Resubmissions
24/12/2024, 19:13
241224-xw3kaavlen 724/12/2024, 19:08
241224-xtltravlam 724/12/2024, 19:06
241224-xr869strgt 7Analysis
-
max time kernel
125s -
max time network
129s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241211-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
24/12/2024, 19:08
Static task
static1
Behavioral task
behavioral1
Sample
Archive.zip
Resource
win10ltsc2021-20241211-en
General
-
Target
Archive.zip
-
Size
2.3MB
-
MD5
03a1ddc324751540b1e293051c630c0c
-
SHA1
8659e8049aa13d81189a0ffb13e36dcdf4d31f71
-
SHA256
ebdce938512e6338a6e0101e006e9a22237bced741086cc932eebecc03e9a820
-
SHA512
25b2ed837d4f824701fb9d24ef472c7f6963acbeef423a396568f947f671c6458cffaef09004dfb16f88acfb1cb9fef50f627e40aa6948a951a584563d30dbab
-
SSDEEP
49152:emRvJShtDbHj9XAGSwFRuYuTIkqXfd+/9A2aDxbb0k71+FIg4/vj8d5E+PpfLUZ1:RS/DbD+o8TIkqXf0FFM/03FIgcCfxC
Malware Config
Signatures
-
A potential corporate email address has been identified in the URL: [email protected]
-
A potential corporate email address has been identified in the URL: tweet-@x64dbg-1DA1F2
-
Executes dropped EXE 1 IoCs
pid Process 3680 BlackRock.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
pid Process 3680 BlackRock.exe 3680 BlackRock.exe -
Checks processor information in registry 2 TTPs 12 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1411052346-3904498293-150013998-1000_Classes\Local Settings firefox.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
description pid Process Token: SeRestorePrivilege 3320 7zFM.exe Token: 35 3320 7zFM.exe Token: SeSecurityPrivilege 3320 7zFM.exe Token: SeDebugPrivilege 3680 BlackRock.exe Token: SeDebugPrivilege 2108 firefox.exe Token: SeDebugPrivilege 2108 firefox.exe -
Suspicious use of FindShellTrayWindow 24 IoCs
pid Process 3320 7zFM.exe 3320 7zFM.exe 3320 7zFM.exe 2108 firefox.exe 2108 firefox.exe 2108 firefox.exe 2108 firefox.exe 2108 firefox.exe 2108 firefox.exe 2108 firefox.exe 2108 firefox.exe 2108 firefox.exe 2108 firefox.exe 2108 firefox.exe 2108 firefox.exe 2108 firefox.exe 2108 firefox.exe 2108 firefox.exe 2108 firefox.exe 2108 firefox.exe 2108 firefox.exe 2108 firefox.exe 2108 firefox.exe 2108 firefox.exe -
Suspicious use of SendNotifyMessage 20 IoCs
pid Process 2108 firefox.exe 2108 firefox.exe 2108 firefox.exe 2108 firefox.exe 2108 firefox.exe 2108 firefox.exe 2108 firefox.exe 2108 firefox.exe 2108 firefox.exe 2108 firefox.exe 2108 firefox.exe 2108 firefox.exe 2108 firefox.exe 2108 firefox.exe 2108 firefox.exe 2108 firefox.exe 2108 firefox.exe 2108 firefox.exe 2108 firefox.exe 2108 firefox.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2108 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2872 wrote to memory of 2108 2872 firefox.exe 108 PID 2872 wrote to memory of 2108 2872 firefox.exe 108 PID 2872 wrote to memory of 2108 2872 firefox.exe 108 PID 2872 wrote to memory of 2108 2872 firefox.exe 108 PID 2872 wrote to memory of 2108 2872 firefox.exe 108 PID 2872 wrote to memory of 2108 2872 firefox.exe 108 PID 2872 wrote to memory of 2108 2872 firefox.exe 108 PID 2872 wrote to memory of 2108 2872 firefox.exe 108 PID 2872 wrote to memory of 2108 2872 firefox.exe 108 PID 2872 wrote to memory of 2108 2872 firefox.exe 108 PID 2872 wrote to memory of 2108 2872 firefox.exe 108 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 440 2108 firefox.exe 109 PID 2108 wrote to memory of 1764 2108 firefox.exe 110 PID 2108 wrote to memory of 1764 2108 firefox.exe 110 PID 2108 wrote to memory of 1764 2108 firefox.exe 110 PID 2108 wrote to memory of 1764 2108 firefox.exe 110 PID 2108 wrote to memory of 1764 2108 firefox.exe 110 PID 2108 wrote to memory of 1764 2108 firefox.exe 110 PID 2108 wrote to memory of 1764 2108 firefox.exe 110 PID 2108 wrote to memory of 1764 2108 firefox.exe 110 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Archive.zip"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3320
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations=is-enterprise-managed=no --field-trial-handle=4112,i,17437436182398955805,1059754208013914332,262144 --variations-seed-version --mojo-platform-channel-handle=4036 /prefetch:81⤵PID:4680
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:1708
-
C:\Users\Admin\Desktop\cooked\BlackRock.exe"C:\Users\Admin\Desktop\cooked\BlackRock.exe"1⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
PID:3680
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2872 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2108 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2024 -parentBuildID 20240401114208 -prefsHandle 1940 -prefMapHandle 1932 -prefsLen 23839 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {20513c76-3265-4737-bfc8-b33dae6f3629} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" gpu3⤵PID:440
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2396 -prefMapHandle 2356 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b09f3af-b759-4a0a-bcc2-ba631133f0c8} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" socket3⤵
- Checks processor information in registry
PID:1764
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2960 -childID 1 -isForBrowser -prefsHandle 2836 -prefMapHandle 3188 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9db1b2e-04f0-409c-a3e6-8da51bfa5f4b} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab3⤵PID:2712
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3692 -childID 2 -isForBrowser -prefsHandle 2680 -prefMapHandle 1400 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5de1ccf-c65c-4a6e-a991-62f5754986a0} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab3⤵PID:4732
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4940 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4856 -prefMapHandle 4568 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a16a7d71-952b-452c-b5ef-e9da81d1c1bb} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" utility3⤵
- Checks processor information in registry
PID:5980
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5268 -childID 3 -isForBrowser -prefsHandle 5232 -prefMapHandle 5224 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6d9fc7f-172f-49ee-9b28-7588f9c781e3} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab3⤵PID:5976
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5412 -childID 4 -isForBrowser -prefsHandle 5492 -prefMapHandle 5488 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42620885-7541-4b50-b735-76f692559ab9} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab3⤵PID:5912
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5516 -childID 5 -isForBrowser -prefsHandle 5636 -prefMapHandle 5640 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b522d121-5157-4240-96e1-347250361edc} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab3⤵PID:5232
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6212 -childID 6 -isForBrowser -prefsHandle 6204 -prefMapHandle 6196 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a939565d-b0fa-4dd5-b056-12661e7702e0} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab3⤵PID:5348
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4676 -childID 7 -isForBrowser -prefsHandle 4736 -prefMapHandle 3844 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fcaffdd-46cc-406b-ada8-5542d2369e02} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab3⤵PID:4324
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5696 -childID 8 -isForBrowser -prefsHandle 6456 -prefMapHandle 5140 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {453fa970-88a3-4167-b893-c573e3eae928} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab3⤵PID:3220
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5768 -childID 9 -isForBrowser -prefsHandle 4548 -prefMapHandle 1460 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0832d8ae-08f8-4ea1-b4bb-5294bbfdee39} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab3⤵PID:1776
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6708 -childID 10 -isForBrowser -prefsHandle 6732 -prefMapHandle 6764 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d81d82f8-59c1-4265-bf22-b312cbbe8bcd} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab3⤵PID:5512
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6744 -childID 11 -isForBrowser -prefsHandle 6780 -prefMapHandle 6604 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {be0628bd-3324-4d2d-8259-66640a03dd42} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab3⤵PID:5812
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6756 -childID 12 -isForBrowser -prefsHandle 6768 -prefMapHandle 6772 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dcd1870b-b750-4dd0-994d-1da66bbacf6c} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab3⤵PID:5816
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4764 -childID 13 -isForBrowser -prefsHandle 2744 -prefMapHandle 2740 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {afdeaf25-f2e1-4d47-863b-9bd98b558154} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab3⤵PID:4432
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7204 -childID 14 -isForBrowser -prefsHandle 7212 -prefMapHandle 7216 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab9482fc-7176-4f9a-94c6-736640185dd7} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab3⤵PID:4480
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations=is-enterprise-managed=no --field-trial-handle=3272,i,17437436182398955805,1059754208013914332,262144 --variations-seed-version --mojo-platform-channel-handle=5304 /prefetch:81⤵PID:3516
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\igamsxea.default-release\activity-stream.discovery_stream.json
Filesize19KB
MD58a9c1e63206f20fdbe871a5dee322d4f
SHA11c9c506dfb502b1e1d42eadad6d606ef37f3d455
SHA2563b7cc366504525ef3ce4a896447fff6e78d1d00587c4915fafa3f087b4745054
SHA5124bfb20e6b6caf74a902122b3b78649eefca45a4b05b19e9f5f2b2dc6587ac1255556a7a1db8ae655c68f68bee5717f78a7de04174b28370f3e8082b9223c021c
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\igamsxea.default-release\cache2\entries\6751EAF940B45945962F07B498AEF7F97B121D34
Filesize113KB
MD5a35d2e30f770171a06724b6d78c458b5
SHA10cdc7580132bce0ac0be053b89a7bf324aa1b697
SHA2564a8234c5d732a955f203d19b7f668d485b06803a2da4356191de89e0ff1e6657
SHA512e0241b0b05b9213aa6ce65a0ae6a97012706e7d42c5c590ff61cadcb0f4694fc0d032e7eabf7fab951d4c387dcaeb191689a5c5398c0cce0e9e4401405587854
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\igamsxea.default-release\cache2\entries\A316A67D82F673191BAD9C75885EB5E7557D7EFD
Filesize68KB
MD54140b43c6b9bb9e4c430b8ca424522d2
SHA139ccbdb12d081ca550418c79a731963395c4a793
SHA2560be6d190dc45f09d96204affcd96026143dc2d6880f806c585483dc47e201e3a
SHA512d6cda27d39e893163f784352dd2268bcd9b79ebc2f3595fa546f1f92bebaf301c56edf4d83697f4414befff70c02ff1a487b52a85867f0243e0ec521f5372b0a
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\igamsxea.default-release\cache2\entries\DFAF798699EE7D2494A7287D4CF123272A2A18BD
Filesize1.1MB
MD5503d2804ec2bcaa5039e081a1aae15c5
SHA14fc4135f5da6f1772fcfda3bb203cead8baac8f0
SHA256693c3359c0b010b67bdef474c68578c319ef60e629dce6c82c1f8ad086df8513
SHA5120c2e9774037deea23b01f5ed76e1aa7bbe831049eb415a64b932d08156079daf93ec660bbe61f24a740a35f5144db544a72718a2c260400f2c3a2fe007e1810b
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\igamsxea.default-release\cache2\entries\E3E096661CC12A0FFB4E42A32E6157FAAC411A71
Filesize97KB
MD5bae4c8aeb6e4a9f05900f8fea13199fa
SHA10f9b7d19bcc6fc2a633b47027a4c358716880177
SHA256ce9a8d449ed0dfbf2a699f8bf9b373e3eb8981f08585e27e7e6d12054c2b349c
SHA5126d5d8dba4994e1d5a2cb59afbd592b2e58bf0dde643c3a511859b37689f199fc18aad77f88f0cbe01d40eb32245280c82ab181697e574013c729ce73047e855b
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\igamsxea.default-release\cache2\entries\F0EAF5000FD9C2A30FD2826A9F349C1386795C38
Filesize70KB
MD502e2c4e2324042580a5499e0496f79d7
SHA1186575678ab4682dc46c284696326b95ee99f949
SHA256065133340660e5a8fb9bf285873d92fce0e18749473e9ab2e2485af77a6a0661
SHA512e7070376696fc93b88fad19b2b2050c1d2bf1868048d1a77b7e312733b79f0d381ab1ee3526e0a4631afdd4618743bb282a00eb92a50b37239c70b0d773da460
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\AlternateServices.bin
Filesize7KB
MD57be02750fb5cd234cfde805c713e87f5
SHA1eb263219d6909bbd09cb2db1accba86ead6385d1
SHA256527f4b4d3a0d39f4d6a77892850e46815e521e5e6bd8fd7efeba739f9cbde5f3
SHA512a6c8be4a0b7bd4970a079e6cf4d0b7af671289f4f147e8ac2c14eab9769fd75324067240f874b8a3ef8a15197e564ce99190821a17a620ed4682e4ce0fee383c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\AlternateServices.bin
Filesize12KB
MD5ffc24fdc3201258e54d1f99d05a8ad80
SHA1c46b612854908a2b09dbdade8d08c2904e296d0a
SHA256b4c8a92eb2c52bba723fbf5ec19c56a2cfaadb8d2e43e2267e48f730485794a0
SHA51211b9e9d5b3b591c8bc2585ef889dacb6b2525bdf831b339112acd9a512e102c99ed0d33e06ffc60715e80cdb65dcef6fdde3fc9b74db28206044fe7c3adf6b8f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\datareporting\glean\db\data.safe.tmp
Filesize5KB
MD5d9be3c7a22eb496390acb9d43bc8a4a5
SHA134801e0437f05fcf67c232fc71096952a4d09383
SHA25660cee212763b678387ddc83f9788865ef465a1b9710bc650f17fad81f396d8bb
SHA512ae6ab8200da7e9a48c386d9b81c9e25dfbc15d38f6d1a6d20803f654087db68b589525617f33c79a4456454f8850d76dc1436debbf970c63fb6d97d4aeb1f71f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\datareporting\glean\db\data.safe.tmp
Filesize7KB
MD547e8f87684a4a6db6a59efe92dcb37e7
SHA1c1b681011081f529e66418ff5d60ea77508495b7
SHA256c7f928c7032a0eda5967b7de8665d693eb8f734a6d6b8963e550e3c33f39d99b
SHA512dfb88b22d377fa246e984e1ef16c845be832c9865cb2c69e8bc4ce595934f4fc152442cd30e9ccd07b56774633edbab1131ff516b990c5c3251f94b1b5075376
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\datareporting\glean\db\data.safe.tmp
Filesize6KB
MD5d90c2f98d5eae88992c75bc5c250a30a
SHA1cd37be23d4beb1b76e41acdc936f7028ff269e3c
SHA256ba36bcb36f9d116a33eb68bfc32e276658fd28556d2d833624a65ffc1185d656
SHA51274cb201214299583019a61c1d57d8ba31180d5e26ae516d168d699ab19711bcc166857693391e956ba65755e5c79dd212ee54d7d15a8f2a95d9b5703fee25195
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\datareporting\glean\pending_pings\042030e9-f2b4-48d8-9ee9-61c277f78923
Filesize25KB
MD59b44d43392fd5e74fec1f587fc01c073
SHA12845bfdf32a5ad3ad2edf329a2645bebb353cece
SHA256f92f5c325e297bc45061a703ad8a978f681e929968ce072ebfeb45e70a10ca94
SHA5125c75e0626d857277d0b7e8c3ddfa44301997a4290ce04b27a7f951a81978ac4c9c87a4ef247071c169f0b3c527dea289218e640fc317093e12d5af303091984e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\datareporting\glean\pending_pings\0cf6285c-8436-4a60-9516-db9c2ab9f657
Filesize13KB
MD5d00ccb8af4a17883e4444a0c4bf2dd3b
SHA149e3aee118c71ef266465dc0b89ef525352d7415
SHA256ab5908b4c79848b319d5026dfe457fee939211a583c79c7789627a2d2dea6aca
SHA512804918cefe9004eff99a530d5b427fb00635e071163cc6ec2eac4fda0c82ef189e079d40d1f9c86d824da591cbf813650bc46b58cd6f51d52d24dd86c279970d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\datareporting\glean\pending_pings\25bef0dc-e869-4e59-a8bc-3a391d513c3c
Filesize982B
MD5e4f480a8c08bfa69b1b291149c07117b
SHA12b31264ce8031010a4727f1925e081d0f47b8fbf
SHA25604c09df8dc0a30c1cd6046b7afc62190bab2d01f95676ae1f8511c030e7b8fd0
SHA5122d092bdcd3e48f61e9f56495ca1a22757773737ecd103cd97b686f95e0487dee14331e40b5b686b1d7f98df26f3609eb3698a6632f943f12c898d5ad2125e379
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\datareporting\glean\pending_pings\a669d258-d58d-4b89-bca8-e776de03cb3b
Filesize671B
MD53429b281ee995fdb65568077318d27a5
SHA1f8f77887810ff2057b1ddaf7acd65af87e4f75d1
SHA256fdd1753fa7196e532d4ccb3540ae412ac147868850e35feef81053d505dd0c25
SHA5127596383cd1dbd68ae90c7e7615b9084afa0379bb41af31bd30e56e65fa8f354250721a060bc639a14f940dc3816654897a0282d5a9d2e8cecb3982ef5c029e7d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
Filesize1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
Filesize116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
Filesize372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
Filesize17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
11KB
MD5ce506d2d455dd6416244a235e95aa782
SHA13366879ff5fb4534280cf4927c0b76d3f0c826d2
SHA25682ff13d440b89f7d9437178f47d84b4a53205880fbcccf35794e7eccb90258ad
SHA512bbc194d29e36c1fcfd38e100335020265848e991be0a0ba4726d328cee9685a222ce4d9ea01240fee9ef2fa9a8885c0b5a529d6d22629f043d83de9d3a227d8c
-
Filesize
10KB
MD5572007d385caae3ca65a53d0ac80af90
SHA1b3d22ec78774f29fa7bb60a521c41713c6315ed8
SHA256b11c86c81da3d66066aefa73aa3818f7f6596109875b5abfae63f419ba4576c9
SHA512e0da49121564c61fb2906491abd7e104e81a9d5ad74b1a6be785ee014e472873c0e577215b063e052aeb82df529f9ff94650a3d14a66064081942c76bb14485b
-
Filesize
10KB
MD520572247adeeb0ef6cf566cdc18440d2
SHA1502b98633af4c5d539736eda485802595a1f3ae9
SHA2562fa1e8bd3a89f3dcf38762ba0da2e6e535972e734d120a045ff323d65bd997fd
SHA5126ac0d942bf05ae8ec8056b7f5b1e917e62a6512215bce3ddd471acb72e2c3eee653971d90ebd67d115a2f8c22917e86d6a79e88ee993f630add6ab3b487339d5
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\sessionstore-backups\recovery.baklz4
Filesize1KB
MD59250119e1240489c15ec21624e8aacf9
SHA13677dea1d240b6b3552a4803e24bf8537bc33da3
SHA25661dc6bd80a84aa6ab25ab851d8b6e9f9f77380453259785161fe421f8eb22082
SHA51298c8792c2ab3511f404611c70151f5bcf4a24f11c492a24e5764967b89468fea35d245ea61150d55e88e4ebb605d283ee25536d3bd3a8fc052e7e4fce293476a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\sessionstore-backups\recovery.baklz4
Filesize5KB
MD50aa33ab8f3f45e463dd0d4afeefbd1a0
SHA1870d2a7f47a2c152a4da19e8bcb0be6491cf20c5
SHA25684e0b723643a5527b3a33ad83fcd736e53df79c2b6c50ea9c66b7f37a357e016
SHA512d50e13952cda05865db55fba3830fa69ab0fd0709447db3de232f9dbfd7aec930229ec5fed395b553209b80af8eb95c17ced9ddc8b856dfb3c8be43d5d6209c0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\sessionstore-backups\recovery.baklz4
Filesize3KB
MD523992b45711699c149080148527874ba
SHA1461f94c1566b86ebca4c40e9747a4bdbb1e163e2
SHA2568349b3ce1994ed44e16ad5cba1e4e485d7aa8b93f0212ecc6d256812012cbd5e
SHA5129e37068f5407112e951c031c909b171f6ef0ae10d3e93624f76485319dc7cddfc27dc07ff39ef86d475ed745aa13c7d96e0fd2f7e2c242fa696468de850c9caa
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\sessionstore-backups\recovery.baklz4
Filesize4KB
MD5949e2997f366226d09df29553aa90ef9
SHA129f3447908106b6aa0f59e1777319b78ab879ffb
SHA2568b0fd74aefc8ae1acb8da6b52adb01f0cd0be6d437a3958f53940b4193c4de35
SHA51267d0a0ae730a58e8d85984863d0b95ea047c25dc167bd69247a27b64fdfb62ca5787e182da19b4cb178e7f001e68400d26181bf67c232f70889fa0db7d0b9eae
-
Filesize
933KB
MD5fb74ea83b0013db659ecaf1ea222b7f4
SHA117330d6bdd9ab973d8a0a0293202a8343a2440d3
SHA256c413dbc4dc71a512432bfe2d64b3aa0e8344000a0daa88d6020a76e01018d1a7
SHA512e22c2f582babb9e76917903e1df60f76c0c8d30604ccc2c87e56e875aab2ae584e9afcee4575c449abd030e8613b17b4b8ce14fb15fcd3cdd4dd22f1ff3bb238
-
Filesize
695KB
MD5195ffb7167db3219b217c4fd439eedd6
SHA11e76e6099570ede620b76ed47cf8d03a936d49f8
SHA256e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d
SHA51256eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac
-
Filesize
1.3MB
MD546c84ded17d245234617918c27afd4f7
SHA13619b22c33e6146c3d3c4f1e76ff61cdf35e5bb4
SHA2564779af90d40a141a6fa9ac8e75611fccc5e240f20f34d560df7a8bdc05ca27bd
SHA51204948e1e3e99d769054f318a7637740012c75c0b2b0dd1618e94acea308c871a7fc2902ca3fe4b83902a1a86e986e2849f7341c37f8ae1cd99c6529b49328a25