Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://www.eicar.or...

windows10-2004-x64

10

Analysis

  • max time kernel
    131s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-12-2024 07:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.eicar.org/download/eicar-com-2/?wpdmdl=8842&refresh=674ffde69f5101733295590

Score
10/10
microsoftdefense_evasionevasionexecutionimpactpersistencephishingprivilege_escalationransomwaretrojan

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 2 IoCs
    evasiontrojan
  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Disables RegEdit via registry modification 2 IoCs
    evasion
  • Disables Task Manager via registry modification
    evasion
  • Disables use of System Restore points 1 TTPs
    evasion
  • Downloads MZ/PE file
  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 64 IoCs
    persistence
  • Modifies Windows Firewall 2 TTPs 1 IoCs
    evasion
  • A potential corporate email address has been identified in the URL: [email protected]
    phishing
  • A potential corporate email address has been identified in the URL: [email protected]
    phishing
  • A potential corporate email address has been identified in the URL: [email protected]
    phishing
  • A potential corporate email address has been identified in the URL: [email protected]
    phishing
  • A potential corporate email address has been identified in the URL: [email protected]
    phishing
  • A potential corporate email address has been identified in the URL: [email protected]
    phishing
  • A potential corporate email address has been identified in the URL: [email protected]
    phishing
  • Executes dropped EXE 1 IoCs
  • Impair Defenses: Safe Mode Boot 1 TTPs 1 IoCs
    defense_evasion
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Detected potential entity reuse from brand MICROSOFT.
    phishingmicrosoft
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

    defense_evasion
  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • Makes web request to EICAR website 1 IoCs

    EICAR Anti-Malware test file, used to test the response of AV software.

  • Checks processor information in registry 2 TTPs 12 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Interacts with shadow copies 3 TTPs 3 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Modifies registry class 1 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 9 IoCs
    evasion
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.eicar.org/download/eicar-com-2/?wpdmdl=8842&refresh=674ffde69f5101733295590"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4000
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.eicar.org/download/eicar-com-2/?wpdmdl=8842&refresh=674ffde69f5101733295590
      2⤵
      • Subvert Trust Controls: Mark-of-the-Web Bypass
      • Checks processor information in registry
      • Modifies registry class
      • NTFS ADS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:392
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1992 -parentBuildID 20240401114208 -prefsHandle 1920 -prefMapHandle 1912 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48f1c240-6533-48e3-b418-7c9e2e26fcaf} 392 "\\.\pipe\gecko-crash-server-pipe.392" gpu
        3⤵
          PID:4608
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2420 -parentBuildID 20240401114208 -prefsHandle 2396 -prefMapHandle 2392 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab477b70-afef-439c-9748-f6587ed6a510} 392 "\\.\pipe\gecko-crash-server-pipe.392" socket
          3⤵
          • Checks processor information in registry
          PID:2436
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2972 -childID 1 -isForBrowser -prefsHandle 3228 -prefMapHandle 2968 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30bf16a0-1218-4a8d-8ccd-107cf2e0f6cb} 392 "\\.\pipe\gecko-crash-server-pipe.392" tab
          3⤵
            PID:2420
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3900 -childID 2 -isForBrowser -prefsHandle 4084 -prefMapHandle 4080 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c01c7205-4a9d-4818-b1bb-33a44e33cc2d} 392 "\\.\pipe\gecko-crash-server-pipe.392" tab
            3⤵
              PID:4392
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5052 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5044 -prefMapHandle 5032 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83ac2c00-9da5-4005-9bc2-9d71b3d1422d} 392 "\\.\pipe\gecko-crash-server-pipe.392" utility
              3⤵
              • Checks processor information in registry
              PID:1020
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5204 -childID 3 -isForBrowser -prefsHandle 5148 -prefMapHandle 5016 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae3fd54d-7fd3-489f-9b52-52c5f89420f2} 392 "\\.\pipe\gecko-crash-server-pipe.392" tab
              3⤵
                PID:4924
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5392 -childID 4 -isForBrowser -prefsHandle 5404 -prefMapHandle 5216 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9cc1bfef-81fb-4c5a-bc8b-114f84f64aa3} 392 "\\.\pipe\gecko-crash-server-pipe.392" tab
                3⤵
                  PID:1728
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5540 -childID 5 -isForBrowser -prefsHandle 5548 -prefMapHandle 5552 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {13b53e77-47a1-41a1-93f1-69ab186d9d26} 392 "\\.\pipe\gecko-crash-server-pipe.392" tab
                  3⤵
                    PID:1584
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5416 -childID 6 -isForBrowser -prefsHandle 5356 -prefMapHandle 5408 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2d1dd91-ae0f-49fd-8079-02c33ed76408} 392 "\\.\pipe\gecko-crash-server-pipe.392" tab
                    3⤵
                      PID:4472
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5336 -childID 7 -isForBrowser -prefsHandle 5172 -prefMapHandle 5316 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {39631633-59e7-435a-abb4-059cf6ef0c93} 392 "\\.\pipe\gecko-crash-server-pipe.392" tab
                      3⤵
                        PID:2156
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6628 -childID 8 -isForBrowser -prefsHandle 6712 -prefMapHandle 6748 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {462306ad-f95d-4643-894c-a35f85b97cb3} 392 "\\.\pipe\gecko-crash-server-pipe.392" tab
                        3⤵
                          PID:4924
                        • C:\Users\Admin\Downloads\Annabelle(1).exe
                          "C:\Users\Admin\Downloads\Annabelle(1).exe"
                          3⤵
                          • Modifies WinLogon for persistence
                          • Modifies Windows Defender Real-time Protection settings
                          • UAC bypass
                          • Disables RegEdit via registry modification
                          • Event Triggered Execution: Image File Execution Options Injection
                          • Executes dropped EXE
                          • Impair Defenses: Safe Mode Boot
                          • Adds Run key to start application
                          • Checks whether UAC is enabled
                          • System policy modification
                          PID:3508
                          • C:\Windows\SYSTEM32\vssadmin.exe
                            vssadmin delete shadows /all /quiet
                            4⤵
                            • Interacts with shadow copies
                            PID:4752
                          • C:\Windows\SYSTEM32\vssadmin.exe
                            vssadmin delete shadows /all /quiet
                            4⤵
                            • Interacts with shadow copies
                            PID:316
                          • C:\Windows\SYSTEM32\vssadmin.exe
                            vssadmin delete shadows /all /quiet
                            4⤵
                            • Interacts with shadow copies
                            PID:980
                          • C:\Windows\SYSTEM32\NetSh.exe
                            NetSh Advfirewall set allprofiles state off
                            4⤵
                            • Modifies Windows Firewall
                            • Event Triggered Execution: Netsh Helper DLL
                            PID:2476
                    • C:\Windows\system32\vssvc.exe
                      C:\Windows\system32\vssvc.exe
                      1⤵
                      • Suspicious use of AdjustPrivilegeToken
                      PID:2912

                    Network

                    MITRE ATT&CK Enterprise v15

                    Reconnaissance

                    Resource Development

                    Initial Access

                    Execution

                    Windows Management Instrumentation

                    1
                    T1047

                    Persistence

                    Boot or Logon Autostart Execution

                    2
                    T1547

                    Registry Run Keys / Startup Folder

                    1
                    T1547.001

                    Winlogon Helper DLL

                    1
                    T1547.004

                    Create or Modify System Process

                    2
                    T1543

                    Windows Service

                    2
                    T1543.003

                    Event Triggered Execution

                    2
                    T1546

                    Image File Execution Options Injection

                    1
                    T1546.012

                    Netsh Helper DLL

                    1
                    T1546.007

                    Privilege Escalation

                    Abuse Elevation Control Mechanism

                    1
                    T1548

                    Bypass User Account Control

                    1
                    T1548.002

                    Boot or Logon Autostart Execution

                    2
                    T1547

                    Registry Run Keys / Startup Folder

                    1
                    T1547.001

                    Winlogon Helper DLL

                    1
                    T1547.004

                    Create or Modify System Process

                    2
                    T1543

                    Windows Service

                    2
                    T1543.003

                    Event Triggered Execution

                    2
                    T1546

                    Image File Execution Options Injection

                    1
                    T1546.012

                    Netsh Helper DLL

                    1
                    T1546.007

                    Defense Evasion

                    Abuse Elevation Control Mechanism

                    1
                    T1548

                    Bypass User Account Control

                    1
                    T1548.002

                    Direct Volume Access

                    1
                    T1006

                    Impair Defenses

                    4
                    T1562

                    Disable or Modify System Firewall

                    1
                    T1562.004

                    Disable or Modify Tools

                    2
                    T1562.001

                    Safe Mode Boot

                    1
                    T1562.009

                    Indicator Removal

                    2
                    T1070

                    File Deletion

                    2
                    T1070.004

                    Modify Registry

                    5
                    T1112

                    Subvert Trust Controls

                    1
                    T1553

                    SIP and Trust Provider Hijacking

                    1
                    T1553.003

                    Credential Access

                    Discovery

                    Query Registry

                    2
                    T1012

                    System Information Discovery

                    2
                    T1082

                    Lateral Movement

                    Collection

                    Command and Control

                    Web Service

                    1
                    T1102

                    Exfiltration

                    Impact

                    Inhibit System Recovery

                    3
                    T1490

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\activity-stream.discovery_stream.json
                      Filesize

                      22KB

                      MD5

                      4ab9c1a08d384312cc1e3f2542652e83

                      SHA1

                      f5f9dbd2aa4811575a5b50e3823615f8d332b478

                      SHA256

                      f639f57e61c5daf0ab61ddca906d6d36c43d7d4bdd6f55fe6bc0361c22465798

                      SHA512

                      959fabb383c3dbda6ad5e8b37ca4e1309475c923c6c2cc3093be82f61a0e017ca09007bfea3d7b30798adc998353d69f8b3ae436318f6ee51c314327a08074a2

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
                      Filesize

                      15KB

                      MD5

                      96c542dec016d9ec1ecc4dddfcbaac66

                      SHA1

                      6199f7648bb744efa58acf7b96fee85d938389e4

                      SHA256

                      7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

                      SHA512

                      cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41
                      Filesize

                      15.9MB

                      MD5

                      0f743287c9911b4b1c726c7c7edcaf7d

                      SHA1

                      9760579e73095455fcbaddfe1e7e98a2bb28bfe0

                      SHA256

                      716335ba5cd1e7186c40295b199190e2b6655e48f1c1cbe12139ba67faa5e1ac

                      SHA512

                      2a6dd6288303700ef9cb06ae1efeb1e121c89c97708e5ecd15ed9b2a35d0ecff03d8da58b30daeadad89bd38dc4649521ada149fb457408e5a2bdf1512f88677

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                      Filesize

                      479KB

                      MD5

                      09372174e83dbbf696ee732fd2e875bb

                      SHA1

                      ba360186ba650a769f9303f48b7200fb5eaccee1

                      SHA256

                      c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                      SHA512

                      b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                      Filesize

                      13.8MB

                      MD5

                      0a8747a2ac9ac08ae9508f36c6d75692

                      SHA1

                      b287a96fd6cc12433adb42193dfe06111c38eaf0

                      SHA256

                      32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                      SHA512

                      59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin
                      Filesize

                      8KB

                      MD5

                      1b41a9c9685efdf7aefac16bb8ddd56c

                      SHA1

                      914ed098e698371829c5ba49139ee739d12b3738

                      SHA256

                      b927cf608ff2b6b2b68b49367ccdcfd861b0ef8a961f57d7c9b20275879043e5

                      SHA512

                      10216d864fbb17179b19dc5e121b93ea0e7bac6d4d3a6d865a03310233584d4da5b9e94abd56e84cc9040474c6da7b493a64bb0c2a656d8a06aa6f8810c7623c

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin
                      Filesize

                      11KB

                      MD5

                      854019252ceefc445584351bc6263ec1

                      SHA1

                      eb390c271a1725741f1db10f18a11ad5d55f5b91

                      SHA256

                      8ed1d0540c68f06922734619ace7bb07878600739c81a527304847d1f48cbb9e

                      SHA512

                      27458162de8785f88928636cb785bc3b9704209330e50365d5074794512714aac701b57a6738d38967c138587162c2fc4818e9b58fca6e1848bab59cc27bf62f

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp
                      Filesize

                      5KB

                      MD5

                      3d30c98b98570d721a02d8ca19aafbf3

                      SHA1

                      500de325b446c346a67191b76740570324408f37

                      SHA256

                      04a49878d5a5c5a3e42fd21231d813f4e17b862c9ba4914859fc10acba03b715

                      SHA512

                      cc04cd2f569fffc4a4fdd4be51150bc28bb987823fa89f3d588da7938ff931df5eb4882869c286d982faaa3ee0c9ea30799e2531e6f8d08b1f5beb54e7070d52

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp
                      Filesize

                      27KB

                      MD5

                      f962c4e1f4d7f8f7f689426f2b0d5ea8

                      SHA1

                      790f621ff1bf83278fabf7b5d2dae426dc19d510

                      SHA256

                      2c29039514a1ae23796992390518751f1e729f3c62fbc4641463758efd4ce17a

                      SHA512

                      7c4344076d4309794a75658730dd3e5c3e3d289f0613384d33bf288ec899574c8652cd5d8a7590d06336eec897e7f5ba541ade95fde23662954279f06f58e3cb

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp
                      Filesize

                      27KB

                      MD5

                      98c604071d81fd9db2e339aa2858ac4b

                      SHA1

                      5fc0b02981d35fc8ff92ca77d29279246d7892df

                      SHA256

                      91c01542329342107897f056e641b7e3c30ad3a3ea8407393a47271fcedb1615

                      SHA512

                      e29a8298d9df0cf6c15e5463cf4e54eeb4fc0b3a6088573f03c31826b1fc4266e57def30aeee0aaa3e0e70160c3c2326afb66ec94872a8baf394c5a20afbc763

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\0e79ec3d-b143-4ff7-aa9d-47919a904753
                      Filesize

                      25KB

                      MD5

                      ca5fc837fec6ec9324212e5933928e25

                      SHA1

                      eec2ba03e6f19732cacefd1de334cc1035aeb79c

                      SHA256

                      f9307d286ee13dd4c2f0116d41307d2dad763b51f6705d77b1aecec66c2371ba

                      SHA512

                      47bddab44e136c7281c09016f36c5d2073ba02fe326b5000be2a02d8d80d059598185cf951a1931a9943ec2455d4133e196da6b90bfc0848c305fa3f1bc987ed

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\5c369640-a5d0-4e47-bbaa-5210ef826810
                      Filesize

                      671B

                      MD5

                      5ab533318948bf8fc5585fcd0656fbb5

                      SHA1

                      406faaf9d9a6044e9bdcc250fbf36b57f11e975c

                      SHA256

                      1fec54adc90b7da123edc45aef800726658841e05bc575ac787616f022531ffc

                      SHA512

                      756ec78aabaa0e634097923dcc1fd3a4e4aafb57abed3c38bdac8d532e1bf3ba07b32b12d93214c9050954205db365542558c993b5c42febb26b6eb227ea4cf7

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\6909df5a-5669-46d5-8d44-fa664ce422ab
                      Filesize

                      16KB

                      MD5

                      6c3fed39e8eefb1386806bf77d50dc3b

                      SHA1

                      4c0a82dde9ffe83df5ae29714fa7d211bbb3aa30

                      SHA256

                      7f0e31cf674aad9e259392b12d2110fc50ca86bc789c4773dcdf8d742434bc05

                      SHA512

                      0d1ff328a0a3f854024aff38b3817e5e1347f3db8edf2707c441c0d31c16dea41c48d8d9588b8e9ee533717a58d2b548f3a372df447793daa82ec90b56bd5383

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\715ee576-ef9e-49db-9456-4ea0c5f0dd84
                      Filesize

                      982B

                      MD5

                      03895b859864e445309fc4115a647a0a

                      SHA1

                      6a4e1734328fa6c9b3be664d48f23cdf180398c5

                      SHA256

                      dd71c988acda055a36004644470d122e468962c5ea2857d7600244badc323a48

                      SHA512

                      1f534b20af62738091ea9585d9b7b2beb8f0c7ba5a09117382bc8071fd0aa0178b32627b1161ca4adec22f03941030b75cd9fdfba89fc5292c643761e6df1ca2

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                      Filesize

                      1.1MB

                      MD5

                      842039753bf41fa5e11b3a1383061a87

                      SHA1

                      3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                      SHA256

                      d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                      SHA512

                      d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                      Filesize

                      116B

                      MD5

                      2a461e9eb87fd1955cea740a3444ee7a

                      SHA1

                      b10755914c713f5a4677494dbe8a686ed458c3c5

                      SHA256

                      4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                      SHA512

                      34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                      Filesize

                      372B

                      MD5

                      bf957ad58b55f64219ab3f793e374316

                      SHA1

                      a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                      SHA256

                      bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                      SHA512

                      79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                      Filesize

                      17.8MB

                      MD5

                      daf7ef3acccab478aaa7d6dc1c60f865

                      SHA1

                      f8246162b97ce4a945feced27b6ea114366ff2ad

                      SHA256

                      bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                      SHA512

                      5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs-1.js
                      Filesize

                      11KB

                      MD5

                      ee6430ef0b477c059bc1792f4150194d

                      SHA1

                      86d9231edd43ee78f0fb09a12fc440619b4ab634

                      SHA256

                      b6e767e86e023bfb99512d46928f749d60ca66a749e32e327449bc980bafeeb8

                      SHA512

                      d3ba966a74f14d3f63b0dd7d3362d7002a238a13bbc17ddd8c9051322a6e52bb571b0b52b7a05f6fe5acfbec8630b6d221ea3dbfab5275b93f16906613389b19

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs-1.js
                      Filesize

                      11KB

                      MD5

                      de351b1fcbc48657116510c6f1e73e6c

                      SHA1

                      9e36b43cd5b376ea2bafc7c92516a99756a515d8

                      SHA256

                      bb26ade4fa88f8e1240866af2038fb73e8ada9ab0ff8d39999d8e01e4e6b7bf4

                      SHA512

                      e068ebb85077ec3c083d73d1bdf72cf273dc6fcc709a5bf8825d54138c767a262e9d7111c9416c9c7ff0fb1b09838a5b1d330cedb6c2ccbb083d7eb2c8e21bf8

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs-1.js
                      Filesize

                      10KB

                      MD5

                      c79fcb16aa99c84fb3d7a44fe4b857e5

                      SHA1

                      7ca1d0e3eac56a5bbe6c61f77da69a75ef4ad15f

                      SHA256

                      b831e1faffbadc98eaa87d3216c0ab86238e6ba037f525dd23e3c7bc81939869

                      SHA512

                      e2ddca4b5827eae698c827757d2c7618a1f7ea96f2a74da054a0bf0f499a6a01326dc77fc7c37816997754cf48bb89234a3945eb21156cd2cf079a03ebccc41f

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs.js
                      Filesize

                      10KB

                      MD5

                      61f2fbf7f90e52ce617766db11941700

                      SHA1

                      ab0df6fac65b0ede03f3281514495758744d56d2

                      SHA256

                      b077945e07f395378d1b9c5958aaa86fcc8a631a66f27c6a9b73dc87c8d92a1f

                      SHA512

                      c2d8b150ee6a7e153a84f6aeab85fc4548b8c62bfd5cccad5b92b948531ebf7ace8ac6c5dc73f72358dc5c8cb0e2a77d27ac4fde7556a52e99c7d1cdd7e4a3f7

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4
                      Filesize

                      1KB

                      MD5

                      73941af802de752b95427fefb2a1c149

                      SHA1

                      13d341c5aaf6768f614d9b8744b8817f67bb02e1

                      SHA256

                      3c1ff67c082fead13bbd25ab3ac48cb7260c568f25e1a7be0d2af859f5afe040

                      SHA512

                      d239797330bb39f47427b7fd7f33946bb6908c40d93f426b8375b4572fa28c45dedcdcfcfe3093b9c27523feb3583775eddf86cb92fbd4c5205d369c4a1a2dfe

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4
                      Filesize

                      5KB

                      MD5

                      baf2cd17ce2f782f1f92fcbf582272de

                      SHA1

                      9321e0dca08eb5f696b6a9d95f8d994475dd022d

                      SHA256

                      fcbff7b3d3e7c7212b8116138f26778aeb27a34bfb8ada868a05ed11caaca492

                      SHA512

                      d8b108d119d45735537e3058655298f71e5d019905426e43dcb09a698f7a21156bdabb60c2874ba8e45f07a7f8ab17f63d967f5aa4a48c96a20a532b76e9548b

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4
                      Filesize

                      7KB

                      MD5

                      472809fa5240d762798e7505603e7148

                      SHA1

                      2ab122a232736b9e5e1e80a9d3e66c36bb3fea52

                      SHA256

                      50ff41425f11df8c0fa1226eca45410e5e0c5410857faadbd4c9c4e24b423e81

                      SHA512

                      b9fee395cdc0588f52af073a4cb62b47fa922e2f63ed829e181fee6c6fe452c9b511157341c75fa27ff425e388b8bb3f3155679660dae6e9bf9531d595cf2673

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4
                      Filesize

                      4KB

                      MD5

                      9cb636b32644be1bd831cdffd620d0f4

                      SHA1

                      d27352ec7e74c2d7a43c1ad2d124871a5438b3a8

                      SHA256

                      5575c54b6bc27d04688104009bf7b21ed38f1558c5fe3b2cb6cb50235c1110a9

                      SHA512

                      f16126356e63ca9b94452b4f28282569d1f4d3bf2f95cfd12765f70e69c284783eae692747904332f4bcafa2f317af975adbffe9eb5e37e2d084a39ab1130510

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4
                      Filesize

                      2KB

                      MD5

                      d9eb3eec7ed1bee51d6cafbaa7e15f15

                      SHA1

                      ec2b2362093bba94f8c165ef27f721a2b6daf471

                      SHA256

                      e1fd8d2a763315b37988c30bc764e0c7a45a4fe88503ca540771b32ee983be0c

                      SHA512

                      0a99522384c8700e7f291f1de3fde44c2e1d86bc85aeb74eb74574fea23323609c0af44618e4c898064c050bb2e42e149ae3316ab0f33c33fa8aeb61bc9d08c0

                      Download Submit

                    • memory/3508-978-0x00007FFCE9EB3000-0x00007FFCE9EB5000-memory.dmp

                      Filesize

                      8KB

                      Download

                    • memory/3508-979-0x0000019D81980000-0x0000019D82974000-memory.dmp

                      Filesize

                      16.0MB

                      Download

                    • memory/3508-1078-0x0000019D9D010000-0x0000019D9E59E000-memory.dmp

                      Filesize

                      21.6MB

                      Download

                    • memory/3508-1079-0x00007FFCE9EB0000-0x00007FFCEA971000-memory.dmp

                      Filesize

                      10.8MB

                      Download

                    • memory/3508-1087-0x00007FFCE9EB3000-0x00007FFCE9EB5000-memory.dmp

                      Filesize

                      8KB

                      Download

                    • memory/3508-1153-0x00007FFCE9EB0000-0x00007FFCEA971000-memory.dmp

                      Filesize

                      10.8MB

                      Download

                    • memory/3508-1237-0x00007FFCE9EB0000-0x00007FFCEA971000-memory.dmp

                      Filesize

                      10.8MB

                      Download