dd795130f59cb7f4caeb3cddbdc2c10d360d46aad89da0a1f11a0cfbb3b0c124

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
02/04/2023, 20:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Streamer Life Simulator.lnk
Size

1KB
MD5

b07af306d1c7edd29101a0f74abbeca9
SHA1

4975b121c1cd6f0f1f1a76000669b3f8f1d1ac6c
SHA256

dd795130f59cb7f4caeb3cddbdc2c10d360d46aad89da0a1f11a0cfbb3b0c124
SHA512

1d70a1ce285bb8cdf1ab53d26786d3739dddd494b641fb177d9e3ea6f14009fdd381a370de74a04907b6ff8adf259a1ba27e07f71bc78e4377eecd0cded08cb1

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	1972	firefox.exe
Token: SeDebugPrivilege	1972	firefox.exe
Token: SeDebugPrivilege	948	taskmgr.exe
Token: SeSystemProfilePrivilege	948	taskmgr.exe
Token: SeCreateGlobalPrivilege	948	taskmgr.exe
Token: 33	948	taskmgr.exe
Token: SeIncBasePriorityPrivilege	948	taskmgr.exe

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
1972	firefox.exe
1972	firefox.exe
1972	firefox.exe
1972	firefox.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe

Suspicious use of SendNotifyMessage 49 IoCs

pid	Process
1972	firefox.exe
1972	firefox.exe
1972	firefox.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe
948	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1972	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4360 wrote to memory of 1972	4360	firefox.exe	101
PID 4360 wrote to memory of 1972	4360	firefox.exe	101
PID 4360 wrote to memory of 1972	4360	firefox.exe	101
PID 4360 wrote to memory of 1972	4360	firefox.exe	101
PID 4360 wrote to memory of 1972	4360	firefox.exe	101
PID 4360 wrote to memory of 1972	4360	firefox.exe	101
PID 4360 wrote to memory of 1972	4360	firefox.exe	101
PID 4360 wrote to memory of 1972	4360	firefox.exe	101
PID 4360 wrote to memory of 1972	4360	firefox.exe	101
PID 4360 wrote to memory of 1972	4360	firefox.exe	101
PID 4360 wrote to memory of 1972	4360	firefox.exe	101
PID 1972 wrote to memory of 2188	1972	firefox.exe	102
PID 1972 wrote to memory of 2188	1972	firefox.exe	102
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 2160	1972	firefox.exe	103
PID 1972 wrote to memory of 3360	1972	firefox.exe	104
PID 1972 wrote to memory of 3360	1972	firefox.exe	104
PID 1972 wrote to memory of 3360	1972	firefox.exe	104

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Streamer Life Simulator.lnk"
1⤵
PID:3196

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4360
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1972.0.2095087900\66825593" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {70846834-5af3-43bd-9550-e31ea9262dda} 1972 "\\.\pipe\gecko-crash-server-pipe.1972" 1916 25d5d518658 gpu
    3⤵
    PID:2188
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1972.1.1640313513\178819262" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d908ed6-d4b3-4993-8a65-cfd38a29707c} 1972 "\\.\pipe\gecko-crash-server-pipe.1972" 2316 25d4f572b58 socket
    3⤵
    PID:2160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1972.2.581916781\545924707" -childID 1 -isForBrowser -prefsHandle 3168 -prefMapHandle 2952 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7755ad38-c9c8-4d72-9117-3a3972e6ed1d} 1972 "\\.\pipe\gecko-crash-server-pipe.1972" 3156 25d5c48f058 tab
    3⤵
    PID:3360
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1972.3.560427856\1050639189" -childID 2 -isForBrowser -prefsHandle 3528 -prefMapHandle 1448 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6132dc49-a4f9-406f-b97d-0725a65c74f3} 1972 "\\.\pipe\gecko-crash-server-pipe.1972" 2484 25d4f55df58 tab
    3⤵
    PID:5048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1972.4.535562611\843502632" -childID 3 -isForBrowser -prefsHandle 4080 -prefMapHandle 4076 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {764b1f10-236e-4c6c-8afc-4b5d06112aa5} 1972 "\\.\pipe\gecko-crash-server-pipe.1972" 4088 25d4f562858 tab
    3⤵
    PID:3688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1972.7.1503781407\1064963444" -childID 6 -isForBrowser -prefsHandle 5544 -prefMapHandle 5540 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b32df91-50c2-40d0-8d1d-c842b9abb74d} 1972 "\\.\pipe\gecko-crash-server-pipe.1972" 5552 25d62a9bb58 tab
    3⤵
    PID:4608
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1972.6.1888201848\663197722" -childID 5 -isForBrowser -prefsHandle 5268 -prefMapHandle 5272 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f179b44-ca14-49d2-939e-99099582d1dc} 1972 "\\.\pipe\gecko-crash-server-pipe.1972" 5260 25d62a7a158 tab
    3⤵
    PID:2020
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1972.5.840227239\148045254" -childID 4 -isForBrowser -prefsHandle 5044 -prefMapHandle 5056 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b7918ed-6344-4d34-b32d-53aa1eb0ca51} 1972 "\\.\pipe\gecko-crash-server-pipe.1972" 5032 25d61949f58 tab
    3⤵
    PID:4752
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1972.8.1592547253\29024485" -childID 7 -isForBrowser -prefsHandle 5804 -prefMapHandle 5824 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0f4e03f-e0a1-4169-97ea-a7ae6bd3f566} 1972 "\\.\pipe\gecko-crash-server-pipe.1972" 5856 25d5f428558 tab
    3⤵
    PID:1200
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1972.9.903901516\1309014423" -childID 8 -isForBrowser -prefsHandle 5132 -prefMapHandle 5156 -prefsLen 26851 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cec7d8a0-8570-4004-a0c7-a9c825b14814} 1972 "\\.\pipe\gecko-crash-server-pipe.1972" 5692 25d5fff6258 tab
    3⤵
    PID:6044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1972.10.1413254410\1855553828" -childID 9 -isForBrowser -prefsHandle 5388 -prefMapHandle 5404 -prefsLen 27116 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2830e9cf-4ce8-4fcf-bc5d-d5bb5db58729} 1972 "\\.\pipe\gecko-crash-server-pipe.1972" 5380 25d648ebe58 tab
    3⤵
    PID:5660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1972.11.2133925324\1920112562" -childID 10 -isForBrowser -prefsHandle 5592 -prefMapHandle 5440 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7445bdf-20ea-4228-8cb1-a6f614d45865} 1972 "\\.\pipe\gecko-crash-server-pipe.1972" 5616 25d650d3858 tab
    3⤵
    PID:4352

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:948

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\activity-stream.discovery_stream.json.tmp

Filesize
155KB

MD5
da57d3d9c822c475ac9923b9b1302868

SHA1
9d6071402bacd4c0e83b5de77d5f285ec538047b

SHA256
a4a68f7e65bc25db35fb9ff612233a9176fb8190db93e18be3c1d437e8c762ac

SHA512
035de620464f183058af7d7ca731749ca062513adf41ee386f6e7bd48d1016e1a2a8efda736db9dad92c13aa136dc865577aa734da6ca5ff6ec4f21d1c445bc2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\12245

Filesize
15KB

MD5
5f2f67349eddb4e300a72261406b7398

SHA1
8d87e74f88491ada06a050ef2b3276cf7e66878f

SHA256
60fa83e95e963c52e977a776a81f836b0e98a32eb2f389513823e7d322ac1e3a

SHA512
69d71c8f15b1abaa4ac059d5782279de5932fcc9e538868bcbdc3dd22a97f2cf5d41f8c126a574dba0daf2b0eded01f027f9f1772362ac154bbaf4b2ac9fb7a6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\15765

Filesize
15KB

MD5
c730fe8647f485ce52df814dc68f8401

SHA1
12b3eccf6a2eb7d8229f1b17e9b242b2156a116e

SHA256
10336bf8a5671a69cf700bd8850fe1bd7436e6dcf239b7d23b43eaa08bff1f2b

SHA512
f9a4b057ac450e76d9b858a2ad1f8cbd1437345065b5835d73b6471ec9f27b834cf21537791ead01b0227995ac2492e96147122975eb32ddc8cc22223627a343

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\19487

Filesize
59KB

MD5
155951c6f480b274ae06a302519ff617

SHA1
969b4d28caa2f8eafe54c0fc9c2acf1af5a2e697

SHA256
57d27a3c659d73e9995c327d55a579a8c76c8788214c7481aa89fc1f595f4468

SHA512
ffd5fe0c113e7f2106b76e9d3f98c345ea64c8c2e4dc7bd301b74d266f602f9a6c2ff96f2f75e54bab0b5d5e5f053a97f6a41e8667c3ae23f9096b84170559e0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\23878

Filesize
41KB

MD5
91f9042036315dfcd486b834fc347e9b

SHA1
1efea379a0bbb15c343b00ff8f5c86e70ae3d17e

SHA256
9aec426fe7342124b6aa171488e6c01787cb9395a7e1719f76bf2cc5c343b96d

SHA512
2699f74540e7ea38dac4307372f35b658ed7b57dc26c45aee15b580b9a56eb55ff1f33e1c5cec03c4cacaf4431811ebe87fa227f09dfb1dfadfc60e711a9a000

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\2702

Filesize
20KB

MD5
bcaa7cf8c2edb7070ac2fcefe2f60734

SHA1
20837925071e8da99ab5f4def281db8a80a2a4ba

SHA256
4fd5148c92afb9d9da73341205a461e74d9c7849508c9dd29292c31367f79d55

SHA512
9510d54d695ac704cda392a190172bd55938276c52b7d85541a4341c149ddd8650090ba89483b95b90a3390deef4c8784460861199c8e137a361afc3e7429166

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\88C89164C7A792CAD47D6983F6CAB9255C838D55

Filesize
120KB

MD5
1d5ed7adb28302c3784a9a89063f08e0

SHA1
ed283a473e7d3b04770086d7cd51e4298e863e2d

SHA256
3cd3e096087ff66eb173531cf9b629f4d473e1cc958d081b1a46d8a3550a3b3c

SHA512
83fba7d03dd3fff4ae28f2a7bdc7104dabb109f9142dd49a2709070c343338e0ec5036038267771035fc50efe110a285faf95b856addd3205d667949e0a1720e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
6KB

MD5
493d82be7dc017900318b93be8dfd345

SHA1
4f5d9525694f59e41b124de8ac129514e1586b6a

SHA256
7f9836011f3be841d939968c850174ac2843544dd8ad85daf234163862b99268

SHA512
5da1ae8f3b9a410d4160b9936dd723950ab313dff5c0f623d67289b0c72fdc1478bf6cadc1743c0809c2eff4d234516f01db040f050dc697f94874e691ec46a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
6KB

MD5
0297a174e8944e2d0a4be239d07a2ee8

SHA1
675131c97f0f369ec15443dc83abdfdf295b8bff

SHA256
b28bf5936e56189ce19203ddfa8af059228f16671629dbb158d372729e666e2e

SHA512
c3bf500d53d1569d6e0aeb98661c4e50aa0d878634512e37135d05024bd40afe6f1e830b369147bb9a49ef0121538027629c2cbf1ba7cd9eab47bdd2ab26dc18

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
6KB

MD5
54e3ffe10705fb19508acd496bc1479e

SHA1
004c7b465704038066da3ce25d7446b94e61f687

SHA256
806755c19900b92a46b32a1a3dfbba7baadf5aff195a42ac7eaac66662ee33df

SHA512
8d1d9aa0d0fde38a0d1dbb72bab08642789889105e7f6c883972b66a24f62476b5a6ff007ca6ee8a5ede3d48e0f261573d2de405aa75860809b8ef25477e940f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
7KB

MD5
1f8f55c9b693a8ed78d968677932e69b

SHA1
40b33592a27da6ac34d5bb5d92a88201c6c8a1a2

SHA256
4cee3519a9fc5cc70783bbd0a2719ada026c28d2a01d1eef8bd8415b407b2e70

SHA512
627ebc204764c9c3fa35e4f2820cd88bd1c24a2fd80766ffe24a070daa483aaa80af0d1dcda4b562962102ceba221254bfbf324b9de5a28601d75043bffde2fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
7KB

MD5
20c63df89f1221134567d227f263be86

SHA1
bbf3bedfbc84a84e250c12d5cfaa62fabafa9372

SHA256
0eafa083c4c5a05ca3d01d69f2daf64ec94a18b58c5905eced65d88d9960b900

SHA512
32434f81f0715264da7c52143adea9661a43660a3ea22b751772a66c28f91f16238f59e2d6428f659e250eadd4bc0668b2ef42ced9bd3798fb02d474a0de7cfe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs.js

Filesize
6KB

MD5
feb8a52858c8167a58f36caa1b37f116

SHA1
7ae7f9d2721ae3c579f9e18e4fea679e8c848158

SHA256
adbc4c7b5e775c3d401ae811d5be5a69b844f5937e3d0a416d374dd5a7ec227a

SHA512
109d42ec5b9744b3561d29a9cabdcf2ffb81233935fa5c2d80c39f27b92ae55366c3c51ae3d26cc1a8936635662acbd11af89e54efac374aceaa279f13e7dc16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
4705c62ebde91d2e907e14e7155b5690

SHA1
e21ed541d4d220d1c16b6f4ec24d4a09a0725912

SHA256
1eaa60b9f9267d5e195d99af29af93e938c9c1bffffd1268d6acce194732e60c

SHA512
984106aa3098a41bde831b6ca495a240980e0b334bc2f01fb8407593755ee67143e9959da67461dd396df341b5805cdf97b8db9e45ce3209c7de03cfc5ed1b38

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
9ff11cb12b7da4696684ae114710c625

SHA1
a5d5939bd16974913a0e0d21458f9392b9b4eab6

SHA256
57e5277c71930c080ddfa67534e7fef3513e13852a4a4611cac2a1bbeebd0ba7

SHA512
7ebb4d4a317fc60af4bd49b7f6e479f8c86be469295f1e86d5c453c897594e36593c838a5a866020443f1941a87000fbf423fd2812426e40ac9d36f087d7f9df

Download Submit
memory/948-1506-0x0000021F7D800000-0x0000021F7D801000-memory.dmp

Filesize
4KB

Download
memory/948-1504-0x0000021F7D800000-0x0000021F7D801000-memory.dmp

Filesize
4KB

Download
memory/948-1510-0x0000021F7D800000-0x0000021F7D801000-memory.dmp

Filesize
4KB

Download
memory/948-1511-0x0000021F7D800000-0x0000021F7D801000-memory.dmp

Filesize
4KB

Download
memory/948-1512-0x0000021F7D800000-0x0000021F7D801000-memory.dmp

Filesize
4KB

Download
memory/948-1513-0x0000021F7D800000-0x0000021F7D801000-memory.dmp

Filesize
4KB

Download
memory/948-1514-0x0000021F7D800000-0x0000021F7D801000-memory.dmp

Filesize
4KB

Download
memory/948-1515-0x0000021F7D800000-0x0000021F7D801000-memory.dmp

Filesize
4KB

Download
memory/948-1516-0x0000021F7D800000-0x0000021F7D801000-memory.dmp

Filesize
4KB

Download
memory/948-1505-0x0000021F7D800000-0x0000021F7D801000-memory.dmp

Filesize
4KB

Download