fd563cf7c0c862ab910cf558b5a123354b616e84902d277edf09f378ff6f9786

max time kernel
1045s
max time network
965s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
17-12-2024 09:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b28242123ed2cf6000f0aa036844bd29.dll
Size

87KB
MD5

b28242123ed2cf6000f0aa036844bd29
SHA1

915f41a6c59ed743803ea0ddde08927ffd623586
SHA256

fd563cf7c0c862ab910cf558b5a123354b616e84902d277edf09f378ff6f9786
SHA512

08e5966ca90f08c18c582e6c67d71186a6f9c025fc9f78020e1ce202814de094171111b7f3623d81f7371acdf92206446f7c0425e08e8f5f5b6fd969007d9fca
SSDEEP

1536:0A1KsVHBnVJ0T1rFTQHUPx+nVP7ZSRILMZoXyqqEbzPCAdt6rFTc:0A1rVIrFTOUsnVP7sRILgAPCvrFTc

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
218	raw.githubusercontent.com
219	raw.githubusercontent.com
220	raw.githubusercontent.com
221	raw.githubusercontent.com
222	raw.githubusercontent.com
227	raw.githubusercontent.com

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4228	1772	WerFault.exe	81

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\DesktopPuzzle.zip:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeDebugPrivilege	64	firefox.exe
Token: SeDebugPrivilege	64	firefox.exe
Token: SeDebugPrivilege	64	firefox.exe
Token: SeDebugPrivilege	64	firefox.exe
Token: SeDebugPrivilege	64	firefox.exe
Token: SeDebugPrivilege	64	firefox.exe
Token: SeDebugPrivilege	64	firefox.exe
Token: SeDebugPrivilege	64	firefox.exe
Token: SeDebugPrivilege	64	firefox.exe

Suspicious use of FindShellTrayWindow 22 IoCs

pid	Process
64	firefox.exe
64	firefox.exe
64	firefox.exe
64	firefox.exe
64	firefox.exe
64	firefox.exe
64	firefox.exe
64	firefox.exe
64	firefox.exe
64	firefox.exe
64	firefox.exe
64	firefox.exe
64	firefox.exe
64	firefox.exe
64	firefox.exe
64	firefox.exe
64	firefox.exe
64	firefox.exe
64	firefox.exe
64	firefox.exe
64	firefox.exe
932	[email protected]

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
64	firefox.exe
64	firefox.exe
64	firefox.exe
64	firefox.exe
64	firefox.exe
64	firefox.exe
64	firefox.exe
64	firefox.exe
64	firefox.exe
64	firefox.exe
64	firefox.exe
64	firefox.exe
64	firefox.exe
64	firefox.exe
64	firefox.exe
64	firefox.exe
64	firefox.exe
64	firefox.exe
64	firefox.exe
64	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
64	firefox.exe
64	firefox.exe
64	firefox.exe
64	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1836 wrote to memory of 1772	1836	regsvr32.exe	81
PID 1836 wrote to memory of 1772	1836	regsvr32.exe	81
PID 1836 wrote to memory of 1772	1836	regsvr32.exe	81
PID 4216 wrote to memory of 64	4216	firefox.exe	91
PID 4216 wrote to memory of 64	4216	firefox.exe	91
PID 4216 wrote to memory of 64	4216	firefox.exe	91
PID 4216 wrote to memory of 64	4216	firefox.exe	91
PID 4216 wrote to memory of 64	4216	firefox.exe	91
PID 4216 wrote to memory of 64	4216	firefox.exe	91
PID 4216 wrote to memory of 64	4216	firefox.exe	91
PID 4216 wrote to memory of 64	4216	firefox.exe	91
PID 4216 wrote to memory of 64	4216	firefox.exe	91
PID 4216 wrote to memory of 64	4216	firefox.exe	91
PID 4216 wrote to memory of 64	4216	firefox.exe	91
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 2780	64	firefox.exe	92
PID 64 wrote to memory of 3308	64	firefox.exe	93
PID 64 wrote to memory of 3308	64	firefox.exe	93
PID 64 wrote to memory of 3308	64	firefox.exe	93
PID 64 wrote to memory of 3308	64	firefox.exe	93
PID 64 wrote to memory of 3308	64	firefox.exe	93

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b28242123ed2cf6000f0aa036844bd29.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1836
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\b28242123ed2cf6000f0aa036844bd29.dll
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1772
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 616
    3⤵
    - Program crash
    PID:4228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 1772 -ip 1772
1⤵
PID:980

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4216
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:64
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2016 -parentBuildID 20240401114208 -prefsHandle 1944 -prefMapHandle 1936 -prefsLen 23839 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cfd8b530-edc6-415c-b108-547a3ac3a1c6} 64 "\\.\pipe\gecko-crash-server-pipe.64" gpu
    3⤵
    PID:2780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2424 -parentBuildID 20240401114208 -prefsHandle 2400 -prefMapHandle 2388 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {511a6ed7-fc93-4300-9407-7198625635c9} 64 "\\.\pipe\gecko-crash-server-pipe.64" socket
    3⤵
    PID:3308
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2956 -childID 1 -isForBrowser -prefsHandle 2968 -prefMapHandle 1552 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 920 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb510514-0d24-41ae-b216-014bd9a436dc} 64 "\\.\pipe\gecko-crash-server-pipe.64" tab
    3⤵
    PID:4052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4148 -childID 2 -isForBrowser -prefsHandle 4140 -prefMapHandle 4136 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 920 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16a00dd4-01a3-43f5-8ae8-3557e381f2bd} 64 "\\.\pipe\gecko-crash-server-pipe.64" tab
    3⤵
    PID:3360
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4904 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4896 -prefMapHandle 4684 -prefsLen 29198 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89293347-fa44-48e6-9148-b389d66370c7} 64 "\\.\pipe\gecko-crash-server-pipe.64" utility
    3⤵
    - Checks processor information in registry
    PID:3108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5192 -childID 3 -isForBrowser -prefsHandle 4612 -prefMapHandle 5180 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 920 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a5a2028-e588-487c-b364-140bca36414a} 64 "\\.\pipe\gecko-crash-server-pipe.64" tab
    3⤵
    PID:460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5348 -childID 4 -isForBrowser -prefsHandle 5304 -prefMapHandle 5300 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 920 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {34df375e-8eb9-4719-a588-ddcfc0ebabd9} 64 "\\.\pipe\gecko-crash-server-pipe.64" tab
    3⤵
    PID:4464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5508 -childID 5 -isForBrowser -prefsHandle 5516 -prefMapHandle 5520 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 920 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e87b7bdf-4be2-45bc-be44-f45ccd882197} 64 "\\.\pipe\gecko-crash-server-pipe.64" tab
    3⤵
    PID:3844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5224 -childID 6 -isForBrowser -prefsHandle 6088 -prefMapHandle 6080 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 920 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65fb9e12-f443-4ba0-b752-bb2718dcd753} 64 "\\.\pipe\gecko-crash-server-pipe.64" tab
    3⤵
    PID:4268
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6720 -childID 7 -isForBrowser -prefsHandle 6692 -prefMapHandle 6704 -prefsLen 28242 -prefMapSize 244658 -jsInitHandle 920 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aae29064-79a3-4606-96f6-8c52fc601974} 64 "\\.\pipe\gecko-crash-server-pipe.64" tab
    3⤵
    PID:2956

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:236

C:\Users\Admin\AppData\Local\Temp\df13e528-c954-41ea-bf84-e928cffb4e83_DesktopPuzzle.zip.e83\[email protected]
"C:\Users\Admin\AppData\Local\Temp\df13e528-c954-41ea-bf84-e928cffb4e83_DesktopPuzzle.zip.e83\[email protected]"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
PID:932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\activity-stream.discovery_stream.json

Filesize
23KB

MD5
ff21679f688db877c0253473bc6406ce

SHA1
fcb27efe7bb9421888c9c79b8153e1bb78ad9dd0

SHA256
052b9507e9b35a5fed2af5555938904f47face0c068060fb0c4d1e46105a6fdb

SHA512
0c6a74cdb4b154ae4bf61549fd980de4ad582ad3695c8dc325200e83ca9f252cc6b39c43cc780016dbcbaf521c596a11d90929f1c653b16062f72461bc44a55b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\activity-stream.discovery_stream.json.tmp

Filesize
19KB

MD5
088b6291af0a6cad1dea607638dd4fe0

SHA1
a14c73320876bcb4a93530b8e655e7714a798184

SHA256
b3b19cef9a0bbd149f8bbeaf333b17621ddfd4fb354d001662eb7e31a8479c55

SHA512
a048cba2bec40228afcd62cf50c1763b6ae90ca43b96b03151198b0ffbbc0672413df349a5a533cb28971d866e441132c2a4929fb3200e9cd2ffdde7c592831f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\cache2\entries\8E62FE1C4AC561DFBA4AC7F80730418E5CFDF8B2

Filesize
61KB

MD5
d2f2a64e81cc7ce8f68f216a1c69ba20

SHA1
dbedc4e635f23b1d46613acab6b33c70a11c28d3

SHA256
23ed99629c816664bddfda164da1a780df592bacb9f0aabcd1f9a095605b4eb4

SHA512
ef558a36401719c251a45a117abd3d13c12d9aea2b0b153039999e7d7059ef23db1a7bb74ef652383bf3ef560576eb3909d4012c1ffc55faa8e83a97812017c5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\jumpListCache\iqwji_VDXruqf2D2sWOB9DqunHJuw5AGoV75U+c1T+A=.ico

Filesize
25KB

MD5
6b120367fa9e50d6f91f30601ee58bb3

SHA1
9a32726e2496f78ef54f91954836b31b9a0faa50

SHA256
92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0

SHA512
c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
9KB

MD5
4651d4a2646761e0bb8b49636c13d485

SHA1
35c62c128f32b00fff2468703567413e2adab5ae

SHA256
73d7459c762336e455e7cf7b9e741168131ce8c80d922d0aea241b267c8f8982

SHA512
5ad8c5feb793ca41c962c5fbe4f4ca8eb2b1c72b336a6897a467d2ea3177423f74ee6f163644712027cc184cb3f2fb1092fa42c03edf7250ce5a3cf247839613

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
20KB

MD5
19256ae5d6c77579ec09dc16e4965fad

SHA1
a4d97c8bfde0e4eb640703650ac8d96fd9d4c7bd

SHA256
7927cc71ba653bb45471d3f4a0bdf6c264fb7b1812fd4f0933db478933a17e96

SHA512
e520c7d6a00bd8e11c3d5dd99678bbae4e89aa1a3468852e3903d0291fc9bb28d83844051b828709f61ea572dd31b80520a2188e46b789cb0af6b1f28ccca896

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\AlternateServices.bin

Filesize
7KB

MD5
221a11aa83eeaa51cc633c64ed74c78f

SHA1
8ffa28f4ef052561d3fb3fb1e365bed963201318

SHA256
34c9a3e495d6207cd80f46023cd9ad9433ed85e87d6ebf0fc37a73a6d51a898f

SHA512
f57184c44fc72f7379d0194b9f8dd39df06430d7757bfaf2cde2f81014248e7a414f213d58103d22ab3a45f617c663f94a5672d53572e86000ee4442da0cc12c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\AlternateServices.bin

Filesize
12KB

MD5
a29711768077099879149538aeca347c

SHA1
108f322d33a4e77f83c034df1901a1bcc11eaa94

SHA256
9981f49b697fb6093d02660f1a367a0ca05ca22fa6ad2f359e8784320a6c7a53

SHA512
8dc10d83edf8702927396ae10c814b7206606b06fbfd5c0d7c282791159f74facce1b7274be4431b695ad571931cc1a733d34916c413c8b69978b9dade684551

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\bookmarkbackups\bookmarks-2024-12-17_11_bRvn+NVqCdIyNFj-V9yiHw==.jsonlz4

Filesize
996B

MD5
8b762e67dff5d78fb44f15fa5caa41e6

SHA1
0280b9be8ae7975b653ce03f6a9baac9df71d902

SHA256
6ffcf25035b82698601bf80ebca33cce19689cd102167d2f4280ba5d06990de2

SHA512
22d8ba3e8051e2a112e9b0759b915ce6942ca07f6bb51fe5e5019a5772e90d1d1243bb180c48ea87ccbf14ec125824f79be4c18abd297470e71f5b2e74365461

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
99636ed6a8b064b0fd6d0e0d0824165d

SHA1
957108e37d3924522f7fee5043622dbf58fc8362

SHA256
90a62fe0c2dd410208e7bfa1d1043505e05d8152f9e5b4fbf58f72a70bc695c8

SHA512
dcbf673fa473bf0666a2d72a4f5e1f57851ba70af8a5be3e5bc84a78464d45770e93a726d433a6b215b355034e7b80ea9a95a5a8c9e1c669a0047df7749bea4b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
27d1806afcd97f9cb22c2d170f72289b

SHA1
656c1e3540ef8692193fc8bb13798f51b9219e3a

SHA256
556457ddabb362628a66e09c474624ccb503c320a45b89c2d004b1b580d240cf

SHA512
1b514530b74009cbfda8507865b48a86ce7550da8c63c114a31cbc0975115ffb2ecc319140680d6bc3979b3f5a2c4cf0bfa8bed19531c68f8df3f6de162c29ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
73KB

MD5
9bcaf8443603209a5e70dafef4c1fc1c

SHA1
652d76a9d487776845a075b7fc33a675ef8fa7b5

SHA256
a042e64a5546945cb97593e5fe636f50b3ef033afdd8d50f40b2886573d7037c

SHA512
2ee6f15fa51567a4534d3bf1ad09ea99139b7145d2cfe36f7708b225119bcc3162781e0f6c27b47dde77cdfd611487dbf2658a012c85f9ed608a6a51f1f58b09

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
ec644950b1e47575f44ac246665bfc8a

SHA1
6033787aa2d47e7099e3d27a2a4aa56c13b452fe

SHA256
e000cc3eea9098c16d65b0de5aa497e4e0b1a608fb1ae39ae1fc0f2789ee8350

SHA512
6cb6d8aa07dfb771a3843d825655b6c6b5e24fbc4d5a81f82fdfcacfa8d53f1a017f8b91dee2aa4bdfefb392b15cc4fb35dcce85ba5754e9b1d3ba8a2ae169d5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\pending_pings\3b6d7a1d-c86a-4143-a3cb-3817bee9cec3

Filesize
671B

MD5
18e8351859c6526d230c0ecd685e5020

SHA1
6af09dac62b596bfc9e2d0404cbf89f226aa42d5

SHA256
569a60d419b91f67f0ed7d31b78d062a435f9e62bd25b2705a41786860cc9a7b

SHA512
ace43005f5cbb066d9216605391e919cdcbc08627e6ce68dfa90bf114aa1e88bad7799cca2183b6923bbba61fab9092e4a9265236cde658c3660fb2258d01380

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\pending_pings\4f0cc94f-7974-43b5-8d97-e816feccee3e

Filesize
24KB

MD5
9b9694204ea497dd26407c0850ba942a

SHA1
a122d5e2d087c51af297a00c1614e937499d21e1

SHA256
7d57e5ff3a615e6c488d140d0cb0f8bc4520c4785c9475cd238ce46c08c0e4cc

SHA512
384d4197da3c64a345586cdeac882126f67f11dc30d5ed45f3c88faa1bbfa7f6b7b1cfc396eacd82678e437d58e6cfcfbc54e94aa9e2acb3892cf22fd0de75db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\pending_pings\b9ca1e63-c69a-415f-8fa9-b558292d0907

Filesize
982B

MD5
c03616a895ea26f32a801d21f578a60c

SHA1
b666f98cf3fd1f126308828ae5563db62f6bfd14

SHA256
d15a17b74b2a1a1842c79c6673a9d6bac121c02190b978381594eb8e8f147900

SHA512
8a54b513f3d98357474e8feefa0a70578b60bddc00588fa4432be86560c2cb18c80e35c46acaa3b379c617bbdb59e03fb957d5213e955fc01d61060c4220e891

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\prefs-1.js

Filesize
12KB

MD5
8bb88ea7664a8bf0ef61728057f6b10e

SHA1
f6b1b7189052f4b196cf4f3cdc7ddb05de0e4f5a

SHA256
ad96449b50abcfef6d0eceda9cb57aa4205190ed2190fe37a38615c9daba626f

SHA512
7d560a23248a3860d36e5579546e5753f511176d7b96c5e0e092ac813acdb3414e426413bdfdde7f58b85d1d706f1a85e3ee68ba50ec18ef88dc1608524d1ddc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\prefs-1.js

Filesize
10KB

MD5
db181191ce31f5157e231206002bfea1

SHA1
4a15599f438d3b2d15b1a344cfe321d9505dbaae

SHA256
5e7e6623e90d50bcac3dce432c2f8e9332a67b3b0e95a8fe613437c4c06708e8

SHA512
731b858d6ade90f4b0f9a6382024b4786feede8afe9547e7895845326b4da9c9e89cf3c00b22fa86dd38fe575f4fd26ec0829f8f7758fd961fc3973ad66b50c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\prefs.js

Filesize
10KB

MD5
536c79f936265914a28ac9842f6afa94

SHA1
249deefc35660a806e8b8b9929da1bc8c38f37f8

SHA256
a4a767b12cf894cc87c58253ee891ee8885bb0c61907ba9b791c11e0dbbe07ed

SHA512
126e77b4f1e0abd7208f2bbd8fecfeb5d93bec52918e10078285530c95519d14787540a3e65968d7aba4795f3c4a77582a1dedfe023d0574ec862d2e74366c0e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\prefs.js

Filesize
10KB

MD5
0d192babfd3014dd01afa7afdbf81456

SHA1
1eedbc487fc629b65624a64f9da0e497af0b6a91

SHA256
bd61fbcda31611abe79f70b323f0b52f8b2b2cdf6af36c9995fae4fe091430c9

SHA512
646213970a95de6675cbe03a5e01cebb76c7c304e19a588e7fdcdecf73daa17287c7cd840205fab8e2e2e1537ecf22e93ed3d9463b42c0c969b555c332ca61f5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
09193e393764ac394d6fbad9626e9c49

SHA1
e303c7c12f3deaf17e6945a69750e9bb6e99dde4

SHA256
fdc8e11687ee95e066ba1ffc8aebee1a15c677054e6a10c0a4f525f07c42d003

SHA512
bd689a4df1ff8b08604ee1de093d4b877157769ec12482ccbfa00782fad4bd7506164ab34bb1bcf34cfd1e2417f839b136ff8adeb3793242fa558e838df3e4f4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\sessionstore-backups\recovery.baklz4

Filesize
20KB

MD5
430152dddb48ee9fc256797c367af51d

SHA1
f9d8c2792550cadbf84da1215f51aaf98378b528

SHA256
2bbde09a0fdaed0dca2d35611653fa24d28933cb55e6102ffad935556cd753b2

SHA512
7756b4f48ea9b1a634d9ef7849474596c8b3a3ad4f2b3051e06a900166be8753777967585c6d1e7d4761be618b6df9ff94dcacb1d1cb7b4c9f7969feaf768f4c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\sessionstore-backups\recovery.baklz4

Filesize
18KB

MD5
8d2175d44407eb8d64f9f9f8703bb18e

SHA1
d252e8fc36b02021620800d19f375ca8ac9fe216

SHA256
ac87cc010b3e77eed627aac208161d8c78bcff09433a0ecb3df4e452a3567207

SHA512
f01d0b9483bf0f6efdce1a99adee32f3c48231ed6adc4c64d87060835b8a64a7f02a354bd783d83929e10fbcc0148fd88f68988f57c2c7660344736efc4bf664

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\sessionstore-backups\recovery.baklz4

Filesize
20KB

MD5
29b0f515598cbf839d16dc03265d0a20

SHA1
61575709bdb501181b9b70e6f6e51531b0cd64e7

SHA256
6d55b0161205270142503bdba221563a833e89ee39dea2ecb8119efbf0fca735

SHA512
09394e8578be82362d6660ff2f392f95527262dd16ab916451df08ea3f49832d1d01bb37086c3e248f73781cf290df2a462e964171be1e2af74ef89a41386cc2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\sessionstore-backups\recovery.baklz4

Filesize
17KB

MD5
0fb206549c3819ac5c40f02ad9528bca

SHA1
7b2c755e9888e153197014c5679a8a4abc902691

SHA256
e51e5999c9ecf74cba82ec878471851f1492202e789a1da34b8a1102435e6f41

SHA512
f83c4b45d4089eb17b53a792fe942c1d235bfbc45fe63052059ed0a0152148d8c1c7dee6b46ed300aac71a4ba01a4b6de34d15f3356e5227be8b7fb025879e2e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\sessionstore-backups\recovery.baklz4

Filesize
18KB

MD5
33b2912d495e36858431c82cf66d02de

SHA1
1bc2c82eda778929d5b6cff9cd228ccfcf68d562

SHA256
693898511d5d1626f7121c4d9c524897d8b5265e5b3cc8a8913ad71307530de7

SHA512
2eb4c11920a64949230eca7395656080b8fb4214c7ede9be6f4eb8a9fc8a1db0fb06a4c82de83ed3b71d832c73d4517d61af00bde960d106bf0aa814f1b88eff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\sessionstore-backups\recovery.baklz4

Filesize
20KB

MD5
51600c0648b9b8891950e625229edf20

SHA1
a5c346c5df170303168224f69385f03c7d6fa3c1

SHA256
7b67a1903be3872dd6368825aede6bec9073bb39eba9af602fc4e9fe220b2f74

SHA512
23bcb68098baac0d9722b3e573c2525f364c53faca5c49b3a089db340fa92f8073dd370beadfcc93b14e3adcda5c1c078a0984310656dca2a354477bb5000453

Download Submit
C:\Users\Admin\Downloads\DesktopPuzzle.4Z1AEEM2.zip.part

Filesize
121KB

MD5
6ec216cae1f0e898635d296bbb1a7539

SHA1
8725949a62c581e4c55d7338dcf3f67997840278

SHA256
431b9b7321f734a3f11b23e638199ff1f0d9abe9374ec299484d9e47f20b4ee2

SHA512
b619a5e8ccc0473d99453108085b1678a75dc816bbeb1d5301cd265ff8aee18e214d4e7b877d0d5d13921238d45581cb89021c4dbfb9ba2f3bddb4d4f297ddfe

Download Submit
memory/932-985-0x00000000004F0000-0x00000000004F1000-memory.dmp

Filesize
4KB

Download
memory/932-997-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/932-994-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/932-993-0x00000000004F0000-0x00000000004F1000-memory.dmp

Filesize
4KB

Download
memory/932-992-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/1772-0-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download

Resubmissions

Analysis