Resubmissions

10-10-2024 19:45

241010-ygqgvatbmg 10

10-10-2024 19:41

241010-yeebsstake 6

10-10-2024 19:38

241010-ycmkdsshkf 6

Analysis

  • max time kernel
    144s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-10-2024 19:41

General

  • Target

    sample.html

  • Size

    21KB

  • MD5

    a1d5921a1d53a08d66a22e2eefdfe1f2

  • SHA1

    e840a6ff5e9f439334aa9e0858afec7abbe78d5c

  • SHA256

    3e3a0c2cbb2fe6b325f14d2c0a353647dcda20c3bc46d0e8da959ed47b702261

  • SHA512

    e95fad32e169a2aca7841eaf3adea6f30d187149dc2e15f0f8ebcbd50cc6cf86d8f49788651ffea8b35e844e28762ec64e573a369c805fe32530df6970aa2083

  • SSDEEP

    384:MPU1spa1ocy444lbGaYMvhpNMi98sHtjFro2REu4Y0wM1Ozf51xCejiw:MPUv1ocy43EajJpNn9V9FrEu4Y0wM14n

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Checks processor information in registry 2 TTPs 10 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\sample.html"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4316
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\sample.html
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • NTFS ADS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2080
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a0998eb-c002-4070-a153-28cc7e16a013} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" gpu
        3⤵
          PID:3528
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2404 -parentBuildID 20240401114208 -prefsHandle 2380 -prefMapHandle 2376 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22b1f2be-c0d5-4547-8834-0df58653518b} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" socket
          3⤵
            PID:4716
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2824 -childID 1 -isForBrowser -prefsHandle 2820 -prefMapHandle 2652 -prefsLen 24741 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1b54f54-e7bb-4e1d-bc96-fc83ee3f44e2} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
            3⤵
              PID:4480
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3324 -childID 2 -isForBrowser -prefsHandle 3700 -prefMapHandle 2728 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5ad6a67-741a-4241-84f0-98530ec51bae} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
              3⤵
                PID:2608
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4704 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4676 -prefMapHandle 4684 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {92cdc8b2-2ef4-4589-b932-8168984387d4} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" utility
                3⤵
                • Checks processor information in registry
                PID:1136
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5568 -childID 3 -isForBrowser -prefsHandle 5560 -prefMapHandle 5556 -prefsLen 27093 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f218c477-10ec-4b69-84c0-0c5e7172baec} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
                3⤵
                  PID:400
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5792 -childID 4 -isForBrowser -prefsHandle 5804 -prefMapHandle 5788 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {065069b7-28bd-471e-9e65-375c45cf1ba9} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
                  3⤵
                    PID:1732
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5940 -childID 5 -isForBrowser -prefsHandle 6020 -prefMapHandle 6016 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41ca56d0-88f5-4d80-9456-2e60dc818be3} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
                    3⤵
                      PID:1080
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6116 -childID 6 -isForBrowser -prefsHandle 6128 -prefMapHandle 6132 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {337a5ad8-e020-42c0-b988-675a7fb4ea17} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
                      3⤵
                        PID:2692
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6524 -childID 7 -isForBrowser -prefsHandle 6516 -prefMapHandle 6512 -prefsLen 27253 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7f56324-6423-435a-9c32-cdd6273b132d} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
                        3⤵
                          PID:2620
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2768 -childID 8 -isForBrowser -prefsHandle 3080 -prefMapHandle 6864 -prefsLen 28040 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67314e20-0a31-4f2e-b22d-19702b9cf7e7} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
                          3⤵
                            PID:1204
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4584 -childID 9 -isForBrowser -prefsHandle 4456 -prefMapHandle 4588 -prefsLen 28040 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ada5aaa-bc80-4e09-bbd9-9bb079a510a6} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
                            3⤵
                              PID:4488
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6684 -childID 10 -isForBrowser -prefsHandle 7368 -prefMapHandle 7364 -prefsLen 28040 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc771383-affb-4cec-ab1e-c577753ef38a} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
                              3⤵
                                PID:3676
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6064 -childID 11 -isForBrowser -prefsHandle 6088 -prefMapHandle 6100 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {02637284-ee44-4696-ab90-68b64e377db4} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
                                3⤵
                                  PID:5260
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3148 -parentBuildID 20240401114208 -prefsHandle 5584 -prefMapHandle 2808 -prefsLen 30614 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1302adf-108f-4bad-9639-ed01c1c067c9} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" rdd
                                  3⤵
                                    PID:912
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6056 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 7800 -prefMapHandle 3188 -prefsLen 30614 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddf4bfa6-8d7b-4aa3-bf84-818f95f4ed53} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" utility
                                    3⤵
                                    • Checks processor information in registry
                                    PID:2932
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7756 -childID 12 -isForBrowser -prefsHandle 7784 -prefMapHandle 7780 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5d59261-1033-46e0-baee-34e804a1f2fa} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
                                    3⤵
                                      PID:5072
                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5888 -childID 13 -isForBrowser -prefsHandle 5792 -prefMapHandle 5896 -prefsLen 30614 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4893ad55-339d-4759-b102-8d32e5d954fd} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
                                      3⤵
                                        PID:2212
                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7940 -childID 14 -isForBrowser -prefsHandle 7952 -prefMapHandle 7948 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {29d4fc3f-9a7a-40e0-99d3-e323ca03d22b} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
                                        3⤵
                                          PID:4512
                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4852 -childID 15 -isForBrowser -prefsHandle 4888 -prefMapHandle 4664 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f61d58d-3080-434b-85a7-cab02dde9850} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
                                          3⤵
                                            PID:5060
                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5792 -childID 16 -isForBrowser -prefsHandle 6328 -prefMapHandle 6012 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35a8aaa8-46c6-4fd6-95f6-f57f10d31710} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
                                            3⤵
                                              PID:5944
                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8452 -childID 17 -isForBrowser -prefsHandle 8444 -prefMapHandle 8440 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35103efc-b76f-452a-a01c-502d08fab514} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
                                              3⤵
                                                PID:4456
                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8568 -childID 18 -isForBrowser -prefsHandle 8676 -prefMapHandle 8680 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b94d1b7-631a-4796-8648-21f2c3574d7b} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
                                                3⤵
                                                  PID:1772
                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8756 -childID 19 -isForBrowser -prefsHandle 8712 -prefMapHandle 8708 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {56ec9c04-1b3e-4542-bbb9-c4cf738993dd} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
                                                  3⤵
                                                    PID:3424
                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9020 -childID 20 -isForBrowser -prefsHandle 8940 -prefMapHandle 8948 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {842348cc-d1c2-434d-b836-da8564829686} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
                                                    3⤵
                                                      PID:4256
                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8972 -childID 21 -isForBrowser -prefsHandle 8960 -prefMapHandle 8976 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1cc62a39-90b8-45cf-aead-10f1798bb27f} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
                                                      3⤵
                                                        PID:2404
                                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9320 -childID 22 -isForBrowser -prefsHandle 9172 -prefMapHandle 9232 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4da988c6-dab7-4169-b52f-1ff60f6d6930} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
                                                        3⤵
                                                          PID:6136
                                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3528 -childID 23 -isForBrowser -prefsHandle 7980 -prefMapHandle 3108 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33ff800b-b3da-4c04-8def-535c87030200} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
                                                          3⤵
                                                            PID:1332
                                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7968 -childID 24 -isForBrowser -prefsHandle 9508 -prefMapHandle 4656 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25547ded-cf6a-4a88-a44e-f2a7f0c05cbb} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
                                                            3⤵
                                                              PID:4428
                                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8540 -childID 25 -isForBrowser -prefsHandle 8504 -prefMapHandle 8500 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a02a2107-9800-40b9-aee6-4b2591567391} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
                                                              3⤵
                                                                PID:5024

                                                          Network

                                                          MITRE ATT&CK Enterprise v15

                                                          Replay Monitor

                                                          Loading Replay Monitor...

                                                          Downloads

                                                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\activity-stream.discovery_stream.json.tmp

                                                            Filesize

                                                            19KB

                                                            MD5

                                                            5b2ea43749900ebd73ac5ed6dd95188a

                                                            SHA1

                                                            14adbdcde87736447fc9d8cef7811bf8cacb5415

                                                            SHA256

                                                            147972b2565c084839cf30970b77024a882db1d67401980c8f87c54bc9ecc023

                                                            SHA512

                                                            906a9910f719a4bd2d7b010862efba0c14bc415cc6900bd7b3fa60bd3847e2342f3e7fe12f1fde6c7d3d8ee6d5dd99397b9dcb18b6979e1159e61cd72402bcd2

                                                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\entries\020F18A642442B8CF55FC8BD000D018C2ED7B610

                                                            Filesize

                                                            18KB

                                                            MD5

                                                            81b4c0632ee4c183239e4efe959f0875

                                                            SHA1

                                                            67dcdc5d994afc3601fc658b01ed1541169c95f9

                                                            SHA256

                                                            2085b8806a89651b7dcc2e6856f7077cd454e81732f704ad09831ddc6f4287a1

                                                            SHA512

                                                            044b9099b3d831c58bb58e49ba49211e3d1d483ac9049e9c182c953a59148c6e7a70f392fd410cc5922c2dbaaa8b87d11973fc95e5a1b28a85f9e000778d1825

                                                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD

                                                            Filesize

                                                            32KB

                                                            MD5

                                                            b2b1f8fd44a171cdd990ab13c21e32eb

                                                            SHA1

                                                            4bc6c5ac254d6c489097c5d92fe84a6cf27414ed

                                                            SHA256

                                                            ca4402eb6e4c80b5fea11e85d9858c14c8c2365e82dab5da7b2c8b0710e0d183

                                                            SHA512

                                                            cea1844b900157d1c64df15b0cf415d9e150f5ed85f29b9422c0d8e9ea39f2b0f9d624f28e4860b1b445eb4f290e1e34ad6bc733b25b733b07de5f8a5b34fac0

                                                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\entries\E341BFF0045E3E4548552FF65C55A11E31024F9D

                                                            Filesize

                                                            72KB

                                                            MD5

                                                            1e2310944bc6544aef27db17dbe6ee54

                                                            SHA1

                                                            2d0c75960682541502b4ea9bd580752bfe2fe84c

                                                            SHA256

                                                            4146c516b874d3ba07f48a58af0dd55fcc112083e5bdf1890981abfc74d42e8f

                                                            SHA512

                                                            b9b5c8f5220278e8cd10c4d1349d28b8d5ba92137fe88b2463d594584d6a8a05feae652ba4da1523f55a46752d4482e8e924cfca35047a5a3a10088d4523d02d

                                                          • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                                                            Filesize

                                                            479KB

                                                            MD5

                                                            09372174e83dbbf696ee732fd2e875bb

                                                            SHA1

                                                            ba360186ba650a769f9303f48b7200fb5eaccee1

                                                            SHA256

                                                            c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                                                            SHA512

                                                            b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                                                          • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                                                            Filesize

                                                            13.8MB

                                                            MD5

                                                            0a8747a2ac9ac08ae9508f36c6d75692

                                                            SHA1

                                                            b287a96fd6cc12433adb42193dfe06111c38eaf0

                                                            SHA256

                                                            32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                                                            SHA512

                                                            59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\AlternateServices.bin

                                                            Filesize

                                                            8KB

                                                            MD5

                                                            b30c909d4d672a330831c430e818d07e

                                                            SHA1

                                                            f63867d17bd196076df7c5c3ae29b8f9a4325365

                                                            SHA256

                                                            56535bd413014e7fb0a05a68ec748e90d2473dabb8937a7bdbc7e59ef15881c3

                                                            SHA512

                                                            d48ba0f09c2cba82ab193383b5775bb32ccd9076898086710ec66d13fcf71f355fc0bd1eaace275b1f2cb0245f651c3e3aef6095d0cf15c93dcbc13b7e9507ac

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\AlternateServices.bin

                                                            Filesize

                                                            13KB

                                                            MD5

                                                            df6e7145e5c2b0c6cd633f4203ca84a7

                                                            SHA1

                                                            fae1b6972081c3e39d7e7a63f02041bae3a5758d

                                                            SHA256

                                                            b1cad56c6b0ecc4761d45fa0676c3f18c87eae8ce4600187c13e477bff882a77

                                                            SHA512

                                                            5027d3c462b87a2758ee0813e90d5815426bb950432eb03c8a6f3706ae5fcb276c7718fbbbdb1265d0448ac302da03778f7d696d3315f6d3738d6639dd4547c2

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\SiteSecurityServiceState.bin

                                                            Filesize

                                                            5KB

                                                            MD5

                                                            35a4d62f6149a0b8dbb5e09172ebedf3

                                                            SHA1

                                                            2a3bb8fd2a380182bfbd820d7f81fd0d22bd8e86

                                                            SHA256

                                                            44806b9590995f9d21d2d63220875fd2e8ba4e088caf72cc6203bee2a500d216

                                                            SHA512

                                                            ccd13ae93ea6a36953cb3d1037b99c59f64270d4eaf8210509710dd70e7e9e5b9e0233f4b7d0cdfdf1a0d879309cedfc140203d648283040af168bc2dee4f09a

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp

                                                            Filesize

                                                            6KB

                                                            MD5

                                                            8d6dac6ce6b772ddfbab1a4e4595b513

                                                            SHA1

                                                            d46cbbcf810177bd24d60d6dc5e20897e110879c

                                                            SHA256

                                                            b109c73d10c1d8c25964aa44c95b31ab954dd1dd79eb6182b94e4a1192bc4935

                                                            SHA512

                                                            9bb0c59da8638bb9270f073a6ace50fc6ad9df272de237c2e9b0b54b3ecd23953839c596e7844999186d2d4372b89d39f9f4d92b86739d0ad99abdb4d8fa66d6

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp

                                                            Filesize

                                                            5KB

                                                            MD5

                                                            fac167ba4e969ad5e146720a3bd7dd91

                                                            SHA1

                                                            69be96fc786267fecc2dabca7af940e976832137

                                                            SHA256

                                                            3a09e81e58b280622e242d358136943a98afba19b694594cf3e4613b82b35ddf

                                                            SHA512

                                                            4778fa24adfc25449f6952ea25b52bcbb7a9c85d70d82305d068eee4f18311dd7e67fec08904d38ea9da8fb28ca9bef715b239953cd94143f68603263bdfb7d1

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\05f12669-8588-4f1f-baa5-9852d5b30ef9

                                                            Filesize

                                                            671B

                                                            MD5

                                                            ec0454d7b9233b6014c358b8247f9519

                                                            SHA1

                                                            fc8d5085cb64220c741800c7c9861e56caf2c7f7

                                                            SHA256

                                                            871e336cf39627eb832174d9cc0677304227090696425c810cb7d5f9ae88db5c

                                                            SHA512

                                                            3b50bd5bae7a543befb8fc8f97a56cc1f937fbd90036bfb092b24f736e798cf5fb85e4aa91d71483af1dfe4dd1af179f0fc73a08f5fdb2edd1b33a426fd3ba71

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\9cf452a3-3597-446f-9a3e-28aedba7d01c

                                                            Filesize

                                                            982B

                                                            MD5

                                                            cd083b8f53516b980809785e1265abc1

                                                            SHA1

                                                            a01c2aa114fef16585d366b485b29b58e4fc65ad

                                                            SHA256

                                                            cc2b3c5c2e63c71e422fb184d9ae6b18f4434211b31b9f6954d5331e0d3c3bf3

                                                            SHA512

                                                            851fdc701ab185be3b194459abb7628317c237a318a0d2a7b5a881313f71c5211cb7497a20f408d9adaede137018473e7a3f21e9aedf069b6304e66d9404b0a5

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\c99cc180-d5b0-492e-90f5-121fec10344e

                                                            Filesize

                                                            24KB

                                                            MD5

                                                            647d600ace9681be2253ceb20fa0deea

                                                            SHA1

                                                            b788f10adbb664f96dc99c18629a19c90bb4908a

                                                            SHA256

                                                            280e64eb962bc41512fe112be9442edeea888b72829c0e1a2d231714ab081b41

                                                            SHA512

                                                            da6a2e3dc6412c502c3992fbf2c62095f3a27d286ec5bdad827fdbc6e1e821a05a947f0e1f5efad8928bf6b585a4bbf537505821406c2e77b3e869b44b3671bd

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

                                                            Filesize

                                                            1.1MB

                                                            MD5

                                                            842039753bf41fa5e11b3a1383061a87

                                                            SHA1

                                                            3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                                                            SHA256

                                                            d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                                                            SHA512

                                                            d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

                                                            Filesize

                                                            116B

                                                            MD5

                                                            2a461e9eb87fd1955cea740a3444ee7a

                                                            SHA1

                                                            b10755914c713f5a4677494dbe8a686ed458c3c5

                                                            SHA256

                                                            4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                                                            SHA512

                                                            34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

                                                            Filesize

                                                            372B

                                                            MD5

                                                            bf957ad58b55f64219ab3f793e374316

                                                            SHA1

                                                            a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                                                            SHA256

                                                            bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                                                            SHA512

                                                            79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

                                                            Filesize

                                                            17.8MB

                                                            MD5

                                                            daf7ef3acccab478aaa7d6dc1c60f865

                                                            SHA1

                                                            f8246162b97ce4a945feced27b6ea114366ff2ad

                                                            SHA256

                                                            bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                                                            SHA512

                                                            5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs-1.js

                                                            Filesize

                                                            11KB

                                                            MD5

                                                            344eea8d341db0198d721d085af894b8

                                                            SHA1

                                                            785d045bd562a67b13d9d60f4507a7eedfb7d0f5

                                                            SHA256

                                                            4f324203be2aebd7429d15b01076e0ea96b6138705e596c4c52aef0432d39dbd

                                                            SHA512

                                                            9aa9943763002b0cdeabb66ee62395cc4f3eb541e06d8dc47f4b86dad99b37838c2513df985e60a89d6133942d99309f6a8aeafd6e3385534ba0c2cca073c681

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs-1.js

                                                            Filesize

                                                            12KB

                                                            MD5

                                                            994e41e875ee83458e460ad328b45e02

                                                            SHA1

                                                            1b5ef980e6a2fe4d8d33bac2a2ff47dcfc21ef83

                                                            SHA256

                                                            9b1c467554d455df5f646da9efa1258fd74c7fb48410c09ea8fb0ee13dc35080

                                                            SHA512

                                                            1022b53fe519799b9d4b6e048ca3ed9da8cc5c5925482e6362e3046619fe24b06f8b61bdc23286590de4900d695b936f973655c6a4a5c86105a181d018c539a6

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs.js

                                                            Filesize

                                                            11KB

                                                            MD5

                                                            f9408778850ac461babc9a0baefa7c54

                                                            SHA1

                                                            4450d75c7093702ed86fa1d2fae62dd639c5d3ef

                                                            SHA256

                                                            3410e412649df7db022f314c571df823ca591fd19a24b0ce5a28a2018f86bbe9

                                                            SHA512

                                                            810ac1c7a67108f8ecff25d8133b7388f0adb06f97ff45d5ccb1dc4766389c6b09cd078a400b7c9a1192e19862662f756f1da778cf31453d33bff646e3938422

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

                                                            Filesize

                                                            4KB

                                                            MD5

                                                            180265207e51e4ac2099db9f1207b28d

                                                            SHA1

                                                            1acaed9cf84c5071c4b9b7a3e56b6dc52b843fba

                                                            SHA256

                                                            f6d86020fde1f061dc343250f4180de488e683aa887adb6992177474b5abefba

                                                            SHA512

                                                            de5d367f1ca308b67b99867b067c3cd6b02f06c547a926a0371bf468cc89cd0e042d4dd43ae328a14da898b1cb80cc2d5631a56ad8164b7e1f9ac20eda4689fd

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

                                                            Filesize

                                                            4KB

                                                            MD5

                                                            7ba3898ab06fd139be6f1f1d7a0efe10

                                                            SHA1

                                                            9b73f280ebf2937a849b60c9be513b184605a519

                                                            SHA256

                                                            4f6122760b630e9727904fa3590790a6d69e3cac110366ed36e34f2ebd2c028a

                                                            SHA512

                                                            22720c0ae72becff944cca23a674702a9dd62a5dc93595972c16506407cf16bcf88cd328d930511b42cc53f5ba9d4c127136e0a7772f48b8428b7717d82ce62d

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

                                                            Filesize

                                                            7KB

                                                            MD5

                                                            ebac9b561544b935b25189b53853015e

                                                            SHA1

                                                            df9ed8b2f905633f0e63c6348986582f0255954b

                                                            SHA256

                                                            97151002c97ae2432b17ac67e2c67d66d5f6683ce7aa33940829b5a768bfcfe4

                                                            SHA512

                                                            694416c46748075086e0c45af8c2b07c8a9cc6ff074a92a429a10ddf04e9931b3c3a9962500dd15f7645e548ccfa272ab9deec7b04c82a5d1214e6a5f7a6cf65

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

                                                            Filesize

                                                            12KB

                                                            MD5

                                                            bdca98d29ff9aa79f4fa9100d04606d8

                                                            SHA1

                                                            a08e6c85e98581b737cd7534500770eaa5d3088e

                                                            SHA256

                                                            90d76abdc469e2324ce9695bceaa4e31eed590b80f438083d3b9f9b25c867182

                                                            SHA512

                                                            c298c976b4396f8600e3f34c4c25b06833fb5df9b1a57719573ad771d9f873e6c645e930b598e22d3d827ddf337b869c8d188e486931b95d7e19b62ebd44ca15

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

                                                            Filesize

                                                            4KB

                                                            MD5

                                                            0c7e3052d5cc09bde29f59659953660b

                                                            SHA1

                                                            e8e1931311d14434e3bc8a4610914b87dfd59d15

                                                            SHA256

                                                            b57fd53635bf83bfb00dc6b73448434379a37a0009ede33f0d2271302fd5770b

                                                            SHA512

                                                            1d0d32918ecac7467771113d75eee3e9482d6176c7882ee56808adbf2e079470aa37cd3a5c69eae515b82dc88988cd5bc8969a54aaadd4b8aa627cf1b097ae62

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

                                                            Filesize

                                                            3KB

                                                            MD5

                                                            0008e960d427ea5cb1af0d9dd51b2c23

                                                            SHA1

                                                            b2cd4dc2e6c4a15f219755347c40732f5e754ca5

                                                            SHA256

                                                            e563c22771bc16affd27826d6b0a37720ec7a57abdc68cbfa549d7b04638463f

                                                            SHA512

                                                            1666b5d64fdb6815d93ff53275215da74a73aa18057ebb583f7ff0403733653a9f13454aaf2c81744f4b7847232a136fef95ea28bdf1415111113e1e772b7f63

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

                                                            Filesize

                                                            8KB

                                                            MD5

                                                            241cfc2f97bd3d40e9ca6806a9958873

                                                            SHA1

                                                            a50b370cf3b147bcf78015ba8f81ebd92a5451e4

                                                            SHA256

                                                            486d414c9e6c15ca00e1a84f7f84cf63c9730714e85bba2fbd61c630f2da873f

                                                            SHA512

                                                            6155e50c7c8d1026ca212b4e5ac3c13cc9b511a9613dbb21380f8e3b24fce0e1469c27da38b25613f2a26603ee2bc56c5c5462e417de1921e68117c820d05fbf

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

                                                            Filesize

                                                            13KB

                                                            MD5

                                                            2d344c24bc10ac8f59ee1a7610eff934

                                                            SHA1

                                                            5d05a2e45eaaeb6063d54f75ca081898110217ba

                                                            SHA256

                                                            5185ac41a86e7948040b8c91f4f8eb4704bca6d0cfb4ebb5c144066352783ceb

                                                            SHA512

                                                            9821246e67d90df44b7db89746b315085600fc7a18f510e3d88bdefc8459127759edd3098416b40459d35be614111e3509ebfc953099158301329dbdf509a673

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\storage\default\https+++uk.news.yahoo.com\idb\2699850710arretvircelse-.sqlite

                                                            Filesize

                                                            48KB

                                                            MD5

                                                            b90acc36e864d5996f773147c3f118ee

                                                            SHA1

                                                            f55a14ba2f743e65eed43664dcec8159ccf33fbc

                                                            SHA256

                                                            3bef08a35df23bf68b137da7db588cbfbde71c35a6dc73be5b29f983cd11630d

                                                            SHA512

                                                            176094cd1c7bb02debc9622624faff7b1380650bdf1621f1712d985bb63aabaf71bbf2fc703950295e751f20beb140dd036eabe6cd5973de509705de3603bfee

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\storage\default\https+++www.ask.com\cache\morgue\146\{6aa27784-e54c-4d90-82b5-cb0d37bc2992}.final

                                                            Filesize

                                                            84B

                                                            MD5

                                                            f629befe58358986157e2e6b485d7be9

                                                            SHA1

                                                            bf75fdd0f2d8e883955dc017ccd5b7c4607791cd

                                                            SHA256

                                                            65af7332ca41bca7116593799170965999490c6ffa086d0e6cbc36f508d27fc2

                                                            SHA512

                                                            059a91dab00b1fafb880a84f6391097f07c423970f0f70fa80ac408c06b8325f69f3d297e60ed90e6876e40f7161bc5a8a1b759abf9e56dc294b29f78ef6017f

                                                          • C:\Users\Admin\Downloads\Bon.IbAJ3fGQ.zip.part

                                                            Filesize

                                                            49.8MB

                                                            MD5

                                                            65259c11e1ff8d040f9ec58524a47f02

                                                            SHA1

                                                            2d5a24f7cadd10140dd6d3dd0dc6d0f02c2d40fd

                                                            SHA256

                                                            755bd7f1fc6e93c3a69a1125dd74735895bdbac9b7cabad0506195a066bdde42

                                                            SHA512

                                                            37096eeb1ab0e11466c084a9ce78057e250f856b919cb9ef3920dad29b2bb2292daabbee15c64dc7bc2a48dd930a52a2fb9294943da2c1c3692863cec2bae03d