26774aa6a2b3fb5ef81098262bce8a8dca8cdadc7d2661aa327d473bc1634446

Analysis

max time kernel
418s
max time network
619s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
25-12-2024 13:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VSCodeUserSetup-x64-1.96.2.exe
Size

100.1MB
MD5

ab079152dc4e679f9130eb7612fb5803
SHA1

357709e8bda33e109723add1f15dd7ca98060c7e
SHA256

26774aa6a2b3fb5ef81098262bce8a8dca8cdadc7d2661aa327d473bc1634446
SHA512

5ea59e7c2719a96f8b12e008e40984c589893bd0c9e49c97f5f172b3a7bd292bf6387beb4eac93322ebc48346dbfdbf4cd1138abe88bdf18682d1072d2a11454
SSDEEP

1572864:3gx5MWBLK6Xc5IwHnBrnRry7kN4U8azMNhaL8JHl6xiFMXmYJhVcUgD1l7c/K:wxftK6MWUnBrnROI2Vrndl6IMlNo6K

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam

Executes dropped EXE 1 IoCs

pid	Process
2604	VSCodeUserSetup-x64-1.96.2.tmp

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VSCodeUserSetup-x64-1.96.2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VSCodeUserSetup-x64-1.96.2.tmp

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2366345620-3342093254-3461191856-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	2156	firefox.exe
Token: SeDebugPrivilege	2156	firefox.exe
Token: SeDebugPrivilege	2156	firefox.exe
Token: SeDebugPrivilege	2156	firefox.exe
Token: SeDebugPrivilege	2156	firefox.exe
Token: SeDebugPrivilege	2156	firefox.exe
Token: SeDebugPrivilege	2156	firefox.exe

Suspicious use of FindShellTrayWindow 23 IoCs

pid	Process
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe

Suspicious use of SendNotifyMessage 22 IoCs

pid	Process
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe
2156	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2156	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1184 wrote to memory of 2604	1184	VSCodeUserSetup-x64-1.96.2.exe	84
PID 1184 wrote to memory of 2604	1184	VSCodeUserSetup-x64-1.96.2.exe	84
PID 1184 wrote to memory of 2604	1184	VSCodeUserSetup-x64-1.96.2.exe	84
PID 3480 wrote to memory of 2156	3480	firefox.exe	94
PID 3480 wrote to memory of 2156	3480	firefox.exe	94
PID 3480 wrote to memory of 2156	3480	firefox.exe	94
PID 3480 wrote to memory of 2156	3480	firefox.exe	94
PID 3480 wrote to memory of 2156	3480	firefox.exe	94
PID 3480 wrote to memory of 2156	3480	firefox.exe	94
PID 3480 wrote to memory of 2156	3480	firefox.exe	94
PID 3480 wrote to memory of 2156	3480	firefox.exe	94
PID 3480 wrote to memory of 2156	3480	firefox.exe	94
PID 3480 wrote to memory of 2156	3480	firefox.exe	94
PID 3480 wrote to memory of 2156	3480	firefox.exe	94
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 4532	2156	firefox.exe	95
PID 2156 wrote to memory of 1464	2156	firefox.exe	96
PID 2156 wrote to memory of 1464	2156	firefox.exe	96
PID 2156 wrote to memory of 1464	2156	firefox.exe	96
PID 2156 wrote to memory of 1464	2156	firefox.exe	96
PID 2156 wrote to memory of 1464	2156	firefox.exe	96

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\VSCodeUserSetup-x64-1.96.2.exe
"C:\Users\Admin\AppData\Local\Temp\VSCodeUserSetup-x64-1.96.2.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Users\Admin\AppData\Local\Temp\is-A8NDH.tmp\VSCodeUserSetup-x64-1.96.2.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-A8NDH.tmp\VSCodeUserSetup-x64-1.96.2.tmp" /SL5="$601C6,103880874,828416,C:\Users\Admin\AppData\Local\Temp\VSCodeUserSetup-x64-1.96.2.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2604

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3480
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2156
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2012 -parentBuildID 20240401114208 -prefsHandle 1940 -prefMapHandle 1920 -prefsLen 23839 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c9f8538-15f3-44bc-b833-878ade9f20f5} 2156 "\\.\pipe\gecko-crash-server-pipe.2156" gpu
    3⤵
    PID:4532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2404 -parentBuildID 20240401114208 -prefsHandle 2396 -prefMapHandle 2384 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb22565d-beda-4795-aa9d-07b2648127aa} 2156 "\\.\pipe\gecko-crash-server-pipe.2156" socket
    3⤵
    PID:1464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2988 -childID 1 -isForBrowser -prefsHandle 2992 -prefMapHandle 2984 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b0cdf51-36a4-418c-b3d8-61b47a7b0979} 2156 "\\.\pipe\gecko-crash-server-pipe.2156" tab
    3⤵
    PID:4704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3808 -childID 2 -isForBrowser -prefsHandle 3644 -prefMapHandle 3624 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00af89d0-9dd5-4d43-be58-379a25baae79} 2156 "\\.\pipe\gecko-crash-server-pipe.2156" tab
    3⤵
    PID:1744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4752 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4748 -prefMapHandle 4764 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d0d048d-2a09-4967-bd2b-e31272527cee} 2156 "\\.\pipe\gecko-crash-server-pipe.2156" utility
    3⤵
    - Checks processor information in registry
    PID:5132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5212 -childID 3 -isForBrowser -prefsHandle 5228 -prefMapHandle 5224 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {521bf08c-60eb-4509-af47-680b225fa218} 2156 "\\.\pipe\gecko-crash-server-pipe.2156" tab
    3⤵
    PID:5496
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5372 -childID 4 -isForBrowser -prefsHandle 5452 -prefMapHandle 5448 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36571ba8-b7fb-4312-bccf-618b72b6f30d} 2156 "\\.\pipe\gecko-crash-server-pipe.2156" tab
    3⤵
    PID:5536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5580 -childID 5 -isForBrowser -prefsHandle 5536 -prefMapHandle 5364 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd22876d-f1ff-4a86-8172-0840347a72d9} 2156 "\\.\pipe\gecko-crash-server-pipe.2156" tab
    3⤵
    PID:5652
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6072 -childID 6 -isForBrowser -prefsHandle 6060 -prefMapHandle 6056 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5c34637-065c-46a9-906d-35e6b1528857} 2156 "\\.\pipe\gecko-crash-server-pipe.2156" tab
    3⤵
    PID:644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6388 -childID 7 -isForBrowser -prefsHandle 6040 -prefMapHandle 4548 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d3fe1a4-81b7-4675-8d16-ca8de9a1a9e3} 2156 "\\.\pipe\gecko-crash-server-pipe.2156" tab
    3⤵
    PID:5344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6272 -parentBuildID 20240401114208 -prefsHandle 6288 -prefMapHandle 6492 -prefsLen 34632 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bffc7790-6186-4a7f-9996-8b87d3134386} 2156 "\\.\pipe\gecko-crash-server-pipe.2156" rdd
    3⤵
    PID:5628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9enwga8g.default-release\activity-stream.discovery_stream.json

Filesize
18KB

MD5
aa66bdef56782ee8d9d5028445701f46

SHA1
db71fc4a3c4e4198b96f66555802bbc3a42d2853

SHA256
4728e7b6161bf3cad939833d5ca6c2c16e115738de79096014e12eadc74077e6

SHA512
f4ffa278b5ee3d0088ce402e7dac6b3b74e4e204c4e3888c939814abdaf3ccd9c77a77745e44f75ee5b88f562292b9d792a80c6aca21b3d5519929399a5e063a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9enwga8g.default-release\cache2\entries\0C0E12ED83B149D6A68D87C705EAEF00394A7588

Filesize
61KB

MD5
30405dd87ae13732d5c04142eb1c858b

SHA1
330109936dd763f5cb1ebb7cf9bc511b6c8b6f61

SHA256
9c8b34fa59ab313b2f7f40a3d07398bddb1227cea6ca539831dbd1d7a9914c29

SHA512
457872aeb854d8aa3b461874d1d0755f5690c9b7ae1ae115b74ab0c1970df7c93504b83da3caea7a52e938a2e22684170ebc12b3072ded20196a89dc244d8153

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9enwga8g.default-release\cache2\entries\B12380E59E366D551CA91542483B50A71D3DB16C

Filesize
224KB

MD5
e67f80fa30b66f3e5e03efd1202fae65

SHA1
53d8efc2ee9162be2a0ba5759e26d75e62208201

SHA256
454f7d42eededcf8531bfd0f3453d220061af577d970c54b66266bb33fe4312f

SHA512
eee455d81ed72f0e86ca054a9793456a2b811cfdfa2f2c2d5367f51427a6accd9e5141acfc3673bd1c3e507723b580804fbac3afd645a6e295fb7c72c9004692

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-A8NDH.tmp\VSCodeUserSetup-x64-1.96.2.tmp

Filesize
2.5MB

MD5
371e30f3f76f5626e9ccc77db4f5f77b

SHA1
a069bca5e915450c723a02f8fde1a9ef4335fe8d

SHA256
421df2067e17e0b3f5228f3536c9b11104f7f299a772b49f9bc0ce9d06823d54

SHA512
4318f29fd5fdc6ed77ccea4dc5c5b1cf0b4ddb6eeb1c615df3817b931a853ba41aa6d3ab847802185b43f2a40c62928ba5df47d6f5e90f9b9a5fe1c06aafa19b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\Z6ZFFH9MYOF72RLM7DEH.temp

Filesize
18KB

MD5
7e16884d8eed256ee2baf3d612fed4d1

SHA1
ac75c9abf7470f646dab9eba282e3ef99480c527

SHA256
1f18a51b128c873e14924f7fb2d6823fa89faf0929a5a600370de2e6fdae75f8

SHA512
0a38a8e1d5fc5dd382dfe24a6e4069b8d615906c4407d52ba6c1bdb91116eef07eb1872de2d31962de939173cbaa89b17def2c44c7d41e7eb6ae911e6b64c33c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\AlternateServices.bin

Filesize
7KB

MD5
b65622a5ca0a2eb612762b21ca317762

SHA1
c0410823f19a41371be19b38e9df4b174b025abf

SHA256
17335ffaf2c6e75c2ba1613af9f5165c613b8a412c59fddbd8deb89aa9a7b17f

SHA512
bdb8e996e9837ac1bb4fcca544c30aa791f92fa0b3af35e3d93e90cc7d4613bfe7a696a9c6fceb40e7c3f0457ef97cedc28c2dd0a0253f52e24227ccd12b95c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\AlternateServices.bin

Filesize
12KB

MD5
c01632b46e45f216ff4d333bdf5eff40

SHA1
c4b48effc4beff4b86db7c307f557867b0a64fb6

SHA256
bfae9760485c1d013fc3b58085a883447911f0aea09c7dffe6564f32af301ab0

SHA512
9708b26d14a1733b1edbf20f0201a2a4dff1d391000f6a5a8b64c72b6e988193e2e05ed623dd6ad972c3b313d5e3d941695208b8bd9cfcbf029a4917d7b1f923

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\bookmarkbackups\bookmarks-2024-12-25_11_nY2UnmWF4+eIKcjWweMRDQ==.jsonlz4

Filesize
1004B

MD5
580409605ef85cc2128425544df54d84

SHA1
324444a53dd6d0c6451f327dc2faf09c95e1a31d

SHA256
00f4c64feb590d8264a9bd4747b1edcade36bcaf70861ec0424163d24e97713c

SHA512
32ce3bafd40566af19718745d510153b1128c0c68db399d8fe9d3d7e38acf0589cc8bedc2f2a5e3caab8039826ce6a987c2cf30e0fff3d5dfb349171b9c326c1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
5695f33c5d646a9298ec0f6a2c73d6a3

SHA1
6cecaf7f923d41973e10dd2e9a4c6aa8d221585b

SHA256
1c1373b0f14941767879cb02ee6fedc8d40d4f66d69b09049e93e50a3d8a528a

SHA512
93a32d3aedec79387feab81d4fa5defb15ec080c275a92263fccd79cff0e2b49d7531793860182ad995248d7fb2aa892c9da5028db1a529ca5900581563458d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
1d386d6d0122a544d1164da69e7e43ea

SHA1
5ed521b723cf3ced4e728a0eeed87d7c38660efb

SHA256
b0d99a2c0382ab4de62da98ff859f8f410bdf2928fc347a88ed5d52dba7c1f8d

SHA512
0f815a05b227f8a30295787354303cc8aa6641f3ace29c5ec2e75e33d989119269579b77e7bef63b32e0e9ff238dc95cd58926da3ce104cafa5384285a956a83

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
9c0f49ebc485a7ee06b9a0bb411e0873

SHA1
56655464bd0b5ab34f71787262a666e3799d544b

SHA256
db432be6d366184a687752995989aac2ddc00d0287c07b23f471c6826768e76b

SHA512
2aea1b8931a34aaaaf7010476793370913b44da2af553b4cbdd243f1a1928e461c70b2494c4a1b2c42f82cff29062386c227e49d977f476ae2d859636e5d66f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
c8101f2d198cc11379de739df6234695

SHA1
8a9b035c1c46b3ed752f5937f5178f73e313ff04

SHA256
8cc87e1ee8499dac8a530db8b38723ec3359992ebb44ca5b88371d62d5df6cc6

SHA512
d93886da02fb84195e1246bc950c575b12b4162d3e523d20c83dc0de3eb22e1b7566e42dec6cf2c8adfa2dfbf85f3174dba3bd3694d03442a8339ecbf8c6ab21

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\datareporting\glean\db\data.safe.tmp

Filesize
83KB

MD5
0f6ed6432947ddc18d854283d7288392

SHA1
d8f74ef7243ca25f9784accdaf74b8146987c88d

SHA256
06f584d9e89b606cb153fa2d5e021b92e17e10c40d103690ef9f299ac87eedcc

SHA512
8283ca641062c3bf8185fb29e20a3d640a49c164295aa8af0ae2df08f3f40e09c78308807ba6dbe6a1056c39c1ef6143ce89ab17f8b3480146f93d0ba34e051e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\datareporting\glean\db\data.safe.tmp

Filesize
83KB

MD5
fd7aa41937df6e875de60495890a3db8

SHA1
05c15bcb3510495696ca0113c56437428ab9a563

SHA256
750067d13b84499abfe99b2b5e6efe4abdbd61d8d7c11f69b415a23eb0ac0120

SHA512
04db77031d94c9c702fd49ce7e472abe83e1976d6146cd2da86cfe77b900a82b8f3b346e22de884f2c04573eea5e6a2958ce944bb7125bb012b7ee8a3402cf5a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\datareporting\glean\pending_pings\56b255d5-60c1-4b06-9676-a012b81014a4

Filesize
2KB

MD5
7cb4684f48dedcb3b8ab03bf81ff5dc4

SHA1
dcefa6ce9d4ec70f898b9bb7702b121801098d5c

SHA256
8668e7030776728e92f6235896e723b0e284af00214b9c75a000c455a46268ff

SHA512
8228653c1748a7f99dd40fe6d60063f1802d909d8a958d49c1c8c6d3bf3485014173157782ed71de148cea6acaca8484a34a109d6e2fcd2551a52fc875f69e45

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\datareporting\glean\pending_pings\93c8abb2-3e7a-46bd-a96b-a7554a4a7e66

Filesize
846B

MD5
1a9944d1e45bf031c7ce870bec4d0e1e

SHA1
b7c18abb8329e938aa0b2475e0145937070965d4

SHA256
827b8f11c6789a3d6d88a7f79c9762a31d55cc6fd1c588c34d91e04f120c9a12

SHA512
43c43cb104cf3724920975b504d0b802083b9b18ef17b79134ea280190a171d6107c8a9550cd1c77b10360d5cd1091e1afd8dee24dced67669757a9177938313

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\datareporting\glean\pending_pings\960f5a11-0841-4c80-87f7-2ea1727afaa3

Filesize
982B

MD5
c3db3344b7d35c1a5b95c17a04201b7f

SHA1
951f0c128e7f8b6b636453178a7a1a914467b285

SHA256
42b7745d79e9a288392dfc273f82780107238db76033457868ef644a3527195e

SHA512
57cbcbc7c58f6acceaa2a56a55e5144197cf8fad5b63d5f0dbe3838eb0f7360630722182b01d7dc31801e0d40947391e1a42d6511c6feb0a3e8edebbf18c31de

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\datareporting\glean\pending_pings\c5a9c8e0-bc3a-4960-b4bb-34c691c775ed

Filesize
671B

MD5
8c9a88bdcbe3d3f8334c5730438a467b

SHA1
9c4237e84c8004b87a642c18daec455925c94277

SHA256
b208b562f82de9d8403fd00496e897efe0382f1e7561182388c03a784b139cc4

SHA512
d9c17a6b3ace0bdf3ac7b1b5fe0ce4dccf3e55483f7b39bfc9b27e2e544a7e4090d0a4335866eb652039848476afc3020f02525772bb00b1e4edb39e000211a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\datareporting\glean\pending_pings\fbf9c0cd-08dc-47fd-91ec-d91b3d3ec95f

Filesize
26KB

MD5
21ea38dbd2b0ae0b0a7f6a18099529dc

SHA1
fc950922e4a3a96472958193256fc3f656b983e4

SHA256
e1a4876a54033238baef4f1be98134f79d42d5b9a24bf9cd43cec49b70edd164

SHA512
ae89c76c9176e5c2fde2019ce15b31f7bfc14a86be74b656e4cc7a331e4951e9a4d238b6b7050707087098146130e541f77f97dbb7cfec9390fed6d883c3da16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\prefs-1.js

Filesize
10KB

MD5
0cba5f9586573c0d281beda874e712fd

SHA1
cd395ee0fceec5d20c3814aedf6be5faad29d671

SHA256
234f9204e2850f09667b85d33f55ffc3a50817cfc3596fb97ca95f5418bcdcd4

SHA512
571e9c6074123adb82ba9e885338379678986d0fedfdc2ab3b1a35b243971236752668036d689a7ec448290b8d77263d712b9ebf3b96631b422e07aaf5c66593

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\prefs-1.js

Filesize
11KB

MD5
81ba81855ef24870701382312d229d53

SHA1
1b4aec4f2fba2935d1d80d7c13aec8a3c5bb61a2

SHA256
d1864a1d31fc93406339b12f9b400b999c719fa25758f38d0a0b1410bb7bfed3

SHA512
c1dbfc22120493182c7ba596d871a1c71a4462525acc606b49b7b89a2ee78e41f2deb64dce20031956a9b142df743955bf76eeefffcb704c809086ebc06173ef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\prefs-1.js

Filesize
12KB

MD5
f15d686ae15070f69041cba52882a43c

SHA1
6b25f829f74994400ec3226cb52595850bd440ef

SHA256
77aae1eaa65636f9d6037c30966c1951710329b651ba290d9c6492f6dfe3321f

SHA512
82640a6bb6046711f8d67e3593a18df67e74ad8ac5fe7a1915ba5e7b065334e087d8e1b4955dcae62d1d52ebf4f58e5f7ed1e25c032fc9339eda296b5cadc3d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\prefs.js

Filesize
10KB

MD5
2f8be74419aef7dcd048d705848459f6

SHA1
d2c906ca164baa60f499edbd9fcf6d18395cf398

SHA256
d2d5c86112da1e3dca8daf5ceb2da6bea703a9c2ce0ce452ceac65aea5f6e98a

SHA512
98fe0d9e4d973f68d5f4af19d21b125a0dd1c3ad9ba1cef68780eff22f6817a92dc9cf7a681b1d27e29fff0bc4246a79e176c9dcb3b9e952138123d01f22aae6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
ef21885368acf09f84819b772570a642

SHA1
3b7bd06bd1fc2e61348063ce1296bce1ccc63195

SHA256
77a188dc9028996b1f7a58a109b3550d09f12aa5df92b6881870b3efd76f1979

SHA512
59aebd4352677d21da956dd759717f23e923a0f2a1afc457c88934ba67cca89ba66583265bde2ec612b5319359832452633797352eb5df5a36a65387bfaad773

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\sessionstore-backups\recovery.baklz4

Filesize
18KB

MD5
4b5397e99a43ccdc30b4e19258c278ee

SHA1
cf1101cf2861b8dae7a4604033a88a63eff63166

SHA256
c4c649438f4119b803770447f68f6d4a7d8fec4634884c96277d5f867c070481

SHA512
ac46e0e1614e8ede4271984dee824ec5aaba54860b7d19e96ed50e9be9c6c308cc62da0fb85d5c6cd52b99a3161763f76d57e8ea6b3a06b2005dd683a427b00a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\sessionstore-backups\recovery.baklz4

Filesize
18KB

MD5
fc714a05037a815c783bd1aa41efbaa7

SHA1
77e8324159fd453c9cbfdd6f17751fcebf5b5ad2

SHA256
831a36465b520ea71774c0e1b7fbada6fcca73d47dcde107da59c503260b6c5e

SHA512
5385eb9890ff086ea6b3988a023939a018127f2781d97f84cdd8733b0f5880f03911ce3b7e81b72363f857181380b6717a250e4654ab7985971e4574a2f1036e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\sessionstore-backups\recovery.baklz4

Filesize
17KB

MD5
74e61a3e2a4226061d613a4a4c2e992d

SHA1
6be757253456e722c6e5b2e7c95ebcf3c67a0dce

SHA256
162cac77284a3110927523aa616494d0425eb706d7a7b032221b58121b68deb9

SHA512
8a8e6029a4f5a7789d793673aea36f8a7b0a2a59f12668c1fb9fbc341d9ab8120f7c7201ffdd7cfd5913aaf137271ee0f4944e6d7eef650b43b2225a3ab96559

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\sessionstore-backups\recovery.baklz4

Filesize
18KB

MD5
4f6d85f6ff96c643d5f5282aa814b20e

SHA1
c632b46068b50861763af858ec08f86a4a933c59

SHA256
09a252aa60e114a472c1d2e3c320678c6a4216976229c1f5d38dea927587fe3d

SHA512
cf94cf317aacf7a361a4b8521c77ee8b319c2f4a0d0371157b69ef77952c0d8f6414ea81904e30e1dde01999ae3de8cfbcf7332c7e381697b71f5baf0084721a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\sessionstore-backups\recovery.baklz4

Filesize
58KB

MD5
2a5fe98801a6a20d253e957979a8c671

SHA1
8517d0e75f2e8bcf91ecd8a1b3cc68782eed8394

SHA256
774a0803132fb9c08039fa0a95d1a7fa879cef9251dca294e97cc3fe33d29e73

SHA512
48551d570c6a4064281c52a78fa55a1e9fd5b281afa5a0d824941c3b50f8d91a34aa3876d70636e7fb8cbe53d37074b8f25aa1adf448315e35c3b603fdab9b75

Download Submit
memory/1184-11-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1184-0-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1184-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/2604-9-0x0000000000400000-0x000000000068E000-memory.dmp

Filesize
2.6MB

Download
memory/2604-6-0x0000000000400000-0x000000000068E000-memory.dmp

Filesize
2.6MB

Download