banload | 871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845

Resubmissions

27-12-2024 19:40

241227-ydma1symep 10

27-12-2024 19:36

241227-yblayaykfy 10

Analysis

max time kernel
451s
max time network
508s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
27-12-2024 19:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
Size

3.9MB
MD5

415fdd816519e04471cdb6e54f7e7f95
SHA1

94b06d48ec16ac9411433624d5aa8eb98973c7d3
SHA256

871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845
SHA512

d7ff3e9a834ccde1f7e44268533dc42abc6af4b933e39c8ba6f2406975a4e6a8c60161e5a4b529fdcf87213b05827bc3b1789b65b977c8791151acc769e91d9a
SSDEEP

98304:RF8QUitE4iLqaPWGnEvK7RkOEEo+A7mOkO:RFQWEPnPBnEX3

Score

10^/10

banload discovery downloader dropper evasion ransomware trojan

Malware Config

Signatures

Banload
Banload variants download malicious files, then install and execute the files.
trojan dropper downloader banload
Banload family
banload

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe

Renames multiple (223) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Content.xml.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrdeulm.dat.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\CheckpointPing.ppsx.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\dicjp.dll.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lv-lv.dll.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml.tmp	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 37 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\MRUListEx = ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\ = "AudioCleanup Class"	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\InProcServer32	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
Key created	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	firefox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\InProcServer32\ThreadingModel = "Both"	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
Key created	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = 00000000ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	firefox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\InProcServer32\ = "%SystemRoot%\\SysWow64\\audioeng.dll"	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
Key created	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\NodeSlot = "3"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	firefox.exe

Suspicious behavior: EnumeratesProcesses 30 IoCs

pid	Process
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 25 IoCs

description	pid	Process
Token: 33	2900	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
Token: SeIncBasePriorityPrivilege	2900	871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
Token: SeDebugPrivilege	3892	taskmgr.exe
Token: SeSystemProfilePrivilege	3892	taskmgr.exe
Token: SeCreateGlobalPrivilege	3892	taskmgr.exe
Token: 33	3892	taskmgr.exe
Token: SeIncBasePriorityPrivilege	3892	taskmgr.exe
Token: SeDebugPrivilege	4872	firefox.exe
Token: SeDebugPrivilege	4872	firefox.exe
Token: SeDebugPrivilege	4872	firefox.exe
Token: SeDebugPrivilege	4872	firefox.exe
Token: SeDebugPrivilege	4872	firefox.exe
Token: SeDebugPrivilege	4872	firefox.exe
Token: SeDebugPrivilege	4872	firefox.exe
Token: SeDebugPrivilege	4872	firefox.exe
Token: SeDebugPrivilege	4872	firefox.exe
Token: SeDebugPrivilege	4872	firefox.exe
Token: SeDebugPrivilege	4872	firefox.exe
Token: SeDebugPrivilege	4872	firefox.exe
Token: SeDebugPrivilege	4872	firefox.exe
Token: SeDebugPrivilege	4872	firefox.exe
Token: SeDebugPrivilege	4872	firefox.exe
Token: SeDebugPrivilege	4872	firefox.exe
Token: SeDebugPrivilege	4872	firefox.exe
Token: SeDebugPrivilege	4872	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe
4872	firefox.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4872	firefox.exe
4872	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3336 wrote to memory of 4872	3336	firefox.exe	97
PID 3336 wrote to memory of 4872	3336	firefox.exe	97
PID 3336 wrote to memory of 4872	3336	firefox.exe	97
PID 3336 wrote to memory of 4872	3336	firefox.exe	97
PID 3336 wrote to memory of 4872	3336	firefox.exe	97
PID 3336 wrote to memory of 4872	3336	firefox.exe	97
PID 3336 wrote to memory of 4872	3336	firefox.exe	97
PID 3336 wrote to memory of 4872	3336	firefox.exe	97
PID 3336 wrote to memory of 4872	3336	firefox.exe	97
PID 3336 wrote to memory of 4872	3336	firefox.exe	97
PID 3336 wrote to memory of 4872	3336	firefox.exe	97
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 1140	4872	firefox.exe	98
PID 4872 wrote to memory of 2232	4872	firefox.exe	99
PID 4872 wrote to memory of 2232	4872	firefox.exe	99
PID 4872 wrote to memory of 2232	4872	firefox.exe	99
PID 4872 wrote to memory of 2232	4872	firefox.exe	99
PID 4872 wrote to memory of 2232	4872	firefox.exe	99
PID 4872 wrote to memory of 2232	4872	firefox.exe	99
PID 4872 wrote to memory of 2232	4872	firefox.exe	99
PID 4872 wrote to memory of 2232	4872	firefox.exe	99

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe
"C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2900

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2056

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3892

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3336
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 23839 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7916a10c-ca75-40f6-9256-128b5b4ada71} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" gpu
    3⤵
    PID:1140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2388 -parentBuildID 20240401114208 -prefsHandle 2380 -prefMapHandle 2376 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6cd6e33-0085-4143-8a71-1f178bb1434f} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" socket
    3⤵
    PID:2232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3004 -childID 1 -isForBrowser -prefsHandle 2944 -prefMapHandle 2980 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9572e0d-19d7-4a31-8f7a-aed55e3c1365} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" tab
    3⤵
    PID:2488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3744 -childID 2 -isForBrowser -prefsHandle 3692 -prefMapHandle 2720 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1899ccb6-0eb8-40e9-8535-eb40d0e57f3c} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" tab
    3⤵
    PID:3812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4552 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4640 -prefMapHandle 4636 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7fee594-6e87-4b23-835c-46e4e8264f3f} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" utility
    3⤵
    - Checks processor information in registry
    PID:1716
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5548 -childID 3 -isForBrowser -prefsHandle 5540 -prefMapHandle 5536 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7c472f7-9965-4f9d-8e7b-5b97956dd410} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" tab
    3⤵
    PID:1032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5700 -childID 4 -isForBrowser -prefsHandle 5708 -prefMapHandle 5716 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {17fcba6b-5fe4-425d-8a34-61611deb467f} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" tab
    3⤵
    PID:2540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5716 -childID 5 -isForBrowser -prefsHandle 6008 -prefMapHandle 6004 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a61c1c6b-30d5-45e0-a253-62ebf69d5249} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" tab
    3⤵
    PID:3200
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6204 -childID 6 -isForBrowser -prefsHandle 3620 -prefMapHandle 3616 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ac4362a-0f2b-422b-b9ec-7e9e823b75f8} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" tab
    3⤵
    PID:3408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3506525125-3566313221-3651816328-1000\desktop.ini.tmp

Filesize
4.0MB

MD5
0cb42b426a7a6cdd68658ce5e9e55ff6

SHA1
a5f61b5c6eb23444287bd8d8d502a71148af978e

SHA256
f4f97dcdd5c0e3a336f81f3efe29839011b8c7716b28451c876335e4ada40e3c

SHA512
d3913acf177bf4f7033a3ecc781504cde730e273df29d606f6f42ac5bade9f63f7f7bc8bc6bfbf3802d78b0fcad2eca7ba9d0500e90bfc0331b792be577b53e4

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
4.1MB

MD5
fc1c40e62f53d33947e2823034f1ba75

SHA1
a8063945125b8912a8e967ba39a827be18fc7299

SHA256
92da4f1a505acc8700a9c619a95eb22387e039a919b79b99416bcfeb45d17a1d

SHA512
71dc49b3bdc60109a93974293ba8dcc622d2a577badaebd19374a00137b23330f4773aa2a73b1efb63e9594dbea5db195aae1d09ec624c073f0ba2a6de98d3ba

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\06A60D100466E0B0DC9504CD299CE7E39517DDC1

Filesize
37KB

MD5
5680527314cd88c891266a684c54b76d

SHA1
c10dd445bcd19c7f797c25a9b9c552a5ba546745

SHA256
b88c7c08c9c9549cc80217bb5d156358404b36c4fdba6b330de74cdaf4d53bc1

SHA512
6d8004df28108b36bfcd48e3bcbb5e1c72a5248b554acd088f2e6a955a3584f38b3576ad3f77b9fbaf3cfb6acdfb445e8cc6fe77410d64b709b28723efbed920

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\1373CF221AD24F5DBC9458BAEE0DD12F7C3FF170

Filesize
10KB

MD5
176e48b8170b233a16ff811e0b34c4a1

SHA1
870fdc5c4ea6e298d01cac4cf81e516f37ec394c

SHA256
cb67b70b24dacda031a9588588ea7da82da6748158f77d09a2e944c4d4d215ac

SHA512
11d72198172207c0a69aaea839ffe7f7ef264b2e3339a576f561aaa528ca17c1e4ac2ee7c76dba1dc6faabfc37cadc6958048d435e09f6590afddf26f03929fe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\1BF9132EC0EECA3FD21E9310764C69E1F15A4868

Filesize
9KB

MD5
5b0552891e061ce4953ad6e5abf8b7e0

SHA1
34968e592252f82d71dca6aa6d8e21bb6f5154f3

SHA256
d3fd7f87a9168ac9e934a0cd25202f77de92de1a2c26f61b179d127e88596382

SHA512
02f1e745532c5fb9f152708d6cba6d521f8ae25c854124950b1abf10e70c37ef16a451586fa75f4a9f9c5bf72cdd61e19dac2ae036b24c2bd44691ea0592b074

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\1F975DAE18E9A263C5E40EC8741AEBDA1AA51FC9

Filesize
10KB

MD5
d441cbe231e5ebd36e1a9cf0ac57ef88

SHA1
37a4eda670552c989407e66e75e623a3a5a1a3f5

SHA256
dc13b873f878888380c1782761677565e583b846634d531f61f23e9c81477ba6

SHA512
06d312357f9feaa1f4c345d1e95e30e328aef3e19bba33b75cc88f1b166a026737f722cc3bff6ac94d54b7cb684412d3a776bdface6d355a15a75895bf013ea0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\1F985F786755F24F24D72BC7472A332D1919A4E2

Filesize
61KB

MD5
bd345f76191d92c8fb678411140e4ec3

SHA1
992a20d6dded237616468ace604677adb5762549

SHA256
2940b2c5f90606f4f7d8a9b7bd291473271add88a514e0393771b52c0563e35c

SHA512
72af4f93ffb82284014dc8230327d0b36ad60af6213d969faeae2a428b610b29ac0cb2400f3f6579bda2021f6ffee212263bb4e1d84dd250a2f07c5c0d8ab72a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\2AF97E86E728D4EA358DA0A881E6FB3D285B8E20

Filesize
9KB

MD5
04f4af69b9f8a2b018fcda5aa51ed9ab

SHA1
913438831452a618d631a7bac050e2548f561fb7

SHA256
17d555d11ccf23bceb36bcb44abe978eb9c3b603c5132954ea0fe2f11e866427

SHA512
bcfabed59cddfbf7714ba93a1f97472f64fe5f67c30f9ac567e20339640a7ad35a4d75870ad518129e8baf5111191a215452c0f877ac6d8525619b7a006b8e24

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\2C89E1E4FB06C5BD0CEF5227A1276667F9B4E7E6

Filesize
26KB

MD5
391afcb3e8fe791c38547b50dd540b4c

SHA1
8763a54dc6c94272746474ec3b9b75287ea65994

SHA256
d08689f9436cb8ae8b2528184afda0d068bbd2add7cdd71cfb92684dcf59364c

SHA512
085d59bd2ebe722dbe5006e12bbb9d6535e67ed768971fb1553d3d3dcd1372369a043ce2fd5f949209cf1b7cf3320f8b24391efd47f84947fe6bbfdef5abb0bd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\2CB91E88BBF96FED5248D921733AE0E26DA9E5C1

Filesize
6KB

MD5
7e3a992239b426793a28660f48517396

SHA1
298e7b10371d4274898bde9b5f1d0c95b5c21d91

SHA256
4cac399017d31913b1f57729397698d3c3b92d4579e0f2b6810665544ef447ad

SHA512
dee4d751d55f74c8cd800fd0bd5a3113c10525901bd4d39ab4cad95ed1b4a24cce6cdf5cd9b9a067cec0bbdea7792b0dadaa156651310f98edaece71276f2991

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\44450B0E22C191D79C2203C6376F0C6BD8BFB524

Filesize
14KB

MD5
abb11957bb784d074159e1308ba1b5a0

SHA1
1692b6cc12d9dc12180e694b49219ab64b2a2299

SHA256
89585b9146fc3b7702c54f00ae7bc66a119191c993f6c836bd7df0472ef47d3a

SHA512
7bef6c0d1f1425006f40a901fab81c25539eac54114b24a775efbc1ba26f71f5c0343ba6f830f79e1e8bd050756fecbcf17120fcfaf1b1a3adebe135525ec1d8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\451CC85102D20419DA9C5E7A67BBAE272AC23331

Filesize
54KB

MD5
ecfbee5a550bc2557519f9eb72aa4930

SHA1
fbc1a4541e748dbfd5475136257263954c68271a

SHA256
412f2f783699678ea3fd71f909a96f1d2a8297d9b8f109cb3d2885f0c54e6b2a

SHA512
337121c46db8a9aef94fe5b4d2592d4e953cc0d2f918592a45de1ad3e7402568c052ed5bd65fbf20f84aa6de5363d4abab0ab0327b0b8413972ab1dc3ba5ead4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\5A105639379B324B9B590643D674196AE88A7FB6

Filesize
7KB

MD5
500e15da36a7db88225d7ff462f06e2e

SHA1
75297f0314948ce4ff6be02753f97033e591b74b

SHA256
8013ec4d8e18cd23896e13668395c8e383ac9c86b1984dd2ed6f1f65d76399ec

SHA512
7d8cb900ebf718a9594486349f0c9764f58b8ef4fc6c7feefdeb058bfe98d59e598790fbaa29486b5f6774b91bec48de23e75e624f61f9d5bf9ef433cfb6839a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\67367B7352F22EE63734BD68CF9B59CC86D2347B

Filesize
117KB

MD5
74f84bfa93679f8be19e6410d6235ec2

SHA1
beb61fe549730c85efe61598007e75a1571e3358

SHA256
2ba4eaf968b97ede5ae51db1a9997498a08af64845d109978ac62738f3018727

SHA512
74424c7c3daa2d35b6c77792e7e6fd0f3b0457edc9dd271a92f71b6f7bf2a13e08a7897c1581c4bbee22b1c469926df83f4b43c4bf9ee3fe88ac0e913cfbbded

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\A63379C01D4293AF6EE48CC93E37604BCBC4F189

Filesize
9KB

MD5
f10d3a26cc2dd3230d215219a7c82d08

SHA1
2e380f8723ca0139d19d4f700b3721358cf525a7

SHA256
6b661f39bae8e905f251eb7a76d539126b0ca259d6e8b10b4ff286a9db3bd610

SHA512
26ceb59893a14ba86e1c48a81e16a541c480ed33a98ae329dfee1a6b30ac12f97304517187b4bcb5c7479133b2a668039e30c9d8c2705f5e86d0f98bc519e129

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\B9D0DD02E01FC7C5DE728097C2026E9EAE2B2C8F

Filesize
15KB

MD5
4a991236181597b9f52f8730997fa753

SHA1
d42100583f855a49e5249c11cbbeeaa780522def

SHA256
71d820521cc6b4dbc75d05ea878772a8996abda4f0058d62f0f91c79c3c1374f

SHA512
260884e6be0242ce52f01e5ff4f209e2243ca4a54e2e822d58224bfe30a25536d4fbba2b056515c018a7252c841a6edd4bdf890845c742ab6ea7f16cb79c811e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\CF6596CD129D6D759784BC710B65AF805A51F79D

Filesize
20KB

MD5
e49412c16ae35fac49e8c343fd9cd37a

SHA1
13b1ac3dbcb662a61206cf2dbab9ccfcc85889c5

SHA256
dc3b4c4648705260e9fca463abc8b80b0b1ece3bc163c8ba998a90b3c2696ce1

SHA512
178469dd0386fa6770885c039603b32f0a98a59e0dcb27bc5f4b01bd3f2deac1bdcefb83c6ee2192ccac45540833d8c196979117acf7fedb4fc78a369dde3ebc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\D5C5E6DC1FC7F825918D054820FA392318ED8A3A

Filesize
8KB

MD5
2fa571c5f860d567bf5d3b11fb76c9b0

SHA1
f7a9dda4b4c16d405b507671b1440c26023cc126

SHA256
20db11556baf3d54dfc9cfbb0d46cc47752caa4bff873331cdd5b0455abc7ad9

SHA512
ba001a4d2fe32acd20fefdd3306b782aefbc7fa635514e3177c6074694844cc48b93c093fd12e9f051e8f2e6b5b7ecd5bdfbef69f859f2c043b6d6ed83d1a83c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\DC64361F24B744983F39111AEBC117009E6B0246

Filesize
75KB

MD5
9221df0608747ec71bd81c0400c4d6c9

SHA1
a263d754bbfd0d36e5587837cb7e62329c9446bc

SHA256
22eccd43d10b0041ebc4b844dd336e89ee3240547177ee6af3fcbba8d1df24f2

SHA512
8de4a66f2ef7dc6f2e9761a2b3f677eb4b158ed76691d82c5a6f3ed88561bb3e4010713e3f83047c64f41bb9e8f2f63a64ff3508189af452eb92f8ad58048da9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\DDB5B4BEB749F4D666B8E5AE87A13DC169D1A2AC

Filesize
6KB

MD5
32ee490df78955d75db56d97bbbf5d66

SHA1
de26ab6eee65617f4bd78daea63d0ef07331cadb

SHA256
39ab7b7dd365ece8a93b6a950754e138a0f802c206a8a1cf7bdb4cf1e761a5ac

SHA512
93a497b910cc5cc673e0a4b24170d86c22a029b2b9b69b3c5ee60070ca8f1e9d455d9c8385939aff74e2e0e872521b04039d5a236d973ccf51bda80c01da59dc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\E5D947F085A4F15FB233784884B4D57C676542AD

Filesize
12KB

MD5
0044d4073eaab30bdb579ea67310adc8

SHA1
9e576b74bd9a619878e87e301fd9343b8fe0647d

SHA256
79741e0dc2839d70d9bbd313ac768ca75943dec2be1cd155d7a4dee5e7b95aa0

SHA512
7a0117d661dd095730590dc617183693d363f4b2a089a1a2ab7d6af25b5df98af3381857195f503ca881abc990b278148815aebadffa9f71e3a4ea48150c482c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\EEB213332F00D7E90F2817ECDF52599D30285B94

Filesize
13KB

MD5
a1b8d8867298ecf0006c49d008cc03d5

SHA1
7a12dfbe6a4a8ae435e800b4de759d39b7e7810b

SHA256
90998ba3081f39aa1888fe60225339b8331e6e59d5f7ea3aff592aa411f369d6

SHA512
5979c055f6f7e1884c790a62254d6d928ab57740f8ce484daf4dabe2136f7360e6fd1a6048c03709560c80ec8536391b10db1b5873b416157d968af2ea8b0b8d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\F6CBF320BD88C4B978381E382937366DF90D2164

Filesize
12KB

MD5
7791f6a942d6f160e6004445e72fcedb

SHA1
b55b919291ac60540bbf91a4eae4d653662d86e4

SHA256
7d3d4457eeac4746a7a740c65fc641517b24ec85e19579d8e8d19c41190614ef

SHA512
43f439ffb4a862f9d41cf5be810d513ef2ec0411d8e8802a38231607f29d0ad12aea917387a10dc71a7c86db342c6c0b04db5ef17e3fdb54981efa056f36017a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\FE88D4CD93238EF2DFDC3E9BB0EE799C9FB22074

Filesize
73KB

MD5
c99e57e41f982b851dfbae6077dab756

SHA1
acec612510f5dfc7f68ae41fed720181affa23f6

SHA256
6b10d7a21a66b93d2f4d8268bef7c468684fe1d7731727b7cb33c5cfefbd85e5

SHA512
b0e98e5e8fab1270886d851822664b8e8d8bace488d25c0c3cc4d3c98e06fec7eb7f8e3f36c8ee072c5a57330761761ffe107d7bd222a122f244bf6d481a6069

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\8T0WSF8AWEPDZSQOGKVI.temp

Filesize
9KB

MD5
41d78e686eed83f499b87c2322c67c11

SHA1
55d039e441a4ed44810c9a2895e9233099ff4e40

SHA256
0738e5ac0d1bba196beb286628640bfae8ba1f62f6f43553a511e34e60786360

SHA512
aa439b6070d78dcfbde765b2cede98c067ccd80bcec8fb2a971f301e9f37771a1630c84e3b444fd73bb92db13dbc3a52885489ecc2a0c84fcb73c84029f43bf5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\AlternateServices.bin

Filesize
8KB

MD5
c0c6ef15c7a6a181fc03546fa7ae0c55

SHA1
d25fc6aeff136bf6e2ea8a27be23d7cb7871b050

SHA256
02970f8c98804c45ad6fee655bbd5a6deb602c0286ec653151b142db2219949f

SHA512
031798598771401b1108c99806cadc0e0268c95b0b02bca0925e8be2eea368cd599c91084ffce1b5bfde357a897e8e5a36141f4ff273d183b7b2695bf082a67f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\AlternateServices.bin

Filesize
12KB

MD5
820cf6695c1b92145a7f9dfc9d52e390

SHA1
f126f54384f2d0e09107aa38d94e3af3c0a9fea9

SHA256
5b9ae9baf188ed2e4226b7d906e1a2a8665b94e7369fbb528d095c9c310c3644

SHA512
8629e49d84d89af5721c19637666c37a6dc46734d3934f5415aa92379d83bdd0e103578f318854944110dc4cc82f0fd4743756db37f5ab9345d856605456f7e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\bookmarkbackups\bookmarks-2024-12-27_11_+6JCK70mT+cI1dXbESGNHg==.jsonlz4

Filesize
1011B

MD5
1c205a834ac9eddd9dcc7eedff1fab60

SHA1
169ea0f34063cbf4f2f66d3fcfb5bc585bbf85eb

SHA256
310e2fdaf46c5f3a182064187184702503542beabcfd4ab8c67978415a63ff3b

SHA512
e2541436985975039fb8d10e369e0acf33bc01823951da91cf6db6ebee890dc0c284a02f23938c4e0145a242a70b3a5f54aab24ebf1787acd1c810e059078313

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
8194009b58f13c865a593a160da2baf0

SHA1
a4d7c07d4a3bd9cb45ab835b6575fc41409aab2c

SHA256
26d5d2874e1a31b9083a13c69e1c4533c7006bee820b01ff4a832852e4bac368

SHA512
0557387e95c52958c346955716d4dccf2f7152ae38c8594ed6e63b16768eaf3055a4ec9d51a9790ff94f37b014d771954a57ebeb70efe77313239a7c8a2f625b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
15e8497d1e52699c1bc3f046d1e3d385

SHA1
de6534d83abc9be0359bb69725d1ce4d6c5c5128

SHA256
ed1ebbf35ab4f838d72490068d6f229ce850deff0e1f334748d601f966b06746

SHA512
31ee81925f38043f8f185d214d66e5b5e6d5a53c88b8c0390cc03c6edcc6438a14bb22602c5b4ee73a45460696ff70ba8b4fe4c645ef0020759bb976b14fa606

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\datareporting\glean\db\data.safe.tmp

Filesize
41KB

MD5
326a4670fde70b3e4ace352fdceff7ba

SHA1
d991d6bf29b296a657399bfe6facd2185b06bec4

SHA256
9949f3a7e2f1eeebc3aad8014f4bfb745066b624b32e7e4bda5488f91b59d547

SHA512
e9f4635abcd4b198d10b1e348faa6469f24153182c4cc3bbdc28a1106042b158a8c2880095c1e6f85f34c8bc9b944e49690dc79564a53ff52a20aaa8feebb2a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\datareporting\glean\db\data.safe.tmp

Filesize
41KB

MD5
eaf765e45539b485e067bee3c5d1b765

SHA1
eaa655e8467f8b14ad235f41855cf377edd902e7

SHA256
609e2e704ba6fdf0ecc02c68d131d4f7737e3d7926e281dd85491a06306f13cd

SHA512
e67aaae62b9de7c0b8572a8570344fc63f19b7fa78b6ed8c0a4194d5341b3708ba52b5ede3718e3a2114afe59506b5911d61b45ae3b5b570309a5e430353c345

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
db068d35e76fcf90b16e6c02b00d4fb4

SHA1
0d8f19946fa56d177b95275b92305b007aec67bf

SHA256
416d0e1d47a1c3cbfa948521a18d11cd4a7ae17cb521070db7a2009fcb5083dd

SHA512
4815371e5ff03896a8d4aab46b74424b1c7eba307862be38a9833a358d228eb61c501e02b4e06e39f77961dae25ee5e36d59797c81b96ebfec45f1e935d1a671

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\datareporting\glean\pending_pings\3f9183f9-34f7-4f87-805c-7484709d09e0

Filesize
671B

MD5
8e46ebe39f4f1c47ffc3ce446757ebfa

SHA1
f4a1bbe03e8ce8cd7ffb8653aa7195e4c8566264

SHA256
2300400308f297bb77e6bdfce2b435d2a496f1467d973a1b025e76236d3ffd3b

SHA512
aa1db00b2be6bbb31396bc5bc5ee277e06e288e26d0c7228d831a5a32ec2661cf795e73fa641ca16082e87d4dd1566aa6b204d8725337fe5ef315491e2fa461b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\datareporting\glean\pending_pings\43400a3c-4877-439e-8c11-7bc2b59e7b60

Filesize
982B

MD5
7c634180ba933b61e895bf489af51182

SHA1
e63bc37bab18b54dac48e89970f264dfe82ec38b

SHA256
839f233f7d526c92df35ddddc74e8096603f8309f6e37b2520ad63f9d55a1f5b

SHA512
43643e8968489d711909a776fb31fcde38c1350bb4ee2afea1763bf45f37b40c2a91b527fc1fe8179dbb040d5ce4fdc6427adfaabf19745579b320b2f637714e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\datareporting\glean\pending_pings\cebf7af9-8256-499f-8a7c-90584cafdff1

Filesize
26KB

MD5
a892eeaa835d8f6f14d9f313d9fef57e

SHA1
d8e8035634f75708fcd194f358f588e5d8db78ba

SHA256
2640ce75b8236f53921ccc9d0eb5b552a0745e8d02a00c2c2a95bdef0bc50ddd

SHA512
150013d9cd4881cee346a351e4d7db9f787cffa9d72d567d4fb0388101950a3ccb58e31484c8ed416819dbfe0cb288ee33b4c451373722814a58f10c428480d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\prefs-1.js

Filesize
10KB

MD5
8c1826e29ad3f5286a15bd206989be98

SHA1
c3715a0caea651d5f05ea824683f6579b5868e48

SHA256
66790a333674f393fc19f48d5beff8fdbdc8f148c052da003e8b121f776084ec

SHA512
28d430b62bf10badfd1f87d13c519446e2f2a27d33eaf22d93b55fe261e30c3c16bc470a529ce3976979eac0745135869cd35b2493b1f8077dc3328a5a3025b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\prefs-1.js

Filesize
12KB

MD5
4798324622f769017b2798ffe9f07fa2

SHA1
0a991a73581b671c4ce3e75c839216ec5b0d2a10

SHA256
fa268b1a40965da7be7a031d41b4f465618badfa551a27ac113b274fb2d24441

SHA512
035c9c01d0d79a9a8a5f5542934a067fed722b986efea3744285dfa9fac05d6916fd33d1492e55c2efa4cfc6cbc6bb60ff6dbf3b144a645f928ee19d978463d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\prefs-1.js

Filesize
11KB

MD5
e79915a43fdfe4774382e47c5c581998

SHA1
28347e6401c422972a9fc5078d029b8557b4aa58

SHA256
24df69fa91374f2dd5e05346569826173b67d6458379d1b1af99d240ba37335f

SHA512
a655fc1b46ae077cc0dc529b9775ffee51793f0018964613e07899aab9432b7ad2d486d7ef443c88a75b09be133cad074da6869ea91e10b1c5dbbd04bc0dbf99

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\prefs.js

Filesize
10KB

MD5
fa0d84b0e10e1d3fa39ad817bc2189c3

SHA1
3e007d46fdc534d229a95d2ce2098a8eef288363

SHA256
105454d4227d5ad2bcc34dd1258501eee96384751b39b6442081ea791a8b99be

SHA512
696b877cd21f35830e7bd6cfd13882dc07558efd5880efdb70a9f915cbadc38ba75ec0e976a4c276e046485bdbc6ff2ab38b887e537edb007f3b42f2b8738139

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
af054d00db3aa67a9e059743c3611771

SHA1
3fb2199a8612151ef48daf86adf920ca66d33ade

SHA256
ba22b3e4b1937127c33a71c68466e71b527c334cbd50790b543335576e7e2ecc

SHA512
577abbba53a651c31972746955318e64aa245cce8b3cbcc3a8c1cd908731b3af3a6240ca869a9f4e843d9844b2f4d45e217f304c090df8d7a50046b447e5958e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
1ed38b880e931d0eda747f6f0b90ce76

SHA1
8f11d104686df5b7e1f2abf164ce2f1433cc3d88

SHA256
eeb1512c68c4884955d5785078198c8cc4af18a82315a93cca6cc76e9f4d1c49

SHA512
05401ad71156e480e46d7e1888f44c60a1ba23dcd394cf8e3609037b8fc13999db6a464fcfa57ec4e7a1354c12651c5f95d736eed3b3228b5ab1969f5413cd20

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
1a4ba34e348e54d92c403bf5348c0da2

SHA1
acd4e5f1a250c27e9247a01c3f043cbc7815c90b

SHA256
130675758a673ca392747161cfb1f357c2ee5886388cc57074a9c21ff171894d

SHA512
e07086d34a361b516642e5f6ac562b3d58d12c97e06244bc0e10c63762bf34fbef009097fddadb8d7a88d81837d914c5bfd53124907f1a21ab51f897f8f080e8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
7966ff4227cc189fa95ea25d7580fcd4

SHA1
73149d84487354f2a6acdf32172ebf359f23d924

SHA256
71df1de6b5d19328891858469daa1f4ee5149355bb1532463986f5f365eddfd7

SHA512
8e1037bf3ea647c77fb73143a346c202fd550f00c07144a498faa8e0d041f998f546f417518676910f6b05b1e0e1f10d1e0dd05db7bd3a0c4aac8b4c3b21618f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
608KB

MD5
7616696a55627938f278d2162afa874d

SHA1
28f96a2e6121126568f6cdccacb9f01fd49a3a98

SHA256
009912deeb1f0c3f03408ff5f99ede585fc67a5295218e8aad9d9dfc3bac6784

SHA512
44b117a0d404ed2d3a477ce3e1b2121eb057c15f6923e5f756a1f2389a2c776bf73e623d1d7771605a2fca473039ef4714737b3afb5314efaf590f2757306d0f

Download Submit
memory/2900-110-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2900-13-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2900-2-0x00000000052F0000-0x00000000054FC000-memory.dmp

Filesize
2.0MB

Download
memory/2900-9-0x00000000052F0000-0x00000000054FC000-memory.dmp

Filesize
2.0MB

Download
memory/2900-0-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2900-12-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2900-14-0x00000000052F0000-0x00000000054FC000-memory.dmp

Filesize
2.0MB

Download
memory/2900-40-0x00000000052F0000-0x00000000054FC000-memory.dmp

Filesize
2.0MB

Download
memory/2900-41-0x00000000052F0000-0x00000000054FC000-memory.dmp

Filesize
2.0MB

Download
memory/2900-836-0x00000000052F0000-0x00000000054FC000-memory.dmp

Filesize
2.0MB

Download
memory/2900-124-0x00000000052F0000-0x00000000054FC000-memory.dmp

Filesize
2.0MB

Download
memory/3892-627-0x000002AD3A190000-0x000002AD3A191000-memory.dmp

Filesize
4KB

Download
memory/3892-626-0x000002AD3A190000-0x000002AD3A191000-memory.dmp

Filesize
4KB

Download
memory/3892-625-0x000002AD3A190000-0x000002AD3A191000-memory.dmp

Filesize
4KB

Download
memory/3892-633-0x000002AD3A190000-0x000002AD3A191000-memory.dmp

Filesize
4KB

Download
memory/3892-639-0x000002AD3A190000-0x000002AD3A191000-memory.dmp

Filesize
4KB

Download
memory/3892-634-0x000002AD3A190000-0x000002AD3A191000-memory.dmp

Filesize
4KB

Download
memory/3892-638-0x000002AD3A190000-0x000002AD3A191000-memory.dmp

Filesize
4KB

Download
memory/3892-637-0x000002AD3A190000-0x000002AD3A191000-memory.dmp

Filesize
4KB

Download
memory/3892-636-0x000002AD3A190000-0x000002AD3A191000-memory.dmp

Filesize
4KB

Download
memory/3892-635-0x000002AD3A190000-0x000002AD3A191000-memory.dmp

Filesize
4KB

Download