fd61a70ab0d9d982e7dce78ae4ccff33ac5131abec64cb607312f5f035dab636af780c11dd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
fae833c938b547e6e292416127998d7a

SHA1
f4694735b74a9e3b0d1d00dab81009324b754d7e

SHA256
7c51fc23455382896330c43050df7641d3cf1eb2bc467700a65d1371c8a5228a

SHA512
60ea4309648701315e6d1486b020875124815b55ea88fc7801398b1445e1269b751116c21a36c1456f1e70b9e8abccb5ae83f391090cfe5086a6d75667eba922

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\cache2\entries\35C60A2B2D639C5F05CB6F13FE4B5F3D16566BE8

Filesize
103B

MD5
6e286e901b09badecc68b5e85d72581c

SHA1
13a8a30de743369eadb2d995a9c9286091ff55f4

SHA256
0440f1ad74445477497ee58102065c6f7d833ed06edf401d7cf99941ebf3abcb

SHA512
916d281b228ba76bfd9350e8902ce070a30daff4089a39ed593be68bd63144a5db51d1806a16bf071e6d6ce12f22d97a35bf8f46fdb751dec9847ef880c52214

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\cache2\entries\4419D650E61908EF14DEB87BCC7BB675CD19F421

Filesize
221KB

MD5
4a198e51f1b41d778761c7a372cc3083

SHA1
c6e9e6728d1ba427f57de543f87194db21d59b81

SHA256
615d84666876682c13a1858f8a737088112828d8d8c3762e7854e41a8479f1f4

SHA512
43916d7f2bb67fcfa2d8f0494188cac1054f67700255654d1c9e3a1bede633337ff1c1a53acfaccb2837552cb3aa5aad5c521869e30c9721466f93b246cf71f8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\cache2\entries\679242F131354C53854744B1D9DED45F7950F9A1

Filesize
301B

MD5
e6b29901ec68344d0469b40b6cc6c481

SHA1
43ed6d88b00adfbee7c8581946914062aae8cbf2

SHA256
3d4664b1d61a038adb22107725dcb7bdada48064fe7acef2552a6bdc8115a655

SHA512
55b66d9e7945d55c073aeea6e5f313ccbc1697406358ac6e6a5aa94815a5cddec645fae80b17e1b052a98ea6048a61fb7e12bd0c71d19545aba5ee2aed539637

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
15KB

MD5
9cca9fe4f36c4040476c0ba9f400c932

SHA1
aac3f3879dbc0627a70178f5970ddae160624489

SHA256
27d5661b58189b338c93ac50aee052d809f3cae5014c353b998e29b39a017b6f

SHA512
649d22b5620c32f3f4ff54336f9708ad479ee887daf18cc8d88312bd09fa6bb1038fac3465befeef7c555a5c44057d2d0ccb52a369b78302a5cf80425564c445

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\cache2\entries\7BFCF32544F467F973AF267DF4EB4842EDED0C1F

Filesize
15KB

MD5
d9d8814ad0b2e79a98bb3cdf2e04d1a4

SHA1
9fd8365e27338598554b13bf9280625d3d279dea

SHA256
67f423d052fb42b3efb2a759e725f899c0231cccb68c0e8f089a09ac10e6ccf0

SHA512
7983cdd448e235cadb84e463291a1e415d2cc3ace28e85c5c8a1bb5b87448b0f8d8f294082395bc0ec7ed5fb42c26889cc3ef901103f93bedee835c9e52f7996

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
b4d2365db42c576139ab4c816a1cd2b7

SHA1
12ebf52305ebf066a27eb3c44c320a17a34711b2

SHA256
5c4afe2de21e1fb3a54bc6e59b7366babfaa31be7ef468ec4f6c3393177b62c0

SHA512
6527d1c9d3e3ed53f251353ed8ebcb99e077f866ac34664d4387a5a24b083c8520d8a9fb3e26c304e65b560be7e8a27a3cb392670281b76a9375fbe42ce48409

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\cache2\entries\C5D4277BC3272FBD4C47E3DBB72E610644CF338E

Filesize
12KB

MD5
5ecb40ac3af90e197d03d09502969783

SHA1
a5620e7d7f6ae86e6df02f7cab887bd7c073b14e

SHA256
5aa522ccaf5a528cf4c841f54cccca9869c9b65345e5e18ca4b5d3a4d5f359b7

SHA512
823802d62142128fa049b2e9560f70e9cc7682c20d39d474fe863f128d669f9694835acd3c9b6c1ef32518587c0488174df0a0ccbc8633af488cb3fc7ec9fa70

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\cache2\entries\C886C15B36E63849FB9E86DCC97456303F590459

Filesize
192B

MD5
0e41df553a85f44c7a548bab57269c66

SHA1
01a951bc5faab41cd0ef7dae16cfac146a2fb3e0

SHA256
9c632856a9439c1c0e2e4e40a0402583eddb0567e8565abe6211d9784d7fe3d3

SHA512
98e033987019bcd27a93562f38f80921e7eacb95de46316286173543da2b46356873b311ea505775141fc6c13be4b5c61558436d2ccfce4e6f7dac580b58c0ce

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\cache2\entries\D01589937FD320446AC69CD4703A2CFBC053ADCA

Filesize
473B

MD5
50080b04be50dc22925631d3e71d2700

SHA1
d8433243b5046c0358eae5f9ce3cba713b41f661

SHA256
3273bfc070246f2ec89ea5cd2a5c4a11ac67717afaf807dc76adcb6ac8195003

SHA512
26e0aa505a133c2e9a51141ceacd9ecca988b41a5474df65cfc5854bfeffb684e2aa9c10208117c88eef32f856d27b3cda0387002854465523550983906579ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2E5HOVKTND5DZHZMZK6K.temp

Filesize
7KB

MD5
f197d20765e88b82b35e47979f6f712d

SHA1
9ec4debe60fe325514b91d442060377bb966990f

SHA256
cb7b5f94c98b489ce851a113a7b93db267eabc68807255e12a5f770669c9f186

SHA512
4ba801b024c8d4f70adf906f8f0f1576497fd0aa2aed130e190b7e80334086c48c1099bb9a049d7ce7102dc6c37f8293d57f436e5e399f1a498edcf6a954966e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\AlternateServices.bin

Filesize
6KB

MD5
dfa4536facc71a2c44c4873e37f120e8

SHA1
9d9da8a41e791cbe50a14d0c76ee445de5446c6e

SHA256
91f877766f0d24ed59b5cb98168f0f5cb1d215e0fe1610521a5fa341a8ca248a

SHA512
6bdeb5887d857acf682fe8ebee964d04195c267bc12bc75b52b01f620c342e872afc3aa72f10d03ec272863ecfebaf35395fe19d17876d06f3b50cc8b563c479

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\AlternateServices.bin

Filesize
7KB

MD5
1ba86b0f836318767b2b02a725099ba1

SHA1
e9856526c64537709a72cd0904fa009804a86eb3

SHA256
d7efa42feeb76bac868d7080f3798c262ab31b0d0db79f981c409cbb8132de53

SHA512
752c0c832eb426d292e4ec30900de3c14d8f53267e63291b309929f8016a84f8228dba43c10cbb4d5911ffc6eeae6dfa738e7815b22857c47f3689edb0b40ba1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\AlternateServices.bin

Filesize
25KB

MD5
43c82d8b9a6e6959751e434c29071a84

SHA1
cb4ce7a750bf5e2416f8a8c29ff833295513aaa8

SHA256
5a4ab3a9a52e7e88caf338d1d91c43a25da3d2cc2e99a58bcfa1402f4419c030

SHA512
b996dc6d6c22958b9bff915db7c9ac57060c169f57b9a6f66b7436fcb45ee6c310213896b2aa5bae04e88c5f3857dcffa04714e83c3213c23538c12568f16e15

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\bookmarkbackups\bookmarks-2024-09-09_11_NdKGFPK+Z5vemh7B2Vnvqw==.jsonlz4

Filesize
1007B

MD5
99ca4c546a7cc4573921b02b245e1e0a

SHA1
4babaf3eb9461f122c603da803218820f9967cb0

SHA256
9541677c9c2dfdf524d823523308bcc9dab1750254bbee8c218654fc3582d642

SHA512
862a948b1b18d72d338bf82daeb027539c8624a5a44100afe35e618be879f36555e3162966b049d3d7af7e7c46f14064614ee8e0e99d9211e15bd9f0fe1c2a92

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
98d935f47042bd79320a74144cef381f

SHA1
ca5a16fcca66f9e58c0e7129ed646df9332649de

SHA256
c6aa215f11b36fe8a96752f595bbd166d220fe9eb97101555af8dac0dbacd30b

SHA512
bbf721136b875b51222670445b072dcd5ed95c3e84dcf97f8ec3b12e275c1eaecb82a01e66ae439569f67abdf815b7eca5c110a04ddf23fc35cdd034cc58d963

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
4a941cf86cd4f62cb276b0981f431f7f

SHA1
71b839cae53beae7028a6d880b12ffa31d8068b3

SHA256
638a8e48cff66a00001be979649de7a970dd9d6b3841e459782841ef40e68f2d

SHA512
0a22886d741f06b368f030fdc38261a381767c03bf73a329866d0377a85a18853d35198cf79ae33185789bc53dfa6bb4bb463cb8300f70612a25a5915f7234c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\db\data.safe.tmp

Filesize
36KB

MD5
dd198bc1a156311b08e6b6ed31fd3bc1

SHA1
96ca1902353185a5b19e2f31ba1b2b215701a752

SHA256
e185cfe69cc65506eebcb1469c3afa06a386acf4c796ec9a358798e846e841f4

SHA512
085ab250a1b84b0daef245fe82e8e717ccf108480900a9b7f2cee03b4cc56d029f072cd4609b63c7c06e6f4adb96cf178ef94fd452d08f628d4b0c03dcb9c4f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\db\data.safe.tmp

Filesize
3KB

MD5
3b5e07a2a50be6a612c5657e935e9c49

SHA1
ae98725665f87125d1bffa3ff7c7d44178c2786a

SHA256
e958cd771a73d47a25b1589d952c32923f2145210acfca41c963173dcc78aa97

SHA512
d7ef19075e5fe10f6d445bbc3d33007b4a2aabcca98c9b723d46fdb45e7419b1b04319c782a7d225c89a4a39d38fea2234e02e1da3c2f6c38f5a33829e86eeea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\pending_pings\344c17f6-450e-4f90-a4f7-bbbdeeddbfc6

Filesize
671B

MD5
16fc7557b101499398dd71b9cafe85a6

SHA1
c3b044237c418c8475d9af471d9da8f6fbeb9c29

SHA256
fbcddb950f4e15dd9f7deba254b15f9a45739323f31fc6f534f6154734714de3

SHA512
534a0cea6030c077fed8928fdd83f7e7c12a03bac94e6b268c61fd5e2ab1fd0a2632c636968692b196f3f462e81829ff7fa099fa013dfdc2d6e1d87a166dac08

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\pending_pings\5ae8d2f9-af7e-4f4a-8441-22ba24f04b9c

Filesize
982B

MD5
9e907a2449fadcfed24c5f4d4affef14

SHA1
d794b3ee6ef3f6d9cb3e6fdbe4dbcf5d75fce656

SHA256
a8214cd6b24c78f98b99431088847e01b5744d23e54f4557a63c09140d9b94c6

SHA512
783b55693f9800d252524e716e9a5d518449660b647f7b48945ac795b6ad3c333dfa09d2a281a295034471c2d09cbcd5840903fe0cf97315a103c0aa1d25a659

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\pending_pings\db3ed05d-0550-4e12-a41c-6cfe9272a37f

Filesize
27KB

MD5
7ca880ce10e23d4efcd8819ae4c20f7c

SHA1
aeca05cb3deb8880f86bb794bbd2f27bcb96741f

SHA256
c5dbbc994b405fcf6232a557626500e4cc41a0af5c18cf1d69b2fdff02bdf7e6

SHA512
b1b306d551371a867cc35b5ab9a62af87681cbb2b44da5e9279eca5009a8f37837f859dcd5df9c1a855dc87a9c237de26980ed3982267f6e8acc112a0f24c701

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\prefs-1.js

Filesize
11KB

MD5
b18f808f3e290f35c3d52f096de55f74

SHA1
9d690cc94a70b48a97123d3b7fb942c926fb94c1

SHA256
b82d645a621ed8086145d139b1d250baad9c28107dbfcd08ce0dcb467b101aa0

SHA512
1f106ca6059acc4f6cdf792b7dd8941018784a08567ed3deb0a23346a39a2877c25275ac11eeec710491b63785fed5ba16d180b2976aa6a4295e2aea2e2fbc1e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\prefs-1.js

Filesize
11KB

MD5
c07048259a93e0f9e75883f5957afb2d

SHA1
ee92ef5ec4c84c88e3cfaaf9ec9e07a927a5a239

SHA256
c4fba80ad34608aa6b0cd3820c55470a275cc061aeeab888058612688e48c3a1

SHA512
e23bd8a0808e52e33eb1bdccfde1a7da8edbf9a4ba45b78c59635effbd04f7f93530654e5cf0ac45f58d70517763ae878895a28e3a14cb0eea1d2b781fe49a14

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\prefs-1.js

Filesize
12KB

MD5
732c965896ffddc7e3da1ad71bd2742b

SHA1
57096f8315fd76be7f951594c8100c26aced461c

SHA256
66603b12a7076455a2d49802abf1d4ed5403844b7d9e760951208c921dc82407

SHA512
0a6727a40b5cef80b087ea81c98571ac401adb30b97a254686953e9e6e6a955ca67c4eb8b4cdc5a036c2ef8ced30be82f6b202f9a075ec20e62b3b42e3a9028c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\prefs.js

Filesize
11KB

MD5
3e8f1103ce037efea779a56b59218306

SHA1
f04730e563fc184f5fe6db8bbfdc07e70628e574

SHA256
9e6957c2f51cd14000c3810fe281ea877c9410caa2c85eaf0b72983a03201ea6

SHA512
c32086c8d0f79e0311a55d1577ec5d98aa45a7dbd0f5df5165006241157c5db70f5eabaeca095ec1274b1d883a825301c236302ba14bec021ac90fbba881cc88

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
c7ddf8a4648e23516d00df180819e216

SHA1
58c0ded0aca1caccd150400409a0eb2d63afa80c

SHA256
ab87f79c5701bd088f2de63260182ef1e783c941b7305f18283eca35b983fbd7

SHA512
9ab596bae9399c6cf7f4d53922bf961ea5f8037003cb182e96512a215f43be416ff4c03a782856f9091cea789234cfe2c1d96d214af18fe60bbb6fcf2363abe4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
c596101949d75621742db721f576464a

SHA1
e19370b3d05216a0a83c81b683869724a8dc222d

SHA256
3044fef5c9cbc2e613e205f099e0084080410acc3acc199050095970c21653ce

SHA512
31968fc1f2ef96753e14544469910c535f0964dc560f74a1bf4d999d7c173661f8cd1dc4bc4f6fef3fb9200f2bfabd808d0fb233a0465458ae14a81ec8c7b105

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
2f390383e334bf3249649a742d01f696

SHA1
d4a0892e1d20848dfcc616f3c0a91b018dfcab67

SHA256
d27e242d52dfd1b428d318670f197e7a11a47ef542e8c876d16fc3c6c174276a

SHA512
43dfbc912c1302395f717d9e991196d624cddbf9803ebb9c2e169171edb5bfb64bc9d65fff812b20f0f77595b215345731183069449dd6158e5dea1ee0fce8b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
cbdf3e3aab2efd6a89a4430c9d8bd5cf

SHA1
8e81df77f3fe139fc1ff7c3966a8e0f03784a2ae

SHA256
1f0aebf81db37cf3343cc13fe2ba5ab1684fa5a3c790fe553ae5518c3e8062db

SHA512
26150ae3c1f0eb5311d2384ef39847c0d68cec312b31ba9d0d99fb140dbe5412c90136c520300351af88a1793bdbfac7f520ebca65a580bc8373034e3d6aa731

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
43274d67cd7d9e027daa09c5b7e9bf6b

SHA1
81722e7884b807761837cd6b3855f0d0e028ebd0

SHA256
586424758a1566f0bed935e404c614866ef280eca8cd3c2ba50705da99c2bd0f

SHA512
970b9775781038a6474d8565f17090a34af62ad682bcce5e319f6523480d0725d769a7aebf32a7a71ffd223eff65de33879452cefe17fe3756b048d403793e83

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
a1ec84524b7409b33dfca68f9b5cf08e

SHA1
5cf593836bb94d357125d569e995e4b34785f428

SHA256
ba047181f28378db1d2c7f01a44409f41010403f9ad1fb68fe3bad0d0930f8da

SHA512
083e5096676ab628d9c64030cb557c4d7869e16bc97b1a929601b9d507b1e0c69d384116e51c1aa25a8bbba856956610a2c92438cbb0d6a9955d26bce2954c47

Download Submit