hxxps://open[.]spotify[.]com/track/4cOdK2wGLETKBW3PvgPWqT?si=c5ffd3e366c84199

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
06-05-2023 01:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://open.spotify.com/track/4cOdK2wGLETKBW3PvgPWqT?si=c5ffd3e366c84199

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
4960	plugin-container.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs

pid	Process
4960	plugin-container.exe
4960	plugin-container.exe
4960	plugin-container.exe
4960	plugin-container.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1316	firefox.exe
Token: SeDebugPrivilege	1316	firefox.exe
Token: SeDebugPrivilege	1316	firefox.exe
Token: SeDebugPrivilege	1316	firefox.exe
Token: SeDebugPrivilege	1316	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
1316	firefox.exe
1316	firefox.exe
1316	firefox.exe
1316	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1316	firefox.exe
1316	firefox.exe
1316	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1316	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1624 wrote to memory of 1316	1624	firefox.exe	83
PID 1624 wrote to memory of 1316	1624	firefox.exe	83
PID 1624 wrote to memory of 1316	1624	firefox.exe	83
PID 1624 wrote to memory of 1316	1624	firefox.exe	83
PID 1624 wrote to memory of 1316	1624	firefox.exe	83
PID 1624 wrote to memory of 1316	1624	firefox.exe	83
PID 1624 wrote to memory of 1316	1624	firefox.exe	83
PID 1624 wrote to memory of 1316	1624	firefox.exe	83
PID 1624 wrote to memory of 1316	1624	firefox.exe	83
PID 1624 wrote to memory of 1316	1624	firefox.exe	83
PID 1624 wrote to memory of 1316	1624	firefox.exe	83
PID 1316 wrote to memory of 2312	1316	firefox.exe	84
PID 1316 wrote to memory of 2312	1316	firefox.exe	84
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 4124	1316	firefox.exe	85
PID 1316 wrote to memory of 3528	1316	firefox.exe	86
PID 1316 wrote to memory of 3528	1316	firefox.exe	86
PID 1316 wrote to memory of 3528	1316	firefox.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://open.spotify.com/track/4cOdK2wGLETKBW3PvgPWqT?si=c5ffd3e366c84199
1⤵
- Suspicious use of WriteProcessMemory
PID:1624
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://open.spotify.com/track/4cOdK2wGLETKBW3PvgPWqT?si=c5ffd3e366c84199
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1316.0.1897404568\1215429003" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {029c271d-eae7-4167-9044-0623648d07b4} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" 1928 15a85ea5858 gpu
    3⤵
    PID:2312
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1316.1.1319584311\1349659146" -parentBuildID 20221007134813 -prefsHandle 2396 -prefMapHandle 2392 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bfbd3d7e-e5a6-4f79-a5a2-6e4b852f330c} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" 2408 15a8630a858 socket
    3⤵
    PID:4124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1316.2.160128090\257866954" -childID 1 -isForBrowser -prefsHandle 3136 -prefMapHandle 3168 -prefsLen 21854 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f5eb1cf-b460-4249-a673-b26cdab3b2db} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" 3280 15a88d0b158 tab
    3⤵
    PID:3528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1316.3.1582716512\1848663230" -childID 2 -isForBrowser -prefsHandle 4028 -prefMapHandle 4024 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f40690a3-9e7d-4e7e-8bfc-7bda56784316} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" 4040 15a8a039c58 tab
    3⤵
    PID:1912
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1316.4.1207819735\1782907477" -childID 3 -isForBrowser -prefsHandle 4808 -prefMapHandle 4188 -prefsLen 26753 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {06bea571-d29b-42d1-bfaa-7c593f9d7bfc} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" 4764 15a8b2ccb58 tab
    3⤵
    PID:1888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1316.5.1273013619\690931977" -childID 4 -isForBrowser -prefsHandle 4980 -prefMapHandle 4984 -prefsLen 26753 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc222058-488c-45f5-86ee-000e175a079d} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" 4932 15a8b2cf258 tab
    3⤵
    PID:4744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1316.6.1649080668\382433830" -childID 5 -isForBrowser -prefsHandle 5172 -prefMapHandle 5176 -prefsLen 26753 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5ae2821-b9b9-4a2c-94dd-f31b93b8f1cc} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" 5160 15a8b2cf558 tab
    3⤵
    PID:1996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1316.7.1695861313\663511358" -childID 6 -isForBrowser -prefsHandle 5668 -prefMapHandle 5664 -prefsLen 26991 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a1b0d06-1cd9-49f2-b72d-4b0882627709} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" 5660 15af7d5ec58 tab
    3⤵
    PID:4976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1316.8.802440964\1196562869" -childID 7 -isForBrowser -prefsHandle 5832 -prefMapHandle 5968 -prefsLen 27256 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca704ada-6d21-4a71-bda2-a201cafc69d0} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" 5928 15a8d4c9558 tab
    3⤵
    PID:3984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1316.9.401532240\1647014302" -parentBuildID 20221007134813 -prefsHandle 9772 -prefMapHandle 9768 -prefsLen 27468 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fbc69e62-881f-4744-bdef-c341509b8ab1} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" 9780 15a88008e58 rdd
    3⤵
    PID:1876
- - C:\Program Files\Mozilla Firefox\plugin-container.exe
    "C:\Program Files\Mozilla Firefox\plugin-container.exe" --channel="1316.10.758919715\670914389" "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-widevinecdm\4.10.2557.0" -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a978055-befe-4805-8ae6-75ac8b03051e} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" 4528 15a8a038758 gmplugin
    3⤵
    - Loads dropped DLL
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    PID:4960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1316.11.659524526\633846194" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 10208 -prefMapHandle 10204 -prefsLen 27511 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e17a903-2014-4d71-8b02-7163e8b51fe4} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" 10216 15a8d3e6858 utility
    3⤵
    PID:4896

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\activity-stream.discovery_stream.json.tmp

Filesize
142KB

MD5
8db7320a84b2ecfd71ee31df76e41165

SHA1
fddd0baf1bbf1b2129a152e88c7133fe9a60c475

SHA256
9d3ba30ad7026e6c452d6ee6eabe7365ae4d10e1ecb16d069120c3c7424f5d6f

SHA512
52d1c80385ea03acdc88d665fa0115ad7633e13dcc7cab44127c3d0e4e5d5e471803bea9bf5f4876f2b936df93f95ea8fdee465cdec9b551ed5a343ee1c59318

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\1197

Filesize
9KB

MD5
0fd8455f132b340761fdfddd0cb2198a

SHA1
02772dac30b49165e8d4db11382370f9fee9c09f

SHA256
d9c4c840c9e33839fbc77c871fc07190f79f3a225945562c4ed22b3232a3c2fa

SHA512
2aa4f24c99ab905d5e83c095e085d0c1fb7fc2a5dc083921cd453589a185510fee1d0b7c037e24531fe81af24cc440f3bbbadae2f495238c36c848084ed297b5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\12939

Filesize
9KB

MD5
ab83b4f77497831d8c168f665f85d5cf

SHA1
a605ca6981bcd3aa5b6d06b25ddfcebba9fd1387

SHA256
e397ebdce1996015dd37b82f2920d84e110a23388fbdb7c69c5e1279c07416ef

SHA512
f7c6175479f456eb483af7cd0c192df9a2de7d5bf6d9cefa671c2eca705975d04f267d8294ec4076547ba8b77a2be0b4023623c7fa14ebfbd1bbf3605e1e6c8c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\14726

Filesize
9KB

MD5
b724279ced921e5304fca69cd59f0087

SHA1
e26f8b55f05796f8037c280bd853f2f0d7dee31d

SHA256
54b5de141910b488faa4f8ba8be104849a1b2fdf7cde9b92f28a6916644c28d8

SHA512
b761316abf09fb742b91d296f36cc2700be17d025d2532841245516990892373777498ee11eda9147620d6cccf43e8a6060331ec34bb7ec3d127a7faeb448f5e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\15147

Filesize
9KB

MD5
041bf76d955426b06825c9b307a0d467

SHA1
c02de055f297a1c9a779c798d9c3db21d578fb4a

SHA256
96d99d00d148e898482b0831bf0007ac7a5051d25714e1685a701832fdb71b8c

SHA512
75295b0b43e554558ab773f3bd8ac3e05bdea554b47fe9104b3f807f9428ef57a11ae6b307b0c10a831ec86fb35c38f8cc3b741ea11390c682a0a4a4fa722b77

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\15871

Filesize
10KB

MD5
4802018ec54b79fc8012d7983578a277

SHA1
5b9943c888e7bc6b0afd816451679d74d47e3913

SHA256
efb4d75c632770099c106d43da5ecc5ef2a25b3dbc5e28d88c173a1edfa8e496

SHA512
f0def67b1e814d84c0174fb452d9b048b5102fd5d0bde1462109e882b720a31147dfe6b0ec31e94db70a2df954cc2e427fb35f060aaf5f3db24d69833072672f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\1624

Filesize
9KB

MD5
fcaaeddeaa43000c9a96670d8be88821

SHA1
9e56528bfd61c6e2efbba0907b8eae96033595c7

SHA256
6b04f73b00443279e5888902bce8e0038a7ec0ef99c79b68b5a2aa513c7b157d

SHA512
0271a637356077b417d0acd4882951704dc4f355cad0ea60acb0bf8ca1feaea97feb1e5d2a07376af0c54e8a16cb098909de4dded9965ac1d20718e58ac0099e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\25193

Filesize
9KB

MD5
34bb4d509dc93b44373016dacccc215f

SHA1
b0cf97f2e388ecb495dff378001ebfceac92c162

SHA256
4d2369503396564ae1f6fd90ec16ac107df7664c9078ba2677f09ef1a163d4b8

SHA512
d2340531deac5bb1917bf346c2a1dacd098a0f2c409bee62942e446930db75dae19e0203804561030cb778414f7637764dc87768180c46d647b3f43049f81cf5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\26211

Filesize
9KB

MD5
247cbbb9179016de30ee60513d5e78a4

SHA1
1491876f1c1b0142fcecb1d4370180d7d5036aac

SHA256
20df78280585fddbcc068ff73db889fa1a8e2b0709fde80472369058859e3cab

SHA512
f2fb7d0d68b4fe0746bceeaa4f802f99e2167bff82e30c02ce752880b869234afc22e29ef2be79ed9366ba232fdf30d00ca329feb66441f5f8c573ad1c64b2cf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\29166

Filesize
10KB

MD5
77b4ae821a530945b49376a25972c6ac

SHA1
56ff7d068ce9a991c2318b4349d0fbe76712f352

SHA256
e4f2a91c79de14d1ea0142d345c06695ccb0607f4268b2da010ccb8a73adf563

SHA512
396997b85b8416cc4e93f2857dc29ec88e2a225cdcebdfe28c9823b7d05d3281dffd4c90f8d2905ec99c20f73b49f1e862a009e5abb407893f147f37da7ac5c6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\29407

Filesize
8KB

MD5
eb993eec44cb590925499fc2d23cfaaa

SHA1
0b28230498588c4a81224758f7921fa223316f32

SHA256
28a4f5702ea1ba754c9bad0a50212f99d02ebcdd1bf86a742f4c15974b5c4988

SHA512
6d2dc68796b8220fdd9d3cffec39d7282622fd94beb2166dc0784a6828b8b4ad9a9e02a700fc6bc5c624276274a246eefac0d8c88992f542f837153a378d5e11

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\30392

Filesize
9KB

MD5
2079a84e25251a0e57a99d7d6d5d2d5e

SHA1
bb76610c91ffafd148655445784fea125fcc44b8

SHA256
63a11f1734ea9d6b14c537db69bb795c073cde54c56730b9b837b34f9b93907c

SHA512
ea0e0d47a65614cc0da0bb1f9a36fa42a53d0cf00ba42d8b2585dd8ca4a6289de4de8a66eff5d7351bb3514a9f09df19d0840599737723bb42204280dfdd6660

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\30833

Filesize
9KB

MD5
c6696ea7768d3c084fecbda1b70d8073

SHA1
c10ff654a22b76461511de9be23c41ffbb106749

SHA256
2a5c923176a35d5649983e41c0bad5798409e27bc0d96d00cbbe4ea896c94856

SHA512
29da1df3e9c29b93c45af751bcc9082f9cec5377cc787f67d62203de68ce37484e3b3a4eef1a233e34c35b0cb86f666a8e1f2eb2128e6b9fd8cbe001292c7d59

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\07C97213BFCE4143622B54DF2204C0EA5BB094C7

Filesize
15KB

MD5
2ec316e03b21cd0b4019337e644b8a4d

SHA1
dff783ec8d08dd61ca42a42be7c6610e57f28ee0

SHA256
73777c94d9b8eccab8d6edae042639c9456755e6f642cf27aac6fb7871ef121d

SHA512
75b1765e6cc3f3a3a89fc34638bb5557e5e37504ccc8fe7dee52e4b00054cd25c1e2e8f40e6b3008716aea6609a21bbb6149d410bb35f7177bc398989e31a59e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\250EE2BC03AFF526F1A1C3DB212A79DE3EB60D5E

Filesize
14KB

MD5
b3f8b59052cbe022422c319bbac8482b

SHA1
5c41b9d4ab98ec8685db179ef736e32d08e62ab4

SHA256
ab1b4621b8a5341ec1e4bd937a4888c9d12c576d021835d2e9a5fd2712709086

SHA512
cf9688c350332a95e6f9791f5eac67478134d1566df6aeff7ed858bf34aeaac12a6850ccdcefcf289af75aadec39aecdd18ba39af5a7c46ffc937db4595b42b1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\FD8B5A19DF57620BA56D7418AA339A3D779BDF33

Filesize
52KB

MD5
deeebe5039ed2acb576d69499d8d1297

SHA1
028fc402cef0442befb3a06f33323e9621095a61

SHA256
98d1167db7f3c856f527a6215fd469c02240e8f65c3d8505ae0a3651c51c3561

SHA512
ae0da143573babf50a0421dbb9b1b7d7203e8963d51c2482b2eb9426711e5d963ee2dcff2d71b345b29a57a376b8def3be46cb59ebe37890bccc95bf51f07dd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
10KB

MD5
f8d2ea752cdb9aac41a476e2b5f3aefc

SHA1
b093a79442bb0819be0ce60ded5a3fa6e6c02455

SHA256
c31a135cb9be8867617455466375525373f9f0964315730a4642bda346165f44

SHA512
5d5a073bc40aaa202b9d82dfe7f4e5aa0d5bf9d5de8d022e4f3284cd3f7673596c95598a0f6aa5d05eb6643218c87a9c66ea8c0c73e7e93adb1feac9d4b5536d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
7KB

MD5
500c01a1938c559dd77922d3f698a25d

SHA1
71c72556e05e58275c817e3344b9ee9e675e27ec

SHA256
67aa3c54d416298c57ae545e9174d76f8e956f8ba0a49ce4952d253adda11795

SHA512
ac5f6672bc1ce523d2889f9381f299cbdddd9ae9a59d391c2d7a4ba84e2756905639d7c070f9653808af8df88a59357adbf59fe622f31fca39d85e680511f89d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
6KB

MD5
748d03d8071fbf086bc81fb233ffd5a3

SHA1
d669c27c54836c1339b5edca7a896a3f13a6b4f1

SHA256
c3d057ac9426c50e9ec1f9590a81b96d6c104115b697800188ab8fefccbbda6d

SHA512
f79732d3d68949d912f3f3e9f10b9921bb9bc08a5368ae7763e5372f3eca0ba674d434088e55546015adcebd3cc8b1857d984cc2ee81323b94dcef85292dd132

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
7KB

MD5
4286408d5c5a2585d6407c2be7cc943d

SHA1
c596a45be7c05e9792adb4052d3f7e22f579a7b9

SHA256
a47c5c0956706d0e0e68c63dde3c7aa974c3e647a5ef8613c9e13b54d4b2bb1a

SHA512
4d10f977941eb0c27a8dd1b6794d8e7307533e93eb6afb699008746782847f609ba6922776b2d76df581e5128e85b16900eb94120673ba9cb2afa50d65916f7f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
7KB

MD5
5c849f089928b9f79a97016233479688

SHA1
788fe71976a9260409cbea14d7d788b871bb9f91

SHA256
658f0f3b5d2b5c4bc3904856e005971fb1ce322316b55b4361eab0bf8e51fba6

SHA512
f9ad97ce3c75893ec563cb3fbaa6d2b878c06fb8505b90c91eb47e7806d5e9a8b4d629db0f203d38060c5c25a611a7d524a17a1d75ab02f00b6ffc8eba5f25e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
8KB

MD5
1f774b09e6744783074831f345d414a8

SHA1
e96340cc1b3cec65860465db2c21bfc8c51b1d8f

SHA256
68d749e7a6edc8f7f748755737518e7df958bb0a1949119a5cb44ac1d6e1db7c

SHA512
f5571ae6cb26349e46ddda416eb5d4400e2afd835488809a61d5566f118d925f4b46c14cc7c0939de30832c11277e592fa78a996f012ab9be646d050b951e7ef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs.js

Filesize
6KB

MD5
feb8a52858c8167a58f36caa1b37f116

SHA1
7ae7f9d2721ae3c579f9e18e4fea679e8c848158

SHA256
adbc4c7b5e775c3d401ae811d5be5a69b844f5937e3d0a416d374dd5a7ec227a

SHA512
109d42ec5b9744b3561d29a9cabdcf2ffb81233935fa5c2d80c39f27b92ae55366c3c51ae3d26cc1a8936635662acbd11af89e54efac374aceaa279f13e7dc16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
fcd1b264cb5993711c31f705ea331d7f

SHA1
27773cd95eb8f7b3fc334528190319c02cfab2dd

SHA256
6f200eb4a581f280acc97aa557118e943541a9afe2b058494c3fb8acc2549aa0

SHA512
ec15ffa05d9aa0d517f3344d1a40d0677c5af3f397cd8657c13c0cffcd0713f272dd450cde3b6547db43a74e8b0df65a2df8b4722cb1b4e316141fdd1d1cb7f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
da69722c8c3209a7f8c9cf33600f4edf

SHA1
7a5071e60bdca328bbd3ffe71c776fd90338e9c4

SHA256
c7d17ae56b49976024f03c39e67b7958c8fde302ff4e764223445e4dc344f2d7

SHA512
28a77da89b8b001ddcdfb16b7bb4be5aeb23ad4777071131411474ab23511bd8418130e204c80636d1d4840afa74d60ea7c8b520359b38ff466ba5d9a5445fc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\storage\default\https+++open.spotify.com\cache\morgue\5\{14b9867c-4c9c-4d0b-8965-02b6a89f9e05}.final

Filesize
58KB

MD5
3adc6ca55e32c4941850f6e2eeb21980

SHA1
730026ecbb979cf048b26810181e3d4076f04643

SHA256
2182229fadc13cf3d638d0db825be29bbd4b6c66df6c427bee5ca7784deb7f19

SHA512
a9a685aabdd543bb1e720472a4e008a59e72935015cccdf813eb577ddfc1ab3aabf692e5f1c22202aeb90ca27e0525d0c92e8d13e3508330cca30e09c54741cb

Download Submit
memory/4960-460-0x00007FFB670B0000-0x00007FFB680B0000-memory.dmp

Filesize
16.0MB

Download