Analysis
-
max time kernel
300s -
max time network
309s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
23-12-2024 20:58
Static task
static1
General
-
Target
qbittorrent_5.0.3_x64_setup.exe
-
Size
37.5MB
-
MD5
83505c82e83bd2e61bd67dfcf30724cf
-
SHA1
5fbde5f904a7c0e1346b9bcef4a66a7a7dd7e5b9
-
SHA256
878ca7e3fb7a90a937afdbe080c055877b4c6334a9589d27e092fd6737a0716f
-
SHA512
87ead0cac1dd041f7929e68bfdf8b61ac50c9d05a74344ab951f9c624874452e22a30f678a6a059cc3e8906f92189c39cfe7bba6552681140d610edb1b529833
-
SSDEEP
786432:7nvRa6b9c7DLVZhxGjtYO9NByxgyXXbFTUgCe4Oa0eMe6NwRI/gWfe+C:7paO9c7VZejf3OBbFTU3U+6NxIV+C
Malware Config
Signatures
-
Contacts a large (1122) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
A potential corporate email address has been identified in the URL: [email protected]
-
A potential corporate email address has been identified in the URL: [email protected]
-
A potential corporate email address has been identified in the URL: [email protected]
-
A potential corporate email address has been identified in the URL: [email protected]
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation qbittorrent_5.0.3_x64_setup.exe -
Executes dropped EXE 3 IoCs
pid Process 5948 qbittorrent.exe 5592 qbittorrent.exe 3960 qbittorrent.exe -
Loads dropped DLL 7 IoCs
pid Process 3612 qbittorrent_5.0.3_x64_setup.exe 3612 qbittorrent_5.0.3_x64_setup.exe 3612 qbittorrent_5.0.3_x64_setup.exe 3612 qbittorrent_5.0.3_x64_setup.exe 3612 qbittorrent_5.0.3_x64_setup.exe 3612 qbittorrent_5.0.3_x64_setup.exe 3612 qbittorrent_5.0.3_x64_setup.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
flow ioc 62 yandex.com 64 yandex.com 65 yandex.com 66 yandex.com -
Drops file in Program Files directory 39 IoCs
description ioc Process File created C:\Program Files\qBittorrent\qbittorrent.exe qbittorrent_5.0.3_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_fi.qm qbittorrent_5.0.3_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_hu.qm qbittorrent_5.0.3_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_ru.qm qbittorrent_5.0.3_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_es.qm qbittorrent_5.0.3_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_fr.qm qbittorrent_5.0.3_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_ja.qm qbittorrent_5.0.3_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_tr.qm qbittorrent_5.0.3_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_zh_TW.qm qbittorrent_5.0.3_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_uk.qm qbittorrent_5.0.3_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_ar.qm qbittorrent_5.0.3_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_bg.qm qbittorrent_5.0.3_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_cs.qm qbittorrent_5.0.3_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_da.qm qbittorrent_5.0.3_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_lv.qm qbittorrent_5.0.3_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_pl.qm qbittorrent_5.0.3_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_sk.qm qbittorrent_5.0.3_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qt_gl.qm qbittorrent_5.0.3_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qt_sv.qm qbittorrent_5.0.3_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_gd.qm qbittorrent_5.0.3_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_it.qm qbittorrent_5.0.3_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_pt_BR.qm qbittorrent_5.0.3_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_zh_CN.qm qbittorrent_5.0.3_x64_setup.exe File created C:\Program Files\qBittorrent\qt.conf qbittorrent_5.0.3_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_fa.qm qbittorrent_5.0.3_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_he.qm qbittorrent_5.0.3_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qt_lt.qm qbittorrent_5.0.3_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_ca.qm qbittorrent_5.0.3_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_de.qm qbittorrent_5.0.3_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_hr.qm qbittorrent_5.0.3_x64_setup.exe File opened for modification C:\Program Files\qBittorrent\qbittorrent.exe qbittorrent_5.0.3_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qt_pt_PT.qm qbittorrent_5.0.3_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_ko.qm qbittorrent_5.0.3_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_nn.qm qbittorrent_5.0.3_x64_setup.exe File created C:\Program Files\qBittorrent\uninst.exe qbittorrent_5.0.3_x64_setup.exe File created C:\Program Files\qBittorrent\qbittorrent.pdb qbittorrent_5.0.3_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qt_sl.qm qbittorrent_5.0.3_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_ka.qm qbittorrent_5.0.3_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_nl.qm qbittorrent_5.0.3_x64_setup.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language qbittorrent_5.0.3_x64_setup.exe -
Checks processor information in registry 2 TTPs 12 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe -
Modifies registry class 27 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\qBittorrent.File.Torrent\DefaultIcon qbittorrent_5.0.3_x64_setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent.Url.Magnet\shell qbittorrent_5.0.3_x64_setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\magnet\Content Type = "application/x-magnet" qbittorrent_5.0.3_x64_setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\magnet\URL Protocol qbittorrent_5.0.3_x64_setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.torrent\Content Type = "application/x-bittorrent" qbittorrent_5.0.3_x64_setup.exe Key created \REGISTRY\MACHINE\Software\Classes\qBittorrent.File.Torrent\shell\open\command qbittorrent_5.0.3_x64_setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent.Url.Magnet\ = "Magnet URI" qbittorrent_5.0.3_x64_setup.exe Key created \REGISTRY\MACHINE\Software\Classes\qBittorrent.File.Torrent qbittorrent_5.0.3_x64_setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent.File.Torrent\shell\open\command qbittorrent_5.0.3_x64_setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent.Url.Magnet\DefaultIcon\ = "\"C:\\Program Files\\qBittorrent\\qbittorrent.exe\",1" qbittorrent_5.0.3_x64_setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent.Url.Magnet\shell\open\command qbittorrent_5.0.3_x64_setup.exe Key created \REGISTRY\MACHINE\Software\Classes\.torrent qbittorrent_5.0.3_x64_setup.exe Key created \REGISTRY\MACHINE\Software\Classes\magnet qbittorrent_5.0.3_x64_setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\magnet\ = "URL:Magnet URI" qbittorrent_5.0.3_x64_setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent.File.Torrent qbittorrent_5.0.3_x64_setup.exe Key created \REGISTRY\MACHINE\Software\Classes\qBittorrent.Url.Magnet qbittorrent_5.0.3_x64_setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent.Url.Magnet qbittorrent_5.0.3_x64_setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent.Url.Magnet\shell\open qbittorrent_5.0.3_x64_setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent.File.Torrent\ = "Torrent File" qbittorrent_5.0.3_x64_setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent.File.Torrent\shell qbittorrent_5.0.3_x64_setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent.File.Torrent\shell\open qbittorrent_5.0.3_x64_setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent.File.Torrent\shell\open\command\ = "\"C:\\Program Files\\qBittorrent\\qbittorrent.exe\" \"%1\"" qbittorrent_5.0.3_x64_setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent.Url.Magnet\shell\open\command\ = "\"C:\\Program Files\\qBittorrent\\qbittorrent.exe\" \"%1\"" qbittorrent_5.0.3_x64_setup.exe Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings firefox.exe Key created \REGISTRY\MACHINE\Software\Classes\qBittorrent.Url.Magnet\shell\open\command qbittorrent_5.0.3_x64_setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent.File.Torrent\DefaultIcon\ = "\"C:\\Program Files\\qBittorrent\\qbittorrent.exe\",1" qbittorrent_5.0.3_x64_setup.exe Key created \REGISTRY\MACHINE\Software\Classes\qBittorrent.Url.Magnet\DefaultIcon qbittorrent_5.0.3_x64_setup.exe -
Suspicious behavior: AddClipboardFormatListener 3 IoCs
pid Process 5948 qbittorrent.exe 5592 qbittorrent.exe 3960 qbittorrent.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3612 qbittorrent_5.0.3_x64_setup.exe 3612 qbittorrent_5.0.3_x64_setup.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 5948 qbittorrent.exe 3960 qbittorrent.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 2556 firefox.exe Token: SeDebugPrivilege 2556 firefox.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 5948 qbittorrent.exe 5948 qbittorrent.exe 5948 qbittorrent.exe 5948 qbittorrent.exe 5948 qbittorrent.exe 5948 qbittorrent.exe 5948 qbittorrent.exe 5948 qbittorrent.exe 5948 qbittorrent.exe 5948 qbittorrent.exe 5948 qbittorrent.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 3960 qbittorrent.exe 3960 qbittorrent.exe 3960 qbittorrent.exe 3960 qbittorrent.exe 3960 qbittorrent.exe 3960 qbittorrent.exe 3960 qbittorrent.exe 3960 qbittorrent.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 5948 qbittorrent.exe 5948 qbittorrent.exe 5948 qbittorrent.exe 5948 qbittorrent.exe 5948 qbittorrent.exe 5948 qbittorrent.exe 5948 qbittorrent.exe 5948 qbittorrent.exe 5948 qbittorrent.exe 5948 qbittorrent.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 3960 qbittorrent.exe 3960 qbittorrent.exe 3960 qbittorrent.exe 3960 qbittorrent.exe 3960 qbittorrent.exe 3960 qbittorrent.exe 3960 qbittorrent.exe 3960 qbittorrent.exe 3960 qbittorrent.exe 3960 qbittorrent.exe -
Suspicious use of SetWindowsHookEx 13 IoCs
pid Process 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe 2556 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2768 wrote to memory of 2556 2768 firefox.exe 87 PID 2768 wrote to memory of 2556 2768 firefox.exe 87 PID 2768 wrote to memory of 2556 2768 firefox.exe 87 PID 2768 wrote to memory of 2556 2768 firefox.exe 87 PID 2768 wrote to memory of 2556 2768 firefox.exe 87 PID 2768 wrote to memory of 2556 2768 firefox.exe 87 PID 2768 wrote to memory of 2556 2768 firefox.exe 87 PID 2768 wrote to memory of 2556 2768 firefox.exe 87 PID 2768 wrote to memory of 2556 2768 firefox.exe 87 PID 2768 wrote to memory of 2556 2768 firefox.exe 87 PID 2768 wrote to memory of 2556 2768 firefox.exe 87 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 1112 2556 firefox.exe 89 PID 2556 wrote to memory of 532 2556 firefox.exe 90 PID 2556 wrote to memory of 532 2556 firefox.exe 90 PID 2556 wrote to memory of 532 2556 firefox.exe 90 PID 2556 wrote to memory of 532 2556 firefox.exe 90 PID 2556 wrote to memory of 532 2556 firefox.exe 90 PID 2556 wrote to memory of 532 2556 firefox.exe 90 PID 2556 wrote to memory of 532 2556 firefox.exe 90 PID 2556 wrote to memory of 532 2556 firefox.exe 90 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\qbittorrent_5.0.3_x64_setup.exe"C:\Users\Admin\AppData\Local\Temp\qbittorrent_5.0.3_x64_setup.exe"1⤵
- Checks computer location settings
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3612 -
C:\Program Files\qBittorrent\qbittorrent.exe"C:\Program Files\qBittorrent\qbittorrent.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
PID:5592
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2768 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2556 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1920 -parentBuildID 20240401114208 -prefsHandle 1804 -prefMapHandle 1800 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {47817044-2910-40cc-936c-97135fbcfd37} 2556 "\\.\pipe\gecko-crash-server-pipe.2556" gpu3⤵PID:1112
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2392 -parentBuildID 20240401114208 -prefsHandle 2384 -prefMapHandle 2372 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37a4abaf-6262-4b23-9358-e00366c9cf58} 2556 "\\.\pipe\gecko-crash-server-pipe.2556" socket3⤵
- Checks processor information in registry
PID:532
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3260 -childID 1 -isForBrowser -prefsHandle 2612 -prefMapHandle 2548 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {01f2fc3a-30e3-4552-965c-1ed4c7e24e62} 2556 "\\.\pipe\gecko-crash-server-pipe.2556" tab3⤵PID:3516
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1048 -childID 2 -isForBrowser -prefsHandle 2384 -prefMapHandle 3980 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99b3cdf9-8554-4dca-a292-d1bc2e6f2a0b} 2556 "\\.\pipe\gecko-crash-server-pipe.2556" tab3⤵PID:3256
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4484 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4148 -prefMapHandle 2384 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7224ec6-148e-4934-b99b-019d1a5cc761} 2556 "\\.\pipe\gecko-crash-server-pipe.2556" utility3⤵
- Checks processor information in registry
PID:2320
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5400 -childID 3 -isForBrowser -prefsHandle 5336 -prefMapHandle 5360 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fbf8e8ec-a971-44f2-8ff6-fdde3dcf603f} 2556 "\\.\pipe\gecko-crash-server-pipe.2556" tab3⤵PID:3288
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5632 -childID 4 -isForBrowser -prefsHandle 5556 -prefMapHandle 5624 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4e41c1c-ad45-44c7-8640-7812283a997b} 2556 "\\.\pipe\gecko-crash-server-pipe.2556" tab3⤵PID:3232
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5744 -childID 5 -isForBrowser -prefsHandle 5820 -prefMapHandle 5816 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {030aa335-52ce-4d93-a684-cee21d776f72} 2556 "\\.\pipe\gecko-crash-server-pipe.2556" tab3⤵PID:4568
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6340 -childID 6 -isForBrowser -prefsHandle 6332 -prefMapHandle 6328 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c3e396a-86ca-47b9-b349-bde50e2d09bf} 2556 "\\.\pipe\gecko-crash-server-pipe.2556" tab3⤵PID:8
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4824 -childID 7 -isForBrowser -prefsHandle 4868 -prefMapHandle 3116 -prefsLen 27253 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2787092c-3608-4702-b80d-62709d51ae5f} 2556 "\\.\pipe\gecko-crash-server-pipe.2556" tab3⤵PID:6096
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6484 -childID 8 -isForBrowser -prefsHandle 6740 -prefMapHandle 6632 -prefsLen 27253 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb4b3e3a-dc61-4215-8702-583c73cccc8d} 2556 "\\.\pipe\gecko-crash-server-pipe.2556" tab3⤵PID:6120
-
-
-
C:\Program Files\qBittorrent\qbittorrent.exe"C:\Program Files\qBittorrent\qbittorrent.exe" "magnet:?xt=urn:btih:D4FEB0B237B8A3F109C3191E06E53B22C1E7FAD7&tr=http%3A%2F%2Fbt3.t-ru.org%2Fann%3Fmagnet&dn=Adobe%20Photoshop%202023%2024.7.0.643%20%2B%20Firefly%20AI%2025.0.0.2254%20%2B%2025.0.0.2265%20by%20m0nkrus%20%5B2023%2C%20Multi%20%2B%20RUS%5D"1⤵
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5948
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\b8c2cea11b8e4c429e18cf536b14e793 /t 5944 /p 59481⤵PID:5776
-
C:\Program Files\qBittorrent\qbittorrent.exe"C:\Program Files\qBittorrent\qbittorrent.exe" "magnet:?xt=urn:btih:D4FEB0B237B8A3F109C3191E06E53B22C1E7FAD7&tr=http%3A%2F%2Fbt3.t-ru.org%2Fann%3Fmagnet&dn=Adobe%20Photoshop%202023%2024.7.0.643%20%2B%20Firefly%20AI%2025.0.0.2254%20%2B%2025.0.0.2265%20by%20m0nkrus%20%5B2023%2C%20Multi%20%2B%20RUS%5D"1⤵
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3960
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
35.0MB
MD57a47d50bdb7a84a1fa58653f55eb2697
SHA1fd767a6225bfdcca0537043b8f647d6ce33f7d1c
SHA2566864e1a85198efb8ecf5f26564f7565d4d4e93f1ba7e4359bc05910ad74e83f0
SHA5128c292a2a0bd6be2dac30e0f2cefe9bfd73aaff96e0cbb1301bba283fa8eabf378bbbc2c45667ec0cb0092e92d54bc02f054fb74b51eaa9068839225c3915d753
-
Filesize
84B
MD5af7f56a63958401da8bea1f5e419b2af
SHA1f66ee8779ca6d570dea22fe34ef8600e5d3c5f38
SHA256fdb8fa58a6ffc14771ca2b1ef6438061a6cba638594d76d9021b91e755d030d3
SHA51202f70ca7f1291b25402989be74408eb82343ab500e15e4ac22fbc7162eb9230cd7061eaa7e34acf69962b57ed0827f51ceaf0fa63da3154b53469c7b7511d23d
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\42vejdix.default-release\activity-stream.discovery_stream.json
Filesize18KB
MD5b42bdf1c1da0e8e71b499021ee1af0ca
SHA1abbeb6ddc1cfc5ccfbb9c2e027c249c044799e4a
SHA2560def3df0288bd5de00383fb5f3be057b1b9dfb4f379b59b19f7f8304e6eeedac
SHA512aa391ead8f3479939de88bda1f1ccee7ae59b812b359a37c82864cf409ed1846cfa0d3c0e01a13c3de7654433caf04e93cd75f1ed8480819e4a7ea991f304bb4
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\42vejdix.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
Filesize15KB
MD596c542dec016d9ec1ecc4dddfcbaac66
SHA16199f7648bb744efa58acf7b96fee85d938389e4
SHA2567f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798
SHA512cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658
-
Filesize
3KB
MD5b4faf654de4284a89eaf7d073e4e1e63
SHA18efcfd1ca648e942cbffd27af429784b7fcf514b
SHA256c0948b2ec36a69f82c08935fac4b212238b6792694f009b93b4bdb478c4f26e3
SHA512eef31e332be859cf2a64c928bf3b96442f36fe51f1a372c5628264a0d4b2fc7b3e670323c8fb5ffa72db995b8924da2555198e7de7b4f549d9e0f9e6dbb6b388
-
Filesize
5KB
MD550016010fb0d8db2bc4cd258ceb43be5
SHA144ba95ee12e69da72478cf358c93533a9c7a01dc
SHA25632230128c18574c1e860dfe4b17fe0334f685740e27bc182e0d525a8948c9c2e
SHA512ed4cf49f756fbf673449dca20e63dce6d3a612b61f294efc9c3ccebeffa6a1372667932468816d3a7afdb7e5a652760689d8c6d3f331cedee7247404c879a233
-
Filesize
12KB
MD54add245d4ba34b04f213409bfe504c07
SHA1ef756d6581d70e87d58cc4982e3f4d18e0ea5b09
SHA2569111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706
SHA5121bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d
-
Filesize
14KB
MD5adb29e6b186daa765dc750128649b63d
SHA1160cbdc4cb0ac2c142d361df138c537aa7e708c9
SHA2562f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
SHA512b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
-
Filesize
25KB
MD5cbe40fd2b1ec96daedc65da172d90022
SHA1366c216220aa4329dff6c485fd0e9b0f4f0a7944
SHA2563ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
SHA51262990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63
-
Filesize
9KB
MD51d8f01a83ddd259bc339902c1d33c8f1
SHA19f7806af462c94c39e2ec6cc9c7ad05c44eba04e
SHA2564b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed
SHA51228bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567
-
Filesize
8KB
MD5f5bf81a102de52a4add21b8a367e54e0
SHA1cf1e76ffe4a3ecd4dad453112afd33624f16751c
SHA25653be5716ad80945cb99681d5dbda60492f5dfb206fbfdb776b769b3eeb18d2c2
SHA5126e280a75f706474ad31b2ce770fa34f54cb598528fac4477c466200a608b79c0f9b84011545595d9ba94331ad08e2f51bd42de91f92379db27686a28ba351256
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
C:\Users\Admin\AppData\Local\qBittorrent\BT_backup\d4feb0b237b8a3f109c3191e06e53b22c1e7fad7.fastresume
Filesize1KB
MD5458ddfb703ebc03cda65ab94500b1375
SHA1b0d7979fe32d37b26993717361f2de59e74d6eba
SHA256e35c50785250e0d79c2a9f394364637fa929257d6d3fdb35a9ee51902dd37db5
SHA512404aa7b7b94641a6e110c1cdf33179bed2eae877f6e91644449c82d7eb282356fdddb513fd9cf39259bc29687bf35848c4cbea495798c9bb259edc79dd436920
-
Filesize
10KB
MD5a5c7894d0a45209bd05c4a7133dd7837
SHA1231cc0c50b8f30a8ca3761c8cafd1b283af8c5f8
SHA2564d43b7a3ed8b884b8f5bdba00884c3729626ca9660f07069ea675534f9522257
SHA512b098029268c87704915feebd98c0cb0856b037ec5016b848e650fbc657ccae1e627915f742a7c5351a5285a5ba0b947a42e4b0506d8cc9794b74358544791b72
-
Filesize
41B
MD536c72791de5204537c545e6f46f511ef
SHA1c22d691c36b8c6f2841d7f3e5400619daecb8c90
SHA25658ef8d54e2ada19c2f7aa495d29cce1664755951e34f221932f43bfeb62dda2a
SHA5129c41f38f2a724f9312a6496f4b24a944b243f863c69541acb0f8f409f099625500cc53dd267acb3eb5c878cd875b0c01d38919706d61c443764fc7d8dd268dea
-
Filesize
7.1MB
MD57f4cd930e541f29ac8e120aa8a43ee0b
SHA1df85c812cad8512147c4f029634a36980b35ce6c
SHA256d87b275016e23e2f913971b73c007cbfe5a1bde255a9c60cbdb16f622d8be850
SHA512bc209113113c7092e9d5bc2d64e04a4f15b3343b6ae7a6c7172bfc670823c92c3f6ebaa0c132b7d785c29424170ad4e8328a635b0c8542e7d4912e702c0cdde9
-
Filesize
2KB
MD523a8d9586f57765dad3b79fc760798f1
SHA1b9d583de8aa5156cde6e67bf64df5b4fb8b476cc
SHA25672ef63860daa940d469d9befb7a38adeabe04e089b6ee7b7234b36b0571ff15e
SHA512c2e03eeb30d26f6a5387650b227c4bf5fc2f27f37ee7b2fe172676f42db5a8879a8c681b9d20ad466886fc7ccf6c0e633f77d2085f07577dd97dca15a61796fc
-
Filesize
2KB
MD5615f9dbbb8d670e7c8290d95a5cbe040
SHA1e974768f15cb256ce77519521deee7202cfa936e
SHA256f559527db75b489f83a981db756948985331048a440f68c8c330c0163e6c2d4c
SHA512a70a1d3dde4b2463e9a3e3bf898fdb4427d21766b2e4a63888f7461e58849eb7d106fe180633d0d7fe876f4c1e5a15e4153dff9df90cdf1bb13d3c654277d550
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\AlternateServices.bin
Filesize6KB
MD5a5eb460998966b2ab1d3da8b2dc9a723
SHA175c0c5ef31aca4e14241d592972b1ec6620498ec
SHA2561e628f06f91a31d9dfe30f74af8343882c5e554f99187cc872fc96da3af12ee5
SHA512f1a63134c97a72caaeb0fa5a010572c29ba9551762f8c422358821ee860e20e0843fd8813e6c44d1d1898e867a3f3366c12c73122f59c0effddbf3eedd79d354
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\AlternateServices.bin
Filesize11KB
MD5e8847367a82b8f3063e32738a3782ab7
SHA1dc03f0cec13dd6cf74b14c412b368c4e0e39acdb
SHA2567e7af4cf00a3950c1102369066d3390cf0fffc47f5b7f7352533479471464da1
SHA51243ecf481c1a7a6087e5c6bea64acfbba4767f984d9acf106e65972255e51a2f8178e05d01b11edc18a0aae1bc01f57041971bd75648a69b4a32b08cf7831e25f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp
Filesize26KB
MD5c51f77156ccf2c6079202146da8e927b
SHA15e1bca392c42d17d7ca6b80f33457c1209f9ad5a
SHA2568f334f96e06a4f069af58ccc31a4fd43ab837abb05fb4aa52a6435329ce63f63
SHA512ee36c6f14bcea63ce81f870a02e7fbba4e5e69ed65ab0167899adc46cd7046e4edae5a3fff3f3be212fce51496a60329efdf7dd2c46db6fa9a9df2558069a922
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp
Filesize5KB
MD59b914e3a5888a65c36e907f11ba176f3
SHA1c90c4045080bcd018226ccc992558f10578bbfb2
SHA25628b7241901ee062c6fcb242f229bb879aef98cf0aed2c8ee0f7d86ebbe50d4de
SHA512c516bb96f6eee4abca2ba7ab2b3559b8f3f4550b83c1d6ff79b0022a935f8b0c6411cb04bd6c77e6c4c55b35b494530db66fcae3fc9fb7f683f9db0d976d47cf
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp
Filesize3KB
MD550b96c2680ca3acd632d74c2a4508f16
SHA1be5b180835721d7d5ed6c8dff1443f14032991fe
SHA2564942cb9f8f0adda64b1624866d61e9304952fa0db4dfb4b9fb43b06ba3a0e748
SHA512e240b71e8ac7ca8aea7fc38b8586151317cf84225a76ecea011b8e49b629251511f859d3774b1c4627af508af8122e5e7adea16b8e11b12ea8fa90bd9456f5b3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp
Filesize6KB
MD50452793ae41314e11fd5154846f80de4
SHA13300417c99c467d4e9566cba35e46eda2dab37b4
SHA25613bc0569ea5e606089613a4df18c5efa81427b76d371c606df50197f6b43702c
SHA5120e3fbbec08c62a291d2574a754f5852394ccc42c12413ad7dee86fa1996f3b8c2bbb796531723c60cf18f1ed05c3bded300adb57fe62aa22836befdadb7f4018
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp
Filesize6KB
MD5839236c3c173e2ec3ff3e35af9d3f9d3
SHA13012861582b2999a6039448d339030a2d014fae3
SHA2566c7003a478b01d8774aad77ea3f82c78e7a7acf9cdbbeeb31cef2bf87775a6e9
SHA51224d378d25c1a9758c907261d0462023be502f4f90ea150f93e45bc87d9ab4e9a4c831b47b21b61dce7e2393070718b96cfb02c86d5a17cd99d27cce8b4cfde64
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\28e846ea-9d8d-4de4-8027-8796539a2b54
Filesize671B
MD59ce166ee0a3f4dbcb57051f044775996
SHA17c49f36e7250300e21338c74b21970b701e195a3
SHA256951dba5fb91e935f54ad387a1485a6577d5baf78e82c4c6dca0a9a88cb67bc8f
SHA512921abf17a3c94240cd7c0d7093bad8ba1204d4750061788528c1f4a1d20d1f50272998e25cfa839277f72c2a0bf485743c7e5a41fd7368e56499022dddc0bebe
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\630f8360-6932-4c43-952b-683bb4288304
Filesize17KB
MD5a3f3259862df48be154a8c0cc0156cb7
SHA149ec30491703be35add376334a5bb48f9549bb35
SHA256d4825a63f3cf55f41b38edeca376c6a45ae2bc7ef47b0d0d8e063fb136485c68
SHA51233dc55a5ee5c947d604778943ca26d7251912b29ac13f468f0a5af16b3a1e0744b485a7a03910b71a5fcba949984405e439aa7cecbb9f11aa8332382c1a2ebaa
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\ac4073b1-d9b2-43f9-9694-dcc50bb598d6
Filesize26KB
MD5a7f112cca3d24f56d5ece9122297329f
SHA1f67726c1b77f27ca25505c7dea6b20c86c67cc72
SHA256468fd9ba61f46cb2dd8e0f9191eba0aa8d6cd8542c51095c42f446dbabf8404e
SHA5126a41f30e96eea778c6491ee507937390604ab6a0afa67d36a7e748c26c04f8b4a651057c4fd64f7bea219df80c642cf4af3eaae9fe0a9540e164d188a20bf18d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\c5442b9d-4887-4b38-9ce8-e9f788391199
Filesize982B
MD5b7e2b26e642bd49c9b7076e639d5050b
SHA1417fe3d60f41380f65f0ef222dd40082e3545d8a
SHA25605120fee9f88565a0032208068bb9a6fdfe03a23ce05d5494021d14ac70898d0
SHA5128a939426ca835ae285ff165d8aa5c1c3b83c7fffd5e675b36a8e343ef33347423425848084e9dda06a3febb11cd573198bcf20af24958794b006abe6ed8d99f3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
Filesize1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
Filesize116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
Filesize372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
Filesize17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
413B
MD5e571e70e1757624ca8196c286defe313
SHA1669b55ae51d2071c1ba2f7096297816603f81e83
SHA2562d452d8ec369c65cd0d8c6344e666d550e332089d2638cfdc4a060445f7ff420
SHA5123a88f8166f3c3527fd4fc5810c1117385db7531b759ea598705694eae58cbee52529857354c1fea96f4bd2aa860f94ad7de03ac756df52e53c5730532a5b0809
-
Filesize
11KB
MD574c2218db5af8d161621e891e470cfa3
SHA1cfda2d19633aaecd9943cd6d17a647e7edc2a6ac
SHA25639a0b1d1ff2018cbada257e4641d032d93acd529c9ecd72de22d85f8c42cbabf
SHA512ed1137f3cadeac4a252ac9e84fbd69c9888023e2e256578a233a8d7cc6293db54b026136896b772eacc805e32b7c97892ea37c55d5643023ae8ff424fad2f671
-
Filesize
10KB
MD5ddb495f1993a441c0c45b21ef1c427ca
SHA114362d85f932d5280cfcdf803c1aa57dfed4cd30
SHA25632ca516cfb2046f5331dddcd26eb87addc58b9a259c560e9babb6914414091d3
SHA5128a692032542cc0d614d9fac7e74ccc699e6b54ae0ca3b62d53463bdd953d560d14d3f3b17540c4d0237372288d1e54929176322aa9a121ba6d79ca8c6a61e43a
-
Filesize
10KB
MD51a14666914cecde649937a55230ed59e
SHA15dc1906ccd7f2b2abd21e3d243a72e5b5e295060
SHA2565eb1a5cb2e0620416ec71d90bfaebfa27aaf0cc20680cba51b54e6ba7ab7d9c2
SHA51222a3db57032b969004d2d2764c3ed4ea2948a5183b304a5a6a50c51958d09d23dcb18e1abf0bfd94c917cbf7b9aa1c7184943ccc7f174b85682a37147b8968fd
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\sessionstore-backups\recovery.baklz4
Filesize1KB
MD5c728b78628c9e6fa2f4b69eab73dcaf9
SHA14e4859156fc434d3cdc7ffb586dd92c88bafe285
SHA256adf0252e7de575788c10cb8b8f9d9215eff51d724b0eae4af6e8de1979699e29
SHA5120fc60a373d95aee98a711c07f05103a16be63ecec6ffbaf5ab951dd17ee880f9764b0a13beef12c6a75c0e830c2e7beaff6e873a73ee59a44086c392976689ce
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\sessionstore-backups\recovery.baklz4
Filesize9KB
MD5ecb15be4108c8e08437460c96b26417f
SHA1ba1a9b4346ec61ea0b17ae2d1b7b8ac44e65cbdf
SHA256a23c3952b54feec896dcb42454e8ade8bdd11b6f9b3cdfdfcd1ede2146b3f79b
SHA5122b65815a402d736aa52165fd937acaec0165db3a5f2ae7f2730e61c34bb4dc5ae4df52edb97a412f5d84d5659993e9079afe95e25f42392a14e2fa922ac59321
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\sessionstore-backups\recovery.baklz4
Filesize10KB
MD57ee36ee6c1c0ac81d9dcb4f3a1f7a37f
SHA1d250158833fba03e1ec503eb95b4b11726b02fcd
SHA25672b91d33a9a4bc5740767a5c4ef2853f7d61030fd6c5f412e927a3bd12f24d8d
SHA512955b33e3da22bd69de6dea0fa9c3e51a647d29ca8f4d0889726d15f413a3961c38d7cf874d04df3c4a8af771954a0154f1ac2a6c5456286dbeb8695aebf7755f
-
Filesize
1KB
MD590fe0968db319baa4ce21ec576ce0b30
SHA122b4d4398668df6f82a699c4695d2e0ba6e7b9f8
SHA2562f9855e5ba41fce7ecd88e3a83ea321be393247f87df25a10607c0cbb41e7781
SHA5125d605b2e043af0603eb9e23e21a82b3f8ddfaea58cd754d6c19ecf5a2ff2108ec4948323751df801a5e966035c758cbd598eba392cd3c0290c72517133f3433c
-
Filesize
4B
MD55b76b0eef9af8a2300673e0553f609f9
SHA10b56d40c0630a74abec5398e01c6cd83263feddc
SHA256d914176fd50bd7f565700006a31aa97b79d3ad17cee20c8e5ff2061d5cb74817
SHA512cf06a50de1bf63b7052c19ad53766fa0d99a4d88db76a7cbc672e33276e3d423e4c5f5cb4a8ae188c5c0e17d93bb740eaab6f25753f0d26501c5f84aeded075d