4c89fb5adfd57df9fbf7099ac67c50795119751cbf0279615b9c83bf2ef32045

Analysis

max time kernel
75s
max time network
70s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
01/03/2025, 07:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

yearly.exe
Size

544KB
MD5

405bd4f52fccfdb215505e649f4cdcee
SHA1

0529fee6eec9347929873d9599ac0d6487cf3681
SHA256

4c89fb5adfd57df9fbf7099ac67c50795119751cbf0279615b9c83bf2ef32045
SHA512

fedcb47b27e35649522e3753074f7bb2902c42e43624269e1fdf817951380849d670a40cade09a1a4d9b4e6de063cc2cf0da6990d6bf7ebdd0ccbcd7a860c5dc
SSDEEP

12288:vtQxbHmk1wlpz8jX3rCXCXkiXcl6XErJUZFA0NY3iCtedUSenM:vCpxwlpz8jX7CXCXkSVX+iAm3EM

Score

7^/10

credential_access discovery spyware stealer

Malware Config

Signatures

Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
credential_access stealer

Credentials In Files
T1552.001

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	yearly.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2786730451-600132509-465537259-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2786730451-600132509-465537259-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.WindowsTerminal_8wekyb3d8bbwe\StartTerminalOnLoginTask	taskmgr.exe
Key created	\REGISTRY\USER\S-1-5-21-2786730451-600132509-465537259-1000_Classes\Local Settings	taskmgr.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2786730451-600132509-465537259-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2786730451-600132509-465537259-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2786730451-600132509-465537259-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2464	yearly.exe
2464	yearly.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	3680	firefox.exe
Token: SeDebugPrivilege	3680	firefox.exe
Token: SeDebugPrivilege	4620	taskmgr.exe
Token: SeSystemProfilePrivilege	4620	taskmgr.exe
Token: SeCreateGlobalPrivilege	4620	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3680	firefox.exe
3680	firefox.exe
3680	firefox.exe
3680	firefox.exe
3680	firefox.exe
3680	firefox.exe
3680	firefox.exe
3680	firefox.exe
3680	firefox.exe
3680	firefox.exe
3680	firefox.exe
3680	firefox.exe
3680	firefox.exe
3680	firefox.exe
3680	firefox.exe
3680	firefox.exe
3680	firefox.exe
3680	firefox.exe
3680	firefox.exe
3680	firefox.exe
3680	firefox.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe

Suspicious use of SendNotifyMessage 52 IoCs

pid	Process
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe
4620	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3680	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1424 wrote to memory of 3680	1424	firefox.exe	84
PID 1424 wrote to memory of 3680	1424	firefox.exe	84
PID 1424 wrote to memory of 3680	1424	firefox.exe	84
PID 1424 wrote to memory of 3680	1424	firefox.exe	84
PID 1424 wrote to memory of 3680	1424	firefox.exe	84
PID 1424 wrote to memory of 3680	1424	firefox.exe	84
PID 1424 wrote to memory of 3680	1424	firefox.exe	84
PID 1424 wrote to memory of 3680	1424	firefox.exe	84
PID 1424 wrote to memory of 3680	1424	firefox.exe	84
PID 1424 wrote to memory of 3680	1424	firefox.exe	84
PID 1424 wrote to memory of 3680	1424	firefox.exe	84
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 2748	3680	firefox.exe	85
PID 3680 wrote to memory of 4244	3680	firefox.exe	86
PID 3680 wrote to memory of 4244	3680	firefox.exe	86
PID 3680 wrote to memory of 4244	3680	firefox.exe	86
PID 3680 wrote to memory of 4244	3680	firefox.exe	86
PID 3680 wrote to memory of 4244	3680	firefox.exe	86
PID 3680 wrote to memory of 4244	3680	firefox.exe	86
PID 3680 wrote to memory of 4244	3680	firefox.exe	86
PID 3680 wrote to memory of 4244	3680	firefox.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\yearly.exe
"C:\Users\Admin\AppData\Local\Temp\yearly.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2464

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1424
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3680
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1976 -parentBuildID 20240401114208 -prefsHandle 1908 -prefMapHandle 1836 -prefsLen 27133 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {742b35ee-052f-4886-8b60-0b5218a00262} 3680 "\\.\pipe\gecko-crash-server-pipe.3680" gpu
    3⤵
    PID:2748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2364 -prefMapHandle 2360 -prefsLen 27011 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {896fbe80-66d7-444c-a346-6a1a22ebd2bf} 3680 "\\.\pipe\gecko-crash-server-pipe.3680" socket
    3⤵
    PID:4244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2884 -childID 1 -isForBrowser -prefsHandle 2908 -prefMapHandle 2756 -prefsLen 22636 -prefMapSize 244628 -jsInitHandle 1048 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0812252-c06a-4836-b756-1ee63b767d2c} 3680 "\\.\pipe\gecko-crash-server-pipe.3680" tab
    3⤵
    PID:1224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4024 -childID 2 -isForBrowser -prefsHandle 2536 -prefMapHandle 2524 -prefsLen 32385 -prefMapSize 244628 -jsInitHandle 1048 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3cb93c77-9ae7-4807-bab4-20675fa820e7} 3680 "\\.\pipe\gecko-crash-server-pipe.3680" tab
    3⤵
    PID:672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4812 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 3876 -prefMapHandle 4792 -prefsLen 32385 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6627f60-700c-4384-87d6-72faae0fd5bc} 3680 "\\.\pipe\gecko-crash-server-pipe.3680" utility
    3⤵
    - Checks processor information in registry
    PID:1596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5544 -childID 3 -isForBrowser -prefsHandle 5508 -prefMapHandle 5092 -prefsLen 27114 -prefMapSize 244628 -jsInitHandle 1048 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f00557a3-6c22-4f56-a89e-cd241a0df78f} 3680 "\\.\pipe\gecko-crash-server-pipe.3680" tab
    3⤵
    PID:5812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5688 -childID 4 -isForBrowser -prefsHandle 5696 -prefMapHandle 5700 -prefsLen 27114 -prefMapSize 244628 -jsInitHandle 1048 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3f5b1b0-e2dc-4a9d-83c9-db443cf31086} 3680 "\\.\pipe\gecko-crash-server-pipe.3680" tab
    3⤵
    PID:5828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5948 -childID 5 -isForBrowser -prefsHandle 5956 -prefMapHandle 5960 -prefsLen 27114 -prefMapSize 244628 -jsInitHandle 1048 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a832edf-85d3-4a7e-9822-b678c8031d5b} 3680 "\\.\pipe\gecko-crash-server-pipe.3680" tab
    3⤵
    PID:5952

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:3100

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4620

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zu7xb6nh.default-release\activity-stream.discovery_stream.json

Filesize
21KB

MD5
1c416f4a741d445b2508d7f082d984c8

SHA1
5efa4f3cffe05cb7ff8941f514d40f964f5c4280

SHA256
13d2b61abd88df632e9a0d282d3087b151b11526250c9582a89d19e858ca8faa

SHA512
3aae17cdee969544f8bf2acf805d03e02676a8e6e4b4e40f00ccd3a30deebd616282213fec657ef52d3545363862fc5226a43bd12b97e344cc07305223d8e965

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\b09d6b1f-c7dc-43ab-b289-18696f7308f8.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zu7xb6nh.default-release\AlternateServices.bin

Filesize
8KB

MD5
fada3f9cb80436de6dbb30aed7437b56

SHA1
cd0fab15007ac2deb6b899ab1c9bc409fc5f9532

SHA256
243dd3c91168cb23532674a26291c6bde935598ab23c4e60b001eac3586d124c

SHA512
60fdac18665226c5bec677d5b46d87d227decbeacfdde028a161386cb12b98037d94e7e4a1a0ae245d95ca650a5d6b8f88b96c3f3f5925053aa94634d6531451

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zu7xb6nh.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
2e25552bee12254346b21440d0763f0c

SHA1
23246557c726d888ede554692f26f099edba8578

SHA256
592e991509923ac77e3400d440de5251ed349855586a9d97cd70217b24c90ae8

SHA512
2795df0e358426cf846ee12f97098c7142145982194cdb141b3169810ebc76a3cd819116aea7784c170653545a47d384538caa29bd8f3c98c82662d22c930289

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zu7xb6nh.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
aa424991634295672488209d0464e1a4

SHA1
f3f77fec5fb9ff1376d81bbe139e292bb98f72c0

SHA256
04a27862d129c77551c4f357409fc9e2ded53f005cb730776e403a75cb5ebcea

SHA512
d01fc11ef9ad04bc1337244d8787281fcac808e6c00d6b456e7e7274980373c155377b1932422d91db5a806971a332658d626539cf513fd893c02fb9894ecaaf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zu7xb6nh.default-release\datareporting\glean\pending_pings\9a79649e-7441-4cdd-9cf5-78a5e72a5781

Filesize
671B

MD5
cb10014fb0134cf140ea6bbeac80007c

SHA1
dc8c88068669077bb4ee2f231e68f601511abd7d

SHA256
1928b19a40e9c7340975375089d67b7bfd2d998650b4eae25548461dc4cad407

SHA512
a6d15b8e8dc1e83a08fd41470a120eeb38a76b19428d61fed4cd3081a14bbfe6360b6cd2dca31392c3f1fa2715bb0c12921a0f0f63702a8d0936446cbddead82

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zu7xb6nh.default-release\datareporting\glean\pending_pings\9c47e803-226c-4dc4-9603-dd0a8f57865c

Filesize
982B

MD5
8ab5a5711fe23ff49400bd958bfc8f7f

SHA1
0d07e2b362ed5d312e5ab47039a97b66d394aff3

SHA256
5d48c42ee184b6bc5b3107dde8d1a4a4ebd2d47da156106d23a0c03a4d1da297

SHA512
26dc4858e069a0b0671998a7ce31364c1c08324856362d06f3cc06dab70f0ffe80abac50f62b3d92a871027a946c75914945fcfe2e7ed313ebbff3ed2a61606c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zu7xb6nh.default-release\datareporting\glean\pending_pings\b82c013a-9825-42b1-9795-f021a13ab1c4

Filesize
26KB

MD5
0deb404cd5e735b46dd4c102ae069afc

SHA1
b3710415d72adc2044cd770692231f6085b4f3d7

SHA256
4ad06013a1a5611e7ae6d47b59a0b15d4e3a0a6263001565534e5137348289a0

SHA512
14f4f2f54885ec74348a739120b33eb910700596503131c0bf60f8620821f4017571d078c433b29a56263816440efcc5b9402c647656112a7a9834c25fc49b52

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zu7xb6nh.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zu7xb6nh.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zu7xb6nh.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zu7xb6nh.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zu7xb6nh.default-release\prefs-1.js

Filesize
9KB

MD5
f8d953599e52af208337459d60bbe34f

SHA1
d4dea2b89891f173875b6e8003b3b1d22b1a9e82

SHA256
09fb988fedd8bb19730dda456d11b1da807200c1602a067eeeb0469cae491334

SHA512
62e168215d4d16d34a1205895f753a96d8f1b880066e83be88b62f51380d03d951995fbd8898b49bdc7e5103314efa89d27f3069e3eaab5a8a3531bec8d2aec2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zu7xb6nh.default-release\prefs-1.js

Filesize
10KB

MD5
e4338be956e2e7ab73e495714e5e7358

SHA1
b1060a26690b81143c8368ac2d93cf230cf7e365

SHA256
1763f00ed2d2139ff0f34cd3e9553d245e8f8244fe3ae0aa49152ad12c62ffcc

SHA512
33f17ed0c3c1290dc91fc6d7c3ce305ce6e841441050d7146e3e5660fb24c5e395d6ec0355370d8ac7f824f95b035fec1c0366ff9ba4bc6b49d62035bc09ab79

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zu7xb6nh.default-release\prefs.js

Filesize
9KB

MD5
3aa9255b8a3196ce98b233df4d56baf0

SHA1
9e709b6fbdc13df46b3ab46f21e15abaf7489c84

SHA256
52c2b46ba456e1bf18aa05071b477cbef44394ea7b01e89ea2b4d9091fac3ef6

SHA512
3ccb5c5432cbca6869d91cb9969e57f8c62bf4f447082f4c8b2131d9edb6383e48323dd238ac224919326df6d7a89f6bd3c987b8b954b11635606949899c264f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zu7xb6nh.default-release\sessionstore-backups\recovery.baklz4

Filesize
14KB

MD5
631ec8adc8dd53bccfb5a377c6ee66b7

SHA1
935b84fa31b4cbd1814eab1a581dad08ad0afaa5

SHA256
fef1c54009a5f84c3c41eed1b78ec427d01ae2d12b6abe6adbdf2387b00745ea

SHA512
fb46dd6022c582a4bc61414cb58103c795c30ea652521821fc32913d80b1cae2857afa1e77b6789d566c9b9947a6260c70414fe6ce62e2a49b0f6c7449c41c5c

Download Submit
memory/4620-420-0x000001E966260000-0x000001E966261000-memory.dmp

Filesize
4KB

Download
memory/4620-421-0x000001E966260000-0x000001E966261000-memory.dmp

Filesize
4KB

Download
memory/4620-417-0x000001E966260000-0x000001E966261000-memory.dmp

Filesize
4KB

Download
memory/4620-419-0x000001E966260000-0x000001E966261000-memory.dmp

Filesize
4KB

Download
memory/4620-416-0x000001E966260000-0x000001E966261000-memory.dmp

Filesize
4KB

Download
memory/4620-422-0x000001E966260000-0x000001E966261000-memory.dmp

Filesize
4KB

Download
memory/4620-418-0x000001E966260000-0x000001E966261000-memory.dmp

Filesize
4KB

Download
memory/4620-411-0x000001E966260000-0x000001E966261000-memory.dmp

Filesize
4KB

Download
memory/4620-412-0x000001E966260000-0x000001E966261000-memory.dmp

Filesize
4KB

Download
memory/4620-410-0x000001E966260000-0x000001E966261000-memory.dmp

Filesize
4KB

Download